We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

Sabu hated white hat security firms. That much Topiary knew. And now he was talking about the subject more than ever in private, particularly about a revival of the anti-security movement. Sabu’s beef with white hats went back a long way. Anti-security got going in 1999, when a vulnerability in widely used Solaris servers that was known to only a couple hundred hackers in the world led to their hacking into a wide range of companies and organizations. Then they started stealing e-mails from white hat security firms. The reason was they hated a new edict in cyber security called full disclosure. The idea was that if cyber security experts (white hats) publicly disclosed a website’s vulnerabilities quickly, they got fixed more quickly. But black hats preferred to keep the flaws hidden so that they would stay within the underground community and continue being exploited. Antisec had seen its share of hacktivist groups like LulzSec, and one of the first was a notorious clique called ~el8. The shadowy hackers would target white hat security researchers and companies, steal their passwords and e-mails, and publish them in a regular e-zine. It was a single white page with el8 elaborately spelled out in symbols at the top, not too dissimilar from the Pastebin posts of LulzSec and filled with new web scripts, exploits, stolen e-mails, and jeering commentary. The group called its work project mayhem, or “pr0j3kt m4yh3m.” The phrase was borrowed from the movie Fight Club, and their e-zines heavily referenced the film. The bulletins never spelled out ~el8’s motivations, but project mayhem appeared to be a violent incarnation of the Antisec movement. Many in the white hat industry figured ~el8’s real motivation was to fight full disclosure so that black hats and gray hats would be the only people who knew about the Internet’s secret vulnerabilities. “One of these days, these kids are going to have to pay a mortgage and get a job,” said Eric Hines, an executive of one of the white hat firms that was attacked, in a Wired article. “And they’re not going to become lawyers or doctors—they’re going to do what they’re good at. And that means getting a career in the security industry.” Sabu had nurtured a dislike for white hats even after the 1999 Antisec movement dwindled. Emick believed Sabu was simply resentful after getting turned down for a job in IT security. Either way, the sentiment was rubbing off on Topiary as the two had more one-on-one discussions. Sabu would point out that white hats charged $20,000 for penetration testing, stuff that the LulzSec crew could do for free. He explained that Topiary himself could have done what HBGary was charging $10,000 for. The message was that white hats were like unscrupulous car mechanics, tricking people into believing they needed to pay thousands when the real cost was much lower. This line of reasoning was very different from the original Antisec argument over full disclosure. That’s because a decade later, the Web was now so chock-full of websites, data, and vulnerabilities that white hats weren’t pushing for full disclosure anymore. The view had flipped, and fully disclosing server flaws was veering into a criminal offense. The notorious Internet troll Andrew “weev” Auernheimer, who had come up with the meme “Internets is serious business,” had learned that the hard way. In 2010, he and a few hacker friends from their trolling group Goatse Security poked around in AT&T’s website and found a security hole that led to internal data on 114,000 iPad users. Weev “fully disclosed” it, albeit through mainstream media and not a cyber security newsletter. The following January, six months after journalists at Gawker did an exposé on the AT&T security flaw for iPad users, the U.S. Department of Justice announced that it was charging weev with fraud and conspiracy to access a computer without authorization. A successful revival of Antisec could keep the authorities busy with more people like weev. Sabu wanted to keep the focus on white hats, like the old days, so it was crucial to find some real dirt on Hijazi’s tiny firm Unveillance. The company made money by hunting for malicious botnets, but digging around in its e-mails, Sabu and the others thought they found evidence that he was working with others to snoop on Libyan web users. They decided to confront him on IRC under different guises to let him know they had all his e-mails and that they could do worse. On May 26, they e-mailed him his password, with the subject line, “Let’s talk,” and said they wanted to see his botnet research. Hijazi immediately picked up the phone and called the FBI. When he finally got through to someone and tried to explain what was happening, Hijazi got the impression the people on the other line weren’t interested, or perhaps