We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

a mixture of Anons, script kiddies, general fans who had heard about LulzSec from media reports, and white hat hackers. Over time the LulzSec crew came to believe that around half the makeup of that channel, which anyone could access, was a mixture of spies from enemy groups like Jester’s and Feds. In their new, public #LulzSec chat room on 2600, the crew were disguised by their maritime-related names: Whirlpool for Topiary, Kraken for Kayla, and Seabed for Sabu. As Sabu observed these developments, he grew concerned that the crew was getting too excited about having fun on the 2600 network—a place they had attacked but where they had also set up their own public meeting room. It was impossible to distinguish the real fans from the spies who wanted to manipulate the crew for information and access. At one point it looked like Kayla had gone back into Santa Claus mode and offered some stolen voucher codes from Amazon to someone outside the crew. When Sabu found out about the conversation, Kayla explained that she had merely given someone a few of the coupons so they could be tested and eventually sold on the black market. Sabu, who was already wary of Kayla’s connection to Laurelai, was perturbed. “Ok guys,” he suddenly said. “I don’t have to say this more than once I hope. But people on 2600 are not your friends. 95% are there to social engineer you. To analyze how you talk and make connections. Don’t go off and befriend any of them.” He didn’t mind that the reprimand pierced the lighthearted atmosphere. Four other secondary-crew members quickly insisted that they were being careful about hiding their identities, doing so by speaking in broken English so they would appear to be foreign. But Sabu added that if anyone gave them private info, they should log it and show it to the team. If they were sent a link, look at it from a secure connection. “Be smart about shit,” he concluded. “If any of you get owned, I’ll LOL.” Kayla then piped up, as if she wanted to show the others that she was on the same page with Sabu. “Another protip,” she said. “Even if you are American, don’t spell it ‘color,’ use ‘colour,’ which is wider used around the world. Just saying ‘color’ means you are American.” Sabu didn’t seem to be listening and gave Kayla a new order. He wanted her to change the topic of the public #LulzSec chat room to say that anyone with 0days and leaks should message her new pseudonym in the channel. “Make sure we take advantage of that,” he said. “See what niggers got access to.” Kayla signed out. Sabu enjoyed the banter that took place in #pure-elite between the organizational talk, but he was constantly reminding the group to stay focused on finding new exploits and keeping the group as tight-knit as possible. It made for a tense atmosphere, but it was necessary. The team’s profile was rising faster than they had ever expected. Googling the name LulzSec on June 1 had yielded twenty-five thousand mentions on the Internet. In less than twenty-four hours, that number had risen to two hundred thousand. Chapter 20 More Sony, More Hackers By the first of June, the LulzSec team and its associates had gathered a long list of vulnerabilities found by team members like Kayla, Pwnsauce, and Sabu. None were stored on an official group document since that was too risky—instead, whoever found a vulnerability kept it on his or her own computer and shared it with the group when needed. Here LulzSec was setting itself apart from Anonymous, not just because it was picking media companies but because of its focus on stealing data. HBGary had shown that stealing and selectively leaking data could be far more damaging—and “lulz-worthy” with all the attention it was getting—than a straightforward DDoS attack. When the team found a vulnerability, the hope was that it would lead to critical secret data they could publish. Often following up a lead would happen spontaneously. Kayla had found the PBS security hole earlier in May, but the group had only followed it up because of the WikiSecrets documentary. Finding the security hole was one thing, but exploiting it took more work, and they would have to have a good reason to turn it into an operation. With one vulnerability they had recently found, though, the target company itself was reason enough. Sony’s lawsuit against George Hotz in April, the resultant DDoS attack from Anonymous, and the devastating data theft by a small group of black hat hackers had snowballed into a new craze among hackers to hit Sony in any way possible. It meant that Sony had become something of a piñata for hackers. Partly the black hats found it funny to keep hitting the company over and over, and partly they believed Sony deserved it for waiting two weeks after the original data breach had been discovered before reporting it. The PBS heist was finished, and the 2600 network was still smoldering from the attack, but Sabu and Topiary were now knee-deep in organizing data stolen from Sony’s servers: hundreds of thousands of users, administrators, internal upcoming albums releases from Sony, along with 3.5 million music coupons. Three weeks prior, the group had been poking around looking for vulnerabilities in Sony websites, finding and publishing the security vulnerabilities in the website of Sony Japan but also looking at Sony’s Hong Kong site and others. Whenever someone found a vulnerability, he would paste the web address in his private chat room, and someone else would go into the source code to see how it could be exploited. There was no order to this; people simply contributed when they were around. Just for the heck of it, Sabu checked SonyPictures.com, the main website for Sony’s $7.2 billion film and television franchise. To his astonishment, there was a gaping hole in the innocuous Ghostbusters page that left the network wide open, once again, to a simple SQL injection attack. “Hey guys, we need to dump all this now,” he said excitedly. He rushed to map out the area and gather everyone together so they could start taking different sections. “We’ve owned something big here. Sony are going to crash and burn.” When the group entered the network they found a massive vault of information. It took a while to make sense of the data, but soon they had found a database with two hundred thousand users. More shocking was that all of the data, including passwords, were stored in plaintext. The only encrypted passwords were those of server admins, and the team managed to crack those anyway. It was a damning indictment of Sony’s security, just weeks after the big PlayStation Network data breach. Small schools and charities had better database encryption than Sony. In fact, by this time, rumor had it that the PlayStation Network had been hacked because a disgruntled
