The FBI has admitted that hackers intercepted a conference call it held with Scotland Yard to discuss an ongoing investigation into Anonymous and LulzSec attacks.
"The information was intended for law enforcement officers only and was illegally obtained," said an FBI spokeswoman. "A criminal investigation is under way to identify and hold accountable those responsible."
Details about the conference call, including the names of participants, were posted in an email on Pastebin on Friday. The email has been acknowledged by the FBI as authentic. It lists addresses for officers from the Met's Police Central eCrime Unit (PCeU), the FBI, the Irish Garda and Europol, as well as cybercrime police agencies from Holland, France, Germany and Sweden.
"We are aware of the video which relates to an FBI conference call involving a PCeU representative," the Metropolitan Police said in a statement. "At this stage no operational risks to the [Metropolitan Police Service] have been identified; however we continue to carry out a full assessment."
During the call, a PCeU representative called 'Stewart' recounts how the international police investigation is progressing. He mentions suspected Anonymous hackers Ryan Cleary and Jake Davis, who are being held in the UK on charges of involvement in distributed denial-of-service attacks. In addition, he reveals that a cyber-team from the US Air Force examined Cleary's hard drive and discusses a hacker known as 'TehWongZ'.
Cleary's solicitor Karen Todner said there may be implications for his case, which will aired next at a plea hearing on 11 May, postponed from 27 January.
"I think it's astonishing that the FBI and the e-Crime unit don't have secure email," Todner told ZDNet UK. "In terms of the implications for the case, I don't know at this stage, but I will be looking at it carefully."
Sophos security expert Graham Cluley suggested the hack could have arisen from the email being forwarded to an officer's compromised personal account, rather than the police email system being breached.
"It's deeply embarrassing that the very hackers that are being investigated are listening into the call as they are being discussed," Cluley said. "They also published an email — clearly, someone's email has been compromised."