The hacktavist organization known as Anonymous recently posted on its website a “hacked” 16-minute conference call between the F.B.I. and other foreign agencies, including Scotland Yard. Officials at the F.B.I. state that the call was “intercepted,” as opposed to “hacked.” According to the F.B.I., an e-mail had been sent “on Jan. 13 to more than three dozen people at the [F.B.I.], Scotland Yard, and agencies in France, Germany, Ireland, the Netherlands and Sweden. One recipient, a foreign police official, evidently forwarded the notification to a private account[…] and it was then intercepted by Anonymous.” The F.B.I. said that it is always looking for ways to make their communications more secure, but how do they prevent a person from sending information to a private account? How did Anonymous know to track that particular individual’s private account? Hackers understand that manipulation of technology is not the only way to obtain unauthorized information, they can play on the complacency of the human character. Data security vigilance does not end when the power goes off on the laptop.
The real issue for law-enforcement officials is they need to be better educated about how they handle sensitive data on their e-mails[.]”
By the F.B.I.’s own admission, the interception was not that sophisticated, yet it was enough to cause embarrassment to the agencies involved. The New York Times reported that “[t]he hackers could have penetrated the law-enforcement official’s personal e-mail account by guessing a weak password, sneaking into an unencrypted wireless network, or, most likely, with a common and relatively easy tactic known as a phishing attack, said Keith Ross, a computer science professor at Polytechnic Institute of New York University and a security expert. A phishing attack involves sending an e-mail that looks like it is from a friend or relative and persuading the recipient to click on a link that allows every keystroke entered on that particular computer to be recorded. Recording keystrokes is an efficient way to steal someone’s e-mail username and password.”
The group also claims to have hacked into the website of a D.C. law firm, Puckett & Faraj, and was able to obtain “mails, faxes, and transcriptions” related to a case involving Marines who allegedly killed 24 civilians in Haditha, Iraq, in 2005. This can be embarrassing for a law firm, especially when the communiques were likely privileged information.