didn’t understand what he was talking about. They referred him to an agent in his local office. When he called that number and told a local staffer that malicious hackers were trying to access his botnet research, he was surprised when that individual replied, “What’s a botnet?” Eventually, an agent advised Hijazi to start logging all of his conversations with the group and to play along to see if he could get any information on them. On the other side of the fence, Sabu, Topiary, and Tflow were trying to position Hijazi to admit that he wanted to hire the hackers to attack his competitors. Both sides ended up lying to each other to obtain information, which made for a confusing encounter filled with misinterpretation. “The point is a very crude word: extortion,” Topiary had told Hijazi under the name Ninetails, adding that Hijazi would be paying for their silence. “You have lots of money, we want more money.” The team kept offering to help Hijazi by attacking his corporate competitors. Playing along like he was supposed to, he eventually replied: “I can’t ask you to get someone and stay a ‘legit’ firm. Agreed?” When Topiary read this he believed that Hijazi was falling into their trap and that it was proof of yet another corrupt white hat, just as Sabu had predicted. “Can I take a guess at who you are?” Karim had later asked. “Karim, we’ve been expecting you to be secretly guessing since day one,” Topiary replied under a second nickname, Espeon. “Do share.” “808chan.” Sabu burst out laughing. “Are you serious bro?” he asked, using the nickname hamster_nipples. “How dare you call us a fucking chan.” “Then tell me,” replied Karim, who was keeping his responses as measured as possible while playing their game. “If we tell you who we are, you will shit yourself and shut the fuck up,” Sabu said. “But yes we are very well known.” The group kept prodding Hijazi, calling him dense and warning him about what they could do with his e-mails. But Hijazi had to pretend to be oblivious—he knew just as well as Sabu and the others that playing stupid was one of the most effective ways to social-engineer someone. It could sometimes trick him into revealing facts about himself. “Why be hostile? Just curious,” Hijazi said. “We’re not a chan,” replied hamster_nipples, who seemed to have an issue with status. “Don’t refer to us as a chan. We are security researchers.” “No worries,” said Hijazi. “You’re not a chan.” “Heh,” hamster_nipples said. “You’re testing my patience.” Though Sabu came across as menacing in the resulting chat logs (released by both LulzSec and Hijazi himself), Hijazi’s press officer later
Though Sabu came across as menacing in the resulting chat logs (released by both LulzSec and Hijazi himself), Hijazi’s press officer later said in an interview that the most aggressive hacker in the team had been Ninetails, the alias of Topiary. “He is very blunt,” Michael Sias said, “and forceful about the extortion.” Hijazi, he added, had been trying to do the right thing. “It was tough, not pleasant,” Hijazi remembered a few weeks later. “I’m not sure what their motivation is. They’re just name-calling, which seems very juvenile. I thought at minimum there would be some belief system and there didn’t seem to be anything behind it. It was petty.” Of course none of that struck Topiary and Sabu, who figured they were gradually picking up proof that white hats were bad, and black hats were their avengers. “There are a lot of companies that overcharge and abuse the fact that people know nothing,” Topiary said excitedly in an interview after a recent conversation with Sabu on the topic of Antisec. “Computers aren’t our intelligence. Buy a book or two and learn it yourself. That’s what I find.” The message Topiary was getting from Sabu was the same: that the white hat security industry was keeping regular people in the dark about how to navigate the Internet, undermining and emasculating the public when they could easily learn things on their own, just as he had. With LulzSec unveiling these apparently new and hitherto unspoken corruptions, Anonymous was starting to look irrelevant. LulzSec had quickly racked up fifty thousand Twitter followers and was gearing up to spread the Antisec message. AnonOps IRC was a mess; everyone was on edge. There was no thrilling atmosphere anymore, no humor. Where there had once been eight hundred regular participants in a chat room like #OpLibya, there were now fifty or a hundred at most. The hot-tempered operators had gone back to fighting one another and kicking out participants on a whim. Feds were crawling all over the network. It wasn’t friendly, or safe. Topiary and Sabu figured they were creating a far better world in LulzSec and its public chat network. As Sabu nursed ambitions to revive a crusade against white hats, he encouraged the group in #pure-elite