We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

had joined mentoring program iMentor as a technology intern. By now he had grown into a tall, broad-shouldered young man, but he had a tenuous relationship with authority. According to an essay the teenaged Monsegur wrote in August 2001, it boiled down to an incident at his Washington Irving High School in Manhattan. He had been working for the school during class hours, installing Windows on what he called their “obsolete” computers, when one day while Hector was walking through the school’s metal detector, its chief of security stopped him to ask about the screwdriver he was carrying. “I am the geek that fixes your system when you forget not to execute weird .exes,” he recalled saying. “Hey, don’t give me an attitude, boy,” the head of security replied, staring at him. Monsegur explained it again. He was a student who worked on the “non-functioning computers during my school time.” The security head took the screwdriver. “Thanks,” he said. “I’m keeping this.” Embarrassed and angry, Monsegur wrote a complaint and gave it the school’s authorities, accusing the security head of “corporal punishment” and “disrespect.” When the complaint was ignored, he distributed a “controversial piece of writing” to his teachers. During class, the school’s principal paid him a visit, asking if he would step aside so they could talk. He and other school officials found Monsegur’s writing threatening, he said. “The guy stares me down,” Monsegur wrote in his essay. “Disrespects me physically in front of tens of students. What happened to my complaint? Where is the justice I seek?” Monsegur felt jilted. Weeks later he got a call from his teacher, who he described as saying he was “temporarily expelled from the school.” Monsegur replied, “Very well then, it is such a shame that one such as myself would have to be deprived of my education because of my writing.” Just as the teacher was about to reply, Monsegur hung up. New York’s Administration for Children’s Services then requested he meet with a psychologist for a mental evaluation. Monsegur claimed that he passed. But he also left high school without finishing the ninth grade. Online, he could live out his ambitions and avoid the “disrespect” he felt from figures of authority. By now he was learning how to break into the web servers of big organizations, from Japanese universities to third-world governments. Monsegur liked the buzz of subjugating a computer system, and soon he was veering from protecting them on his internships, to breaking into them in his spare time. He had meanwhile discovered hacktivism. When he was sixteen and watching TV one day, Monsegur saw a news broadcast about protests in Vieques, an island off the coast of Puerto Rico. The U.S. Navy had been using the surrounding waters as a test-bombing range, and a year earlier, in 1999, a stray bomb had killed a local civilian guard. The guard’s funeral received global press attention and sparked a wave of protests against the bombings. In the TV broadcasts, soldiers pushed against protesters, including the Reverend Al Sharpton, a community leader in New York that Monsegur had become aware of through his growing interest in left-wing activism. Something snapped inside him. He went to his computer and drew up a network map of the entire IP space for Puerto Rico, and he found that a company called EduPro was running the government sites. He hacked into the servers, discovered the root password, and got administrative access. In the heat of the moment, he also typed up an angry missive in Microsoft Word, ignoring his own typos: “Give us the Respect that we deserve,” he wrote. “Or shall we take it by force? Cabron.” He brought down the Puerto Rican government’s websites and replaced them all with his message, which stayed up for several days. Smiling at his work, Monsegur considered this his first act of hacktivism. When the U.S. military gave control of the Vieques base back to the locals two weeks later, he felt it was partly thanks to him. Monsegur wanted to keep going. He threw himself into hacking, joining the first stirrings of a cyber war between American and Chinese hackers, which mostly involved young men from each side trash-talking and defacing websites in the other side’s country. Operation China took place in 2001, the same year that Monsegur appears to have dropped out of high school. Beijing at that time had refused to give President Clinton access to a U.S. spy plane that had collided with a Chinese fighter jet and crash-landed on Hainan island. The surviving U.S. crew were held for eleven days, and in that time a few gung-ho American computer hackers like Monsegur broke into hundreds of Chinese websites and defaced them with messages like “We will hate China forever.” The Chinese hackers hit back with the likes of “Beat down Imperialism of America.” By this point, Monsegur was regularly using the nickname Sabu, borrowed from the professional wrestler who was popular in the 1990s for his extreme style, and who played up his minority status by claiming to be from Saudi Arabia, when he was actually from Detroit and of Lebanese descent. Sabu, similarly, claimed online to be born and bred in Puerto Rico. Monsegur’s group was called Hackweiser; it was founded in 1999 by a talented Canadian hacker nicknamed P4ntera. It counted between ten and fifteen hackers as members when Monsegur joined. His role in the group was one that would remain the same a decade later: he hacked into, or rooted, as many servers as he could. Later in 2001, after Sabu had spent several months learning the ropes with Hackweiser, P4ntera suddenly went missing. Monsegur realized that if the group’s charismatic leader could get arrested, the same could happen to him. He wrestled with his ego. He