We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

that were first leaked online by Pastebin on June 5, 2011, in a post entitled “LulzSec Private Log.” The logs were republished by The Guardian three weeks later, on June 25, which garnered more mainstream media attention. Further descriptions about the room and its members, and the context of their discussions, were sourced from interviews with Topiary and with one other hacker, who did not wish to be named. The detail that Adrian Lamo was diagnosed with Asperger’s is sourced from the Wired article, “Ex-Hacker Adrian Lamo Institutionalized, Diagnosed with Asperger’s,” published May 20, 2010. Chapter 20: More Sony, More Hackers Regarding LulzSec and Sony: a couple of days before the PBS attack, LulzSec had already published two databases of internal information from the website of Sony Japan. It failed to cause a stir, since Topiary had simply pasted specific Web addresses that were vulnerable to a hack by simple SQL injection. One of them, for example, looked like this: http://www.sonymusic.co.jp/bv/cromagnons/track.php?item=7419 (no longer available). Topiary announced the finds with a press release, telling other hackers, “Two other databases hosted on this boxxy box. Go for them if you want.” He added that the “innards” were “tasty, but not very exciting.” Details about the way LulzSec’s core and secondary members gathered and explored website vulnerabilities within the network of Sony and elsewhere were sourced from discussions with Topiary, as well as with Sabu and Kayla. Dialogue among the hackers was also sourced from interviews with the trio. Most of the data that LulzSec stole from Sony came from the websites SonyPictures.com, SonyBMG.nl, and SonyBMG.bg—but 95 percent of the hoard came from SonyPictures. Descriptions of Topiary’s style of writing are based on my own observations of the press releases he wrote and the Twitter feed he manned. Context on the extent of the cyber attacks on Sony was sourced from the cyber security website attrition.org and its article “Absolute Sownage: A Concise History of Recent Sony Attacks.” It includes what is probably the most comprehensive table of cyber attacks on the company that took place between the months of April and July 2011. The rumors about the PlayStation Network hack involving a disgruntled employee and the sale of a database for $200,000 come from press reports and from one source within Anonymous who does not wish to be named. It was unclear if the PSN hackers had sold it all on a carders’ market or in chunks. But in certain online markets it was possible to make $1,000 selling a six-year-old database containing the names of 300,000 users—the price in the market at large depended on the age of the database, according to people familiar with the matter. This meant that more than 100 million fresh logins from Sony would easily have been worth tens of thousands of dollars. A June 23, 2011, Reuters article cited a lawsuit against Sony that claimed that the company had laid off employees in the unit responsible for network security two weeks before the data breach occurred, and that while the company “spent lavishly” on security to protect its own corporate data it failed to do the same for its customer data. The lawsuit, filed in a U.S. District Court, cited a “confidential witness.” Details about the way LulzSec attacked Karim Hijazi come from interviews with Topiary and Kayla, as well as from chat logs released by both LulzSec and Hijazi. Further details come from telephone interviews with Hijazi in the days after his attack was announced and from interviews with his press spokesman. Details about the ~el8 hacking group were sourced from their four e-zines, which are still available online, and from the 2002 Wired article “White-Hat Hate Crimes on the Rise.” Details about Andrew “weev” Auernheimer’s disclosure of a security flaw for iPad users on AT&T’s website were sourced from interviews with Auernheimer, from the Gawker story “Apple’s Worst Security Breach: 114,000 iPad Owners Exposed,” dated June 9, 2010, and from the CNET article “AT&T-iPad Site Hacker to Fight on in Court,” published on September 12, 2011. In July 2011, a federal grand jury in Newark, New Jersey, indicted Auernheimer on one count of conspiracy to gain access to computers and one count of identity theft. From September 2011 and as of mid-April 2012, he was on bail, and reportedly banned from using IRC or consorting with people from his hacking group. The statement that the AnonOps IRC was “a mess, everyone was on edge” was sourced from my own observations of the chat network and from interviews with Topiary. The assertion that a few white hats “secretly wished they could be part of the fun” was sourced from my observations of