We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

passwords for almost every journalist who worked with PBS, then to a post of all login passwords for PBS affiliate stations, then to a post of MySQL root passwords for PBS.org (the root password for the database), so that people could hack into the site whenever they wanted, or at least until someone patched the security hole. There was more: login details for anyone who worked on PBS’s Frontline and a map of the PBS server network. For the most part, he didn’t want to push the idea that their hack had been motivated by WikiSecrets or that their fun was founded on politics. But he made the point at least once on Twitter. “By the way,” Topiary added, “WikiSecrets sucked.” Almost immediately, readers started sharing the Tupac story with their friends, posting it on Facebook and Twitter, and latching onto the rumor that Tupac was alive. PBS’s content management system might have been woefully unprotected, but it was still a reputable news source. Teresa Gorman, PBS NewsHour’s social media and online engagement worker, scrambled to reply to a dozen readers publicly asking her on Twitter about the story’s veracity: “No it’s a hack.” “No it’s a hack, thanks.” “It’s a hack.” Then to four people at once: “It is a hack, not a PBS story, apologies.” Within the same hour, @LulzSec had received a hundred and fifty tweets and re-tweets. “Dudes. Of course Tupac is alive,” the LulzSec account tweeted. “Didn’t you see that official @PBS article? Why would they lie to their 750,000+ followers? “u mad, Frontline?” he added. Within three hours, four thousand people had hit the Facebook Like button beside Topiary’s fake article. The PBS publishing system was so outdated that the hackers could make updates to content being stored on thirty different servers by interfacing with just one server. The result was that when the IT admins deleted the Tupac story, LulzSec deleted every single blog on the PBS NewsHour website. Fortunately for PBS, the admins had backed up the blog content elsewhere and could replace the deleted posts in a few hours. Until then, anyone who tried to click on another story got a 403 error—but the Tupac story was still showing up on the PBS home page. The hackers had deleted all of the site’s user and admin login data and declared themselves administrators, which made it almost impossible for the real admins to initially regain control. When the admins made changes, the hackers were always there to change things back. And when PBS Frontline posted an official statement about the hack on its website, LulzSec replaced it with a blank page saying only “FRONTLINE SUCKS COCKS LOL.” It was Labor Day, a slow day for news, and mainstream outlets like the New York Times and the Wall Street Journal picked up on the Tupac spoof and the hacker group Lulz Security for the first time. By 10:30 a.m. on Monday in London, Google News showed that it had logged fifty-three articles about the hack. It was unclear what the group was officially called at this point, and some reporters referred to it as Lulz Boat and later, in a misreading of the autocue on Rupert Murdoch’s Sky News on TV, the Louise Boat. When one news outlet reported that the hacker group was Anonymous, Topiary posted a tweet saying, “We aren’t Anonymous you unresolved cow-shart.” An hour or so later, that tweet alone made the news, with the respected tech news site Venture Beat posting a story with the headline “PBS Hack Not Anonymous.” To Sabu’s surprise, the members of the press weren’t that interested in the leaked user data or the fact that the hack had been done in retaliation for the Assange documentary. They were mostly enthralled by the fake Tupac Shakur story. LulzSec gave a single interview after the attack, to Forbes, saying they had gone after PBS for two reasons: “Lulz and justice. While our main goal is to spread entertainment, we do greatly wish that Bradley Manning hears about this, and at least smiles.” “Some people would say that you went too far in attacking a media company—not to mention a public service broadcaster,” Forbes said in the interview with Topiary, who was answering questions under the nickname Whirlpool. “What’s your response to that?” “U mad bro.” In a moment of candor afterward, Topiary said that LulzSec wasn’t after fame as much as they wanted to make people laugh. He started taking requests on Twitter for pages to add to the PBS site, the same way he had taken random numbers from people during his drunken night on TinyChat. One Twitter user requested a web page showing unicorns, dragons, and chicks with swords. All this was possible because the team still had admin access to the site. “Sure thing,” the LulzSec feed said. “Wait a sec.” Topiary and Tflow scrambled to put together an image, and about half an hour later posted the link to the gaudy-looking new web page, pbs.org/unicorns-dragons-and-chix-with-swords. Topiary wanted to respond to some of the group’s detractors who were accusing it of using simple SQL injection techniques to get into PBS. He wrote up a note explaining