March 3, 2012

Anonymous Cell gets Careless, Infiltrated, Busted

By Mark Wachtler

March 3, 2012. Mendoza, Argentina. Organized by Interpol, 25 members of the cyber-patriot group Anonymous were arrested on Tuesday in multiple countries. Typical arrests like these usually only catch low level or copycat hackers not even connected to the main Anonymous underground network. In this instance however, it appears international law enforcement officials went on a phishing expedition and were lucky enough to catch some very active members.

25 Anonymous activists arrested Tuesday in Spain, Argentina and Chile. Image courtesy of AFP.

All three countries involved in the raids are Spanish-speaking nations, which would appear to confirm the tactics government agents used to track down the hackers. According to reports, law enforcement officials from a number of countries had infiltrated a South American chat room known as a frequent gathering spot for socially conscious underground hackers such as LulzSec, AntiSec and Anonymous. There, agents did what they always do in this situation – they sat back, instigated some targeted discussion, and waited and listened for people to incriminate themselves.



In all, 25 members between the ages of 17 – 40 were taken into custody. Most of the teenagers and all the minors have been released, while a number of the adults are still in custody, mainly in Argentina. Based on announcements from both sides, it appears most of those arrested in the sweep belonged to one of two Anonymous groups, one called Anonymous Iberoamerica, and the other sounding more like an individual cell using the name Sector404.

Spain arrests

In Spain, 4 Anonymous activists including a minor were arrested. Associated Press quotes Spanish authorities as claiming that one of the four is a high-ranking leader of the group and is the owner of a number of computer servers used by the rebel hackers. The servers are physically located in eastern European countries like Slovakia and Romania. According to the same AP report, both Spanish officials and Anonymous leaders are confirming that those arrested in Spain included the high-level member who is known by the name ‘Troy’. Other names identified with the arrests Tuesday in Spain include ‘Pacotron’ and ‘Thunder’.

Chile arrests

In Chile, authorities confirmed they had released all 5 Anonymous suspects as early as Wednesday. Among those picked up in that country were two 17 year-olds. Again, statements from both Chilean authorities and Iberoamerica seem to be in agreement. Three of those arrested were computer students, one was a computer programmer and one a Colombian citizen.

Marlis Pfeiffer, a spokeswoman for the Chilean prosecutor’s office, told AP that officials were having problems with the computers, servers and other electronic equipment confiscated in the raids. The news report suggests the officials’ frustration is due to the high level of encryption and coding that Anonymous activists use, specifically for this very reason.

Argentina arrests

Officials in Argentina are not being forthcoming with details about the arrests. One Argentine official who wished to remain anonymous, pun intended, told AP that 10 adults were still being detained. There was no mention of the fate of the minors picked up in Argentina, but a statement from Iberoamerica insists that a large number of those arrested were in fact minors.



One item Argentine authorities did elaborate on was their announcement that all the arrests made Tuesday in that country were the result of details gathered from a targeted investigation into Anonymous that began only three weeks ago. In the sweep this week, authorities confirmed they confiscated more than 250 pieces of computer equipment from 15 cities across the country.

Anonymous goes on defense

There appears to have been two, possibly related, slip-ups by the Anonymous members swept up in the coordinated arrests this week. The first, already detailed above and explained by both sides, was the fact that authorities easily infiltrated a chat room used by Anonymous and simply waited for individuals to make incriminating statements, which some did.

An article from Gizmodo yesterday describes a second and much more worrisome infiltration for the underground network. As a result, the report’s author takes great joy in asking the young hackers how they like it now that the shoe’s on the other foot.

One of the many tools the leaderless group called Anonymous and its cyber soldiers use is a Denial of Service attack which merely overwhelms the victim’s computer servers, shutting out its users. Basically, it makes a web site or computer system crash. One piece of software that helps individual hackers carry out DOS attacks is an Anonymous-endorsed program called Slowloris. Unbeknownst to the underground activists however, someone had infected the Slowloris code with a virus called the Zeus Trojan.

Since then, each time an activist used Slowloris to take down a corporate or government computer network, the malicious software infected the attackers own computer system. The virus searches the victim’s own data for bank accounts, credit cards, emails, passwords and other personally and financially sensitive information. With Slowloris being such a popular tool within the hacker community, it’s assumed a large number of Anonymous members have been made victims of their own attacks.

The Gizmodo report credits Symantec with discovering the embedded virus. It’s ironic since Symantec and Anonymous have been rivals for years and are at the forefront of cyber security, always finding ways to stay one step ahead of the other. A Symantec spokesperson is quoted explaining, “Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen."

Anonymous admits carelessness

In a number of statements released on the web from various Anonymous-connected sources, leaders of the loose knit group are providing a matching account of the slip-up. They each insist that the 25 arrests made Tuesday were not the result of technical police prowess, but instead, “carelessness” on behalf of certain Anonymous members after a basic infiltration of a chat room, something anyone could do.


The news shouldn't be left wing or right wing, conservative or liberal. It should be the news. It should be independent - Whiteout Press


Releasing a statement, a female law student and supporter of the underground group who calls herself ‘Skao’ said, “The great majority of those implicated were people inhabiting the servers of anonworld.info, something that disconcerts us.” That fact alone suggests that the arrests made Tuesday may go further into the heart of the hacker collective than authorities were aware. Anonymous Iberoamerica also released a statement via AP which blamed the successful raid on, “the use of spies and informants within the movement.”

