“I’m not sure if we’re the only two on right now or not,” says a voice with an American accent. The voice belongs to a man who identifies himself as Bruce, likely an FBI agent, who had just joined a conference call with other law enforcement officials based in the UK.
The irony of hearing Bruce utter those words at the beginning of the call is that, no, they were not the only people listening in. Somehow, members of Anonymous managed to tap into the call, record it and then post it online for all to hear. The subject of the conversation? Tracking and arresting online activists and hackers, such as those who secretly associate with Anonymous.
After some casual small talk, the call’s participants share details about progress they’ve made tracking various known hackers, some of whose real names are bleeped out of the audio. Members of so-called hacktivist groups like LulzSec and Anonymous are discussed and updates are given about who’s been arrested.
It appears that whoever gained unauthorized access to the call was able to do so because they were privy to an email invitation containing the call-in details. Whether somebody forwarded it to the infiltrator or, more likely, they directly intercepted it themselves, that message was all they needed to join the call and quietly listen to the FBI and UK law enforcement discuss sensitive matters.
Nothing too groundbreaking is revealed in the call, but the mere existence of such a breach suggests that more sensitive information could be exposed, if it hasn’t already been.
Not only this is embarrassing for law enforcement, but it ought to send a wake-up call to any other organizations that conduct business via conference call. With many services, all a competitor or other third party would need to get access to the call is a copy of the original email invite.