We are anonymous inside the hacker world of lulzse

passwords for almost every journalist who worked with PBS, then to a post of all login passwords for PBS affiliate stations, then to a post of
MySQL root passwords for PBS.org (the root password for the database), so that people could hack into the site whenever they wanted, or at
least until someone patched the security hole. There was more: login details for anyone who worked on PBS’s Frontline and a map of the
PBS server network. For the most part, he didn’t want to push the idea that their hack had been motivated by WikiSecrets or that their fun
was founded on politics. But he made the point at least once on Twitter. “By the way,” Topiary added, “WikiSecrets sucked.”
Almost immediately, readers started sharing the Tupac story with their friends, posting it on Facebook and Twitter, and latching onto the
rumor that Tupac was alive. PBS’s content management system might have been woefully unprotected, but it was still a reputable news
source. Teresa Gorman, PBS NewsHour’s social media and online engagement worker, scrambled to reply to a dozen readers publicly asking
her on Twitter about the story’s veracity: “No it’s a hack.” “No it’s a hack, thanks.” “It’s a hack.” Then to four people at once: “It is a hack,
not a PBS story, apologies.” Within the same hour, @LulzSec had received a hundred and fifty tweets and re-tweets.
“Dudes. Of course Tupac is alive,” the LulzSec account tweeted. “Didn’t you see that official @PBS article? Why would they lie to their
750,000+ followers?
“u mad, Frontline?” he added.
Within three hours, four thousand people had hit the Facebook Like button beside Topiary’s fake article. The PBS publishing system was
so outdated that the hackers could make updates to content being stored on thirty different servers by interfacing with just one server. The
result was that when the IT admins deleted the Tupac story, LulzSec deleted every single blog on the PBS NewsHour website. Fortunately
for PBS, the admins had backed up the blog content elsewhere and could replace the deleted posts in a few hours. Until then, anyone who
tried to click on another story got a 403 error—but the Tupac story was still showing up on the PBS home page. The hackers had deleted all
of the site’s user and admin login data and declared themselves administrators, which made it almost impossible for the real admins to initially
regain control. When the admins made changes, the hackers were always there to change things back. And when PBS Frontline posted an
official statement about the hack on its website, LulzSec replaced it with a blank page saying only “FRONTLINE SUCKS COCKS LOL.”
It was Labor Day, a slow day for news, and mainstream outlets like the New York Times and the Wall Street Journal picked up on the
Tupac spoof and the hacker group Lulz Security for the first time. By 10:30 a.m. on Monday in London, Google News showed that it had
logged fifty-three articles about the hack. It was unclear what the group was officially called at this point, and some reporters referred to it as
Lulz Boat and later, in a misreading of the autocue on Rupert Murdoch’s Sky News on TV, the Louise Boat. When one news outlet reported
that the hacker group was Anonymous, Topiary posted a tweet saying, “We aren’t Anonymous you unresolved cow-shart.” An hour or so
later, that tweet alone made the news, with the respected tech news site Venture Beat posting a story with the headline “PBS Hack Not
Anonymous.” To Sabu’s surprise, the members of the press weren’t that interested in the leaked user data or the fact that the hack had been
done in retaliation for the Assange documentary. They were mostly enthralled by the fake Tupac Shakur story.
LulzSec gave a single interview after the attack, to Forbes, saying they had gone after PBS for two reasons: “Lulz and justice. While our
main goal is to spread entertainment, we do greatly wish that Bradley Manning hears about this, and at least smiles.”
“Some people would say that you went too far in attacking a media company—not to mention a public service broadcaster,” Forbes said in
the interview with Topiary, who was answering questions under the nickname Whirlpool. “What’s your response to that?”
“U mad bro.”
In a moment of candor afterward, Topiary said that LulzSec wasn’t after fame as much as they wanted to make people laugh.
He started taking requests on Twitter for pages to add to the PBS site, the same way he had taken random numbers from people during his
drunken night on TinyChat. One Twitter user requested a web page showing unicorns, dragons, and chicks with swords. All this was
possible because the team still had admin access to the site.
“Sure thing,” the LulzSec feed said. “Wait a sec.” Topiary and Tflow scrambled to put together an image, and about half an hour later
posted the link to the gaudy-looking new web page, pbs.org/unicorns-dragons-and-chix-with-swords.
Topiary wanted to respond to some of the group’s detractors who were accusing it of using simple SQL injection techniques to get into
PBS. He wrote up a note explaining how the hack was done and published it to Pastebin with a tweet saying, “Dear trolls, PBS.org was
owned via a 0day we discovered in mt4 aka MoveableType 4.” It went on to describe in detail how the hack had been carried out with a shell
site and how the hackers had gained root control of the PBS servers. They had been able to take over the network because a number of
staffers at PBS with access to its most secure parts had used their passwords more than once. He had then pasted a list of those fifty-six
staffers. They could have permanently destroyed the site’s entire contents and defaced its home page, but they didn’t.
Topiary felt exhilarated. He was uninterested in food, sleep, or anything beyond the bubble he now inhabited with Sabu, Kayla, Tflow,
AVunit, and Pwnsauce, a team more elite than any he had been part of before. With the help of Topiary’s prodigious communiqués to the
outside world, LulzSec was starting to look less like a hacker team and more like a rock band. Topiary began monitoring LulzSec’s Twitter
followers and press mentions on a website called IceRocket and saw everything suddenly shoot up after PBS. The following day, LulzSec
appeared in most major printed newspapers for the first time. A group of hackers had taken over “the U.S. public-television broadcaster’s
website and posted an article claiming the late rapper Tupac Shakur had been found alive in New Zealand,” the Wall Street Journal reported.
“The group posted a string of Twitter messages in which it took credit for the breach.”
Topiary started requesting donations for LulzSec and used Twitter and Pastebin to provide the thirty-one-digit number that acted as the
group’s new Bitcoin address. Anyone could anonymously donate to their anonymous account if he converted money into the Bitcoin
currency and made a transfer. Bitcoin was a digital currency that used peer-to-peer networking to make anonymous payments. It became
increasingly popular around the same time LulzSec started hacking. By May, the currency’s value was up by a dollar from where it had been
at the start of the year, to $8.70. A few days after soliciting donations, Topiary jokingly thanked a “mysterious benefactor who sent us 0.02
BitCoins. Your kindness will be used to fund terror of the highest quality.”
He used Twitter to drop hints about whom LulzSec would hit next. “Poor Sony,” he said innocuously on May 17. “Nothing is going well
for them these days.” The papers picked up on this immediately, saying that Sony looked like the group’s next target.
On Twitter, Backtrace founder Jennifer Emick publicly criticized LulzSec through her @FakeGreggHoush account, and was joined
increasingly by other online colleagues who didn’t like Anonymous or this apparent splinter group. A day after the PBS hack, one of these
detractors tweeted the yank up as a vital obituary phrase in the faked Tupac article. It was “an anagram for ‘Topiary, Kayla, Sabu, AVunit,’”
they added. “What did [Topiary] mean by that? Taking credit? Red herring?” Very few people outside of the LulzSec team and a few of their