Operation AntiSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Anonymous released their first cache of the operation on 27 June 2011, taken from an anti-cyberterrorism program run by the United States Department of Homeland Security and Federal Emergency Management Agency. They continued attacks on the Arizona government. They also launched attacks against the governments of Brazil, Zimbabwe, and Tunisia. Their most recent attacks have been against large corporations, NATO, and various United States law enforcement websites. Anonymous has used the stolen credit card numbers of police officers to make unauthorized donations to various causes. Others have also committed hacks in the name of the operation, including a hack into the Fox News Twitter account to post a false news story about the assassination of President of the United States Barack Obama and attacks on the websites of government entities in various countries. The groups involved have published sensitive government and corporate information, as well as the email addresses, names, and social security numbers, and credit card numbers of website users.

Law enforcement has launched investigations into many of the attacks committed as part of Operation AntiSec. At least seven arrests have been made in connection to activities related to the operation, including the arrests of two purported LulzSec members, a man who provided LulzSec with security vulnerability information, and four alleged members of AntiSec NL, a group inspired by the operation.

Background
The LulzSec hacking group formed in May 2011 and came to international prominence after hacking the websites of the Public Broadcasting Service, Sony, and the United States Senate. Initially, the group claimed to hack "for the lulz" and to enjoy the chaos that follows their intrusions. However, on 20 June 2011, the group announced that they were teaming up with hacking collective Anonymous for a series of attacks they dubbed Operation Anti-Security or Operation AntiSec. The press release accompanying the beginning of the operation called for supporters to steal and publish classified government documents under the name AntiSec. Major banks and corporations were also mentioned as potential targets. Though LulzSec disbanded as a group on 26 June 2011, members have been reported to be continuing the operation from within Anonymous.

The groups involved claim that the operation aims to protest government censorship and monitoring of the internet. LulzSec members also mention ending what they believe are corrupt racial profiling and copyright laws as a goal of the operation. The War on Drugs has also been given as a reason for particular hacks. In contrast, USA Today described the operation as cyberwarfare targeting governments and large corporations.

LulzSec activities
 June 2011 

LulzSec launched the first attacks of the operation against the Serious Organised Crime Agency, the national law enforcement agency of the United Kingdom that handles cybercrime. The group launched a distributed denial-of-service attack against the agency's website on 20 June, taking it offline for only a few minutes. On the same day, they knocked the website of the Jianhua District in Qiqihar, China, offline.

On 23 June, the group released a large cache of documents taken from the servers of the Arizona Department of Public Safety. The release, titled "chinga la migra", roughly translating to "fuck the border patrol", including email addresses and passwords and hundreds of documents marked "sensitive" or "for official use only". The group claimed that they did so in retaliation for the passage of Arizona SB 1070, a law they saw as leading to unjust racial profiling. Arizona complained that the release of officer identities and the personal information of their families could put them and their families in danger and gave those exposed security protection. In response, they mobilized the Arizona Counter Terrorism Information Center and locked remote access of Department of Public Safety email accounts.

On 25 June 2011, the group released what they described as their last dump of the operation. The release contained a large amount of information from varied sources. Included was information from numerous companies, including half a gigabyte of data from telecommunications company AT&T and IP addresses from Sony, Viacom, Disney, EMI, and NBC Universal. The AT&T portion included information pertaining to the release of the 4G LTE, 90,000 personal phones used by IBM, and the development of the iPad 3. It also contained over 750,000 usernames and password combinations, including 200,000 from hackforums.net, 12,000 from the NATO online bookstore, 500,000 from the online video game Battlefield Heroes, 50,000 from various video game forums, and 29 from Irish private investigation company Priority Investigations. Finally, an internal manual for AOL engineers and a screencapture of the United States Navy website navy.mil after being vandalized.

