We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

April 2011, while he and Sabu were still discussing the idea. “We figured it’d be too far to call ourselves a hacking team with a cheesy banner, so we haven’t decided much.” Kayla had been flitting about online, so they created an IRC channel called #Kayla_if_you_are_here_come_in_this_channel. Once Kayla came back, she said she was interested, and the three of them started throwing ideas around. One was to set up a new IRC network for Anonymous, since Ryan’s leak in April had turned hundreds of users off its channels. Detractors had bombarded the network with DDoS attacks, and while regular visitors had dwindled, the number of people claiming to be operators had swelled to forty. With AnonOps now so top-heavy, there was chaos in nine different “command” channels, leader-of-leader channels, and secret channels to talk about other operators. The network was about to crash under its own weight, and Anonymous needed a safe, organized place to meet. But by early May, the AnonOps operators had got it together. They had whittled their servers down from eight to two, and their operators from forty to eight. An IRC network now looked less necessary. “I probably would have quit if we hadn’t talked so much and ended up getting Kayla back,” Topiary would say many months later. “In a way I wish Sabu hadn’t trusted me so much.” In a few days, AVunit came back from his break and joined the group too. There were now four of the old team back together who were interested in doing something big—they weren’t sure what exactly—to reinspire Anonymous. There was no turning back now. One late morning, during a period when the team was still mulling over what they could do together, Topiary got out of bed, got on his laptop, and saw Sabu online, along with Kayla. It must have been about five in the morning in New York. “Guys I was up all night looking at sites to go after,” Sabu said. “And I found this big FBI site.” Topiary’s breath quickened for a moment. “I’ve got access to it,” he added. Sabu then pasted a long list of around ninety usernames and encrypted hashes (which corresponded to their passwords) from a website called Infragard. The list of names represented half the site’s user base. Topiary and Kayla immediately started trying to crack them, excited by the prospect of “hacking the FBI.” Just a few minutes in, Topiary Googled Infragard, and he realized they were dealing with a nonprofit affiliate of the FBI, not the organization itself. He thought briefly about asking how Sabu had found the security hole or pointing out that it wasn’t exactly a “big FBI site.” But he didn’t want to dampen the team’s excitement. All the users had been verified by the FBI to gain access and all worked in the security field; some were even FBI agents. Yet their password choices were questionable, at best. One of the users had used “shithead” as a password for everything online; another had “security1.” Only about a quarter of the users had passwords the team couldn’t crack. It is a general rule in IT security that any password that isn’t a combination of letters, numbers, and symbols is weak. It is not particularly hard to memorize “###Crack55##@@” or “this is a password 666,” but both of these would be extremely difficult to crack. (The hardest passwords to decipher are phrases, which are also easier for password holders to remember.) After someone downloaded the entire database of users and then converted it into a simple text file, Sabu loaded the 25 percent of password hashes that the team couldn’t crack into the don’t-ask-don’t-tell password cracking service he’d used for HBGary Federal, HashKiller.com. Sometimes kids used the site to send encrypted messages to one another, with the challenge to crack them. When nefarious hackers broke into the user base of a website, they would typically dump all the so-called MD5 hashes into a database and start cracking the easy ones first, then let HashKiller’s forum users do the rest. An MD5 hash was a cryptic language that corresponded to words or files, and it typically looked like this: 11dac30c3ead3482f98ccf70675810c7 This particular string of letters and numbers translated to “parmy,” so the result on the site would look like: 11dac30c3ead3482f98ccf70675810c7:parmy That information would then be stored in HashKiller’s database, so if anyone tried to crack the password “parmy” and had the MD5 hash, he could do it instantly. The result from Hashkiller.com would look like this: Cracking hash: 11dac30c3ead3482f98ccf70675810c7 Looking for hash… Plain text of 11dac30c3ead3482f98ccf70675810c7 is parmy It was that simple. This was why it was a bad idea to use single-word passwords, like “parmy” or—even worse, because it is commonly known—“shithead.” Each password always had the same MD5 hash. And once it was in HashKiller.com, everybody knew it. A lack of context kept things relatively secret: everyone could see the hashes and cracked passwords in plaintext but nothing else. Using the site was free, and Sabu had only to sit back and wait for the passwords to be cracked by volunteers. Once someone cracked the admin’s password, the surprisingly easy “st33r!NG,” Sabu created a web page that he secretly attached to the website for Infragard Atlanta, known as a shell. It was the same sort of page that the site’s administrators would use to control its content, allowing him to add new pages or delete others. The difference was that the admins knew absolutely nothing about Sabu’s page. Since the page for the original control panel had been xootsmaster, Sabu named his new shell page /xOOPS.php. He could have just gone through the main control panel since he had the right password, but that would mean clicking through a series of options and a long list of directories. The shell was a more simply designed page that made it quicker and easier to mess with things. The team lurked on the site for a few weeks while sitting on its entire username and password base: twenty-five thousand e-mails from the personal accounts of the site’s users, a mixture of security consultants and FBI agents. Topiary and his friends had all their passwords, full names, and e-mails. If Topiary had been feeling malicious, he could have logged into the PayPal accounts of one of the more senior users and started splashing money all over the place. “That would be bad,” he said at the time. They had access that could let them deface the site in seconds, but they would wait it out. The crew was still feeling the heat from
