We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

to websites that showed the steps one needs to take to “SWAT” someone. Details of Laurelai’s first online meeting with Kayla come primarily from interviews with Bailey. The extra context on transgender hackers comes from e-mails I exchanged with Christina Dunbar-Hester, PhD, Affiliated Faculty, Women’s & Gender Studies, at Rutgers, the State University of New Jersey. Chapter 7: FIRE FIRE FIRE FIRE The introductory paragraph, which suggests that Anonymous went quiet between Chanology in 2008 and WikiLeaks in late 2010, comes from interviews with various key players, including Jake Davis, Jennifer Emick, Laurelai Bailey, and conversations with other Anons, along with my own observance of a drop in news coverage about Anonymous between those dates. The interview with Girish Kumar from Aiplex that is referred to at the start of this chapter is sourced from the September 8, 2010, article “Film Industry Hires Cyber Hitmen to Take Down Internet Pirates” in the Sydney Morning Herald. Kumar was quoted as saying similar things in the TorrentFreak.com article “Anti-Piracy Outfit Threatens To DoS Uncooperative Torrent Sites,” published on September 5, 2010. It is unclear if Kumar or Aiplex were ever prosecuted for launching DDoS attacks; there are no press reports since that suggest the company was. Details of the discussion of Aiplex on /b/ and then the creation of an IRC channel to coordinate a raid were sourced from an online interview with the hacker Tflow in April of 2011, and from the TorrentFreak.com article “4chan DDoS Takes Down MPAA and Anti-Piracy Websites.” I gleaned some context on the attacks from a timeline of events that was posted on the Partyvan.info website. The story that Anonymous supporters were herded between IRC networks, along with the names of the main IRC channels, was also sourced from the interview with Tflow. Extra details about Aiplex and MPAA attacks come from other online articles, such as TechCrunch’s “RIAA Goes Offline, Joins MPAA As Latest Victim of Successful DDoS Attacks,” from September of 2010, and a blog post by IT security firm Panda Labs entitled “4chan Users Organize Surgical Strike Against MPAA,” published on September 17, 2010. Details about Tflow’s alleged real age and location come from the later announcement (in July of 2011) of his arrest by the U.K.’s Metropolitan Police. The description that he was quiet and “never talked about his age or background” comes from discussions with other hackers as well as from my own observations of Tflow in interviews, in chat rooms with others, and in leaked chat logs. Details of the way Tflow approached people in IRC channels with more technical knowledge than he, and the way that group turned Copyright Alliance into a repository for pirated material, come from an interview with Tflow as well as from a September 2010 news article entitled “Wave of Website Attacks Continues—Copyright Alliance Targeted” on Skyck.com. Details of the attacks on Gene Simmons and other DDoS attacks come from various online news reports, while the notion that the campaign “went into hiatus” comes from testimony by Tflow and Topiary. Tflow claimed that the SQL injection attack on copyrightalliance.org was the first of its kind under the banner of Anonymous, though it is possible that similar attacks were carried out during Chanology. Among the technical remarks that Tflow saw in the #savethepb channel that led him to collaborate with more skilled individuals was, verbatim, “LOIC does not overwhelm its targets with packets. It’s a matter of flooding port 80. Most web servers can not handle a vast amount of open connections.” The account of the creation of the AnonOps IRC network comes from interviews with Jake Davis, Tflow, and one other key organizer of AnonOps, as well as from the “History” page on the AnonOps website: AnonOps.pro/network/history.html. There, organizers describe the original “cunning plan” of late 2010, adding that they had wondered, “How about a ship for Anons, by Anons?” Testimony from Topiary about first “checking out” Operation Payback, and then hearing about the suicide of his father, come from interviews with Topiary himself. References to WikiLeaks and the leaking of 250,000 diplomatic cables come from a wealth of mainstream news reports that were published in November and December of 2010, such as a November 28 article in the Guardian entitled “How 25,000 U.S. Embassy Cables Were Leaked,” as well as the New York Magazine story “Bradley Manning’s Army of One,” published on July 3, 2011. The assertion that State Department staff were barred from visiting the WikiLeaks website came from my discussions with an anonymous State Department source. The description of the attack by The Jester on WikiLeaks comes from various news reports, such as “The Jester Hits WikiLeaks Site with XerXeS DoS Attack,” by Infosec Island, published on November 29, 2010, as well as from testimony by