Anonymous Hackers Not Smart On Anonymity, Feds Say

For second time recently, authorities arrest an alleged Anonymous member after he shared too many details via social media.

Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
The FBI announced Monday that it arrested John Anthony Borell III, 21, on charges of participating in two January 2012 Anonymous attacks against police websites in Utah.
Borell was arrested in Ohio on March 20, 2012, and indicted by a federal grand jury on April 4, 2012, on two counts of computer intrusion involving
SQL injection attacks
. Each count carries a maximum penalty of 10 years in prison and a $250,000 fine.
The first attack involved the Salt Lake City police department website,
slcpd.com
. The attack caused $33,000 in damages, said the sites administrator. The attacker also released to Pastebin a database dump containing 473 records containing police officers usernames, hashed passwords, full names, titles, email addresses, and phone numbers.
In the second attack, against the Utah Chiefs of Police Association website,
www.utahchiefs.org
, the attacker released a list containing the name, email address, and hashed password for 24 Utah chiefs of police. The website administrator, according to the FBI, said the attack had caused $150,000 in damages accrued in responding to this hacking event.
[ What lessons can IT learn from hacktivists? See
Anonymous Vs. DNS System: Lessons For Enterprise IT
. ]
Borell, who had been detained at a halfway house in Ohio after his arrest, was arraigned Monday in federal court in Utah. He
pled not guilty
, according to an Associated Press report.
The case contains an ironic twist for an alleged Anonymous member: authorities said they busted Borell after he failed to properly anonymize his identity. Apparently, its an
Anonymous and LulzSec career hazard
, as authorities recently tracked down another alleged CabinCr3w and Anonymous participant, Higinio O. Ochoa III, 30, in Galveston, Texas, after he
uploaded iPhone snaps of his bikini-clad girlfriend
holding written taunts against the bureau. According to court documents, Ochoa (a.k.a. Anonw0rmer) failed to excise the GPS coordinates stored in the image metadata, which led investigators to the house of his girlfriend in Australia, and on to him.
Meanwhile,
LulzSec leader and Anonymous heavyweight Sabu
, real name Hector Xavier Monsegur, logged into a chat board just once--or according to some accounts, twice--without disguising his IP address. After that, it was apparently just a matter of time before investigators were able to
tie Monsegur to the Sabu handle
, and arrest him.
A sealed
29-page complaint
against Borell, submitted by FBI special agent Eric Zimmerman on March 16, 2012, and unsealed by the court Monday, details how the FBI tracked down Borell. Notably, the Twitter user
@ItsKahuna
had taken credit for, and revealed inside knowledge about, both of the attacks against the Utah law enforcement websites, and signed the tweets with hashtags for
Anonymous
, as well as CabinCr3w.
The bureau sent a search warrant to Twitter on February 17, 2012, requesting information relating to three Twitter accounts: @ItsKahuna, @Anonw0rmer, and @cabincr3w. On March 2, 2012, Twitter provided information for the above accounts ... [including] IP addresses used by the accounts, all Twitter messages sent using the accounts, direct messages sent to and from the accounts, and basic user information for the accounts, such as the email address that created the account, said Zimmerman in the court documents.
In short order, investigators traced one of the IP addresses used to log into the ItsKahuna Twitter account to a house in Toledo, Ohio. On December 22, 2011, ItsKahuna had tweeted: Neighbors I thank you for installing a new router today and choosing WEP to protect it. I much appreciate the extra bandwidth for torrents. Zimmerman said that FBI agents conducting surveillance on Borell saw him entering and exiting a residence approximately 312 feet away from the residence to which the IP address had been assigned.
According to the complaint, ItsKahuna also sent a direct Twitter message to anon_cutie with a link to two photographs of himself, saying, No one has any idea who I am or what I look like, so lets (sic) keep it that way and NOT share these with anyone mkay :P. The FBI said both photographs matched Borells drivers license image.
How did ItsKahuna get his
start in hacking
? In one direct Twitter message, he told missarahnicole that Operation Payback was my first op, then I just started working in things. Ive gone by other nicks before but changed when I got doxed, meaning his identity would have been publicly disclosed by others. According to court documents, on February 19, 2002, ItsKahuna also sent this direct Twitter message to EduardKovacs: Working On #OpPiggyBank hacking police sites with CabinCr3w lately, Ive lost count of how many at this point lulz.
Interestingly, ItsKahuna regularly chatted with MissAnonFatale, who claimed via Twitter to be engaged with Anonw0rmer, who authorities allege is Ochoa. Accordingly, that would seem to make MissAnonFatale his Australian girlfriend, and in fact in one chat with ItsKahuna, MissAnonFatale talks about how her boyfriend still needs to get a passport (halfway thru processing) & a visa into Oz.
The bureau said that Borell also lined up with various biographical details that ItsKahanu revealed via Twitter, such as his age, as well as the Kahuna Pentagon Leak Log
posted to Pastebin
, which includes this excerpt from a chat transcript (edited for formatting and grammar) between ItsKahuna and Presstorm: I talked to my lawyer, the benefit of having a father as an attorney is I have connections, he will be representing me. He said when the FBI shows up dont tell them anything and give them his card and tell them if they need to talk they should go through him.
In fact, Borells father is a lawyer based in Toledo, Ohio. He
told Ars Technica
that he is not representing his son in court, and declined all further comment.
Put an end to insider theft and accidental data disclosure with network and host controls--and dont forget to keep employees on their toes. Also in the new, all-digital
Stop Data Leaks
issue of Dark Reading: Why security must be everyones concern, and lessons learned from the Global Payments breach. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Anonymous Hackers Not Smart On Anonymity, Feds Say