how the hack was done and published it to Pastebin with a tweet saying, “Dear trolls, PBS.org was owned via a 0day we discovered in mt4 aka MoveableType 4.” It went on to describe in detail how the hack had been carried out with a shell site and how the hackers had gained root control of the PBS servers. They had been able to take over the network because a number of staffers at PBS with access to its most secure parts had used their passwords more than once. He had then pasted a list of those fifty-six staffers. They could have permanently destroyed the site’s entire contents and defaced its home page, but they didn’t. Topiary felt exhilarated. He was uninterested in food, sleep, or anything beyond the bubble he now inhabited with Sabu, Kayla, Tflow, AVunit, and Pwnsauce, a team more elite than any he had been part of before. With the help of Topiary’s prodigious communiqués to the outside world, LulzSec was starting to look less like a hacker team and more like a rock band. Topiary began monitoring LulzSec’s Twitter followers and press mentions on a website called IceRocket and saw everything suddenly shoot up after PBS. The following day, LulzSec appeared in most major printed newspapers for the first time. A group of hackers had taken over “the U.S. public-television broadcaster’s website and posted an article claiming the late rapper Tupac Shakur had been found alive in New Zealand,” the Wall Street Journal reported. “The group posted a string of Twitter messages in which it took credit for the breach.” Topiary started requesting donations for LulzSec and used Twitter and Pastebin to provide the thirty-one-digit number that acted as the group’s new Bitcoin address. Anyone could anonymously donate to their anonymous account if he converted money into the Bitcoin currency and made a transfer. Bitcoin was a digital currency that used peer-to-peer networking to make anonymous payments. It became increasingly popular around the same time LulzSec started hacking. By May, the currency’s value was up by a dollar from where it had been at the start of the year, to $8.70. A few days after soliciting donations, Topiary jokingly thanked a “mysterious benefactor who sent us 0.02 BitCoins. Your kindness will be used to fund terror of the highest quality.” He used Twitter to drop hints about whom LulzSec would hit next. “Poor Sony,” he said innocuously on May 17. “Nothing is going well for them these days.” The papers picked up on this immediately, saying that Sony looked like the group’s next target. On Twitter, Backtrace founder Jennifer Emick publicly criticized LulzSec through her @FakeGreggHoush account, and was joined increasingly by other online colleagues who didn’t like Anonymous or this apparent splinter group. A day after the PBS hack, one of these detractors tweeted the yank up as a vital obituary phrase in the faked Tupac article. It was “an anagram for ‘Topiary, Kayla, Sabu, AVunit,’” they added. “What did [Topiary] mean by that? Taking credit? Red herring?” Very few people outside of the LulzSec team and a few of their
they added. “What did [Topiary] mean by that? Taking credit? Red herring?” Very few people outside of the LulzSec team and a few of their closest online friends knew that LulzSec was made up of the old HBGary hackers, and the anagram question was quickly drowned out. Hundreds of people on Twitter were talking excitedly about this new hacking group and its audacious swoop on PBS. Many more started following the @LulzSec Twitter feed to hear communiqués directly from Topiary. Almost at once, he was getting tens of thousands of followers. Chapter 19 Hacker War The victory of the PBS attack had left Topiary in a daze of newfound fame and hubris. He knew he wasn’t leading the hacks or really even partaking in their mechanics, but acting as the mouthpiece for LulzSec certainly made it seem to him, and sometimes to the others in the group, like he was steering the ship. That meant speaking on behalf of LulzSec when he got into verbal tiffs with some often impassioned enemies on Twitter. The PBS hack had ushered a blast of attention from the media and earned the group a sudden wave of fans, with even the administrators of Pastebin, the free text application that LulzSec was using to dump its spoils, apparently happy with the extra web traffic they got with each release. But in a world already steeped in trolling, drama, and civil war, there were plenty of eager detractors. Jennifer Emick flung a few diatribes at the LulzSec Twitter feed, as did the Dutch teenager Martijn “Awinee” Gonlag, who had been arrested in December of 2010 when he used the LOIC tool against the Netherlands government without hiding his IP address. Awinee and many other “Twitter trolls” appeared to align themselves with The Jester, the ex-military hacker who had DDoS’d WikiLeaks in December of 2010, then taken down the Westboro Baptist Church sites in February. He was never as dangerous as the actual police, but he was certainly a source of drama and distraction. The Jester hung out in an IRC channel called #Jester, on a network