We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

“Just looked at this guy’s source for ‘sonydev.net,’” he said. “It seems ligit. php file etc. Still investigating.” “Neuron, that source you got,” said Sabu. “[Post it on] pastee.org so we can analyze also.” Neuron sent the others a link to the fifty-fivemegabyte file along with a thirty-three-digit password to access it. “Downloading,” said Sabu. “Which site is this for? Sonydev.net?” “Aye,” said Neuron. “I’m sure we can find the pass somewhere on Sony.” “Analyzing ‘scedev’ source codes now,” said Sabu. Neuron checked in about ten minutes later. “What’s the word on that source?” Neuron asked. Sabu seemed to approve of it. “Should we just leak the source code?” he asked Topiary and Neuron. “I wouldn’t suggest it just yet,” Neuron replied. “We could use more of his shit. He’s a Sony developer.” “You serious?” asked Sabu. “If we keep quiet we can get more,” said Neuron, who took the view that it was better to lurk than dump everything at once like a script kiddie. “So tell him to give us access into [the] Sony network.” “I’ll see. He said he was an ex-Sony developer but has access.” “Social engineer him into that shit,” said Storm, who was listening in. “Ok,” said Sabu. “So bro. What are you doing here talking to us? Social his ass. Haha.” Neuron had gone to try to talk to the source again but it was already too late. “He logged off,” said Neuron. “Gay,” Sabu said, a little disappointed. “So he messaged you, gave you source, logged off?” “Yeah,” said Neuron. “He likes us or something.” This was how it often went. The promise of leaks and exploits would come from gray and black hat hackers or anyone who had something worth offering. Often the data wasn’t as exciting as originally promised, but in the end, the team used the source code that the ex–Sony developer had passed them. And over time they stopped being surprised that so many outside people wanted to pass them vulnerabilities to exploit—it seemed like everyone in the IT security field, itself a medley of white hats with a darker past, was talking about LulzSec. A few secretly wished they could be a part of the fun. One hacker had a particularly unusual way of demanding to be let in. One afternoon, the LulzSec crew found themselves getting individually kicked out of the public LulzSec chat room. “Wow, bro,” Storm suddenly said on #pure-elite. “People are trying to down our ops.” Someone was sending junk packets and bumping each LulzSec crew member off the IRC channel. It wasn’t affecting their computers, but the virtual machines or virtual private networks being used to displace their true locations were getting hit. DDoSing someone’s IP could make him disappear from the Internet for a while, but if you did it enough he’d be booted from his hosting service altogether. “We gotta get off that server,” said a second-tier member called Recursion. “We’re getting hit,” cried Neuron. There was a general hubbub among the secondary crew as they floundered over a response to the attack. Sabu almost rolled his eyes. “Neuron, so sign off? Look guys.” No one was listening. “The whole room is hit,” Storm exclaimed. “He’s hitting random people.” It seemed a lone mercenary who went by the nickname Xxxx was trying to disrupt LulzSec’s attempts to meet with its fans. Then Joepie received a private message: “Hi Kayla or Sabu or Tflow.” It had come from Xxxx. Joepie ran a search on the user’s IP and realized it was Ryan, the botnet-wielding temperamental operator from AnonOps. Neuron received the same private message, then others in the secondary crew did too. “Everybody shut the fuck up,” Sabu said. People were still talking excitedly. “EVERYONE. SHUT THE FUCK UP.” That seemed to get their attention. “Relax,” he continued. “As for Ryan, ignore him. He doesn’t know it’s us. Jesus.” “Relax,” said Joepie, adding a smiley face. “Ryan, huh?” said Topiary. “The situation is getting horribly stressing,” said Trollpoll. “I know, Jesus,” said Sabu. “Look. From now on, no one goes on 2600 unless you prep yourself for the social engineering.” Everyone was listening now. “If you don’t know how to social engineer do not get on 2600,” he said. “If you do not have a DDoS protected IP, do not get on 2600. That’s it.” “Aye,” said Neuron. “Exactly,” said Storm. “Aye-aye, Storm,” said Recursion. “Err, Sabu. I meant to say aye-aye Sabu, not Storm.” “Ok,” said Sabu. “Sony was leaked. We got bigger projects.” He pointed to Neuron’s work on the new Sony development source code. “How about those who are not too busy work on auditing that source code.” Everyone got back to work. Chapter 21 Stress and Betrayal As LulzSec’s targets got bigger, Kayla started drifting away a little from operations, more interested in taking revenge on enemies like Jester
As LulzSec’s targets got bigger, Kayla started drifting away a little from operations, more interested in taking revenge on enemies like Jester and Backtrace. She had always been a free spirit, loyal to her friends but never aligning herself too closely with any particular cause for too long. Sometimes, she just got bored. She also wasn’t as interested in reviving the Antisec movement as Sabu or Topiary. Instead, she started developing an elaborate plan to creep into the #Jester chat room as a spy, embed herself, then infect the computers of its members with a keylogger program so that she could monitor their key strokes, learn a few key passwords, and take them over. It was called a drive-by attack, and while in this case it was an elaborate operation, typically the attack was just a matter of enticing someone to visit a website and installing malware on their system as a result. It meant she was now spending just a couple of hours a day chatting with the crew before disappearing for a day or more. In the meantime there was some surprising news coming from the United States. The Pentagon had announced that cyber attacks from another country could constitute an act of war and that the U.S. could respond with traditional military force. Almost at the same time, a draft report from NATO claimed that Anonymous was becoming “more and more sophisticated” and “could potentially hack into sensitive government, military and corporate files.” It went on to say that Anonymous had demonstrated its ability to do just that