[jgrahamc]

The most likely explanation is that they didn't 'intercept' the call but simply dialed into the conference call system and recorded the call.

The question then becomes how did they get the conference call dial in information? Perhaps they managed to get into the email of one of the participants. That would seem to be even more worrying than the interception of this single call.

Also, on many conference systems I've used standing meetings use the same dial in information from week to week. If this is a regular meeting it's possible that Anonymous has been listening in every week.

[bradleyland]

What's interesting is that the sophistication of the attack is immaterial to the fact that they achieved a significant security disclosure. You don't have to be a sophisticated hacker to perpetrate meaningful hacks, you just have to be more sophisticated than the target of your attack.

This is what makes the Anonymous movement so fascinating to me. In Anonymous culture, being "dox'd" is a big deal. That's kind of end-game stuff for hackers. Once you're outed, you're out. Coincidentally, the same rules apply for espionage.

What makes this doubly interesting is that Anonymous is made up of young, tech-savvy individuals. The establishment (government, large corporations, etc) increasingly rely on tools that are created, or at least well understood, by their attackers. It's a classical asymmetric battlefield problem. The attackers aren't big, but they have some very specific domain knowledge, and are increasing in sophistication over time.

That previous paragraph is probably way to generous in my evaluation of the skill level represented inside Anonymous, but that's a large part of the problem. We don't really know much about the insides of Anonymous by design. As the establishment pushes harder and harder (SOPA, PIPA, ACTA) to enforce the status quo, who will turn? There's a tipping point at which the establishment can no longer wage the battle. Acquiring the talent becomes too expensive and breaks their business model.

[stfu]

The attackers aren't big, but they have some very specific domain knowledge, and are increasing in sophistication over time. -> ideal pathway to terrorism analogy

[jballanc]

No, not even close. While it is difficult to come up with a concrete definition of terrorism, let's at least acknowledge that it involves some form of fear/terror among the general public.

I am confident that I have nothing to fear from Anonymous. Do you?

Rather, the description (attackers aren't big...specific domain knowledge) sounds a hell of a lot more like classic guerrilla tactics. It's also worth noting that guerrilla tactics are most successful when used in defense of home territory, and I think that fits the analogy as well. The government, big media, and others are invading "the internet" which is, for all intents and purposes, anonymous's home territory.

[xp84]

> I have nothing to fear from Anonymous. Do you?

Thanks to whoever was calling themselves "Anonymous" one particular day, my full name, physical and email address, and credit card number was posted publically on the Internet, merely for being a customer of a company who some misguided "Anon" thought was working for The Man (not even close by the way). This means that anyone I have ever given my address to will now be able to find out my precise address and full name. For me it is an annoyance, but I have been exceedingly careful not to associate anything controversial online with my real-life identity. Someone who had enemies, or even expressed opinions online that were controversial--to ANY segment of the population--would have a lot of reason to fear for their lives thanks to that irresponsible act.

"Anonymous" are criminals who directly target random civilians and use them as pawns to try to scare those who are in power. The people in power are sure that "Anonymous" will never tilt the balance of power away, but that doesn't stop them from trying, and leaving a devastating trail of identity theft in their wake.

Furthermore, the fact that they are so antisocial they won't show themselves means there can be no accountability for them, so the true good idealists among them are operating in an opaque cloud of others who have proven to have no insight, no judgment, and no sense of ethics or fairness (a phenomenon that anonymity often leads to in humans). These bad seeds use the public perception of "Anonymous" as a force for "Good" and "Openness" in order to commit petty crime such as charging things on other people's credit card for purely selfish reasons. We will probably see the same people exploiting "Anonymous" to commit more and more serious crimes.

Sorry for the novella. My point was just that the public has a great deal to fear from these people.

EDIT: I agree with a lot of things ascribed to that group -- I've marched with OWS before. However, their apparent mission that no one, no country, no company should have any privacy or confidentiality ever, coming from a group that refuses to identify themselves, is just making them look like hypocrites.

[InclinedPlane]

Terrorism: guerrilla warfare largely against civilian targets.

[jbooth]

I'd say "political violence against civilians", in which case we're 0-for-2 with this being neither violent nor aimed at civilians.

[xp84]

How are Anonymous's typical shenanigans (dumping user databases and posting millions of people's personal data online in an attempt to "shame" the site owner) not aimed directly at civilians? It's like rigging the elevator cables in a building to fail. Sure, the company responsible for the elevator maintenance looks bad, but you also kill people.

Sure "Anonymous" has mostly remained nonviolent, but they regularly harm innocent people to attempt to acheive their goals.

[InclinedPlane]

Oh sure, this isn't terrorism, and calling it that is just silly.

"Political violence against civilians" isn't quite right, because "civilians" can nevertheless wage war. What happens when two nations fight against each other with the full backing of their "civilian" populations, who actively provide all of the funding and materiel to fight the war? Is it off-limits to attack civilians? Should that sort of warfare be lumped in with terrorism?

[arguesalot]

That definition doesnt make sense. Guerilla warfare by definition attacks an army. Terrorism has to do with fear and coercion. Plus i don't think terrorists make any distinction in their targets.

[Retric]

There are fundamental differences between civil disobedience and terrorism. It's much more efficient to find people after the fact than it is to prevent such attacks. However, there is also a tiny number of terrorists in the world and a huge reserve of people willing to disrupt systems so prevention is far more effective when dealing with anonymous than it is terrorists.

PS: Want to attack the FBI, just set them as your homepage. It costs them real money, and does not end up with you in jail. Thus the appeal. (Note: It also tells them who you are...)

[Karunamon]

>It costs them real money,

Actually, it costs us real money. They're financed from taxpayers just like every other federal agency :(

[batista]

PS: Want to attack the FBI, just set them as your homepage. It costs them real money

First of all it's pennies, and second of all it's the taxpayer's money, it doesn't cost FBI a thing.