On 22 June, an offshoot of the group calling themselves LulzSecBrazil took down the website of the Government of Brazil, brasil.gov.br, and the President of Brazil, presidencia.gov.br. They also targeted the website of Brazilian energy company Petrobras. On 24 June, they claimed to publish access codes and passwords to the Petrobras website along with personnel profiles. However, the company denied that any information had been stolen, and the group removed the claim from their Twitter feed a few hours later. The group also published the personal information of President of Brazil Dilma Rousseff and Mayor of São Paulo Gilberto Kassab.

 July 2011 

Despite claiming to have retired, on 18 July LulzSec hacked into the website of British newspaper The Sun. The group redirected the newspaper's website to an also-hacked redesign website of another newspaper The Times, altering the site to resemble The Sun and posting a fake story claiming that Rupert Murdoch had died after ingesting a fatal dose of palladium. They objected to the involvement of News Corporation, the Murdoch-owned company that publishes The Sun and The Times, in a large phone hacking scandal. The hacked website also contained a webcomic depicting LulzSec deciding on and carrying out the attack. The group later redirected The Sun website to their Twitter feed. News International released a statement regarding the attacks before having the page the statement appeared on also redirected to the LulzSec Twitter page and eventually taken offline. The group also released the names and phone numbers of a reporter for The Sun and two others associated with the newspaper and encouraged their supporters to call them. The group further included an old email address and password of former News International executive Rebekah Brooks. News Corporation took the websites offline as a precaution later in the day.

June 2011
On 27 June 2011, Anonymous published information relating to the Cyberterrorism Defense Initiative's Security and Network Training Initiative and National Education Laboratory program, or Sentinel program, an operation run by the United States Department of Homeland Security and Federal Emergency Management Agency. The hack included information that the agency distributed in 2009 and contained resources on publicly available hacking software, a list of Federal Bureau of Investigation bureau locations, details on counter-hacking tools, and form letters that law enforcement agencies used to obtain user details from internet service providers.

On 28 June, the group released the second collection of documents stolen from the Arizona Department of Public Safety during Operation Anti-Security. Dubbed "Chinga la Migra Communique Dos", or "Fuck the Border Patrol Message Two", the data file contained the names, addresses, phone numbers, internet passwords, and social security numbers of a dozen Arizona police officers. It also contained the emails, voicemails, chat logs of some of them; in at least one instance it included sexually explicit photographs from one of the officer's girlfriends. Anonymous also claimed that the documents included officers forwarding racist chain emails, evidence of K-9 unit officers using percocet, and a Fraternal Order of Police member who is also a convicted sex offender. Anonymous noted that their motivation stemmed from a desire to make police officers "experience just a taste of the same kind of violence and terror they dish out on an every day basis."

On the same day, the group released information obtained from various government sources. Government data from Anguilla, passwords from servers belonging to the Government of Brazil, the users of Zimbabwe government websites, and data from the Municipality of Mosman council were included. The Mosman council dump included mainly publicly available information from the website as well as a not-publicly-available prototype version of the website that had not yet been launched. They claimed to also have access to all Zimbabwean government websites ending in gov.zw. Most of the information and control were given through SQL injection. Anonymous claimed they targeted Brazil for what they saw as data manipulation and Zimbabwe for the controversial 2008 Zimbabwean presidential election. They also gained control of a website belonging to the Government of Tunisia. They replaced the webpage with a graphic representing Anonymous with text reading "The Internet is the last frontier and we will not let corrupt governments spoil it. We are Anonymous, We are LulzSec, We are People from around the world who are stepping in the name of freedom". The release also included a file containing internal mapping of Viacom servers as well as passwords and data from umusic.com, a website of Universal Music Group. They also released the names of 2,800 members of the Black Eagles paramilitary group.

July 2011
On 1 July, Anonymous once again targeted Arizona law enforcement by publishing a number of backdoors that could be used to access Arizona police servers to Pastebin. Arizona was forced to pull many websites offline for a time. Websites affected included those of the Department of Public Safety and Mariposa chapter of the Fraternal Order of Police. They also claimed to have found "anti-Muslim" emails during the attack. On 3 July, Anonymous hacked into the database of the Democratic Party of Orange County, Florida. They published a partial membership list and a handbook for precinct committee members. The hack was also considered part of the group's OpOrlando plan. On 4 July, Anonymous released a document containing 27 administrative usernames and passwords from an Apple Inc. system used to operate online technical support follow-up surveys. The encrypted passwords were taken from an SQL database.