aligned with the magazine 2600: The Hacker Quarterly. The name 2600 came from the discovery in the 1960s that a plastic toy whistle found inside certain boxes of Cap’n Crunch cereal in the United States created the exact 2,600 hertz tone that led a telephone switch to think a call was over. It was how early hackers of the 1980s, known as phone phreaks, subverted telephone systems to their desires. Unlike AnonOps IRC, on the 2600 IRC network, any talk of illegal activity was generally frowned upon. If people talked about launching a DDoS attack, they were discussing the technological intricacies of such an attack. If 2600 was a weapons store where enthusiasts discussed double- and single-action triggers, AnonOps was the bar in a dark alley where the desperadoes talked of who they’d like to hit next. After hitting PBS, LulzSec’s founders decided that as attention to LulzSec grew, they would eventually need their own IRC network just like AnonOps and 2600. Sabu also wanted to create a second tier of supporters, a close-knit network beyond the core six members that could help them on hacks. The team had decided from the beginning that their core of six should never be breached or added to, and when Topiary heard Sabu’s plans, he felt skeptical. Just look what had happened in #HQ when Kayla had invited Laurelai. But Sabu argued they needed at least a fluid secondary ring of supporters. These were people that Sabu already knew from the underground and trusted 100 percent or they weren’t in. Sabu had started talking to some of his old crew and he invited them into an IRC chat room they had created for these new supporters, called #pure-elite, named after a website he had created for his hacking friends in 1999. These were genius programmers and people with powerful botnets, veteran hackers from the 1990s who had gotten into the networks at Microsoft, NASA, and the FBI. The combined skills of the group were almost frightening. Topiary reminded Sabu that he wasn’t comfortable with all the new people—it seemed risky. Who knew; one of these people might leak logs, as Laurelai had done so devastatingly in #HQ. It also brought up the question of why Sabu even needed him anymore. All the same, he could hardly believe the company he was now in. He focused on picking up tips from the others. If they used hacker terminology he didn’t understand, he would Google it: jargon like virtual machines, hacking methods like SQL injection, various types of attack vectors and programming terminology. If he hit a brick wall, they could give him a quick summary. Soon there were eleven supporters in #pure-elite to learn from, plus the original six. Sabu was still the main person to ask about finding exploits; Kayla about securing yourself. AVunit and Tflow were still the experts in infrastructure. For Sabu, the extra supporters weren’t there to teach him anything—he believed he and LulzSec were training them. Sabu tended to think of everyone in the subgroup as a student and he told Topiary privately that he hoped this could lead to the start of another anti-security, or Antisec, movement. The last time Antisec had been in the headlines was the early 2000s, when the Web’s disrupters were a few hundred skilled hackers, as opposed to the thousands of Internet-savvy people joining Anonymous today. By now Kayla and the others who had been scanning for big-name websites with security vulnerabilities had hundreds to work from. But each one had be checked out, first to see if it could be exploited so that someone could enter the network, and second to see if there was anything interesting to leak from it. All these things took time and were often done sporadically without roles being assigned. People would volunteer to check a vulnerability out. LulzSec now had a raft of much bigger targets beyond PBS and Fox that they could potentially go after, some with .mil and .gov web addresses. None of them corresponded to any particular theme or principle; if hackers found a high-profile organization that looked interesting, they would go after it and explain their reasoning later. Knowing that Sabu had a tendency to inflate his rhetoric about targets, Topiary did not yet understand what hitting some of these websites actually meant. The associates were hackers like Neuron, an easygoing exploit enthusiast; Storm, who was mysterious but highly skilled; Joepie91, the well-known and extremely loquacious Anon who ran the AnonNews.net website; M_nerva, a somewhat aloof but attentive young hacker; and Trollpoll, a dedicated anti–white hat activist. In the most busy periods of LulzSec, both the core and secondary crew were in #pure-elite or online for most of the day and sometimes through the night. Some were talented coders who could create new scripts for the team as their
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21: another poster described “Phase 2
Page 22 and 23: though, they were usurped by what w
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121:
“extreme version of Calvinism”
Page 122 and 123:
2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?