We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

“extreme version of Calvinism” and “extreme physical punishments and abuse.” The February 18 press release announcing that Anonymous was going to hit Westboro—the first such announcement—appeared on AnonNews.org. The detail about an IRC operator running a search of the network’s chat channels to find the organizers was sourced from interviews with Topiary. IRC operators, both within AnonOps and in other networks, regularly ran searches to keep an abreast of any odd operations that no one knew about, such as conspiracies to take down the network or improper discussions about child porn. Sometimes trolls would create a child porn channel to try to make AnonOps look illegal. This was the only topic of discussion that was banned on AnonOps IRC; everything else was fair game. Similarly, talk of hacking was banned on other networks, which was why Tflow and the other supporters of Operation Payback migrated from networks like EFnet, Freenode, and Quakenode in late 2010—these IRC operators did not like the heat. The follow-up press release about attacking Westboro, written by five writers in #philosoraptors, originated when one person started writing it on his computer and then uploaded it to Pirate Pad so others could edit it. “Dear Phred Phelps and WBC Phriends,” it began. This release was much more in line with the irreverent, clownish tone of Anonymous. It went on to say, “Stay tuned, and we’ll come back to play another day. We promise,” and added a reprimand: “To the Media: Just because it’s posted on AnonNews doesn’t mean every single Anon is in agreement.” Details about The David Pakman Show, Pakman himself, and the live Westboro hack are sourced from a phone interview with Pakman that took place on November 18, 2011, as well as from interviews with Topiary. Comments made by Shirley Phelps-Roper on Pakman’s show are sourced from YouTube videos. All dialogue from the show regarding the live Westboro hack was sourced from the main YouTube video of the program. Pakman’s and Topiary’s accounts differ about how much Pakman knew of what was going to happen to Westboro’s website during the show. Pakman denied ever knowing that Topiary or anyone else from Anonymous was going to hit the Westboro site in the middle of his show. “No. Absolutely no,” Pakman said in the phone interview, conducted about eight months after the event. “They basically said, ‘We’ll come on your show to talk about this.’ It was very vague. I said, ‘I’m interested. Would you be able to come on with Shirley?’ and they said yes. I reached out to Westboro.…They both said yes. The timing worked out.” Today the number of hits on the video of the live Westboro hack has approached the two million mark and it is the most popular video ever posted for The David Pakman Show. Regarding Topiary’s deface messages: he wrote all of them in a very simple text-editing program called Notepad++. Every PC has Notepad in its Accessories folder, but Notepad++ is a free program that one-upped the original Notepad by allowing users to organize their documents in tabs, enabling them to have multiple open files. Topiary only had to hit the left arrow key on his laptop to get different text formats, a list of links to vulnerable websites, or other Anonymous press releases he hadn’t read yet. He would make all his deface messages compatible with the Web language HTML by converting them at a website called Pastehtml.com. If Topiary copied and pasted a two-hundred-word message directly from Microsoft Word, it would likely show up in Pastehtml.com with the Anonymous logo too far to the left, or with odd spaces within the text, which he’d have to then tinker with in the so-called source code, the complicated programming commands behind the text. Writing it in Notepad++, on the other hand, meant it was automatically “cleaned up,” so that when it was converted into an HTML file it looked exactly the same online as it did offline on his computer. No tweaking required. In total, Topiary produced approximately ten deface messages using this method for Anonymous, and helped others to produce an additional ten. The use of a simple program, combined with Topiary’s basic knowledge of HTML, are the reasons that all his messages, which made up the majority of defacements reported by the news media in the spring of 2011, appeared as plain text on a white background. Chapter 13: Conspiracy (Drives Us Together) The opening paragraphs of this chapter are sourced from interviews at the time (and then months afterward for hindsight) with Topiary. Sabu and Kayla had moved on from the HBGary attack and were not involved in reading through Barr’s e-mails. Both also claimed to have busy lives outside of Anonymous and the Internet. In my phone interviews with Sabu, for instance, he was often being interrupted by people in his household and by other phone calls. Details about Barrett Brown’s experience delving through the HBGary e-mails, forming a team of researchers, and his personal life are derived from my phone interview with Brown, conducted on November 24, 2011. Further details about his dealings with Topiary and other Anons have come from interviews with