Yesterday, we discussed the large sweep by the FBI, arresting anywhere between 14 and 16 people (reports have been conflicting on the actual number). In our initial report, we weren’t exactly able to find any evidence that the hackers that were arrested were high ranking members in Anonymous. So who was arrested? Apparently, a student newspaper was able to offer some critical hints.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
The FBI yesterday conducted a major raid across the United States, netting anywhere between 14 and 16 people who are allegedly connected to hacking group Anonymous. The AntiSec movement has been responsible for several hacks including hacks on FBI contractors, police forces, political and judicial websites. For some, the FBI raids were seen as a sign of the FBI finally able to put a lid on the threat of Anonymous in the United States.
Or was it?
We looked in to several major players within the AntiSec movement and even a few minor ones as well. At the time, all but one Twitter feed was still rolling (P0keu has since tweeted as well, which made the score AntiSec: 6, FBI: 0) We also checked a number of known Anonymous websites and all were rolling along business as usual. In light of all of this, some were speculating that the FBI had done little more than arrest more than a dozen script kiddies – not exactly the high end hackers they were hoping to net in the first place.
Since then, new details have emerged about one particular person that was arrested in Florida. The Central Florida Future, a student newspaper, managed to obtain some interesting information about one person that was arrested. Apparently, it was Scott Matthew Arciszewski, a 21 year old computer engineering student that was one of the more than a dozen people that were arrested. The report points to a website in which Arciszewski discusses security issues with Infragard – one organization that was attacked by LulzSec as part of their “F**k FBI Friday” early last month. The website the article links to is broken because the website effectively no longer exists.
Of course, very little that is posted on a public webpage not blocked by a robots.txt file is ever forgotten on the internet.
We were able to dig up a Google cache page of the website. We were even able to obtain the page in which Infragard was even mentioned by Arciszewski. You can view the webpage via Google’s cache (we also saved a copy of the page). The page shows how Arciszewski fully admits right off the bat that he is not a security expert. In spite of this admission, he wrote a quick guide on how to break in to Infragard and the techniques are extremely simple.
Apparently, all that was needed was to view the Infragard website, view the source code, use a Google search that included the word “vulnerability” and you would be able to obtain the necessary tools to break in to the website. That’s apparently the level of sophistication this person was operating at. Since it was publicly posted, anyone with just about any level of hacking skill could have carried out an attack if the guide is accurate.
So, how was this particular person caught? We can only speculate, but the most likely possibility was that a DNS lookup was made by someone in the FBI. If the FBI did that, then they would have been directed to the registrar of the website which is WildWestDomains. According to WildWestDomains, the company operates in Arizona. At that stage, it was probably very easy for the FBI to force the company to hand over identifying information about the owner of the website. From there, all the FBI would have to do is move in and pick him up along with all of his equipment. Again, this is speculation, but it is very plausible that this would be how the FBI caught Arciszewski. 30 seconds of effort and one US-based company to pressure – not that difficult in the end to accomplish for an organization like the FBI.
The question is, was there evidence to suggest that it was Arciszewski that carried out the attack. The only evidence that we have is that Arciszewski merely looked at some source code and wrote a simple guide that doubled as an opinion that is critical of Infragard. For the FBI’s sake, they better hope they were able to obtain more evidence with their raid. Otherwise, if all Arciszewski merely wrote a guide and nothing more, this would be just another embarrassment for the FBI because it would then be next to impossible to really prove that he had anything to do with LulzSec attacking the website. We don’t even know if it was Arciszewski’s guide that was used to attack Infragard in the first place. It could have been a completely different method employed by a completely different person for all we know.
In any event, I look at this particular individual and I personally think that this is not a good sign for the FBI. Of course, there could be a different story with the remaining people. Maybe they picked up some others that have more promise, maybe not. Since the operation of many hacking groups have been pretty much unaffected combined with what we see here, the picture doesn’t look good for the FBI at this stage.
One could argue that all of this also reflects very poorly, on Infragard given that the attack could very well have been a Google search away. If old and vulnerable web tools were used to secure FBI contractors to begin with, I think that speaks volumes about Infragard and even speaks to the kind of companies the FBI are willing to bring under their umbrella from the private sector. Why was Infragard so vulnerable and why was the FBI willing to tap in to a company that can’t even secure their own website in a reasonable fashion?
I really wonder if the FBI is seriously having a hard time investigating the hacking groups.