comments made by white hat security specialists on blogs and on Twitter, which often professed admiration for LulzSec and expressed gratitude that the group had demonstrated the necessity of the Internet security profession. A good example is the article by Australian security expert Patrick Gray on his risky.biz blog entitled “Why We Secretly Love LulzSec,” posted on June 8, 2011. The post quickly went viral on Twitter. Regarding Ryan’s DDoS attack on LulzSec’s public IRC channel—he had been sending the same message to anyone who was an operator in the IRC channel. Chapter 21: Stress and Betrayal Details about Kayla’s side operation were sourced from interviews with Kayla and Topiary, while dialogue in this chapter was sourced from the leaked #pure-elite logs. Further context on the InfraGard hack, #pure-elite discussions, and Bitcoin donations comes from interviews with the founding members of LulzSec. Some dialogue, such as the reaction to the $7,800 BitCoin donation, was also sourced from interviews. NATO’s draft report on Anonymous can be found on the organization’s website here: http://www.nato-pa.int/default.asp? SHORTCUT=2443. It was first mentioned on tech blogs, such as thinq, in early June. The deleting code rm -rf/* is well known among Web trolls, who at one time made a practice of telling Mac and Linux users to type the
The deleting code rm -rf/* is well known among Web trolls, who at one time made a practice of telling Mac and Linux users to type the code into their copy of Terminal, the application that allows users to engage with their computers using a command-line interface. This can lead users to inadvertently wipe out their hard drives. According to KnowYourMeme.com, the trolling scheme against PC users has been around since the early 2000s, but became popular through its promulgation on 4chan around 2006. Users of /b/ would post digital flyers or start discussion threads saying, for example, that Microsoft had included a folder called system32 on all PCs and that this folder held 32 gigabytes of “worthless crap.” They added that the company did this to sell more system-cleaning software, and that the way to get back at money-hungry Microsoft was to delete the file. This was, of course, completely untrue. Here is a translation of the UNIX code rm -rf/* itself: “rm” is the command short for remove; a blank space then indicates the end of the command. The “-” begins the options, with “r” meaning “recursively delete all directories” and “f” meaning “override file permissions.” “/*” means that everything after the root of the tree (“/”) is to be affected. The entire command means “remove everything forcefully.” The assertion that “many news outlets bought this line”—i.e., the line that LulzSec had hacked InfraGard in response to the Pentagon announcement—was sourced from a number of news reports. Among them is the digitaltrends.com story “LulzSec Hacks FBI Affiliate, Infragard.” Details about the arrest of Sabu were sourced partly from Fox News reports, including the one entitled “Infamous International Hacking Group LulzSec Brought Down by Own Leader,” and partly from an interview with an anonymous source who had knowledge of the arrest and FBI investigation. Further details about Sabu’s arrest and his later appearance in a secret court hearing are laid out in chapter 26. Details about Cisco’s promotional tweet appearing on Twitter searches for LulzSec were sourced by my own observations and were corroborated by Cisco spokesman John Earnhardt, who said that LulzSec was a “term of interest” in the security industry. The day after I wrote a blog post on the promotion for Forbes, entitled “How Cisco Is Capitalizing on LulzSec Hackers’ Popularity” and published on June 15, 2011, the promotion disappeared. Joseph K. Black, founder of the Black & Berg IT security company, most likely faked the attack on his own website. This assertion is based on interviews with Topiary, who said that no one in the group had hit or had planned to hit Black & Berg, and on interviews with Jennifer Emick, who spent some time investigating Black. I also base this conclusion on my opinion that Black is not a credible source. Cyber security and antivirus expert Rob Rosenberger wrote a column for SecurityCritics.org on February 15, 2011, in which he referred to Black as a “charlatan” whose activities until that point already “qualified as ‘unethical behavior’ done for shameless self-promotion.” The cyber security site attrition.org later wrote a damning indictment of Black on February 28, 2011, in an article entitled “Joseph K. Black: Social Media Experiment Gone Horribly Wrong,” which offered the prediction that Black would never obtain his professed dream job of “National Cybersecurity Advisor.” It posted screenshots of