FBI arrests AT&T insider for leaking information to Anonymous
by Steve Ragan - Jul 20 2011, 10:53In June, The Tech Herald reported on information given to us by Ryan Cleary shortly before his arrest. The story centered on an AT&T insider who handed sensitive information and a bootable USB disk over to Anonymous. On Tuesday, the FBI arrested an AT&T employee connected to the leak, during a nationwide sweep targeting Anonymous.
An indictment unsealed in the District of New Jersey charges Lance Moore, 21, of Las Cruces, N.M., with the alleged theft of confidential business information stored on AT&T’s servers. The indictment goes on to mention that he uploaded the information to a public file hosting service, which The Tech Herald can confirm to be fileape.com.
The public first learned of the AT&T files from a Torrent release by LulzSec. The documents were included in the group’s final release before they disappeared from the public eye. The release also marked the second major data leak under the AntiSec movement, which has targeted both government and private sector organizations since its founding. In addition to documents, the insider leak also included a bootable USB drive used by AT&T.
In May, while interviewing Cleary for a separate story, he bragged about the AT&T leak, and the fact an insider delivered the information and software to Anonymous. “…an employee of AT&T gave us loads of shit…,” he said.
Cleary’s comments were confirmed by two additional sources. One of them, a person linked to LulzSec itself, and the other an associate of Anonymous familiar with the data. On Tuesday, these two additional sources were raided and arrested, as law enforcement in the U.S., U.K., and the Netherlands, coordinated in sweeps against Anonymous.
At the time of the original story, AT&T had no comment on the data leak. Phone calls and emails seeking comments on the arrest have not been returned.
As mentioned previously, the leaked documents include more than 60,000 phone numbers, each one linked to an iPhone 3G, 3GS, or iPhone 4. Each of them was assigned to IBM employee at one point. The leaked data also included server names and IP addresses, with a corresponding username and password, for both development and production usage on AT&T’s internal network.
Moreover, other leaked documents, such as the various meeting notes, emails, AT&T’s 4G/LTE testing data, internal presentations, and a random assortment of technical documentation, were included in the data delivered to Anonymous and the public as a whole.
At the time our story first ran, we highlighted the risks that insiders can pose. Given all of the information in the AT&T files, and the fact they are in the public domain, there is plenty of detail to launch a targeted Phishing attack. Such attacks have been linked to security incidents targeting government contractors as well as Fortune 100 and 500 companies.
According to the New Jersey complaint, Moore used his access as a customer support contractor to access all of the information he is charged with leaking. When he uploaded the files, only a select few had access to it. Then just over a month later, they were released by LulzSec.
More details on the nationwide sweep by the FBI can be seen here.
Note: For those who want to read the court documents related to the FBI raids, redacted copies are published on publicintelligence.net
If the charges prove correct, Moore faces 10 years in prison and a $250,000 USD fine for his actions.
Comment on this Story