We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

though, they were usurped by what would become the two most popular weapons in the Anonymous arsenal: botnets and the Low-Orbit Ion Cannon (LOIC). Botnets would not be used significantly by Anonymous for a few more years, but they were easily the more powerful of two key weapons. These were large networks of “zombie” computers usually controlled by a single person who gave them commands from a private IRC channel. It’s rumored that botnets were used just once or twice during the first Anonymous attacks on Chanology, though few details are known. Often botnets are made up of between ten thousand and one hundred thousand computers around the world. The biggest botnets, ones that have the power to take out the servers of small governments, have upward of a million computers. The computers belong to average people like you and me, oblivious to what is going on—often we’ll have joined a botnet by accidentally downloading infected software or visiting a compromised website. Perhaps someone sent us a spam e-mail with a link promising free photo prints or a cash prize, or we clicked on an interesting video that disguised malicious code. Nothing appears to be amiss after such software downloads. It installs itself quickly and quietly and for the most part remains dormant. When the botnet controller issues commands to a network of “bots,” a signal is sent to the infected computer, and the small program that was downloaded starts up in the background without the owner’s realizing it. (Who knows—your computer could be taking part in a DDoS attack right now.) The network of thousands of computers will act together, as if they were one single computer. Typically, botnets will use their bots to send spam, find security vulnerabilities in other websites, or launch a DDoS attack on a corporate website while the controller demands a ransom to stop. In underground hacker culture, larger botnets translate to greater street cred for the controllers, or botmasters. It’s unclear how many computers in the world have been assimilated into botnets, but the number is at least in the tens of millions, with the greatest number of bot-infested computers in the United States and China. In 2009 the Shadowserver Foundation reported that there were thirty-five hundred identified botnets in the world, more than double the number in 2007. In March 2010 Spanish police arrested three men behind a botnet called Mariposa, Spanish for “butterfly.” Discovered by white-hat hackers (cyber security specialists) and law enforcement agents in 2008, the monster botnet was made up of as many as twelve million zombie computers and had been used to launch DDoS attacks, send out e-mail spam, and steal personal details. The ringleaders made money on the side by renting it out. Renting a botnet was far less risky than making one yourself, and with the right skill set and contacts, they were surprisingly easy to come by. A 2010 study by Web infrastructure company VeriSign showed the average rate for renting a botnet from an underground marketplace was $67 for twenty-four hours and just $9 for one hour. Renting a botnet that could take out the servers of a small government might cost around $200 an hour. Botnets used by Anonymous in both the Chanology attacks of 2008 and Op Payback in 2010–11 were both rented and self-created, and sources say there was also a range of botnet sizes. But it was the super botnets, controlled by a small handful of people, that could do the most damage. The second weapon in the Anonymous arsenal was the Low Orbit Ion Cannon, whose acronym is pronounced “lo-ick.” In terms of power, it was piddling against a botnet—like the difference between a long-range missile and a handgun—but the software was free and easy for anyone with a computer to access. From the start of Chanology onward, LOIC started replacing Gigaloader in popularity. The origins of the software program are a little unclear, but it is widely thought to have first been developed by a programmer nicknamed Praetox, who was eighteen at the time, lived in Oslo, Norway, and enjoyed programming and “running in the woods,” according to his website. Praetox made all sorts of things on his computer, including cheats for the online role-playing game Tibia and a program that would make windows on a computer desktop look transparent. He was also versed in chan culture and used the cartoon image of a “Pool’s closed” sign for his YouTube account. The name LOIC itself comes from a weapon in the Command & Conquer video game series, and of all his creations it would be Praetox’s legacy. Praetox appears to have originally created LOIC as an open source project, which meant anyone could improve it. Eventually, a programmer nicknamed NewEraCracker made some tweaks that allowed LOIC to send out useless requests or “packets” to a server, making it what it is today. At the time, packets were part of everything one did on the Internet. Visiting a web page involved receiving a series of packets, as did sending an e-mail, with a typical packet containing 1–1,500 bytes. They can be compared to addressed envelopes in the postal service. “Packet sniffing” meant trying to figure out what was inside a piece of mail by looking at what was on the envelope. The data inside a file could be encrypted, but the packet itself would always identify the sender and receiver. A DDoS attack was, in one way, like overwhelming someone with thousands of pieces of junk mail that they had no choice but to open. One defense was to “filter the packets,” which would be like asking a doorman to not allow any mail from a certain sender. But DDoS protection costs money, and it was difficult to