his Twitter feed from January of 2011, including tweets such as “I just did my 2nd line of coke and it’s only 4.15; WOW!” Another tweet, directed toward Attrition itself, said, “Your [sic] just jealous that the Feds haven’t taken you off the grid yet. Sucker.Im untouchable.I got the Feds in my pocket.Im comfy.” In October of 2011, Black was pursued by police in a thirty-five-minute car chase over four U.S. counties, after which he got out of his car holding a small dog and pointed his finger at the police, making shooting noises. He was promptly Tasered (source: “Omaha Man Caught after Early Morning Pursuit,” the North Platte Bulletin, October 31, 2011). By early 2012, Black & Berg had folded and Black had posted a photo of himself on an about.me Web page, where he listed himself as “Advisor to Anonymous and #Antisec operations.” In the photo, Black was standing in front of a mirror, wearing a hoodie, sunglasses, and a gold chain necklace. Black did not respond to a question e-mailed to him on the matter of his website’s defacement, or to an interview request. Ironically, in spite of the overwhelming evidence that the deface on Joseph K. Black’s website had been self-inflicted for publicity purposes, British prosecutors would later list an attack on Black & Berg among the charges against Jake Davis and three other young men associated with LulzSec. Details about other copycat hacker groups, such as LulzSec Brazil and LulzRaft, were sourced from the groups’ own Twitter feeds, announcements, and press reports, and from interviews with LulzSec members. Topiary’s statement “I’m starting to get quite worried some arrests might actually happen” was made in an interview with me. Chapter 22: The Return of Ryan, the End of Reason Details in this chapter about activities within LulzSec, dialogue about the disappearance of Sabu, and descriptions of Ryan were sourced from interviews with LulzSec’s founding members. Details about Topiary’s first call with Sabu were sourced from interviews with Topiary. The name David Davidson comes from the widely panned 2000 comedy film Freddy Got Fingered, starring Tom Green. It has often been used online as a joke name, but perhaps not enough to be considered an outright Internet meme. Ryan first rekindled his relationship with LulzSec’s members by offering to let the group house its IRC network on his servers. This was a welcome offer, although eventually the crew would be hopping between servers owned by AnonOps and the public IRC networks provided by EFnet, Rizon, and 2600. Topiary did not believe that the dox released for Ryan earlier that year by Evo was real. He also believed that the real Ryan was relatively safe, since Ryan claimed, for instance, to have his neighbor receive all his packages, which were addressed to a fake name anyway, before passing them over to him, so that he never had to give out his real address. The Skype number 1-614-LULZSEC was off at all times and redirected to another Google number, which was also offline and redirected instantly to the main Skype account that Topiary and Ryan were using. This account had been registered via a fake Gmail account on a random IP address. I have sourced the assertion that Assange was “chuckling” to himself from interviews with Topiary, who said that when he was first talking to Assange on IRC, Assange claimed that he and others in WikiLeaks had “laughed” when they heard about the DDoS attack on the CIA.
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29:
Since childhood, Bailey had harbore
Page 30 and 31:
oughly three hundred regular chat p
Page 32 and 33:
1. Get the latest LOIC from github.
Page 34 and 35:
Asperger syndrome, rarely left his
Page 36 and 37:
“It’s a troll,” another organ
Page 38 and 39:
had joined mentoring program iMento
Page 40 and 41:
choose a unique nickname on AnonOps
Page 42 and 43:
time. Kayla actually had several IR
Page 44 and 45:
was headquartered and where Barr wo
Page 46 and 47:
“So are we going to focus on Anon
Page 48 and 49:
Starting in early January, many sup
Page 50 and 51:
“Well in my lifetime I’ve perfo
Page 52 and 53:
uh, actual intelligence.” There w
Page 54 and 55:
definitely unimpressed—the claims
Page 56 and 57:
nude photos. Four years later, an e
Page 58 and 59:
“Is this a new trend :D to see wh
Page 60 and 61:
network collapsed, they would move
Page 62 and 63:
large notice board with paperwork a
Page 64 and 65:
April 2011, while he and Sabu were
Page 66 and 67:
since they had a wider array of ski
Page 68 and 69:
will get in trouble and might be gr
Page 70 and 71:
passwords for almost every journali
Page 72 and 73:
or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129: Descriptions of Ryan Mark Ackroyd w
Page 130 and 131: Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?