LONDON/WASHINGTON Internet activist group Anonymous published a recording on Friday of a confidential call between FBI agents and London detectives in which the law-enforcement agents discuss action they are taking against hacking.
British police said they were investigating reports of the illegally recorded call, and the FBI said a criminal investigation was under way into the incident.
Anonymous also published an email inviting participants to the call, with dial-in details, in which an FBI agent wrote that investigations relating to Anonymous, LulzSec, Antisec and associated splinter groups would be discussed on the call. (pastebin.com/8G4jLha8)
Anonymous and fellow group LulzSec have carried out a number of high-profile hacking actions against companies and institutions across the globe including the Central Intelligence Agency, Britain's Serious Organized Crime Agency, Japan's Sony Corp and Mexican government websites.
On the 16-minute-long call, one British detective is heard discussing an alleged 15-year-old hacker who they described as "a bit of an idiot" who was doing it for attention. (here)
He also tells his U.S. counterpart hosting the call that "we cocked things up in the past" when he is thanked for the help they are providing.
In other fairly unremarkable exchanges, they also discuss at length the merits of the northern English town of Sheffield where a cyber security conference was to be held.
Britons Ryan Cleary and Jake Davis, who have both been charged with hacking-related offences, are discussed on the call. The names of other alleged hackers are bleeped out.
Peter Donald, a spokesman for the FBI in New York, said on Friday: "The information obtained on the call was intended for law enforcement only. It was illegally obtained and a FBI criminal investigation is under way."
An FBI official said the FBI's systems were not hacked into, and the discussion did not include classified material.
The official said the conference call dial-in details were sent in an email to officials and someone forwarded it to a private, non-government email account which was compromised at some point.
London's Metropolitan Police (MPS) said in a statement: "We are aware of the video, which relates to an FBI conference call involving a PCeU (Police Central e-crime Unit) representative."
"The matter is being investigated by the FBI. At this stage no operational risks to the MPS have been identified; however, we continue to carry out a full assessment," the MPS said.
An official involved in coordinating international efforts to crack down on cyber crime said that law enforcement agencies sometimes do not carefully authenticate the identity of people who dial in to participate on conference calls.
The email released by the hackers that appears to be the one the FBI sent out to organize the teleconference asked all participants to use a single code to gain entry to the call.
That official, who declined to be identified by name because he was not authorized to publicly comment on the matter, said that the call would have been more secure if attendees had each been assigned unique access codes and been required to identify themselves by name upon dialing in.
If a hacker had dialed in using somebody's unique access code and somehow made it past initial screening, the organizers may have possibly identified a breach when it became clear that two parties were using the same dial-in credentials, said the official.