We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

writes a spoof news article about the murdered rapper Tupac Shakur being found alive, publishing it through the PBS NewsHour website. The group’s founders discuss forming a second-tier network of trusted supporters, many of them hacker friends of Sabu’s. June 2, 2011—LulzSec announces its hack on SonyPictures.com and says that the group has compromised the personal information of more than one million of the site’s users. June 3, 2011—LulzSec defaces the website of Atlanta InfraGard, an FBI affiliate, and publishes a list of e-mails and passwords for 180 users of the site, some of whom are FBI agents. June 6, 2011—LulzSec receives a donation of 400 Bitcoins, worth approximately $7,800 at the time. June 7, 2011—Two FBI agents visit Hector “Sabu” Monsegur at his home in New York and threaten to imprison him for two years for stealing credit card information if he does not cooperate. Monsegur agrees to become an informant while continuing to lead LulzSec. June 8, 2011—The LulzSec hackers notice that Sabu has been offline for twenty-four hours and worry he has been “raided” by the FBI. Later that night, U.K. time, Topiary makes contact with Sabu, who claims that his grandmother has died and that he will not be active with LulzSec for the next few days. June 15, 2011—LulzSec claims responsibility for launching a DDoS attack on the official website of the CIA. The attack has been carried out by former AnonOps operator Ryan, who wields a botnet and now supports LulzSec. June 16, 2011—A representative of WikiLeaks contacts Topiary to say that core organizers want to talk to LulzSec. He and Sabu eventually hold an IRC discussion with a WikiLeaks representative and someone purporting to be Julian Assange. The representative “verifies” Assange’s presence by temporarily uploading a YouTube video that shows their IRC chat happening in real time on a computer screen, then panning to show Assange on his laptop. The group discusses ways in which they might collaborate. June 19, 2011—LulzSec publishes a press release encouraging the revival of the Anti-Security (or Antisec) movement and advocating cyber attacks on the websites of governments and their agencies. June 20, 2011—Galvanized by the surprisingly large response to the Antisec announcement, Ryan uses his botnet to DDoS several highprofile websites, including Britain’s Serious Organised Crime Agency. Later, at 10:30 p.m. that evening in the U.K., he is arrested in his home. June 23, 2011—LulzSec publishes sensitive documents stolen from Arizona law enforcement, including the names and addresses of police officers. Feeling that they have gone one step too far, LulzSec members, including Topiary and Tflow, discuss ending the group. June 24, 2011—Topiary and Tflow tell AVunit and Sabu that they want to end LulzSec; a heated argument ensues. June 26, 2011—LulzSec announces it is disbanding after “50 Days of Lulz.” July 18, 2011—LulzSec comes back for one more hack, uploading a spoof article about the death of News International owner Rupert Murdoch on the home page of his leading British tabloid, The Sun. July 19, 2011—British police announce they have arrested a sixteen-year-old male who they claim is LulzSec hacker Tflow. July 27, 2011—Police arrest Shetland Islands resident Jake Davis, whom they suspect of being LulzSec’s Topiary. September 2, 2011—British police arrest twenty-four-year-old Ryan Ackroyd, whom they believe to be Kayla. December 24, 2011—Anonymous announces that it has stolen thousands of e-mails and confidential data from the U.S. security intelligence firm Stratfor under the banner of “Lulz Christmas.” Sabu, who claims to be still at large while other LulzSec members have been arrested, keeps tabs on the operation from private chat channels and feeds information about the attack’s organizers to the FBI. March 6, 2012—News breaks that Hector Monsegur has been acting as an informant for the FBI for the past eight months, helping them bring charges against Jeremy Hammond of Chicago and five people involved with LulzSec. Part 1 Chapter 1: The Raid Notes and Sources The opening pages, including descriptions of Aaron Barr’s early career, home, and family life, are based on interviews with Barr conducted both on the phone and in a face-to-face meeting in London. Further details about his work with HBGary Federal came from an investigative feature article on Wired’s ThreatLevel blog, which dug through his published