Anonymous launched what it dubbed "Turkish Takedown Thursday" on 6 July. They posted internal data from over one hundred .tr websites and brought down and replaced the content of 74 of them. The 74 sites had their normal pages replaced with an Antisec logo and a message denouncing supposed attempts at internet censorship by the Turkish government. Websites affected included that of a children's hospital, but not of any key government agencies. On the same day, the group released database dumps taken from 20 universities in Italy. Two days later, Italian police arrested 15 alleged members of Anonymous ranging in age from 15 to 28. The group vowed revenge for the raids.

On 8 July, the group claimed responsibility for hacks against IRC Federal, an engineering firm that contracts with the Federal Bureau of Investigation and other agencies of the United States federal government. Internal database documents and personnel email were stolen during the attack. The group also claimed to have vandalized the firm's website and forcing them to take it offline. The group says that in the documents procured, they found a proposal to the FBI for the firm to produce a "Special Identities Modernization (SIM) Project" that would help identify those who might present a criminal or terrorist risk in the future, fingerprinting contracts with the United States Department of Justice, and biometrics contracts with the military. They also claimed to have obtained information allowing them to log into various virtual private networks and access panels belonging to the United States Department of Energy. They also sent a message to company employees urging them to work against the government rather than for it. The hack was done with a simple SQL injection.

On 11 July, Anonymous hacked into systems belonging to defense contractor Booz Allen Hamilton, breaking through barriers that the group described as having "no security measures in place." They released what they said were 90,000 email accounts and encrypted passwords from United States Central Command, United States Special Operations Command, the United States Marine Corps, the United States Air Force, the United States Department of Homeland Security, United States Department of State, and various private sector contractors, calling the released "Military Meltdown Monday". They also sarcastically posted an invoice charging the company for "security audit services rendered". Despite Anonymous' claims that 90,000 emails were released, the Associated Press counted only 67,000 unique emails, of which only 53,000 were military addresses. The remainder of the addresses came from educational institutions and defense contractors. The Department of Defense said they were aware of the incident and were coordinating with other agencies for a response. Booz Allen confirmed the intrusion on 13 July, but contradicted Anonymous' claims in saying that the attack never got past their own systems, meaning that information from the military should be secure.

On 12 July, the group attacked the web servers of agricultural biotechnology company Monsanto and released information on the company's employees, including names, addresses, and email addresses. The group claimed they performed the attack to protest the company's lawsuits against farmers who manufacture organic milk in an effort to stop them from stating on the label that their milk does not contain artificial Bovine Growth Hormones. Monsanto confirmed the attack but claimed that only about ten percent of the information published came from current or former employees of the company. They said that the other ninety percent were email addresses and names of media contacts and employees of other agricultural companies.

On 21 July, Anonymous released two PDFs purportedly taken from servers belonging to NATO. They claimed via Twitter to have obtained around one gigabyte of data that they would release portions of over the course of a few days. The group claimed that some of the data was so sensitive that they felt it would be irresponsible to release, and thus would only make a portion of what was taken available. The first two documents released relate to outsourcing communication and information services (CIS) in Kosovo and the funding request for the project.

The Austrian branch of Anonymous hacked the website of the Austrian Gebühren Info Service, the television license agency run by the Austrian national public service broadcaster, on 22 July. They accessed 214,000 records containing personal information and stole the banking data of 96,000 people from the server. The counter-terrorism bureau of the country launched an investigation and were preparing to file criminal complaints against those involved.

On 25 July, first posted confidential information that they claimed came from the Italian Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche, translated as the National Anti-Crime Computer Center for Critical Infrastructure Protection, an agency tasked with protecting vital computer systems for the country. The Twitter account @anonesc posted less than 100 megabytes of data, but they claimed to have taken over eight gigabytes. The data related to oil, nuclear, and other firms deemed to be involved in "critical infrastructure", as well as government agencies including the Department of Defence of Australia.