Topiary. I also sourced an audio recording of Brown’s phone interview with William Wansley, which he uploaded to the media-sharing site MediaFire.com. I had been alerted in advance to the Radio Payback appearance of Brown, Topiary, and WhiteKidney and was taking notes as it happened, before I downloaded the audio file itself. The description of the NBC Nightly News broadcast with Michael Isikoff was taken from my viewing of the video online. The note that Brown’s “bones ached” because of withdrawal from Suboxone, along with the point about his relapse in New York in April of 2011, were sourced from my phone interview with Brown. Some extra details about Operation Metal Gear and its research were sourced partly from Brown’s Project PM wiki, http://wiki.echelon2.org/; partly from the Metal Gear website, http://opmetalgear.zxq.net/, before it became disused; and partly from the Booz Allen Hamilton website. Descriptions of the general opinion among Anons toward Brown were sourced from discussions with a handful of Anons, including William, as well as from my observation of relevant comments on AnonOps IRC. Brown thought he saw a connection to HBGary’s interest in bidding for a contract to sell the U.S. military personnel management software, a technology that essentially allowed the user to spy on others over the Internet and social media. Details about the young man nicknamed OpLeakS and his offer of apparently explosive information from Bank of America were sourced from interviews with Brown and Topiary, with further details coming from the bankofamericasuck.com website, OpLeakS’s Twitter feed, and a variety of news reports. E-mails posted on OpLeakS’s website clearly showed the name of the disgruntled Bank of America employee who was “leaking” information, Brian Penny. When he used the term “nerdy hacker group,” Topiary was referring to the hacker groups of the eighties and nineties, some of which used skull-and-crossbones imagery and generally took themselves too seriously.
used skull-and-crossbones imagery and generally took themselves too seriously. It was not unusual in Anonymous to hop from one operation to another, reflecting the sometimes limited attention spans of its groups and supporters. Along with Operation Metal Gear, there was Operation Wisconsin, Operation Eternal Ruin, and operations focused on Libya and Italy, each of which had anywhere from two to a dozen people involved. In early 2011, the original version of Operation Payback, launched against copyright companies, came back for round two by targeting more copyright-related websites. Topiary observed, however, that its proponents kept switching targets—for instance, they called agcom.it a target, causing a few people to be fired but failing to generate enough momentum to take the site down—providing others with a reason to move on to something else. Frequently switching targets is one of the crucial reasons why Operation Payback had dwindled to around fifty people in October of 2010 and nearly died out—until WikiLeaks came along by chance, and thousands of people suddenly jumped in. Chapter 14: Backtrace Strikes The opening paragraphs of this chapter are sourced from interviews with Jennifer Emick, with some added details—including the name of her Skype group, the Treehouse—coming from Anonymous-related blogs. Details about the arrests in the Netherlands and Britain are sourced from various mainstream news reports. The U.K.’s Metropolitan Police announced on January 27 that they had arrested five people in morning raids across the country. According to a report in The TechHerald at the time, they were allegedly tracked with “little more than server logs and confirmation from their ISP.” Descriptions of what Emick was finding on DigitalGangsters.com were originally sourced from Emick and corroborated by my own observations of the website, especially its “About” page. I also interviewed a member of the forum site nicknamed Jess, who was a close friend of the twenty-three-year-old Seattle woman on the site who went by the name Kayla and whose real name is Kayla Anderson. Jess confirmed that the woman is not the same Kayla of LulzSec, though she and her friend considered the hacker known as Xyrix as an acquaintance. It was most likely a coincidence, she added, that Xyrix was being connected to both a Kayla from DigitalGangsters.com and the Kayla of LulzSec. Emick doubted this account when I put it to her in November of 2011 and believed that there was a connection between the two Kaylas. Incidentally, Corey “Xyrix” Barnhill has denied being Kayla, both by leaving comments on online news reports about Kayla and by emailing me directly. The AnonOps Kayla also told me and certain members of Anonymous that she went along with rumors that she was Xyrix because it helped obfuscate her real identity. The descriptions of YTCracker and the story about the hack on DigitalGangsters.com were sourced from phone interviews with Bryce “YTCracker” Case himself, as well as from my observations of the deface message that was posted on his site when Corey “Xyrix” Barnhill, Mike “Virus” Nieves, and Justin “Null” Perras had, according to Case, switched the DigitalGangster.com domains to