We are anonymous inside the hacker world of lulzse

More documents

Recommendations

Info

otnets. Topiary shot back with a second official statement saying that they had never intended to go through with the extortion, only to pressure Hijazi to the point where he would be willing to pay for the hackers’ silence and then expose him publicly. It was a war of words built on the gooey foundations of lies and social engineering. Topiary still called on journalists and other writers to “delve through” Hijazi’s e-mails carefully, hoping for the same kind of enthusiasm there had been around Aaron Barr’s e-mail hoard. But there was none. For a start, Hijazi just didn’t have enough dirty laundry. More, the infamy of LulzSec was overshadowing any more sobering, sociopolitical points the group was dimly making with each attack—that it didn’t like Fox, or that WikiSecrets “sucked,” or that NATO was upping the stakes against hackers, or whatever Unveillance might have been doing in Libya. It was quite an array of targets; LulzSec seemed to be attacking anyone it could, because it could. This was getting to some of the secondary-crew members. The hacker Recursion came into the #pure-elite room late on June 3 after watching the Infragard events unfold. He hadn’t taken part in the hack and was shocked when he read the news reports. “Holy shit,” Recursion told the others. “What the fuck happened today?” “A lot,” said Sabu, adding a smile. “Check Twitter.” “LulzSec declared war on the U.S.?” Joepie offered sardonically. “I caught the jist of it,” Recursion answered before seeming to trail off. He didn’t say anything more on the subject, but twenty minutes later, after presumably holding a private conversation with Sabu, he left the channel, for good. Sabu was disappointed in anyone who bailed on him in battle. It felt disrespectful. But he moved on quickly to guide the remaining troops. Sabu came back to the room and addressed the handful of participants. “Well guys. Those of you that are still with us through this, maintain alert, make sure you’re behind VPNs no matter what. And don’t fear. We’re ok.” “Sabu, did we lose people?” asked Neuron. “Yeah.” “Who?” “Recursion and Devurandom quit respectfully,” he answered, “saying they are not up for the heat. You realize we smacked the FBI today. This means everyone in here must remain extremely secure.” It was a grave reminder of the potential charges LulzSec was racking up if its team members were to get caught. A few of the members started describing how they were strengthening their security. Storm was getting a new netbook and completely wiping his old computer. Neuron was doing the same. He used a virtual private network called HideMyAss. This was a company based in the United Kingdom that Topiary used and had recommended. “Did you wipe the PBS [chat] logs?” Storm asked Sabu. “Yes. All PBS logs are clean.” “Then I’m game for some more,” said Storm. Sabu typed out a smiley face. “We’re good,” he said. “We got a good team here.” Not everyone was good though, and not all logs were clean. The aloof LulzSec secondary-crew member known as M_nerva, the one who had said “good night” to the others just a few days before and not said too much else afterward, had just gathered together six days’ worth of chat logs from the #pure-elite channel and repeated Laurelai’s frantic act in February. He leaked it. On June 6, the security website seclists.org released the full set of #pure-elite chat logs held on Sabu’s private IRC server. The leak revealed, embarrassingly, that not everyone in #pure-elite could be “100 percent trusted,” and that for all its bravado, LulzSec had weaknesses. The team jumped into action, knowing that they had to send a message that they did not accept snitches, even if M_nerva had allegedly been persuaded to leak the logs by another hacker, named Hann. They knew they could find out who M_nerva really was because among the other black hats supporting LulzSec was someone who had access to pretty much every AOL Instant Messenger account in existence. Since many people had set up an AIM account at one time or another, they only needed to cross-check the nickname and IP to come up with a real name and address. It turned out M_nerva was an eighteen-year-old from Hamilton, Ohio, named Marshall Webb. The crew decided to hold on to the information for now. With Sabu’s trust betrayed, the older hacker was now more paranoid than before. Topiary felt vindicated. He had known that a leak could happen if Sabu kept inviting people into #pure-elite, and it did. But he didn’t push the point. When he brought it up with Sabu, the hacker brushed off the topic quickly. He had nothing to say about it. Instead, Sabu worked on making the wider group more secure by separating it into four different chat rooms. There was a core channel, which now had invited fifteen participants, and #pure-elite, then chat rooms called upper_deck, for the most trusted supporters, lower_deck, kitten_core, and family. Members could graduate up the tier system depending on how trustworthy they were. Neuron and Storm, for instance, eventually were invited into upper_deck, so that they could be phased into the main channel for LulzSec’s core six members: Sabu, Topiary, Kayla, Tflow, AVunit, and Pwnsauce. The heat wasn’t coming only from the media attention; Topiary was seeing hackers with military IP addresses trying to compromise the LulzSec IRC network and users every day. Already, rumors were spreading that LulzSec had been founded by the same crew that had hit HBGary. Enemy hackers were posting documents filled with details they had dug up online about each member, much of it wrong but some of it hitting close to home. LulzSec’s members needed to switch their focus from finding targets to protecting themselves. Kayla suggested a mass disinformation campaign. Her idea was to create a Pastebin document revealing that Adrian Lamo owned the domain LulzSec.com; then to add details of other Jesterfags and claim they were members of LulzSec; then to spam the document everywhere. It was a classic social-engineering tactic, and it sometimes worked. “But saying more or less that LulzSec is CIA,” Trollpoll offered. It was outrageous, but some people would see sense in the idea that the CIA was using freelance hackers to hit Iran or Libya and would build their own conspiracy theories around it. Topiary and Kayla wrote up a document titled “Criminals of LulzSec,” under the guise of a fictitious social engineer called Jux who claimed to have been invited into the group’s private channel, saying, “I believe they are being encouraged or hired by CIA.” In the document, Jux claimed Lamo was a key member of the group, along with a Pakistani hacker named Parr0t, a Frenchman named Stephen, and an unnamed hacker from the Netherlands. The document was viewed more than 40,000 times, retweeted by notorious hacker Kevin Mitnick, and mentioned in a few tech blogs as a rumor. When Gawker’s Adrian Chen started reaching out to LulzSec via Twitter to try to investigate them, the crew, still bitter about his exposé