loved seeing “Sabu” gain notoriety for the audacious hacks he was carrying out, but he did not want to go to jail. “We humans suffer from egos,” Sabu later remembered. “We have a need to have our work appreciated.” But Monsegur decided to play it safe, and he stopped all public use of the name Sabu and went underground for the next nine years. If “Sabu” ever appeared online, it was only in private chat rooms. He also tried using his programming skills for legitimate means. In 2002 he started a group for local programmers in Python, a popular programming language. Introducing himself as Xavier Monsegur, he invited others to “integrate their knowledge into one big mass of hairy information” and said that the site he had made was “nere [sic] its final layout state…It’ll be all about us, our knowledge, our ideas, just ‘us’ having a fun time and enjoying what we have and can do.” The sociable programmer went on to freelance for a Swedish IT security company called Tiger Team, then found work with the peer-topeer file-sharing company LimeWire. He continued living with his grandmother and used his computer-hacking skills to help neighbors in the apartment block fraudulently raise their credit ratings. Money thus came sporadically from both legal and illegal sources: sometimes it was from Monsegur’s legitimate work; other times it was from selling marijuana on the streets, or hacking into a computer network to steal credit card numbers. But problems came all at once in 2010, when he was twenty-six. Monsegur’s father and aunt had been released from prison, but his aunt Iris had resumed selling heroin and that year was arrested again. She left her two daughters in Monsegur’s care, and he got legal custody. At around the same time, he lost his job at LimeWire after the recording-industry group RIAA hit the company with a $105 million lawsuit and it was forced to lay off workers. Worse, Monsegur’s grandmother with whom he had lived since the age of fourteen died. “That messed him up,” a family member later told the New York Times, referring to his grandmother’s death. Monsegur became more disruptive, hacking into auto companies and ordering car engines and disturbing his neighbors by playing loud music, often until 4:00 a.m. in
disruptive, hacking into auto companies and ordering car engines and disturbing his neighbors by playing loud music, often until 4:00 a.m. in the home where his grandmother no longer lived. Monsegur was unemployed and drifting. Then in early December, out of nowhere, Anonymous burst onto the scene with WikiLeaks, offering a cause that Monsegur could be passionate about. He watched the first attack on PayPal unfold and saw echoes of his work with Hackweiser and his protest attack for the island of Vieques, but on a much grander scale. He would later say that Anonymous was the movement he had been waiting for all those years “underground.” On December 8, when AnonOps had its highest surge of visitors for the initial big attack on PayPal, Monsegur signed into the public chat room, using the nickname Sabu for the first time in almost a decade. It was chaos on AnonOps IRC, with hundreds of trolls and script kiddies (wannabe hackers) all talking over one another. “We need the name of the wired employee who just spoke on cnn,” he said, referring to Wired magazine’s New York City bureau chief, John Abell. “john swell? john awell? pm me the name please.!!!” As Sabu, he repeated the request three times. Eventually he zeroed in on Tflow, who was dropping advanced programming terms. After Sabu and Tflow talked via private messages, neither of them revealing his true location or any other identifying information, Tflow showed Sabu into the secret channel for hackers, #InternetFeds. #InternetFeds was secure and quiet. In the open AnonOps chat rooms, hundreds clamored for large, impossible targets like Microsoft and Facebook. There was little point trying to reason with the horde and explain why those targets wouldn’t work, that you needed to find a server vulnerability first. It was like trying to explain the history of baseball to a noisy stadium full of people itching to see a home run. It had been the same in Chanology, when the #xenu channel was backed by the quiet planning in #marblecake. Discord grew in #operationpayback over who should feel the wrath of Anonymous next; the WikiLeaks controversy was receding from the headlines, and the hackers had grown bored with trying to attack Assange’s critics. Sabu, Kayla, and the others in #InternetFeds increasingly talked about focusing their efforts on another growing news story: revolution in the Middle East. Sabu was already interested in the region, having attended a protest march or two for Palestine when he was younger. Now he and the others were seeing articles about demonstrations in Tunisia that had been sparked by documents that WikiLeaks had released. Tunisia’s government was known for aggressively censoring its citizens’ use of the Internet. Websites that were critical of the government were hacked, their contents deleted and their servers shut down. Locals who visited prodemocracy e-newsletters and blogs would often be met with error messages. In early January of 2011, the government censorship appeared to get worse. Al Jazeera reported that the Tunisian government had started hijacking its citizens’ Facebook logins and password details in a process known as phishing. Normally this was a tactic of cyber criminals; here, a government was using it to spy on what its citizens were saying on social networks and mail services like Gmail and Yahoo. If officials sniffed dissenters, they sometimes arrested them. Locals needed to keep changing their Facebook passwords to keep the government out. At a time when the country of more than ten million people was on the edge