Splinter Group Says Document Outs Anonymous Members

2011-03-22T17:17:45
ID THREATPOST:03824D36AAA1B67DC3EAF557485DBBA8
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:34:54

Description

Anonymous PDFThe veil surrounding the group Anonymous may be falling, now that a group claiming to have defected from the ranks of the online mischief making group has begun publishing what it claims are the identities of the hacker collective’s leadership and their roles in recent high profile hacks, including the theft of e-mail from security firm HBGary Federal.

Late Monday, the group, dubbed Backtrace Security, published a PDF that claimed to identify- or partially identify close to 80 members of Anonymous’s leadership by name, and provide mailing addresses, e-mail and social networking accounts for many of those members. The release of the document on the Website, Anonymousdown is the latest in a string of efforts in recent days to poke holes in the wall of anonymity that shields the group’s members.

According to the published list, Anonymous’s top ranks are made up of some eighty individuals scattered mostly across the U.S., Canada and Western Europe, and as far away as Australia and New Zealand. Some of the identities floated in the list have appeared in print before in connection with the group. For example, the record for ‘Kayla,’ an Anonymous member who claims to be a teenage girl identifies the user of that ‘nick,’ or IRC ID, as a New Jersey based hacker Corey Barnhill. That name turned up in a recent Forbes.com profile, as well.

However, Threatpost has not confirmed that any of the individuals named in the document are Anonymous members and will not publish those names until it has. A source responsible for compiling the list acknowledges that there is reason to believe that some of the names that appear in the PDF could be incorrectly linked to Anonymous.

Anonymous spokesman Barrett Brown said the list contains inaccuracies, though he said he did not know the identities for most of the group’s members himself.

“They’ve got some small parties, some of whom are hooked up (with Anonymous) and some of whom are not,” he said. Among other things, Brown said the individual identified as the Anonymous user Baas was incorrect, as was the identity for prominent member Topiary, who Brown claimed was BackTrace’s main target.

“I know they don’t have his ID correct,” Brown said.

Brown pointed out that being a part of Anonymous isn’t illegal, in and of itself. However, the published identities could be an aid to law enforcement organizations that are investigating crimes, including the hack of HBGary Federal as well as denial of service attacks on Paypal, Visa and MasterCard. Those attacks have been attributed to Anonymous.

The FBI declined commenting on the publication of the document claiming to identify Anonymous members as there is an ongoing investigation.

The leaks regarding Anonymous’s membership began last week, with the publication online of a document that purports to be the log of IRC chat logs for #HQ, an invite-only channel on Anonops, the group’s network of IRC servers that was frequented by Anonymous’s leadership. Other disclosures followed over the weekend and on Monday, including the publication of a file containing what are purported to be 89 stolen IRC account login credentials belonging to Anonymous members.

Brown said the group was aware of the campaign against it by Backtrace and said that the leaked IRC logs were legitimate. “We cracked those logs yesterday and someone read through them a bit and didn’t seem to be too concerned,” Brown wrote.

Brown claims that BackTrace was a group that was affiliated with th3j3st3r, an online activist best known for launching a denial of service attack on Wikileaks for its publication of leaked U.S. diplomatic cables. Brown said the individuals behind BackTrace are also behind the Anonymousdown Web site and Twitter accounts like @faketopiary and @fakegregghoush that have been publishing links that claim to out, or “dox,” Anonymous members in recent days. Brown said the group was also compiling information on him and his former acquaintances, including an “ex-girlfriend’s 16-year-old daughter” as part of their research on Anonymous.

The back and forth is evidence of what appears to be a civil war between current and former members of the shadowy online mischief making group. The first salvo came on Friday with the release of the IRC chat log containing what appears to be damning evidence connecting a small group of Anonymous members to the hacks of HBGary, Gawker Media as well as online actions against Visa and Paypal that were dubbed “Operation Payback.” A copy of the file was obtained by Threatpost and has also been posted online on the Web site of backtracesecurity.com, a Web site set up by the former Anonymous members.

In an interview with Forbes.com, a spokesman for BackTrace, who used the name Hubris, said the group “aims to put an end to Anonymous ‘in its current form.'” According to the article, BackTrace’s members have become disenchanted with Anonymous’s more strident, political activism – a change from the group’s roots as an anarchic prank-oriented collective whose biggest target had been the Florida based Church of Scientology. “Anonymous has never been about revolutions. It’s not about the betterment of mankind. It’s the Internet hate machine, or that’s what it’s supposed to be,” Hubris is quoted as saying.

The #HQ log covers IRC chats between the Anonymous members from February 8 through February 19, 2011. It picks up in the immediate aftermath of the compromise of security firm HBGary, depicts a small circle of Anonymous members reveling in the success of that action and gearing up for further attacks on HBGary partners Palantir and Berico and D.C. law firm Hunton & Williams, but also fearing that their identities will be exposed to law enforcement.

If accurate, the IRC log tends to support analysis, put forward by former HBGary CEO Aaron Barr, among others, that Anonymous is less a leaderless collective than a small cadre of skilled hackers with legions of mostly passive followers. Ironically, it was the efforts of HBGary Federal CEO Aaron Barr to similarly identify the Anonymous membership that led to the hack of HBGary in the first place, the theft and publication of tens of thousands of confidential e-mail messages and Barr’s eventual resignation.

At the time, Anonymous members alleged that Barr’s efforts to publicly identify its members were woefully inaccurate, and Barr himself acknowledged that the leaked profiling work was incomplete.

Brown said the methods used by BackTrace to gather information were “weird” and unreliable. He said that those behind the group were former Anonymous members, but that he and other members were not yet sure of their real identity.

“There’s a name floating around, but I can’t confirm it’s (them),” he said. As with the attack on Barr, Anonymous wouldn’t refrain from retaliating when it is confident it has identified the individual or individuals behind BackTrace and Anonymousdown, he said.