This article originally ran in print on March 7, 2012.
The international group of computer hackers known as Anonymous lost some of its mystery Tuesday with the arrest of five men, including a 27-year-old Chicagoan, said to be connected to a clique of underground organizations with names like LulzSec that have wreaked havoc on corporate and government computer systems around the world.
Among the five taken into custody was Jeremy Hammond, a well-known Chicago hacker, who was arrested after an FBI raid on a Bridgeport home. A sixth person, Hector Xavier Monsegur, of New York, pleaded guilty in August to computer hacking charges and has been helping law enforcement officials with their investigation, authorities revealed.
The arrests represent a high-profile breakthrough in a coordinated global law enforcement effort to pursue and prosecute members of the "hacktivist" movement, which has risen to prominence as a new kind of threat to corporate and government data security. Although the information released by federal authorities brought to the surface tantalizing glimpses of the loose-knit hacktivist community's alleged operations, it also underscored how little is known about these groups and how difficult it may be for potential targets to protect themselves.
"I think the unknown here is how organized are these people, really," said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University's Maurer School of Law. "Maybe the threat is exaggerated precisely because of its mysterious nature. ... Is five all there are, or is it all (authorities) could find, in which case, where are we in the hierarchy of hacktivists?"
Data breaches and cybersecurity are well-established concerns for corporate and government entities, as well as for consumers, who conduct an increasing amount of activity, from banking to shopping to social networking, on the Internet. According to a survey to be released Wednesday by public relations firm Edelman, 70 percent of consumers globally are more concerned about data security and privacy than five years ago. Only 32 percent agree that current business practices adequately protect their privacy.
Hacktivists present a unique danger, different from the organized crime groups traditionally blamed for identity theft and such other offenses as using stolen credit card numbers. Those cybercriminals make money from selling confidential information. Profit is not always the incentive for hacktivists, who often see themselves as political radicals seeking to embarrass a high-profile target, strike a blow against corporate interests or prove they can carry off a big exploit.
"We don't know what their motivation is," said Laz Lazarikos, director of strategy at security technology firm Silver Tail Systems. "You've got somebody who's doing it for ego, somebody who's doing it for political gain, someone else doing it for financial gain, or a combination of all three."
LulzSec, one of the Anonymous offshoot groups named by federal authorities, takes its name from the term "Lulz," a variant of "LOL," the well-known Internet abbreviation for "laughing out loud." Lulz is typically used in connection with Internet pranks and trolling, or disruptive and inflammatory online behavior on forums such as message boards.
Anonymous gained notoriety starting in late 2010, when it claimed responsibility for denial-of-service attacks against the websites of Visa, MasterCard and PayPal. Such attacks involve overwhelming a computer network to disrupt regular service. Anonymous said it was retaliating against the financial firms for refusing to process donations to WikiLeaks, the online organization that publicizes classified data from whistle-blowers and other anonymous sources.
LulzSec is known for taking down Sony's PlayStation Network in April 2011 for almost a month, costing the company $170 million.
"This was a huge black eye for Sony," said Jerry Brito, director of the Technology Policy Program and senior research fellow with the Mercatus Center at George Mason University. "A lot of CEOs who were oblivious to Internet security took notice."
Other attacks linked to Anonymous and its affiliates include defacing websites, hijacking Twitter accounts and stealing confidential data. Hammond was identified in the criminal complaint Tuesday as being involved in a breach at Stratfor, a geopolitical analysis firm. Hammond and others allegedly stole personal information for about 60,000 credit card users, made unauthorized charges of more than $700,000 and published a document with links to the stolen data on a file-sharing website.
"They were exposing and mocking organizations, which does damage to reputations," said Kurt Baumgartner, a senior security researcher at Kaspersky Lab, an information-technology security company. "These guys were lashing out and trying to make a statement."
Although security experts were uncertain of the impact of the arrests on hacktivist endeavors, Barrett Brown, an informal Anonymous spokesman, told Bloomberg News those arrested represented "the de facto leadership" of Anonymous and LulzSec.
Still, the highly decentralized nature of the organizations, with their dizzying network of offshoot groups and members claiming multiple aliases and allegiances, won't make it easier to combat future security threats. Experts surmised that other hacktivists could retaliate against the arrests by conducting fresh attacks or publishing new batches of stolen data that haven't been disclosed.
"My guess is it will have almost no impact whatsoever," Cate said. "It will be newsworthy and morale building for the forces of good, if you will, but I'm not sure it will have any dramatic (positive) effect. It could have quite the opposite."
In addition to Hammond and Monsegur, federal authorities in New York charged four other men connected to the groups Anonymous and LulzSec with computer hacking and other crimes. They were identified as Ryan Ackroyd, Jake Davis, Darren Martyn and Donncha O'Cearrbhail.
According to the complaint against Monsegur unsealed Tuesday, one of his hacks involved accessing Tribune Co.'s computer systems in early 2011 using misappropriated credentials. A source said the Chicago Tribune, which is owned by Tribune Co., was among a number of companies and organizations targeted.
Tribune Co. spokesman Gary Weitman declined to comment.
Last month, the Tribune's Facebook page was flooded with comments calling for the media to fight for the release of jailed Saudi writer Hamza Kashgari. Anonymous had directed its Facebook followers to post prewritten messages on the Tribune's Facebook page, as well as that of The Wall Street Journal. The campaign was relatively benign, compared with previous actions, but made the group's presence known.
The message ended with: "We are Anonymous. We are millions. We do not forgive. We do not forget. Expect us!"
Todd Lighty and Annie Sweeney contributed.