point at their own servers. My own observation of DigitalGangsters.com showed posts advertising jobs that required hacking into websites via SQL injection, stealing databases of names and e-mail addresses, or just stealing addresses and sending them to spammers. A database with passwords was worth more, since spammers could then send spam from legitimate addresses. Occasionally a thread would start with a post seeking “freelancers” who could program in C, Objective-C, C#, VB, Java, and JavaScript. One post from June of 2010 had the title “DGs [Digital Gangsters] in Washington? Be my mail man in the middle,” followed by: “Heres how it works. A delivery gets shipped to your address, You open the package remove item, Reship the item to me in a new container with a false return address. when item arrives you get paid. interested?” The description of Jin-Soo Byun was sourced from interviews with Jennifer Emick and Laurelai Bailey; the note that Aaron Barr was helping her investigation was sourced from an interview with Barr. The details about Emick setting up the initial Backtrace investigation into Anonymous, and then tracking down “Hector Montsegur” [sic], are sourced from interviews with Emick. Descriptions of some of Sabu’s defaces come from screenshots provided by Sabu himself as well as from a blog post by Le Researcher, an anti-Anonymous campaigner who works with Emick. Another group that includes longtime EFnet user Kelley Hallissey claims it doxed Sabu in December 2010 and passed his details to Backtrace in February 2011. Emick denies this. Sabu’s statement that he was “going to drive over to [Laurelai’s] house and mess him up” was sourced from Topiary’s testimony. The origins of the word backtrace point to one of the most notorious 4chan and Anonymous operations ever conducted. It started in July of 2010, when 4chan’s /b/ users began trolling an eleven-year-old girl named Jessica Leonhardt. Online, she was known as Jessi Slaughter, and was a minor e-celebrity after uploading videos of herself onto a site called StickyDrama. When other StickyDrama users started bullying Slaughter, she filmed a series of tearful ripostes, including one in which her mustached father could be seen over her shoulder jabbing his finger at the webcam and shouting, “You bunch of lying, no-good punks! And I know who it’s comin’ from! Because I BACKTRACED it!” The broadside spawned a number of Internet catchphrases and memes, including “backtrace,” “Ya done goofed,” and “Consequences will never be the same!” By February of 2011, Jessi Slaughter had been placed under police protection and admitted to a mental institution. The following August, her father died of a heart attack at the age of fifty-three. The dialogue among Topiary, Kayla, Tflow, and AVunit, starting with the quote “They all think i’m Xyrix!” was sourced from their March 21, 2011, discussion on a private IRC channel called Seduce. By this point, Topiary had introduced me to Kayla (with whom I had been communicating by e-mail) and it was in this room that I first spoke to AVunit, Tflow, and Sabu. From there I organized separate interviews with each of them. The group was already communicating with each other in their own separate channel, and #seduce was set up for the purpose of speaking with me and providing testimony for this book. The name Seduce came from the late- February revelation in the #HQ chat log that Kayla would be talking to me; she quipped that “She wrote good stuff about us so far… she talked with Topiary. he has her seduced I guess.” Later, when the group would switch to a different IRC server, they would create another channel, named #charmy, also for talking exclusively with me. I was later told that Sabu was extremely wary of talking to me in the #seduce channel in March, and I observed that he was rarely in the room or would make excuses to leave. On April 13, 2011, however, we held our first real interview on IRC and he became more forthcoming.
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29:
Since childhood, Bailey had harbore
Page 30 and 31:
oughly three hundred regular chat p
Page 32 and 33:
1. Get the latest LOIC from github.
Page 34 and 35:
Asperger syndrome, rarely left his
Page 36 and 37:
“It’s a troll,” another organ
Page 38 and 39:
had joined mentoring program iMento
Page 40 and 41:
choose a unique nickname on AnonOps
Page 42 and 43:
time. Kayla actually had several IR
Page 44 and 45:
was headquartered and where Barr wo
Page 46 and 47:
“So are we going to focus on Anon
Page 48 and 49:
Starting in early January, many sup
Page 50 and 51:
“Well in my lifetime I’ve perfo
Page 52 and 53:
uh, actual intelligence.” There w
Page 54 and 55:
definitely unimpressed—the claims
Page 56 and 57:
nude photos. Four years later, an e
Page 58 and 59:
“Is this a new trend :D to see wh
Page 60 and 61:
network collapsed, they would move
Page 62 and 63:
large notice board with paperwork a
Page 64 and 65:
April 2011, while he and Sabu were
Page 66 and 67:
since they had a wider array of ski
Page 68 and 69:
will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129: Descriptions of Ryan Mark Ackroyd w
Page 130 and 131: Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?