On 29 July, Anonymous hacked the FBI-contractor ManTech International. They posted a PDF of a résumé sent into the company as proof that they had infiltrated their systems. Anonymous claimed that the attack would be the first part of a promised "Fuck FBI Friday", or FFF, campaign as part of the larger Operation AntiSec. They published 400 megabytes of content from the company later the same day. The internal documents generally concern contracts that ManTech has with NATO, the nature of which Anonymous claims shows a waste of taxpayer money. The files also include dealings with the United States Army and a list of employee emails.

On 31 July, Anonymous attacked the websites of 77 different law enforcement websites hosted on the same server. As much as 10 gigabytes of data was taken, including the personal information of police officers from numerous jurisdictions. Emails were also taken, as well as the confidential information of inmates and confidential informants, though not released yet. Anonymous said that they would redact inmate names but would release the names of all " informants who had the false impression that they would be able to 'anonymously' snitch in secrecy." The release also included a demand that all arrested members of Anonymous be released immediately. Some of the information released, however, was already publicly available. They proceeded to release the social security numbers of over 100 police officers from the Missouri Sheriffs' Association website. The following Saturday, 6 August, they released a cache of data from the websites title "Shooting Sheriffs Saturday Release" which included the information taken from law enforcement websites. Large amounts of personal information was included, with Anonymous stating, "We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information. For too long they have been using and abusing our personal information." Anonymous claimed that their motive was revenge over the arrests of a number of participants in previous operations and of LulzSec and Anonymous member Topiary. They also used stolen credit card numbers to make donations to the American Civil Liberties Union, Electronic Frontier Foundation, and the Chelsea Manning Support Network.

August 2011
On 16 August, Anonymous gained access to the email account of Richard Garcia, former assistant director in charge of the FBI field office in Los Angeles and senior vice president of Vanguard Defense Industries, in the name of AntiSec. They claimed that the firm's relationships with United States military and law enforcement organizations made it a legitimate target as part of the operation. They also claimed to have breached the company's website, which was running on a WordPress platform, though the company says that their website was never affected. The group released 1 gigabyte of information three days later, all of it taken from Garcia's personal email account; it mainly related to Garcia's former role with InfraGard.

September 2011
In retaliation for arrests of people who allegedly participated in Operation AntiSec, and especially Topiary, Anonymous attacked the website of the Texas Police Chiefs Association. On 1 September, the group defaced the website and released documents from it marked "law enforcement sensitive" and "for official use only". The release also included police officer private email. The same day, the group brought down the website of the United States Court of Appeals for the Ninth Circuit for the justice system's characterization of Anonymous activities as "cyber-terrorism".

October 2011
On 21 October, announced a dump of data related to law enforcement in support of the Occupy Wall Street and Occupy movement. The dump including data taken from the International Association of Chiefs of Police, Boston Police Patrolmen's Association, and the Sheriff's office of Baldwin County, Alabama. A number of police websites virtually hosted together also had their content replaced with an anti-police rap video. The dump 600 megabytes of information including membership rosters, internal documents, and social security numbers from the International Association of Chiefs of Police; nearly 1000 names, ranks, addresses, phone numbers, and social security numbers of police officers in Jefferson County, Alabama, and Birmingham, Alabama; 1000 names and passwords of members of the Boston Police Patrolmen's Association; and the financial information and client list of web developer and marketing company Matrix Group, a business with several law enforcement clients. AntiSec claimed that at least 40 law enforcement related websites were included in the attack.

November 2011
On 18 November 2011, Anonymous posted 38,000 email messages from the Gmail account of Alfredo "Fred" Baclagan, a special agent supervising computer crime investigations with the California Department of Justice and the Computer and Technology Crime Hightech Response Team, to a site on Tor and to The Pirate Bay. They also added what they claimed were Baclagan's personal home address and phone number. The group claimed the action as part of their attack on law enforcement in support of the Occupy movement and in protest for prosecution of computer criminals in general. They also claimed to have read his text messages, listened to his voicemail, and used his Google Voice account to call and text his friends and family. They also purchased a camera using his Google Wallet. The release includes forensic experts discussing techniques for tracking cybercriminals and how different companies respond to law enforcement requests for information.

