We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

was headquartered and where Barr would get into the cleanup job and start to help the police with their investigation. Meanwhile, HBGary Inc.’s Greg Hoglund was working on damage control. He contacted Mark Zwillinger of Internet law firm Zwillinger & Genetski. Mark would later be assisted on the case by Jennifer Granick, a well-known Internet lawyer who had previously represented hackers like Kevin Poulsen and worked for freedom-of-information advocates the Electronic Freedom Foundation. After talking to Zwillinger, Hoglund penned an open letter to HBGary customers. When he was done, he published it on the now restored HBGary website, referring specifically to HBGary Inc. and not the sister company Barr had run. “On the weekend of Super Bowl Sunday, HBGary, Inc., experienced a cyber incident. Hackers unlawfully accessed the e-mail accounts of two HBGary Inc. employees, held by our cloud-based service provider, using a stolen password, and uploaded the stolen e-mails to the Internet.” Hoglund’s letter wasn’t clear about where it was pointing the finger—though that would change in time. It seemed to suggest that HBGary’s attackers had gone to great lengths to access the company’s e-mails, when actually the process had not been difficult at all. It was an SQL injection, the simplest of attacks. Ted Vera’s password, satcom31, had been easy to crack. Only Hoglund had used a random string of numbers and letters that had no relation to any of his other web accounts. The attack could have been worse too. The hackers had gotten all kinds of personal data on HBGary employees, from social security numbers to home addresses, and photos of Vera’s kids after getting access to his Flickr account. “This was when my moralfag mode kicked in,” Topiary later remembered. The others agreed that no kids should be involved, and they all decided not to leak the social security numbers. “I’m thankful that we didn’t.” Still, the combination of social media, blogs, and twenty-four-hour online and TV news meant the names Aaron Barr and HBGary were all over the Internet the day after Super Bowl Sunday. Topiary’s fake Aaron Barr tweets had been retweeted by Anonymous IRC, a feed with tens of thousands of followers, and there were now thousands of news stories about Barr. Barr soon found out the attack had been conducted largely by five people. “I’m surprised it’s a small number,” he said in a phone interview early Monday morning in Washington, D.C. “There is a core set of people who manage the direction of the organization. And those people are, in my impression, very good.” Barr sounded tired. “Right now I just feel a bit exhausted by the whole thing. Shock, anger, frustration, regret, all those types of things,” he said. “You know if I…maybe I should have known these guys were going to come after me this way.” No one knew at the time that the content of Barr’s e-mails would prove so controversial and would gain him as much press attention as the attack itself had, but Barr was already concerned. “The thing I’m worried about the most is I’d rather my e-mails not be all out there, but I can’t stop that now,” he said, adding he would be contacting all the people he had exchanged e-mails with to tell them what was going on. “It does not cause any significant long-term damage to our company so I’m not worried.” About this, Barr was wrong. As the hack on HBGary Federal was taking place, Kayla had sent a message to Laurelai, the transgender woman who a couple of years before had been a soldier named Wesley Bailey and who was now becoming a familiar face in the world of hacking. Kayla told Laurelai that she was in the middle of “owning” a federal contractor called HBGary and asked if she wanted to come into AnonOps and see. Laurelai hopped onto the AnonOps network to find hundreds of people talking over one another about what had happened, and the wife of Greg Hoglund, Penny Leavy, appealing to the attackers in the AnonOps #reporter channel. “It was chaos,” Laurelai remembered. Laurelai was now volunteering with a website and blog called Crowdleaks, an evolved version of Operation Leakspin. This was the project that had spun off Operation Payback and gotten Anons sifting through WikiLeaks cables. Laurelai had disliked Operation Payback because, like Kayla, she believed DDoSing things was pointless. She liked sifting through data and considered herself an information broker. She came aboard Crowdleaks when a mutual friend suggested she’d make a great server admin for the site’s manager, an Anonymous sympathizer nicknamed Lexi. “There’s a huge story brewing from this HBGary hack,” Laurelai told Lexi, who replied that Laurelai should cover it for the blog herself. Laurelai downloaded Barr’s and Greg’s e-mails and started searching for terms like FBI, CIA, NSA, and eventually, WikiLeaks. A list of Barr’s e-mails to Hunton & Williams showed up on her screen. As