to seek leads from black hat hackers in the public LulzSec chat room, now being hosted on a new IRC network called luzco.org. The crew were still getting ready to drop Infragard, and in the meantime Topiary, Joepie91, and others were hopping over to their channel to suss out some of its visitors. Later that day, a hacker named Fox came in the room and approached Topiary. It seemed he had some leads for future hacks. “You got a messenger?” Fox asked. “I’d be happy to toss exploits and business back and forth.” Topiary had never heard of the guy but figured it could lead to something. “We got people offering us exploits,” Topiary announced to the team when he came back to the #pure-elite channel. “He’s legit, but not so sure we can trust him.” There was no chance Fox would be invited into their channel, unless Sabu said the words 100 percent trusted. Instead, the team invited Fox into a new, neutral channel where the others could feel him out. It was hard not to be paranoid. “He’s probably a spy,” Topiary told the others. Sabu suggested he might be Jester himself. “If he is then we can throw them off course. If he isn’t, free exploits.” Often when the group started talking to a new contact, they used it as a chance to practice their banter and have some fun. When Sabu joined in the chat with Fox, he pretended to be a LulzSec hacker from Brazil. The team members were hopping back and forth, from chatting in the neutral channel to chuckling over their antics back on home base, particularly at Sabu’s Brazil act. “Have you guys ever talked to a real hardcore Brazillian hacker?” Sabu quickly asked the crew. Sabu knew many Brazilian hackers, to the extent that he could impersonate the way they spoke, in very basic English mixed with hacker slang, and in text chat rather than voice. “HEUHEAUEHAUHAUEHAHEAUEHUHheuheushHUAHUehuuhuUEUue.” Sabu had quickly typed out a typical Brazilian online laugh. “Fox, a gentlemen never tells,” Sabu had told the new hacker, still playing the part of a Brazilian. “Ah, I love that answer,” Fox had replied. The LulzSec crew seemed to fall over laughing. “Sabu, you are a god,” said Neuron. “Thanks, sir,” Sabu replied. “Consider yourselves lucky no one really gets to see me work in action. No one is trustable outside our crew. Remember that, Neuron.” The crew kept jumping from the public #LulzSec to the private #pure-elite where they would report more openly (though never completely openly) about what was happening. New participants could instantly tell who was important to talk to because the LulzSec crew all had operator status, teetering at the top of the long list and with special symbols prefacing their names. At one point Joepie was privately approached in the teeming room by someone named Egeste, a name that was familiar to anyone who had been on Kayla’s #tr0ll IRC channel. “So, I want to play with you guys and this channel is like, gayer than gay and full of newfags,” Egeste said. It was true that LulzSec now had more participants than all of the 2600 network. “Where’s the real lulzsec?” “Play in what sense?” answered Joepie, who was using the name YouAreAPirate. “You know what I mean. I know you guys don’t know me, but you probably know people that do. Xero, venuism, e, insidious, nigg, etc etc.” Then he added, “Kayla.” Joepie reported all of this verbatim back to the crew in #pure-elite. Those nicknames were very well known, pointed out a secondary-crew member called Trollpoll. Another laughed. “He’s just name dropping,” said Sabu. Neuron, a friendly and analytical Anon, suggested asking Egeste to provide a zero-day as proof of his skills. Also known as a 0day, this referred to an as-yet-unknown server vulnerability, and finding one meant big kudos for any hacker, white hat or black hat. Sabu asked Kayla if she’d heard of Egeste, and it turned out the new guy had also been in the #Gnosis channel when she had coordinated the hack on Gawker, but “he did not do shit,” she said. For all the names he had mentioned, Egeste was just another distraction. Soon the encounter was just a drop in the ocean of dozens of others with potential supporters and trolls. Once in a while the #LulzSec chat room was graced with the presence of a disgruntled company employee who was eager to leak some internal data via a charismatic new group. Not more than a day after LulzSec’s first attack on Sony made headlines, a new visitor to the #LulzSec chat room approached secondary-crew member Neuron, offering what appeared to be source code for the official website for Sony developers. Neuron reported it to home base.
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27: day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 78 and 79: “Just looked at this guy’s sour
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127:
on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?