Irish hacking suspect freed in wake of FBI sting

March 7, 2012 - 2:08 PM
Hacking Arrests

In this Saturday, Feb. 11, 2012, photo, protestors wearing Guy Fawks masks hold the logos of the international hacker group Anonymous during a demonstration against Anti-Counterfeiting Trade Agreement, ACTA, in Budapest, Hungary. The shadowy world of Internet hackers and pranksters was rocked by news Tuesday, March 6, 2012, that Hector Xavier Monsegur, 28, one of the world’s most-wanted and most-feared computer vandals has been an FBI informant for months and helped authorities build a case against five alleged comrades. (AP Photo/MTI, Janos Marjai)

DUBLIN (AP) — An Irish computer hacker accused of breaking into the email account of Ireland's top cybersecurity cop, then using its contents to eavesdrop on American and British anti-hacking detectives, was released without charges Wednesday.

Irish police said they were preparing a new evidence file for state prosecutors to use against Donncha O Cearbhaill. He's been arrested and released once before over alleged hacking attacks in Ireland last year.

FBI affidavits identified the 19-year-old Trinity College chemistry student as the Internet infiltrator responsible for recording and posting online a Jan. 17 trans-Atlantic conference call between American and British anti-hacking detectives.

The U.S. District Court in Manhattan, acting on FBI affidavits, issued indictments Tuesday against O Cearbhaill, two Britons, another Irishman and a Chicago man over their alleged role in a string of cyber attacks on several U.S. agencies and companies committed by an Anonymous hacker subgroup called Lulz Security, or LulzSec. The FBI built its case using the hackers' alleged leader, Sabu, as a turncoat informant who drew out incriminating online admissions from the others.

Hackers claiming allegiance to the amorphous Anonymous movement offered a defiant reply Wednesday by defacing dozens of Web sites connected to Internet defense firm Panda Security. The Anonymous activists justified their attacks citing Panda's links to law enforcement. The Bilbao, Spain-based company said its main site wasn't compromised.

Hackers from Anonymous also said they knocked out the Vatican's Web site Wednesday afternoon in a broad protest against Catholic doctrine, past and present, as well as the chronic cover-up of child abuse by clergy.

O Cearbhaill walked free from Terenure police station in south Dublin after a 24-hour interrogation period, the maximum permitted under Irish law for suspected hacking crimes.

Such releases are typical in Ireland, where state prosecutors can take months, even years, to mull whether to file charges.

The other Irish citizen indicted, Galway university student Darren Martyn, remained free Wednesday and conversed freely with followers on his Twitter account, in which he describes himself as a reformed "blackhat," slang for hacker.

Martyn said the FBI had got his age wrong — he's also just 19, not 25 — and he intended to keep working on his own Internet and school projects in expectation of potentially imminent arrest. He declined AP requests for an interview.

Irish police arrested both O Cearbhaill and Martyn in September after their online noms de guerre claimed responsibility for a hacking attack on the Web site of Fine Gael, the major political party in Ireland's government. They were both released and files of evidence prepared for their potential prosecution, but they have yet to be charged over the Fine Gael attack.

According to the affidavit by FBI Special Agent George Schultzel, O Cearbhaill decided to crack the email codes of his recent police captors.

While Schultzel doesn't identify them by name, he testified that O Cearbhaill was able to crack into the private email accounts of two detectives in the Irish police's Computer Crime Investigation Unit, including its commander — and found a security gold mine because both detectives had been forwarding security-sensitive emails from their police accounts.

The FBI said it seized records of both Irish detectives' email accounts and found they'd been illegally accessed 146 times.

The affidavit reports that O Cearbhaill told his LulzSec contact Sabu Jan. 9 he had "just got into the iCloud for the head of a national cybercrime unit. I have all his contacts and can track his location 24/7." In a footnote, Schultzel identifies O Cearbhaill's target as the Irish police's cybercrime supervisor.

The Associated Press requested an interview Wednesday with the Computer Crime Investigation Unit's director, Detective Inspector Paul Gillen. He and the police force declined the request, citing their ongoing investigation.

The FBI affidavit suggests Gillen shipped a key email from the FBI — listing the invitation list and phone passwords for the Jan. 17 conference call — from his police email account to his private one.

The 15-minute discussion, and the list of security officials, both were leaked on to the Internet. In one telling moment, an FBI official asks about progress on investigating the two Irish hackers, O Cearbhaill and Martyn: "Is anyone on from Ireland?" Silence follows.

Internet security experts said they found it hard to believe that the head of a nation's cybersecurity unit would ship such a sensitive email to a poorly protected private account, then not bother to participate in the conference call.

"It's obviously deeply embarrassing," said Graham Cluley, a technology consultant for data security company Sophos. "It's a boo-boo. I would hope that more sensitive information isn't being shared via his personal account."

___

Raphael Satter in London contributed to this report.