e-mails and pieced together a picture of his plans for the company along with the proposals he was making to Hunton & Williams. The article was entitled “Spy Games: Inside the Convoluted Plot to Bring Down WikiLeaks,” by contributor Nate Anderson. The Financial Times article in which Aaron Barr revealed his forthcoming research was entitled “Cyberactivists Warned of Arrest,” by San Francisco reporter Joseph Menn, and was first published Friday, February 4, 2011, then updated the following day. Further details on e-mails between Barr and Greg Hoglund of HBGary Inc. prior to the attack came from the HBGary e-mail viewer published by the hackers in mid-February. The details about Sabu hacking computers as a teenager come from interviews with the hacker conducted via Internet Relay Chat in April 2011, two months before he was arrested and became an FBI informant. Further details about being born and raised in New York come from court documents after his arrest later that year. Throughout the book, personal details claimed by Kayla stem from interviews with the hacker conducted between March and September of 2011 via e-mail and Internet Relay Chat. The rumor about stabbing her webcam with a knife came from an online
September of 2011 via e-mail and Internet Relay Chat. The rumor about stabbing her webcam with a knife came from an online interview with Topiary. Also throughout the book, details about Topiary come from online, phone, and face-to-face interviews with him (Jake Davis) between December of 2010 and the summer of 2012. Details about Tflow come from interviews with Topiary and Tflow himself; the information that Tflow had invited Sabu and Topiary into the secret IRC channel come from Topiary, one other hacker who wished to remain anonymous, and Sabu himself. Details of how the hackers planned the HBGary attack, including how they used the website HashKiller to crack the company’s passwords, came from interviews with Topiary conducted via IRC and Skype (voice only). Details of Barr’s research on Anonymous, including the “hasty notes like ‘Mmxanon—states…ghetto,’” came from his research notes, which were posted online by the hackers. Dialogue between Barr and the hackers, including with CommanderX, comes from chat logs that were published online—partly via the Web tool Pastebin, and also on the Ars Technica article “(Virtually) Face to Face: How Aaron Barr Revealed Himself to Anonymous,” by Nate Anderson. The dialogue between Barr and Topiary, which ends “Die in a fire. You’re done” comes from a snippet of the chat log that was cut and pasted to a Skype conversation between me and Topiary a few days after the attack. Further details about the attack came from interviews with Jake Davis, as well as online interviews with Sabu, Kayla, and other hacker sources. Details of the February 2011 Super Bowl come from various news reports and from my viewing of the actual game while I was following online developments of the HBGary Federal attack. Although I had already been interviewing Topiary on a regular basis, the attack led to my being introduced to others in the group—first Kayla, then Sabu, then Tflow. SQL reads like a stream of formulas. An example is: “Select creditcard from person where name=SMITH.” If someone were to perform an SQL injection attack, they might inject code saying, “Select a from b where a=SMITH.” How did the hackers know that Barr was CogAnon? Topiary later explained that, almost immediately after seeing the Financial Times story and breaking into the HBGary Federal network, one of them had seen that his internal e-mail headers listed the IP address of his VPN (virtual private network). Barr had used this same VPN connection to log into an Internet Relay Chat network used by Anonymous, known as AnonOps. The hackers only had to hand over the IP address to one of the chat network operators, who ran a quick search. Sure enough, the name CogAnon popped up. Chapter 2: William and the Roots of Anonymous Details about how Christopher Poole created 4chan come from an interview that Poole gave to the New York Times Bits blog. The article, entitled “One on One: Christopher Poole, Founder of 4chan,” was published on March 19, 2010. I sourced the information on Japan’s 2chan from the 2004 New York Times article “Japanese Find a Forum to Vent Most-Secret Feelings” and Wired’s May 2008 story “Meet Hiroyuki Nishimura, the Bad Boy of the Japanese Internet.” Further details about the development of 4chan, such as