filter the junk packets from LOIC, since they were coming from many different users. Ultimately, if enough people used the program and “aimed” it at the same site at the same time, they could overload it with enough junk traffic to take it offline. The effect was similar to a botnet’s, except instead of having infected computers, the participants were voluntarily joining the network. A key difference was effectiveness. The effect of LOIC was far more unpredictable than that of traditional botnets, since popularity and human error came into play. You might need four thousand people to take the website of a major corporation down, in the same way you’d need four thousand people wielding handguns to destroy a small building. You’d need just a few hundred people to take down a tiny homemade website belonging to an individual. The upside was that downloading LOIC was free and easy—you could get it from a torrent site or 4chan’s /rs/ board. One of the hundreds of people who downloaded LOIC and took part in some of the first impromptu Scientology attacks was a college student named Brian Mettenbrink. An Iowa State University student with a mop of brown hair and a beard, Mettenbrink, eighteen, was sitting in front of his desktop computer in a dorm room, browsing through his favorite website, 7chan, when he first saw posts about a Scientology raid in January 2008. He did not care about Scientology, but he was interested in exploring the world of IT security and reasoned that taking part in an attack like this was a good way to learn about the other side of the industry. Besides, with so many other people contributing to the attack, he wouldn’t get caught. Mettenbrink, who had been regularly visiting 4chan since he was fifteen, went to the site’s /rs/ board and downloaded LOIC. The download took a few seconds, and it included a “readme” file to explain how to use it. The program gave the impression that it was connecting users to an army of rebel fighters. When Mettenbrink first opened LOIC, the main window that popped up had a Star Wars– themed design: dark and light green text boxes, and a Photoshopped mock-up of the Anti-Orbital Ion Cannon used in Star Wars: The Clone Wars, blasting a thick green laser beam toward a planet.
Wars, blasting a thick green laser beam toward a planet. There were options to “Select a target,” by adding in a URL, and a button saying “Lock on.” Once you had a locked target, a large box in the middle would show its server’s IP address as the program geared up for an attack. Next came another big button labeled “IMMA CHARGIN MAH LAZER,” followed by options to configure the attack. During the first DDoS attacks on Scientology, the LOIC was always in “manual mode,” which meant users would decide where and when to fire and what type of junk packets to send out. Once an attack was under way, a status bar at the very bottom would show the program as being Idle, Connecting, Requesting, Downloading, or Failed. If “Requesting,” a number would start rising rapidly. Once it froze, that meant the LOIC was stuck or the target was down. You could check by visiting the target website—if you got a “Network Timeout” error message, it meant mission accomplished. There was no buzz or rush of feeling when Mettenbrink first fired LOIC at Scientology.org, especially since the program froze as soon as it started. He checked his configurations, and when the program got going again, he minimized the window and went back to wasting time on 7chan. Unlike Gregg Housh, Mettenbrink was a casual participant in Chanology. He did not bother joining an IRC channel like #xenu or finding out what Anonymous might do next. Instead, he kept LOIC running for several days and nights in the background of his computer, eventually forgetting he was running it at all. Only when he noticed that the program was starting to slow down his Internet connection did he switch it off—about three days after starting it. “I am not responsible for how you use this tool,” LOIC programmer NewEraCracker had written as a disclaimer for the program when he uploaded his tweaked version to the Web. “You cannot blame me if you get caught for attacking servers you don’t own.” It was crucial for people who were using LOIC to run it through an anonymizing network like Tor to hide their IP addresses from the target or police. But there were plenty of oblivious supporters, like Mettenbrink, who ran LOIC straight off their own computer with no special software. This was often because they did not know how, or they didn’t realize that using LOIC was illegal. On top of that, more Anons were communicating on IRC networks, which meant they had nicknames and reputations to uphold. Now there wasn’t just the attraction of being part of a mob—there was a sense of obligation to return and join in with future attacks. Some participants in a Chanology IRC channel knew, for instance, that returning to an IRC channel the following day also meant reacquainting themselves with a new stable of online friends, who might think less of them if they didn’t turn up. This wasn’t like /b/, where you could suddenly disappear and no one would notice. Chanology was turning into a new community of hundreds of people, and it brought the collective to a point where communication was gradually splitting between image boards and IRC networks. Image boards like 4chan had been using LOIC for a couple of years; the /b/tards were forever declaring war on other sites that they claimed were stealing credit for their memes and content, such as eBaum’s World or the blogging site Tumblr. But now more Anons were starting to use IRC networks to coordinate and follow instructions for DDoS attacks. Beginning in January 