etter database encryption than Sony. In fact, by this time, rumor had it that the PlayStation Network had been hacked because a disgruntled employee at Sony had given hackers an exploit; the breach had occurred two weeks after Sony had fired several employees responsible for network security. Rumor also had it that those hackers had sold the database of more than a hundred million users for $200,000. Kayla stumbled upon another Sony database that looked exploitable but did not bother to look inside. As per the usual custom, she pasted its location into the chat room for someone else to scan. When Topiary finally opened the database, he found a table with rows and rows of names and numbers that seemed to go on forever. Looking around he finally noticed a counter at the top with the number 3.5 million. It looked like coupons of some sort. It felt like getting an exceptionally good Christmas present. “Sabu, this one is pretty massive,” Topiary called. Sabu came over and proceeded to poke around the new, massive database before coordinating the team’s gathering of it all. “Wave bye-bye to Sony,” one of the team remarked. “Kayla can you take users?” Sabu asked. He assigned one person to take care of the music codes, another the 3.5 million coupons, and Sabu himself took the admin tables. There were four core members and two other secondary-crew members helping out. This was the kind of labor that would have put off a single hacker toiling alone. It involved downloading reams of data, sometimes manually. The work was monotonous and could take days. But as a group effort, the whole process suddenly became faster and more compelling, the team members motivated by the fact that this was a target they were about to publicly embarrass. The tasks of compiling the databases—one of 75,000, one of 200,000—took each person between a day and several days to complete, depending on how detailed the information he or she was dealing with was. Each member then set up a computer to download each database. The files were so big that it would take three weeks to download them, typically in the background of whatever else was being done online. The team eventually decided they wouldn’t keep any of the coupons—they had tried taking them and got to only 125,000 when they realized the downloads were happening at the glacial rate of one coupon a second; all told the whole thing would take several more weeks. They didn’t have the time or resources to cope with such a huge download. Instead, they took a sample of this and a sample of that to demonstrate that they had gained access. They would also publish the exact location of the server vulnerability in the Sony Pictures site that led to the data (the Ghostbusters page) so that anyone who wanted could dive in to loot the bounty before Sony’s IT admins patched the hole. Sabu gathered all the data together, and Topiary dressed the numbers and passwords up to make everything look palatable to a mass audience. “We have a lot of different files for various Sony sites,” he explained. “Press—less smart press—will get confused. Gotta have a summary document.” He would publish several documents revealing the heist in one big folder. He created a file called For Journalists that explained what they had found, using words that would grab headlines, such as compromised instead of stolen. Topiary had been up since six o’clock that morning to keep up with Sabu’s time zone, but he wasn’t feeling tired. On Twitter he was counting down to their official release time, building anticipation among followers and the media. Gawker’s Adrian Chen quickly posted a story headlined “World’s Most Publicity Hungry Hackers Tease Impending Sony Leak.” Topiary had gone through the Sony Pictures database looking for anyone with a .gov or .mil e-mail address. He found a few and started posting their names and passwords on Twitter. Then At 5:00 p.m. eastern time on the same day that Sony finally restored its PlayStation Network, Topiary published everything. “Greetings folks. We’re LulzSec, and welcome to Sownage,” he said in the introduction. “Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money.” LulzSec was kicking Sony just as it was getting back up. Thirty-eight minutes after the release, Aaron Barr tweeted that LulzSec had released stolen Sony data. “The amount of user data appears significant.” In forty-five minutes fifteen thousand people had looked at the message, a rate of eighteen people a second, and two thousand had downloaded the package of Sony data from file-sharing website MediaFire. Topiary didn’t have time to sit back and watch the fallout. He and Tflow were putting up the new LulzSec website, complete with a retro– Nyan Cat design and the soft tones of American jazz singer Jack Jones singing the theme song of The Love Boat in the background. The home page showed Topiary’s revamped “Lulz Boat” lyrics as plain black text in the middle. A link at the bottom offered viewers the option of muting it—when clicked, the link raised the volume by 100 percent. Sabu initially hated the website and yelled at Topiary and Tflow for creating something that had the potential to be DDoS’d, which would make the team look weak. Eventually Topiary convinced him that they should keep it. They moved quickly to put the site in place, then worked to ensure it didn’t collapse under the weight of thousand of visitors and the inevitable DDoS attacks from enemy hackers. They also made sure the torrent file of Sony data stayed up, that there weren’t any more LulzSec Bitcoin donations (they totaled $4 so far), and that everything else was in check. The LulzSec Twitter feed now had 23,657 followers, and there were dozens more people pouring into the public #LulzSec chat room. Topiary would go to bed and find it difficult to sleep knowing that he was getting new tweets every two minutes. It was chaotic, but satisfying. He would go back onto Twitter with greater confidence each day, dismissing his detractors with withering put-downs and keeping the followers enticed. If LulzSec announced a new operation, it was now guaranteed to get on the news. Often they didn’t need to go into the details of what they were about to do—the media and the public often assumed that LulzSec was causing more damage than it really was. But as people’s expectations rose, the stakes went higher. “We don’t want to be the hacking group that just leaks once a week some little thing,” Topiary said at the time. “We will only do big things from now on…Unless we find someone we don’t like.” One of those “big things” was imminent. The time had come for LulzSec to play its ace card and announce the hack on Infragard. “Welcome to FuckFBIFriday, wherein we sit and laugh at the FBI,” Topiary announced on Twitter. “No times decided, but we’ll cook up something nice for tonight.
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25: We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125:
that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?