of a political revolution, protesters and regular citizens alike were struggling to avoid government spies. The hackers in #InternetFeds came up with an idea, partly thanks to Tflow. The young programmer wrote a web script that Tunisians could install on their web browsers and that would allow them to avoid the government’s prying eyes. The script was about the length of two sides of paper, and Tflow tested it with another Anon in Tunisia, nicknamed Yaz, then pasted it onto a website called userscripts.org. He and a few others then advertised the link in the #OpTunisia chat room on AnonOps, on Twitter, and in digital flyers. It got picked up by a few news outlets. The hacktivist Q was one of the #InternetFeds members and also one of the dozen channel operators in the #OpTunisia channel. He began talking with Tunisians on AnonOps—the ones who were web-savvy enough to access it via proxy servers—and encouraged them to spread news of the script through their social networks. “OpTunisia fascinated me,” Q later said in an interview. “Because we actually did make an impact by pointing Western media to the things happening there.” Within a few days, news of the script had been picked up by technology news site ArsTechnica and it had been downloaded more than three thousand times by Tunisian Internet users. Sabu was impressed, but he wanted to make a different kind of impact—a louder one. Thinking back to how he had defaced the Puerto Rican government websites, he decided he would support the Tunisian revolution by embarrassing its government. It helped that Arab government websites were relatively easy to hack and deface. Sabu and a few others from #InternetFeds discovered there were just two name servers hosting Tunisia’s government websites. This was unusual—most governments and large companies with Web presences ran on several name servers, so a hacker taking down a few usually didn’t do much damage. In Tunisia’s case, however, shutting down just two name servers would take the government completely offline. “It was a very vulnerable set-up,” one hacker that was in #InternetFeds recalled. “It was easy to shut them off.” To take the Tunisian servers offline, Sabu did not use a botnet. Instead, he later claimed, he hijacked servers from a web-hosting company in London that allowed him to throw ten gigabytes worth of data per second at the Tunisian servers. These were broadcast servers, which could amplify many times the amount of data spam of a basic server; it was like using a magnifying glass to enhance the sun’s rays and destroy a group of ants. Sabu single-handedly kept the Tunisian servers down for five hours. Soon, though, authorities on the other side were filtering his spoofed packets, like the owner of a mansion telling his butler not to bring in mail from a particular person. The traffic he was sending was losing its effect. Undeterred, Sabu called an old friend for help, someone he knew from his days of dabbling in cyber crime. While Sabu hit the first name server, the other took down the second. Tunisia was where Sabu really got involved in Anonymous for the first time. He not only took down the government’s online presence; he and a few others also trudged through dozens of government employee e-mails. But the government fought back again. It blocked all Internet requests from outside Tunisia, shutting itself off from foreign Internet users like Sabu. Sabu wanted to deface the site of Tunisian prime minister Mohamed Ghannouchi, but he would have to do that from inside the country, and he wasn’t about to get on a plane. So on January 2, he signed into the #OpTunisia chat room with its dozen channel operators and several hundred other Anons from around the world, including Tunisia. There was talk of using proxies and potential DDoS attacks; questions about what was going on. Then Sabu hit the caps lock key and made his grand entrance. “IF YOU ARE IN TUNISIA AND ARE WILLING TO BE MY PROXY INTO YOUR INTERNET PLEASE MSG ME.” The room went almost silent. After a few minutes, Sabu got a private reply from someone with an automated username like Anon8935—if you didn’t choose a unique nickname on AnonOps, the network would give you one similar to this—a man who claimed to be in Tunisia. Sabu didn’t
Page 2 and 3: Begin Reading Table of Contents Cop
Page 4 and 5: his HBGary Federal account, possibl
Page 6 and 7: culture and key figures within it.
Page 8 and 9: dreadful fascination at his phone a
Page 10 and 11: Aaron Barr would never have come fa
Page 12 and 13: “nigger,” “faggot,” or just
Page 14 and 15: owns my ass.” With his other hand
Page 16 and 17: In 2008 he helped instigate Operati
Page 18 and 19: death threats and threatened to bom
Page 20 and 21: another poster described “Phase 2
Page 22 and 23: though, they were usurped by what w
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89:
“Y’all were the inspiration I n
Page 90 and 91:
LulzSec. Tflow created a torrent fi
Page 92 and 93:
The Fate of Lulz LulzSec’s signif
Page 94 and 95:
opposite of Kayla. And yet there wa
Page 96 and 97:
one of the LulzSec accounts in resp
Page 98 and 99:
on the network. He decided to try t
Page 100 and 101:
morning of their meeting, William
Page 102 and 103:
techniques like the Cain and Abel p
Page 104 and 105:
hackers in private IRC rooms. It wa
Page 106 and 107:
the open at the same time: the susp
Page 108 and 109:
Kayla’s story had become more imp
Page 110 and 111:
Stephane Fitch, who also introduced
Page 112 and 113:
writes a spoof news article about t
Page 114 and 115:
following twenty names in the ranki
Page 116 and 117:
to websites that showed the steps o
Page 118 and 119:
Minions.” Another helpful source
Page 120 and 121:
“extreme version of Calvinism”
Page 122 and 123:
2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?