Topiary and references in leaked chat logs. The account of the subsequent nixing of funding services by PayPal, MasterCard, and Visa to WikiLeaks comes from a range of mainstream news reports. Details throughout this chapter about the discussions that took place in the #command channel on AnonOps—e.g., first going after PayPal to stoke up publicity; operator names like Nerdo, Owen, and Token; or the collaboration with botmasters Civil and Switch— were originally sourced from Topiary, who had been invited into the channel and was friends with several AnonOps IRC operators. Much of this information was corroborated by news reports as well as by blog posts written by Panda Securities researcher Sean-Paul Correll, who closely tracked the PayPal attacks. Though Correll has been on sick leave from Panda Securities for much of 2011 and was unavailable for interviews, one of his colleagues e-mailed me additional, never-before-published details of his conversations with the botmaster Switch on IRC. The operator names Nerdo, Token, and Fennic were associated with real names and faces when the four young men accused of cyber crimes under these names appeared in Westminster Magistrates Court on September 7, 2011: Peter David Gibson (accused of computer offenses under the nickname Peter), Christopher Weatherhead (accused of offenses under the name Nerdo), and Ashley Rhodes (Nikon_elite). Because he was a minor, the real name of the seventeen-year-old known as Fennic could not be revealed for legal reasons. Further details, such as the nickname BillOReilly, came from screenshots of AnonOps IRC published on Encyclopedia Dramatica. Details about the numbers of people piling into AnonOps IRC during the PayPal and MasterCard attacks were sourced from Sean-Paul Correll’s research as well as from testimony by Topiary in the month or two after the attacks. Dialogue from the public #OperationPayback IRC channel, such as “Do you think this is the start of something big?” came via an online database of AnonOps chat logs from December 8, 2010, searchable here: http://blyon.com/Irc/.
database of AnonOps chat logs from December 8, 2010, searchable here: http://blyon.com/Irc/. Content from the digital flyer that contains instructions for using LOIC was taken directly from the flyer, which is still available online. The LOIC message to PayPal servers was cited in the Ars Technica article “FBI Raids Texas Colocation Facility in 4chan DDoS Probe,” published in late 2010; the exact date is not shown on the online article, which cites log entries in a search request by the FBI. The notion that operators probably did not want public attention focused on botnets because it could lead to heat from the authorities comes from a conversation with academic and Anonymous expert Gabriella Coleman. Details about Ryan and the use of his botnet on OpItaly, and about the manipulation of numbers, come from testimony by Topiary. Information about the fourteen people arrested for using LOIC against PayPal comes from wide-ranging news reports, including the Financial Times story “FBI Arrests 14 Suspects in PayPal Attack,” published on July 20, 2011. The detail about Ryan’s mental health was sourced from the testimony of his lawyer, Ben Cooper, who told a court hearing on June 25, 2011, that his client had been diagnosed with Asperger’s syndrome since his arrest. A note about lying to the press: did supporters of Anonymous lie to me in interviews? Sometimes, yes. Was I aware this was going on? Yes, though admittedly not always to start with. Over time, if I was not sure about a key point, I would seek to corroborate it with others. Such is the case with statements presented as fact in this book. My approach to Anons who were lying to me was to simply go along with their stories, acting as if I were impressed with what they were saying in the hope of teasing out more information that I could later confirm. I have signposted certain anecdotes in this book with the word “claimed”—e.g., a person “claimed” that a story is true. Not everyone in Anonymous and LulzSec lied all the time, however, and there were certain key sources who were more trustworthy than others and whose testimony I tended to listen to more closely, chief among them being Jake Davis. Tflow created the #reporter channel for AnonOps, according to Topiary. Some dialogue that refers to the #over9000 channel comes from the leaked #HQ logs. Chapter 8: Weapons that Backfired Much of the detail in this chapter about the bugs inherent in LOIC comes from online and face-to-face interviews with a programmer and former supporter of Anonymous who does not want to be identified. Additional descriptions of IRC, such as the topics at the top of chat channels, come from my own observations when visiting the chat network and from rumors about “Feds” crawling the network, which were mentioned by Topiary and other Anons that I occasionally chatted with, as well as from online articles about the general