its “TWO TIMES THE CHAN” announcement on Something Awful, come from an article on 4chan history by Web developer Jonathan Drain, on jonnydigital.com. Moot’s referral to /b/ as a “retard bin” comes from an announcement on the 4chan “news” page, 4chan.org/news?all, on October 2, 2003. Though the story of Shii’s enforcement of anonymity on 4chan is relatively well known among image board users, the details come from testimony provided on Shii’s website, shii.org. Details about the life, viewpoints, and exploits of the young man named in this book as William come from scores of e-mails and several face-to-face meetings, all taking place between February of 2011 and the summer of 2012. After telling me—in a meeting that took place in July of 2011—the story of hacking “Jen’s” (not her real name) PhotoBucket account, William e-mailed me photos of Jen and “Joshua Dean Scott.” I have the images on file. Scott’s photo, for instance, shows him holding a piece of paper reading “‘Jen’ owns my ass 3/2/11.” He wears a black baseball cap, a lip ring, and a black Converse shoe on top of his head, along with a slight smile. On several occasions William e-mailed me screenshots of the conversations he was having with the people he trolled on Facebook, as well as the raid threads he sometimes participated in on /b/, to corroborate his stories. The pranks and online intimidation of individuals described in this book are only a small fraction of the many nightly exploits that William alerted me to. Further details about /b/ and 4chan were sourced from the meme repositories Encyclopedia Dramatica (now redirecting to ohinternet.com) and KnowYourMeme.com, as well as interviews with Jake Davis. Chapter 3: Everybody Get In Here The vast majority of details about Topiary’s early childhood and life on Shetland come from online and face-to-face interviews with Topiary (Jake Davis) himself, with further details and corroboration coming from discussions with his mother, Jennifer Davis, after his arrest. As of mid-April he was living in her home on bail, awaiting a plea and case management hearing at a British crown court on May 11, 2012. A few key details, such as the death of his stepfather, Alexander “Allie” Spence, were corroborated by newspaper reports. Descriptions of the scenery and lack of modern shops in Shetland come from my own one-day visit to Lerwick, where I first met Davis in late June 2011. Details of Davis’s frequent prank calls to the Applebee’s restaurant in San Antonio, Texas, are a result of interviews with Davis himself. Though he could not provide recordings of the Applebee’s calls, he did provide audio files of other similar prank calls. A common feature of /b/ raids was a “surge” of users against an online target, the idea usually being to overwhelm them. Among the examples provided are spamming shock photos on a forum; this is a common tactic of /b/ users, and was most recently perpetrated on the comedy site 9gag. The raid in which /b/ warped the votes for Time Magazine’s “Person of the Year” took place in 2009, when 4chan users famously teamed together to program a bot that would crank out fake votes that put Christopher “moot” Poole at the top of Time’s ranking. As well as giving him an unfeasible sixteen million votes, they gamed the system so that the first letters of the following twenty names in the ranking spelled out the words “Marblecake also the game.” This was thought to be a reference to the
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29:
Since childhood, Bailey had harbore
Page 30 and 31:
oughly three hundred regular chat p
Page 32 and 33:
1. Get the latest LOIC from github.
Page 34 and 35:
Asperger syndrome, rarely left his
Page 36 and 37:
“It’s a troll,” another organ
Page 38 and 39:
had joined mentoring program iMento
Page 40 and 41:
choose a unique nickname on AnonOps
Page 42 and 43:
time. Kayla actually had several IR
Page 44 and 45:
was headquartered and where Barr wo
Page 46 and 47:
“So are we going to focus on Anon
Page 48 and 49:
Starting in early January, many sup
Page 50 and 51:
“Well in my lifetime I’ve perfo
Page 52 and 53:
uh, actual intelligence.” There w
Page 54 and 55:
definitely unimpressed—the claims
Page 56 and 57:
nude photos. Four years later, an e
Page 58 and 59:
“Is this a new trend :D to see wh
Page 60 and 61:
network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129: Descriptions of Ryan Mark Ackroyd w
Page 130 and 131: Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?