[Retric]

True, but to clarify. I was talking about the wide group of people living outside the US, that 'hate' the US, but don't exactly feel like blowing themselves up.

For someone living in the US direct attacks are largely meaningless activity. If you want to change the system start a movement, a mime, or even just a blog. People may notice something like 9/11, but it simply reinforces existing beliefs. Because change takes ideas not just loud noises and death.

[xp84]

A mime?

[fleitz]

Nah, it's classic asymmetrical warfare, an unintelligent large adversary creates a situation where by fighting their smaller nimbler opponent they lose their advantage.

SEAL teams use OODA asymmetries to great effect to cause confusion which leads to the overwhelming force and structure of the opponent to become a disadvantage.

Terrorism is really independent of guerrilla / asymmetrical warfare as it can be used by large bureaucratic orgs (Manhattan Project) or smaller nimbler ones (IRA/Al Qaeda)

[politician]

Also, the term doesn't apply exclusively to battlefields: the MPAA has been effectively waging asymmetrical warfare against the far larger technology industry in Congress for decades.

[lostlogin]

That's a point of view that law enforcement seem to hold. Illogical and yet never questioned in print media, except by the likes of Robert Fisk.

[tomelders]

"ideal pathway to terrorism"

don't be an idiot.

[Karunamon]

When being a dick on the internet, it's generally best if you at least comprehend what you're being a dick about.

There is a significant difference between "ideal pathway to terrorism" and "ideal pathway to terrorism analogy".

[cf0ed2aa-bdf5]

You are correct. They managed to gain access to the email account of one of the participants and simply used the information in the email about the conference call to dial in.

This is the email http://pastebin.com/8G4jLha8 and at the beginning of the recorded call you can hear the conference call software asking for the access code. ( https://www.youtube.com/watch?v=pl3spwzUZfQ)

[samstave]

>"If this is a regular meeting it's possible that Anonymous has been listening in every week."

I find this to be one of the more beautifully hilarious things I have read in quite a while!

The idea that Anon has been slurping info from a regular conf call between two intelligence/LEO orgs is just downright amazing.

Imagine though if Anon had forgot to put themselves on mute at one point and were being addressed by others on the call:

"Whomever is working from home with the dog in the background, please mute. Thanks. Anyway - as I was saying, these Occupy Protesters need to go down...."

It would also be great if, at the end of these calls, when everyone is saying "thanks" and "bye" is Anon also said "thanks" and "bye" as they hung up :)

[fleitz]

I have a feeling that they havent been tapping the call for weeks because if they had they'd probably be smart enough to shut up about it.

[roc]

Or, perhaps the information being gathered from these calls wasn't too useful and embarrassing these agencies was judged more useful?

If they've gotten onto this phone call, one would imagine they can likely replicate this feat with regards to more detail-level meetings at one or more intelligence offices that were on the call.

And by exposing this call, they increase the level of doubt that any one agency IT team has that it was their network/phone system that was compromised. It's the ideal call to publicize.

[InclinedPlane]

The only reason anonymous's security operations aren't more frightening is due to their culture and goals. They just want quick wins and publicity (for themselves and for the material they unearth). However, their capabilities are top notch (limited mostly by their hesitance to do anything that requires physical presence). If they were, say, employed by a hostile government or were motivated by greed or specific political goals they would be scary.

Anonymous's MO is to spew their exploits to the world and move on. This minimizes the damage of their intrusions. If they kept quiet and spent time soaking up information or leveraging breaches to gain more and more access the things they could do would be jaw dropping.

[Kadin]

There's no evidence, at least that I've seen, to suggest that "Anonymous" is anything approaching a cohesive organization. I think it's a mistake to refer to it that way.

Absent anything other than a common name, there's no reason to assume that the individuals compromising the "Anonymous" that recorded the FBI conference call has anything to do with the "Anonymous" who dumped Stratfor's credit card DB, or who leaked those Ron Paul emails.

[samstave]

Isn't the term we use for such actions "Grey hat"

[InclinedPlane]

That's probably closest, but I'm not sure any color of hat fits on anonymous' head.

[InclinedPlane]

There's no such thing as "cheating" when it comes to subverting security measures. If you have gained access to something that is supposed to be secure then you've compromised its security measures. It doesn't matter if you bribed someone, found the password in the trash, duplicated a key via a cell phone picture from across the street, or got conference call info from a compromised email account. In the end the result is the same. The weakest link in a chain determines its strength.

You better believe that this is how spycraft works with the big boys too. You attack security measures at the weakest point, period. Doing it any other way is just making a hobby of it.

[stef25]

"Anonymous also published an e-mail purportedly sent by an FBI agent that gave details and a password for accessing the call."

That explains how they "intercepted" the call.

[hornokplease]

In many cases calls can be recorded by the conference call service provider. Couldn't it be that the recording of the call was later accessed? An anon need not have been listening in on the call live.

[mjwalshe]

Or alternativly the Met did not learn the lessons from 15 years ago when they left the default passwords enabled on their main switch.

Huge bills where run up by phone preaks dialing in and then out again - I even got asked to post to alt.2600 as BT's official spokesman (the Met where claiming it was our fault) but BT Security stooped that.

worrying after the NI revelations I do wonder if its time for the UK to have a proper FBI style police force for serious crimes (and the Grunt end of CT work) and demote the Met to the same level as any other constabulary

[rmc]

This "default passwords on phone switches" is still a problem and common attack. Mostly because there's money in it. If you can route all your international calls through someone elses switch then you can save a fortune.

[mjwalshe]

Looks like I was to hard on the MET in this case as more news has come out it looks like the FBI was the source of the break.