September 2012
On 4 September 2012, 1 million unique device IDs for Apple products were published by a group associated with Anonymous. The group claimed that the 1 million IDs were part of a dataset of 12.36 million records taken from an FBI laptop. The FBI responded by saying they were not aware of any unauthorized data release. Going further the FBI also stated that there is no reason that they have "sought or obtained" the data that was "stolen".

According to an Ars Technica article published on 10 September: "A digital publishing company named BlueToad has come forward to take responsibility for the leak of a million iOS unique device identifiers (UDIDs) that were previously attributed to an alleged FBI laptop hack. In a number of interviews published Monday, BlueToad apologized to the public for the incident, explaining that hackers had broken into the company's systems in order to steal the file."

Actions by other groups and individuals
The original announcement of Operation Anti-Security included a call from LulzSec to spread the name "AntiSec" through physical graffiti. A few days after, a number of locations in Mission Beach, San Diego, were vandalized with pieces of graffiti reading the phrase.

On 4 July, a Fox News Twitter account (@foxnewspolitics) was hacked and false tweets reporting that President of the United States Barack Obama has been shot three times and killed were sent from the account. The Script Kiddies, a group with close ties to Anonymous including two hackers with former membership in the group, claimed responsibility for the attack and hoax. The group claimed that the action was in the name of Operation Anti-Security and that they would continue looking to expose information on corporations "to assist with antisec." The United States Secret Service is investigating the incident as a threat on the President. The group subsequently hacked into the Facebook page of pharmaceutical company Pfizer, claiming they did so for "moral reasons" as part of AntiSec. They posted numerous messages to the company's Facebook wall mocking their security.

On 4 July, someone going by the name f1esc posted a file to The Pirate Bay containing 600 megabytes of information described as national "AU election data" and labelled with the tag #Antisec. In reality, the data concerned the 2011 New South Wales state election and was taken from a government website designed to provide election results where the data was publicly available, and the data proved freely accessible information instead of a hack. In early July, the group RedHack hacked into and defaced over 1000 websites based in Turkey. They claimed to do so both to mark the anniversary of the Sivas massacre and as part of Operation Anti-Security. The websites belonged both to agencies of the Government of Turkey and Adnan Oktar, an Islamic creationist. The group vowed to continue contribution to the AntiSec operation.

On 6 July, a hacker called p0keu released of around 2,658 usernames, passwords hidden behind hash functions, and email addresses from the blog TamilCanadian.com. He gave no reason for why he chose the website to attack other than that he did so under the AntiSec label. On 14 July, he leaked part of the Stevens Institute of Technology website database. At least 31 of the records in the database contained plain text files with email addresses, user names, and passwords of site users. p0keu posted the user information to Pastebin. p0keu has continued hacking, but has not labelled all of his releases with the AntiSec slogan.

In the Netherlands, a splinter group inspired by LulzSec formed, calling themselves AntiSec NL. The group hacked into the websites of online dating service pepper.nl and software company Nimbuzz. Four people believed by police to be members were later arrested.

On 24 July, a group called BashCrew hacked the website of the House of Representatives of the Philippines in the name of AntiSec. The names, telephone numbers, and email addresses of members of the Filipino Congress were released via Pastebin, with the group claiming that they may also release blood types and the private websites of some members.

A hacker going by the name Thehacker12, a self-purported AntiSec supporter but not a member of Anonymous, released data stolen from event management company allianceforbiz.com on 24 August 2011 on Mediafire and Pastebin. The release contained a spreadsheet of usernames, email addresses, passwords, employers, and other information of around 20,000 people, many of them United States government employees or contractors. The organization with the most employees compromised was the Small Business Administration.