Laurelai looked through these e-mails, she stumbled on the PowerPoint presentation Barr had made for the law firm in which he suggested ways of sabotaging the credibility of WikiLeaks. Laurelai did a bit more digging on Hunton & Williams and realized that the firm represented the Bank of America. By now it was widely rumored that WikiLeaks had a treasure trove of confidential data that had been leaked to it from Bank of America and that it was getting ready to publish. That’s when the penny dropped. “Oh shit,” Laurelai said she thought then. “Bank of America is trying to destroy WikiLeaks.” Her next realization was scarier: Barr hadn’t even tried to encrypt the e-mails about the proposal, and he hadn’t seemed that secretive about it. It suggested that this sort of proposal, however unethical, was not that far from standard industry practices. HBGary Federal was not a rogue operator; it counted stalwarts in the industry like Palantir and Berico Technologies as partners. Laurelai wrote a blog post for Crowdleaks and collaborated with a journalist from the Tech Herald to report that HBGary had been working with a storied law firm and, indirectly, Bank of America to hurt WikiLeaks. Still only a couple of days after the HBGary attack, Sabu, Topiary, and Kayla did not know about Barr’s strange proposals on WikiLeaks. Topiary was still trawling through the e-mails looking for juicy information, and the team was planning to publish them on an easy-tonavigate website that they wanted to call AnonLeaks. If this sort of thing caught on, they figured, AnonLeaks could become a more aggressive, proactive counterpart to WikiLeaks. Lexi offered the server space being used by Crowdleaks, which was using the same hosting company as WikiLeaks. Just as an Anon named Joepie91 had finished programming the e-mail viewer, the group started seeing press reports on the actual content of the HBGary e-mails from journalists who had already downloaded the entire package via torrent sites. The group decided that the searchable HBGary e-mails would be the first addition to their new site, AnonLeaks.ru. But they had no plans for where this new site would go or how, or even if, it would be organized. “I think the media will get confused and think AnonLeaks is separate to AnonOps or PayBack,” said Kayla. “I dunno. The media ALWAYS seem to get anything Anon wrong.” Still, the team spent a few days in early February waiting for HBGary Federal’s tens of thousands of e-mails to compile, and Topiary suggested looking for a few choice pieces to put on the new AnonLeaks website as teasers. That way, the blank website wouldn’t give the impression that the team was playing for time. It was a classic PR strategy—getting the word out initially, then developing the story with a drip feed of exclusive information. Among the teasers was an embarrassing e-mail from Barr to
out initially, then developing the story with a drip feed of exclusive information. Among the teasers was an embarrassing e-mail from Barr to company employees in which he gave them his password, “kibafo33,” so that they could all take part in a conference call. Finally, on Monday, February 14, after a few news sites reported that a WikiLeaks-style site called AnonLeaks was coming, the team launched the new web viewer with all 71,800 e-mails from HBGary. They included 16,906 e-mails from Aaron Barr, more than 25,000 emails from two other HBGary execs, and 27,606 e-mails from HBGary Inc. CEO Greg Hoglund, including a lovesick e-mail from his wife, Penny, that said, “I love when you wear your fuzzy socks with your jammies.” Now more journalists started covering the story, and the coverage went on for more than a month. The attack had been unscrupulous, but the ends were an exposé on spying, misinformation, and cyber attacks by a security researcher. Hardly anyone pointed out that people with Anonymous were using exactly the same tactics. In late February 2011, Barr resigned as CEO of HBGary Federal. A week later, Democratic congressman Hank Johnson called for an investigation into government, military, and NSA contracts with HBGary Federal and its partners Palantir and Berico Technologies. Johnson had read reports of the scandal and asked his staff to look into it. “I felt duty bound to move for further investigation,” Johnson said in an interview at the time. He did not like the idea of government contractors like HBGary Federal developing software tools that were meant to be used in counterterrorism for “domestic surveillance and marketing to business organizations.” Spying on your own citizens, he added, was bad enough. “If you have anything else like this come up,” Laurelai asked Kayla after getting a peek at the chaos from the HBGary attack, “can you let me know so we can write about it?” “Sure,” Kayla replied. She kept her word. A couple of days later Kayla asked Laurelai if she wanted to see where some action was happening and then invited her into a