2008, organizers had also started publishing announcements on Chanology and how-to guides on the Partyvan network so that the sudden influx of thousands of “newfags” from all over the world to these new online protests could learn about LOIC and IRC channels without having to ask. The DDoS attacks on Scientology reached a pinnacle on January 19, when the church’s main website was hit by 488 attacks from different computers. Several media outlets, among them Fox and Sky News, reported that the online disruptions were being caused by a “small clique of super hackers.” This was a terrible misconception. Only a few Anonymous supporters were skilled hackers. Many more were simply young Internet users who felt like doing something other than wasting time on 4chan or 7chan. When someone posted an announcement on Partyvan that there would be a third, bigger DDoS attack on January 24, about five hundred people are rumored to have taken part. But by then, Scientology had called in Prolexic Technologies, a specialist in DDoS protection based in Hollywood, Florida, to help shield their servers. Soon the LOIC-based attacks stopped having an effect and the Scientology sites were up and running as normal. Scientology then hit back through the media, telling Newsweek in early February that Anonymous was “a group of cyber-terrorists… perpetrating religious hate crimes against Churches of Scientology.” The strong wording didn’t help Scientology’s cause, bearing in mind a famous phrase on the Internet: “Don’t feed the troll.” By appearing defensive, Scientology was inadvertently provoking more Anons to take part in the attacks. And because joining Anonymous was so easy—at minimum you had to enter an IRC channel, or /b/, and join in the conversation—hundreds of new people started looking in. Then Anonymous found another way to cause a stir. Back in #marblecake, Housh had noticed one team member who had been quiet for the past four days. He asked him to figure out how many cities and countries were being represented on the chat network. When the scout came back, he reported that there were 140 to 145 different Chanology channels and participants in forty-two countries in total. “What do we do with all these people?” one of the team asked. They started searching the Internet to see what opponents of Scientology had done in the past and stumbled across a video of anti-Scientology campaigner Tory “Magoo” Christmam, who was dancing and shouting in front of a Scientology center. “This is hilarious,” a team member said. “We should totally make the Internet go outside.” “We have to put them in the streets,” the French member who’d been studying for a PhD said. Housh didn’t agree, and he argued with the Frenchman for the next three hours. Eventually, Housh relented, deciding that a real-world confrontation between Anons and the public could be rather amusing. “We honestly thought the funniest thing we could do to Scientology was get in front of their buildings,” Housh later said. The group started working on their next video, their “call to arms,” and then a code of conduct after a Greenpeace activist came on IRC and said they needed to make sure protesters didn’t throw things at buildings or punch cops. Housh started taking an increasingly organizational role, dishing out responsibilities and bringing discussions back on topic when they veered off into jokes of firebombing or Xbox games. On January 26, someone calling himself “Anon Ymous” sent an e-mail to Gawker’s “tips” address, about a forthcoming protest outside the Church of Scientology in Harlem. “Wear a mask of your choosing,” it said. “Bring a boombox. Rickroll them into submission. We will make headlinez LOL.” There was also a tagline at the bottom, which was appearing on YouTube, blogs, and forum posts: We are Anonymous We are Legion
Page 2 and 3: Begin Reading Table of Contents Cop
Page 4 and 5: his HBGary Federal account, possibl
Page 6 and 7: culture and key figures within it.
Page 8 and 9: dreadful fascination at his phone a
Page 10 and 11: Aaron Barr would never have come fa
Page 12 and 13: “nigger,” “faggot,” or just
Page 14 and 15: owns my ass.” With his other hand
Page 16 and 17: In 2008 he helped instigate Operati
Page 18 and 19: death threats and threatened to bom
Page 20 and 21: another poster described “Phase 2
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73:
or online for most of the day and s
Page 74 and 75:
a mixture of Anons, script kiddies,
Page 76 and 77:
Sabu hated white hat security firms
Page 78 and 79:
“Just looked at this guy’s sour
Page 80 and 81:
otnets. Topiary shot back with a se
Page 82 and 83:
wasn’t Sabu. “You got the wrong
Page 84 and 85:
them that he was back. Topiary at f
Page 86 and 87:
websites, bigger ones. He had a rap
Page 88 and 89:
“Y’all were the inspiration I n
Page 90 and 91:
LulzSec. Tflow created a torrent fi
Page 92 and 93:
The Fate of Lulz LulzSec’s signif
Page 94 and 95:
opposite of Kayla. And yet there wa
Page 96 and 97:
one of the LulzSec accounts in resp
Page 98 and 99:
on the network. He decided to try t
Page 100 and 101:
morning of their meeting, William
Page 102 and 103:
techniques like the Cain and Abel p
Page 104 and 105:
hackers in private IRC rooms. It wa
Page 106 and 107:
the open at the same time: the susp
Page 108 and 109:
Kayla’s story had become more imp
Page 110 and 111:
Stephane Fitch, who also introduced
Page 112 and 113:
writes a spoof news article about t
Page 114 and 115:
following twenty names in the ranki
Page 116 and 117:
to websites that showed the steps o
Page 118 and 119:
Minions.” Another helpful source
Page 120 and 121:
“extreme version of Calvinism”
Page 122 and 123:
2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?