They had access that could let them deface the site in seconds, but they would wait it out. The crew was still feeling the heat from HBGary, the #HQ log leaks, and Backtrace, and they weren’t quite sure what they were becoming yet. So they settled for spying on the users’ Gmail accounts, just watching the mails roll by. Nothing particularly significant was being discussed, but the group decided that if one of them got arrested, they would publish everything. “Most professional and high-level hacks are never detected,” one hacker with Anonymous who went on to support Sabu and Topiary’s team said months later. Not long after the Infragard breach, another group of hackers broke into the computer network of Japan’s parliament, stealing login information and e-mails. It had taken three months before anyone figured out what had happened. The hack had involved infecting the computers with a virus, most likely by sending employees e-mails that carried Trojans. This was how script kiddies worked, the Anonymous hacker said dismissively. It was loud, common, and didn’t require much skill. Sniffing around passively without anyone knowing always made sense. You could steal a database, sell it to spammers, and move on to other ways of hustling for money. With Anonymous, there was also that obligation to cause a stir. But it depended what you had hacked into. The Anon claimed that when he breached a network, most of the time he acted “passively.” At one point, for instance, he and another team had found a hole in a large foreign-government server leading to data on various hospitals. His team did not disclose the data and instead notified the admin of the problem. They even deleted their own copy of the data, since releasing the information would be “counterproductive.” On that same hack, however, they also found an administrative server for that same foreign government that contained all IP ranges for its online services. “We sure released that,” he said. The paradox for hackers who became part of Anonymous was that there was suddenly a reason to go public with their leaks to make a point. With Infragard, Sabu, Kayla, and Topiary were taking the sniffing-passively route. What the group did with this information would set them apart from other hackers who sought money, curiosity, or a sense of personal achievement. They just needed the right moment. Chapter 17 Lulz Security Soon it became clear to Sabu, Topiary, and Kayla what they were really discussing: the creation of a new hacking team. It would be, in one way, like WikiLeaks. It would publish classified information that hadn’t been leaked, but stolen. The idea didn’t sound as nerdy as Topiary had thought a few months back. They decided unanimously that they did not want to be constrained by the broad principles underlying Anonymous, which were: 1. choosing targets because they were oppressors of free expression 2. not attacking the media. The idea was to do whatever it took to inspire Anonymous with new lulz, and maybe even grab the limelight again. In Topiary’s mind, this would lead to something far greater than any of the pranks he had ever pulled. The whole idea of lulz didn’t sit comfortably with Sabu, who was more interested in hacking as a form of protest. But he realized Anonymous needed some inspiration, and he figured he could steer Topiary and the others toward more serious pursuits. Kayla was just happy at the chance to tear up the Internet again, and since they needed to target more than just the Infragard website, she started looking for the Web’s hidden security holes the same way she had secretly done for WikiLeaks’s q. Kayla had a powerful web script that let her scan the Internet for any website with a vulnerability. This process of looking for security holes in many different websites at the same time was called automated scanning, or crawling. When she was ready to start using it, Kayla hooked the bot to Sabu’s chat server and then cast it out like a net. She had only to type commands into the chat box, like find SQLI, to direct it. The bot constantly churned out new addresses of web pages that had vulnerabilities, then filtered them again. She had spent hours configuring the script so that certain types of URLs would show up in different colors. There were hundreds each day, and about 20 percent led to security holes. About 5 percent led to databases of ten thousand users or more. Over the course of two days, Kayla scoured the websites of hotels, airports, and golf clubs, even Britain’s National Health Service, leading the team to hundreds of thousands of user details. They started stealing (or dumping) the info and came up with eight databases containing fewer than five thousand usernames and passwords and two big ones, of five hundred thousand and fifty thousand. By now Tflow, AVunit, and the Irish hacker from #InternetFeds named Pwnsauce had joined, making them a team of six. It was a number and set of names that would remain fixed to the end. Pwnsauce was a skilled and amiable young man who had been involving himself with Anonymous since October of 2010, when he helped with the attacks on anti-piracy groups. Now he was happy to help comb the Internet for security holes. “Sabu, I may have a lead here,” he said at one point after finding something. When asked why he was working with the team, he said that while he agreed with the aims of Anonymous, “moreso I am here because of the people.” “I’ve never found more respectable and hardworking people in my life than those in this group,” added Topiary, who had been part of the conversation. “And likable.” Anonymous attracted hackers with a conscience, Pwnsauce explained. In a past life he had consorted with a “horrible mix” of hackers who “either did not know what they were doing or who solely wanted to steal from people.” These were people who stole credit card details from small retail outlets and chains. Mom-and-pop shops and gas stations were frequently the easiest to hack when they stored credit card information at the end of the day, data that often included the security codes on the backs of people’s cards—even though saving them was illegal. They saw these targets as easy pickings, but Pwnsauce had found a more interesting and varied bunch of people on AnonOps, and since they had a wider array of skills, he claimed to have learned three times as much about programming and the Internet itself from
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15: owns my ass.” With his other hand
Page 16 and 17: In 2008 he helped instigate Operati
Page 18 and 19: death threats and threatened to bom
Page 20 and 21: another poster described “Phase 2
Page 22 and 23: though, they were usurped by what w
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115:
following twenty names in the ranki
Page 116 and 117:
to websites that showed the steps o
Page 118 and 119:
Minions.” Another helpful source
Page 120 and 121:
“extreme version of Calvinism”
Page 122 and 123:
2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?