new exclusive IRC channel, again off AnonOps, called #HQ. By now #InternetFeds had been shut down after rumors that one of the thirty or so participants was leaking its chat logs. This room, #HQ, was smaller and had about six people in it, at most, at any one time. It included everyone who had helped in the HBGary Federal attack. “Hang out here and you’ll see when stuff is about to pop up,” Kayla said. Laurelai was excited about being in #HQ and wondered if she might be able to help expose other white hat security firms that were operating under their own laws and getting away with the kind of stuff that Anons were getting arrested for. Already in January, the FBI had executed forty search warrants on people suspected of taking part in the DDoS attacks on PayPal, working off the list of a thousand IP addresses the company had detected. Though no one else knew it, Laurelai was secretly logging everything that was being said in the #HQ room, even when she wasn’t in it. Having spent the last two years learning how to hack and social-engineer people, she deemed it important to document what people around her were saying—at a later date, the logs could be used to corroborate things or refute them if necessary. Logging the chat was just standard procedure for Laurelai. In the meantime, she gradually became disappointed with the standard of discussion in the room. “They were acting like a bunch of damn kids,” she later remembered. “SUCH AN AWESOME CREW HERE,” the hacker known as Marduk (and also known as Q) said on February 8, the same day Aaron Barr and his family fled their home. “An Anon Skype party should be in order,” said Topiary. (It eventually happened, but only with people from AnonOps who were willing to reveal their voices.) They threw out occasional ideas for short projects. Marduk, who had strong political views and seemed to be older than most of the others, at one point asked Kayla to scan for vulnerabilities in websites for Algerian cell phone providers. He was looking for databases full of tens of thousands of cell phone numbers for Algerian citizens that he could then hand over to the country’s opposition party for a mass SMS on February 12. It would be another attempt to support the democratic uprising in the Middle East after the successful attacks on Tunisia and Egypt in January. Kayla seemed more excited about publishing Greg Hoglund’s e-mails. “Greg’s e-mails are ready. Parsed and everything,” she said. “The time to fuck Greg is now. :3.” That was one thing they could all agree on. “Who is handling media?” Kayla asked. “Housh and Barrett,” Topiary said, referring to Gregg Housh from Chanology, who now spoke to the media as an expert on Anonymous, and another man, called Barrett Brown, whom Topiary would deal with more closely in the coming weeks. Eventually, Laurelai introduced herself. “Hi,” Laurelai said when she first entered that morning. “Ahai,” said Marduk. “Welcome to where the shitstorm began.” Then he got down to business. “Laurelai, we can’t tie [HBGary Federal] to WikiLeaks for sure?” he asked. “I already have,” she answered. “We got enough to smear the shit out of them.” That confirmation pleased Marduk. “They are one strange company,” said Marduk. “Actually I’m sure it’s a government coverup.” “The government uses these companies to do their dirty work,” Laurelai explained. The WikiLeaks connection Laurelai had found conveniently segued with the modus operandi of Operation Payback, making it look almost as if Anonymous had planned it all. “*Kayla cuddles Laurelai :3 So much
Page 2 and 3: Begin Reading Table of Contents Cop
Page 4 and 5: his HBGary Federal account, possibl
Page 6 and 7: culture and key figures within it.
Page 8 and 9: dreadful fascination at his phone a
Page 10 and 11: Aaron Barr would never have come fa
Page 12 and 13: “nigger,” “faggot,” or just
Page 14 and 15: owns my ass.” With his other hand
Page 16 and 17: In 2008 he helped instigate Operati
Page 18 and 19: death threats and threatened to bom
Page 20 and 21: another poster described “Phase 2
Page 22 and 23: though, they were usurped by what w
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95:
opposite of Kayla. And yet there wa
Page 96 and 97:
one of the LulzSec accounts in resp
Page 98 and 99:
on the network. He decided to try t
Page 100 and 101:
morning of their meeting, William
Page 102 and 103:
techniques like the Cain and Abel p
Page 104 and 105:
hackers in private IRC rooms. It wa
Page 106 and 107:
the open at the same time: the susp
Page 108 and 109:
Kayla’s story had become more imp
Page 110 and 111:
Stephane Fitch, who also introduced
Page 112 and 113:
writes a spoof news article about t
Page 114 and 115:
following twenty names in the ranki
Page 116 and 117:
to websites that showed the steps o
Page 118 and 119:
Minions.” Another helpful source
Page 120 and 121:
“extreme version of Calvinism”
Page 122 and 123:
2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?