usage of IRC and the role of operators, such as “The IRC Operators Guide” on irchelp.org. Some dialogue about the legalities of using LOIC comes from the online database of AnonOps chat logs, http://blyon.com/Irc/. Extra statistics about the numbers using LOIC and about AnonOps IRC can be found on Pastebin (http://pastebin.com/qQgxtKaj) and in the section about Operation Payback on the website opensecuritylab.org. Further details come from the TorrentFreak article “Behind the Scenes at Anonymous’ Operation Payback,” published in late 2010 (the article does not give the exact date of publication). There was a wide range of news reports on the arrest of Martijn “Awinee” Gonlag, including “They’re Watching. And They Can Bring You Down,” published in the Financial Times on September 23, 2010. Regarding the sentence about using LOIC behind “anonymizing software”: users could not fire the tool from behind an http proxy because their “packets” would hit their own proxy, taking them offline; so it was VPN or nothing. Details of the FBI’s initial investigation into Operation Payback were sourced partly from an article on Wired’s ThreatLevel blog entitled “In ‘Anonymous’ Raids, Feds Work from List of Top 1,000 Protesters,” published on July 26, 2011. Additionally, details about the initial contact between PayPal and the FBI agents, along with the passing over of one thousand IP addresses on a USB thumb drive, are sourced from an FBI arrest warrant filed on July 15, 2011, and available online. Owen’s quote “Switch is basically under a shoot on sight watch list” comes from screenshots of the #InternetFeds chat room made by freelance journalist Matthew Keys, which were e-mailed to me by Keys in early 2011. Keys was invited to observe the goings-on in InternetFeds from December of 2010 to January of 2011. He used the nickname AESCracked. Details of the DDoS attacks on AnonOps IRC, and the details about Operation Leakspin and Operation Leakflood, come from testimonies by Anonymous supporters, including Topiary, as well as from various blog posts and news reports. The account of splitting into operations, such as the DDoSes of Sarah Palin’s website and the Venezuelan government sites, comes from a variety of news reports on websites such as Panda Security’s blog, ABCNews.go.com, and KnowYourMeme.com. Details about #InternetFeds gradually usurping #command as an organizational hub popular with Anonymous hackers come from Topiary, Kayla, and two other hackers who were in the channel. Further description of dialogue and content from discussions in the channel comes from scores of screenshots provided by Matthew Keys. Chapter 9: The Revolutionary At least two people have corroborated that Tflow first invited Sabu into #InternetFeds; Sabu also claimed this. Details about Sabu’s views come from dozens of online interviews I held with him both before and after his arrest by the FBI on June 7, 2011. My phone interviews with Monsegur provided insights into his accent, his way of speaking, the background sounds I heard when I was speaking with him, and his skills for lying and manipulation. At times they yielded little in the way of reliable insights since the phone interviews took place after he started working for the FBI and had been encouraged to feed misinformation to journalists. Further details about his life, upbringing, and address come from a series of court documents that were unsealed after the FBI revealed that he had been acting as an informant since soon after June 7, 2011. Additionally, I have sourced some details from a three-part series of Fox News stories about Monsegur published in March of 2012, one of which is entitled “Inside LulzSec, a Mastermind Turns on His Minions.” Another helpful source for corroborating personal details on Monsegur was the New York Times story “Hacker, Informant
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29:
Since childhood, Bailey had harbore
Page 30 and 31:
oughly three hundred regular chat p
Page 32 and 33:
1. Get the latest LOIC from github.
Page 34 and 35:
Asperger syndrome, rarely left his
Page 36 and 37:
“It’s a troll,” another organ
Page 38 and 39:
had joined mentoring program iMento
Page 40 and 41:
choose a unique nickname on AnonOps
Page 42 and 43:
time. Kayla actually had several IR
Page 44 and 45:
was headquartered and where Barr wo
Page 46 and 47:
“So are we going to focus on Anon
Page 48 and 49:
Starting in early January, many sup
Page 50 and 51:
“Well in my lifetime I’ve perfo
Page 52 and 53:
uh, actual intelligence.” There w
Page 54 and 55:
definitely unimpressed—the claims
Page 56 and 57:
nude photos. Four years later, an e
Page 58 and 59:
“Is this a new trend :D to see wh
Page 60 and 61:
network collapsed, they would move
Page 62 and 63:
large notice board with paperwork a
Page 64 and 65:
April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129: Descriptions of Ryan Mark Ackroyd w
Page 130 and 131: Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?