Jerry Brito

Some interesting questions about LulzSec, WikiLeaks and Stratfor

On my podcast this week I talk to Gabriella Coleman, a McGill University anthropologist who is an expert on Anonymous. We talk about the origins of the movement, about its LulzSec offshoot, and the recent arrests. It’s a fascinating topic and I hope you’ll take a listen. There’s one thing about the investigation, that I find especially fascinating: that the Stratfor breach and the transfer of its emails to Wikileaks happened as the FBI watched.

The timeline of events as I understand it from news reports and court documents is this:

Hector Xavier Monsegur, a.k.a. Sabu, was arrested on June 7, 2011, and plead guilty to computer crimes on August 15, 2011.

Jeremy Hammond, a.k.a. Anarchaos, told Monsegur (and by extension the FBI) about his plans to target Stratfor as early as December 6. By December 14, Hammond had successfully rooted Stratfor. Around December 19, at the direction of the FBI, Monsegur offered Hammond a server on which to store the pilfered Startfor emails, which he accepted.

On December 24, the group made the hack public by defacing the Stratfor website. “By January 11,” according to Ars Technica, “the group working with Hammond had started to unpack the contents of the Stratfor servers onto the server provided by Monesgur—providing a treasure trove of evidence for the FBI.”

They did not, however, release the emails publicly as they’d previously done when they’d breached law enforcement servers. Instead, the emails would not begin to be released until February 27 when Wikileaks announced it had acquired them and would be their exclusive distributor. How the emails got from Hammond to Wikileaks remains a mystery.

The FBI began physical surveillance of Hammond on February 29, 2012 and he was arrested on March 6.

First interesting question: Did the FBI warn Stratfor about the impending attack? Or were they allowed to be a sacrificial lamb? There are sketchy and conflicting reports on this.

The New York Times cites an anonymous FBI sources saying that “they learned of the Stratfor breach on Dec. 6, after hackers had already infiltrated the company’s network and were knee-deep in Stratfor’s confidential files. … The F.B.I. said that it immediately notified Stratfor, but said that at that point it was too late.” This seems to be at odds with the complaint filed against Hammond, which states that on December 6 he was merely attacking the Stratfor server and had not yet gotten full access.

Then we have this from Security News Daily:

An FBI official briefed on the matter told SecurityNewsDaily Thursday (March 8 ) that Stratfor was indeed tipped off about the impending attack.

“We told them it was going to happen, but they kept us at arm’s length and said they could handle it themselves,” the official, who declined to be named, told SecurityNewsDaily. “Then when it did happen, they came running back to us.”

So did the FBI warn Stratfor before or after the hack? As far as I can tell, no one else has reported on this.

The other interesting question is what the FBI knew about the connection to Wikileaks and when did it know it. At some point between December 6 and February 27, the small group that hacked Stratfor had to discuss giving the emails to Wikileaks, and one would imagine that Monsegur would have been included in that conversation. How did the idea emerge? Who first suggested it? Did they approach Wikileaks or did Wikileaks approach them?

The chat transcripts released in court documents contain no mention of Wikileaks, and there’s no reason they should. Prosecutors would only have included evidence to support the charges at hand. But, how much did the FBI know of the hand-off to Wikileaks, and could it have prevented it?

Some are suggesting that the entire LulzSec/Antisec investigation is actually a carefully orchestrated operation meant to nab Julian Assange. I have a hard time believing federal investigators were playing that long of a game. Yet it’s very likely the FBI has evidence of the transfer of emails to Wikileaks. What, if anything, will it do with that information?

Bitcoin, Silk Road, and Lulzsec oh my!

Earlier this week, Adrian Chen wrote a great exclusive for Gawker about the online market for illicit drugs Silk Road. I strongly commend the piece to you. The site is only accessible via the anonymizing router network TOR, although it is viewable using tor2web. Transactions are made using bitcoins, the virtual digital currency I’ve previously written about, and which I explain in a new video for Reason.tv (below), also out this week.

After his piece was published, Chen added the following addendum:

Update: Jeff Garzik, a member of the Bitcoin core development team, says in an email that bitcoin is not as anonymous as the denizens of Silk Road would like to believe. He explains that because all Bitcoin transactions are recorded in a public log, though the identities of all the parties are anonymous, law enforcement could use sophisticated network analysis techniques to parse the transaction flow and track down individual Bitcoin users.

“Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb,” he says.

I’ve been asked by several folks about this: just how anonymous is bitcoin? My answer is that we don’t exactly know yet. Yes, all transactions are recorded in the public ledger that is the bitcoin network, but all that means is that you can see how many bitcoins were transferred from one account on the network to another account. This tells you nothing about the identity of the persons behind the accounts. Theoretically, you could identify just one person on the network and ask them (or coerce them) to identify the persons from whom they received payments, then go to those persons in turn and ask them who they accepted payment from, etc., until you’ve identified everyone, or just a person of interest. But you can imagine all the reasons this is impractical. More likely, a bitcoin user will be revealed through identifying information inadvertently revealed in the course of a transaction.

That all said, it seems that this week has also brought us a “natural experiment” that might settle the issue. LulzSec, the hacker group responsible for the recent PBS hack, this week announced that it has compromised the personal information of over a million Sony user accounts and has released a batch of 150,000. Here’s the thing: LulzSec is accepting donations via Bitcoin and say they have received over $100 so far. The group’s bitcoin receiving address is 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP. Also, while in control of PBS.org, the group offered vanity subdomains (e.g. techliberation.pbs.org) for 2 BTC each.

So, here’s a high-profile group the FBI and Secret Service are no doubt itching to get their hands on. A bitcoin receiving address for them is public. I guess we’ll find out how anonymous it is.