by hacking HBGary Federal. Ironically, it stated that the hackers had hit Barr’s company and hijacked his Twitter account “in response” to Bank of America hiring the security company to attack adversaries like WikiLeaks. Even NATO seemed to be inflating the abilities of Anonymous, seeing reason and connections where there were coincidences. The hackers hadn’t known about Barr’s plans with WikiLeaks until after they had attacked him. Even so, the news got everyone’s attention. “Did you read the NATO doc about anonymous?” asked Trollpoll in the #pure-elite hub. Trollpoll did not sound like he was from the United States, though it was impossible to be sure of anyone there. “They will put tanks on our houses?” “Obama will be like ‘Lol you just DDoS my server?’” said Kayla, “‘Nuke.’” With the world’s attention now moving to LulzSec and the fighting words from the U.S. administration, it seemed as good a time as any to drop the FBI affiliate Atlanta Infragard. They’d had the site under their control for months and felt they now had enough on white hat Hijazi to expose him at the same time. This would bring more heat than ever on LulzSec, but the group was on a roll and felt safe. LulzSec’s founding team members would carry out the final Infragard swoop. As they got ready to deface the site, Sabu entered the shell, the administrative page he had set up called xOOPSmaster, opened his terminal program so he could start playing with the source code, and, on a seeming whim, typed rm –rf /*. It was a short, simple-looking piece of code with a notorious reputation: anyone who typed it into his computer’s back end could effectively delete everything on the system. There was no window popping up to ask Are you sure? It just happened. Web trolls famously got their victims to type it in or to delete the crucial system 32 file in Windows. “Oops,” Sabu told the others. “Just deleted everything. rm –rf /*.” Kayla made the face-palm gesture, and everyone moved on. On top of everything they had already done, deleting the Infragard website contents didn’t seem like a big deal. They then used the /xOOPS.php shell to upload a giant image and title onto the Infragard home page—their deface. It was no serious admonishment of the FBI but another prank aimed at Jester’s crew. The team had replaced the Atlanta Infragard home page with a YouTube video of an Eastern European TV reporter interviewing an impeccably drunk man at a disco. Someone had added subtitles spoofing him as a wannabe hacker from 2600 who didn’t understand what LulzSec was doing. Above the video was the title “LET IT FLOW YOU STUPID FBI BATTLESHIPS,” in a window captioned “NATO—National Agency of Tiny Origamis LOL.” Topiary’s official statement was a little more serious—but not much. When everyone was ready, he hit publish. “It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking,” Topiary had written in their official statement. “They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it.” Of course, LulzSec had not hacked Infragard in the past day or two or in response to the Pentagon’s announcement, but news outlets reported the attack as a “response.” Infragard’s web contents had been deleted, the site defaced, and details of 180 people in its user base had been published on the Web, along with their passwords in plaintext, their real names, and their e-mail addresses. Topiary had signed off the missive, declaring, “Now we are all sons of bitches.” Since Topiary had been reminding the world for the past day on Twitter that an FBI hack was imminent, mainstream news agencies jumped into the story, leading a whole new stream of people to follow the group on Twitter. Their website had now received more than 1.5 million views. Despite the damage LulzSec had done to the 2600 network, the actual magazine 2600 sounded impressed. “Hacked websites, corporate infiltration/scandal, IRC wars, new hacker groups making global headlines,” its official Twitter feed stated, “the 1990s are back!” Television news stations were racing to find security experts who could explain what was going on and offer some lucid opinions. “We are facing a very innovative crime, and innovation has to be the response,” said Gordon Snow, the assistant director of the FBI’s cyber division in an interview with Bloomberg right after the Infragard attack. “Given enough money, time and resources, an adversary will be able to access any system.” Yet LulzSec’s hack into Infragard had not cost that much in terms of “money, time and resources.” All told, the operation had cost $0, had been carried out with the relatively simple method of SQL injection, and was made worse because an admin’s cracked password, “st33r!NG,” had been reused to get administrative access to the Infragard site itself. As for time, it had taken the team thirty minutes to crack the admin’s password and twenty-five minutes to download the database of users. Within two hours, the LulzSec team had complete administrative access to an FBI- affiliated site, and for several weeks no one from the FBI had had a clue. Of course, along with the Infragard drop had been LulzSec’s condemnation of Hijazi. The team had kept some of their chat logs with the white hat and published them online as evidence that he was corrupt. And while the group members had told Hijazi that they wouldn’t release his e-mails, they published them too. “We have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means,” Topiary announced, meaning by assess that Unveillance wanted to spy on Libyan Internet users. “We leaked Karim because we had enough proof that he was willing to hire us as hitmen,” Topiary added on Twitter. “Not a very ethical thing to do, huh Mr. Whitehat?” Hijazi also released a statement immediately after, explaining that he had “refused to pay off LulzSec” or supply them with his research on botnets. Topiary shot back with a second official statement saying that they had never intended to go through with the extortion, only to
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29: Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 80 and 81: otnets. Topiary shot back with a se
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129:
Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

Create successful ePaper yourself

Delete template?

Save as template?