Law enforcement response
Law enforcement agencies in various countries have arrested or searched the property of alleged participants in Operation AntiSec. These suspects have come from different groups who carried out attacks as part of the operation. On 11 July, prosecutors in the Netherlands released details of the arrests of four suspects aged 17, 18, 25, and 35. All were located in different Dutch and cities and accused of being part of the hacking group AntiSec NL, an operation participant inspired by LulzSec. On 19 July 2011, the London Metropolitan Police announced the arrest of possible core LulzSec member T-flow. A 16-year-old male was arrested in South London on charges of violating the Computer Misuse Act as part of an operation involving the arrest of several other hackers affiliated with Anonymous in the United States and United Kingdom. On the same day, the FBI arrested 21-year-old Lance Moore in Las Cruces, New Mexico. He was accused of stealing thousands of documents and applications from AT&T that LulzSec published as part of their so-called "final release" of the operation. LulzSec denied that any of their membership had been arrested, stating "there are six of us, and we're all still here." The four, going by the online handles Ziaolin, Calimero, DutchD3V1L, and Time, were arrested on 19 July and their computers and electronic equipment confiscated as evidence. Prosecutors identified the suspects after computer security company Fox-IT helped them gain access to a chat channel thought to be used by the group.

The Police Central E-Crime Unit arrested an 18-year-old man from Shetland on 27 July 2011 suspected of being LulzSec member Topiary. They also searched the house of and interviewed a 17-year-old from Lincolnshire possibly connected to the investigation. Scotland Yard later identified the man arrested as Yell, Shetland resident Jake Davis. He was charged with unauthorized access of a computer under the Computer Misuse Act 1990, encouraging or assisting criminal activity under the Serious Crime Act 2007, conspiracy to launch a denial-of-service attack against the Serious Organised Crime Unit contrary to the Criminal Law Act 1977, and criminal conspiracy also under the Criminal Law Act 1977. Police confiscated a Dell laptop and a 100-gigabyte hard drive that ran 16 different virtual machines. Details relating to an attack on Sony and hundreds of thousands of email addresses and passwords were found on the computer. A London court released Davis on bail under the conditions that he live under curfew with his parents and have no access to the internet. His lawyer Gideon Cammerman stated that, while his client did help publicize LulzSec and Anonymous attacks, he lacks the technical skills to have been anything but a sympathizer.

In early September 2011, Scotland Yard made two further arrests relating to LulzSec. Police arrested a 24-year-old male in Mexborough, South Yorkshire, and a 20-year-old male in Warminster, Wiltshire. The two are accused of conspiring to commit offenses under the Computer Misuse Act of 1990; police said that the arrests related to investigations into LulzSec member Kayla.

On 6 March 2012, two men from Great Britain, one from the United States, and two from Ireland were charged in connection to their alleged involvement with LulzSec. The FBI revealed that supposed LulzSec leader Hector Xavier Monsegur, who went by the username Sabu, had been aiding law enforcement since pleading guilty to twelve counts, including conspiracy and computer hacking, on 15 August 2011 as part of a plea deal. In exchange for his cooperation, federal prosecutors agreed not to prosecute Monsegur for his computer hacking, and also not to prosecute him for two attempts to sell marijuana, possession of an illegal handgun, purchasing stolen property, charging $15,000 to his former employer's credit card in a case of identity theft, and directing people to buy prescription drugs from illegal sources. He still faces a misdemeanor charge of impersonating a federal agent. Five suspects were charged with conspiracy: Jake Davis, accused of being the hacker "Topiary" (who had been previously arrested); Ryan Ackroyd of London, accused of being "Kayla"; Darren Martyn of Ireland, accused of being "pwnsauce"; Donncha O’Cearrbhail of Ireland, accused of being "palladium"; and Jeremy Hammond of Chicago, accused of being "Anarchaos". While not a member of LulzSec, authorities suspect Hammond of being a member of Anonymous and charged him with access device fraud and hacking in relation to his supposed involvement in the December 2011 attack on intelligence company Stratfor as part of Operation AntiSec.