Phase 1, phase 2, phase 3

For anyone who’s lived this personally in a past life or who’s seen this movie before, they know that what both ‘Skao’ and Iberoamerica are describing above are individually phase 1 and phase 2 of any offensive launched by the global establishment, especially US authorities. Normally when taking on groups like the Mafia or the KKK, agents arrest a couple individuals who testify against higher-ups, who in turn testify against the leaders, thus bringing down the entire organization. But like many underground movements these days, Anonymous has gone the route of ‘leaderless resistance’. And that more than anything else, may have saved the global association from total destruction this week.

Phase 1 – the shotgun approach

When officials realize they are up against an entire movement, thousands or even millions of people, instead of one or two individual accused criminals, their tactics change. And when they have little or no intelligence to go on, which US authorities have reluctantly confirmed thus far about Anonymous and its allies, they go with the ‘shot gun approach’.

Agents are scattered far and wide in every nook and cranny that an Anonymous member is profiled to frequent. There, authorities simply wait and listen. Typically, all sorts of people make outrageous claims and threats, with the vast majority being hollow words. But occasionally, people brag about actual crimes, associations, tactics or other things that tip law enforcement off. That, in essence, is Phase 1 and what occurred Tuesday as described by ‘Skao’ above.

Phase 2 – participation

The tactic described above by Anonymous Iberoamerica takes the authorities’ tactics one step further - infiltrators. Instead of worrying about those who were arrested Tuesday, some within Anonymous are worried about those who weren’t. This author can think of only three reasons why any highly active member of the above Anonymous cells would not have been arrested – they agreed to work for authorities, they are the authorities, or they’re really lucky.



Sooner or later, if it hasn’t already, Phase 2 will kick in and along with arresting Anonymous members, officials will coerce them into working as informants. Then, authorities can simply sit back and collect information on hundreds, if not thousands, of activists. Working side by side with their new informants, agents will insincerely submerse themselves within the movement, often reaching even leadership positions. Then, in one fatal blow, the bulk of the global rebel group and most of its leaders will be arrested in one massive sweep.

Phase 3 – Cointelpro

Depending on which side one is on, ‘cointelpro’ is an acronym. To government officials, cointelpro stands for ‘Counter Intelligence Program’. To patriots, freedom-fighters and other anti-establishment activists, it stands for ‘Counter Intelligence Agent Provocateur’.

If Phase 1 and Phase 2 prove to be inadequate to stop the global underground hacker movement symbolized by Anonymous, authorities may escalate their war to the notorious and illegal phase, again, if they haven’t already. History gives us 3 educational examples of very different US cointelpro operations, with the first and most well-known being the FBI’s war against the 1960’s KKK.

When government agents in America’s deep south couldn’t find any evidence of illegal activities on behalf of the Klan even though it was right in front of them, they decided they could destroy the secret society by destroying the lives of its leaders and members. FBI agents relentlessly kidnapped and terrorized Klansmen. They publicly paid Klansmen money, implying the recipient was working for the Feds. They seduced the wives of Klansmen into having affairs, which agents happily exposed to their husbands, destroying marriages, families and local chapters of the Klan all over the south.

A second example is the first World Trade Center bombing in 1993 that killed 5 people in injured more than 1,000. This type of operation instigates criminal acts by otherwise law abiding citizens. Transcripts from the trial that convicted a handful of Middle East terrorists showed that US agents had such a prominent roll in the bombing, critics contend it couldn’t have happened without them. Testimony and statements by the defendants accused US officials of recruiting the terrorists, introducing them to each other, funding their attack, arranging for the purchase of the explosives and planning the details of the bombing. The convicted terrorists were willing participants, but many openly wondered why the FBI allowed the deadly bombing to take place rather than arrest the subjects just prior.

A third example of a cointelpro operation comes from local police efforts to fight criminal street gangs in America’s third largest city. With gang membership in Chicago hovering around 50,000 hardcore soldiers in the mid-1980’s, the Chicago Police Dept was overwhelmed. Court rulings and civil rights policies had handcuffed police and forced officers to treat violent gang members with kid gloves for fear of frivolous lawsuits. Their response – the Insane Fish.



It was originally a half-drunk joke by a bar full of Chicago beat cops comparing the CPD to the biggest fish in a pond full of criminal street gangs. The idea spread. Soon, gang graffiti began to appear promoting the new heavyweight criminal organization on the street. Insane Fish calling cards began appearing at crime scenes. And word had spread across the whole city that the Insane Fish were actually Chicago police officers, organized vigilantes, fighting illegal violence with illegal violence.

While the insurgent tactic of ‘leaderless resistance’ is an effective defensive weapon, it’s terrible for offense. This author has often described the strategy as yelling, “Everyone split up and run for your lives.” It’s specifically meant to protect the whole of an organization in the event one or more individual cells are infiltrated. So far, the structure has protected Anonymous cells and leaders alike. But with the revelations of just how sloppy and careless the 25 arrested members were, time will tell just how separate and leaderless the resistance really is.

For more news about Anonymous, read the following Whiteout Press articles:

Anonymous Strikes back and Digs in’ and ‘Cyber Group Anonymous Busted

SUBSCRIBE