When Gawker’s Adrian Chen started reaching out to LulzSec via Twitter to try to investigate them, the crew, still bitter about his exposé on the #HQ log leak, decided to aim a separate misinformation campaign directly at him. They invited him into a neutral IRC channel, where Sabu posed as an ex–secondary-crew member of LulzSec who had run away and wanted to spill some secrets. The crew made their hoax on Chen especially elaborate, drawing up fake logs, fake web attacks on the fake persona’s school, and fake archives of data as proof for the journalist. Sabu then started feeding Chen a story that LulzSec was a tool of the Chinese government in a cyber war with the United States, that Kayla was working with Beijing, and that Topiary was funneling money from the Chinese government into the group. “If he publishes, that old sack of crap is completely ruined,” Topiary said. They were planning to let the story do the rounds for five days, then deny it on Twitter, posting a link to all their logs with the journalist. But Chen never published anything. Like Hijazi, he had been playing along with LulzSec’s story in the hope of teasing out some truth, which he realized he wasn’t getting. The lack of a story was disappointing for LulzSec’s members, but they were managing to keep outsiders from getting too close; for now, at least. By early June the members of LulzSec were working flat-out on several different misinformation campaigns and the odd operation and trying not to think about the potential damage caused by M_nerva. One light in the darkness was that they had racked up five hundred dollars in Bitcoin donations. Topiary controlled the Bitcoin account and was passing some of the money to Sabu to buy accounts with virtual private networks, like HideMyAss, to better hide their ring of supporters and also to get more server space. Turning that money into untraceable cash was a drawn-out task but relatively easy. The Bitcoins bought virtual prepaid cards from Visa, with the help of fake names, addresses, personal details, and occupations at fake companies, generated in seconds on the website fakenamegenerator.com. As long as the contact address matched the billing address, no online store would question its authenticity. The Visa account was used to get in the online virtual world Second Life and buy the in-game currency Lindens. Convert that money into U.S. dollars via a currency transfer site (recommended by Kayla) called VirWoX, then put those dollars into a Moneybookers account. Finally, transfer that money into a personal bank account. That was one method. Another more direct route, which Topiary often used, was to simply transfer money between a few different Bitcoin addresses: Bitcoin address 1 → Bitcoin address 2 → Bitcoin address 3 → Liberty Reserve (a Costa Rican payment processor) account → Bitcoin address 4 → Bitcoin address 5 → second Liberty Reserve account → PayPal account → bank account. If even the hint of a thought occurred to him that there weren’t enough transfers, he would add several more paths. Then on Monday, June 6, Topiary checked the LulzSec Bitcoin account. Holy shit, he thought. He was looking at a single, anonymous donation of four hundred Bitcoins, worth approximately $7,800. It was more money than Topiary had ever had in his life. He went straight into the core group’s secure chat room. “WHAT THE FUCK guys?!” he said, then pasted the Bitcoin details. “NO WAY,” said AVunit. “LOL. Something has gone wrong.” “Nope,” Topiary said. He pasted the details again. Suddenly they all stopped what they were doing and talked about splitting the money: $1,000 each and the rest to invest in new servers. They started private messaging Topiary with their unique Bitcoin addresses so he could send them their shares. Topiary had no intention of keeping quiet about the money or cutting a bigger slice for himself. Everyone was funneling the money through various accounts to keep it from being traced. Who knew if the donation had come from the Feds or opportunistic military white hats? “Guys be safe with the Bitcoins please,” said AVunit. “Let it flow through a few gateways.…Use one bit to get out of financial trouble and then sit on the rest.” “Okay, beginning the sends,” Topiary said. “All of you are now $1,000 richer.” “Excuse me while I light up a victory cigar,” said Pwnsauce. “I’m just going to stare at it,” said Kayla. “Let it grow as Bitcoin progresses.” So volatile and popular was the value of the Bitcoin crypto currency that by the following day one Bitcoin had risen to $26 in value, making their big donation worth $11,000. Three months prior it had been one to one with the dollar. “I’m honestly sorry you guys aren’t here,” said AVunit, “because I’m going to open a bottle of great whiskey. One of the Highland Scottish.” Topiary barely noticed the reference to where he lived. “Now let’s all have some sex,” Tflow said. Everyone was beaming inside, forgetting the enemies and the heat. Sabu took the chance to congratulate his crew. “Thanks, team,” he said. “We all did great work. We deserved it.” For Sabu, the celebrations would not last long. The next day, Hector “Sabu” Monsegur finally got a knock on the door from the FBI. It was late in the evening on Tuesday, June 7, and two agents of the Federal Bureau of Investigation had entered the Jacob Riis apartment building and were heading for the sixth floor, where Hector Monsegur lived and often partied with his family and friends. The FBI had been trying to pin down Sabu for months, and a few weeks prior they had finally managed to corroborate Backtrace’s pronouncment: Sabu had inadvertently signed into an IRC channel without hiding his IP address. Just the one time was all they needed. To make sure he cooperated, the Feds needed evidence that Monsegur had broken the law. So they subpoenaed Facebook for details of his account and found stolen credit card numbers he’d been selling to other hackers. That alone carried a two-year prison sentence. Knowing that he had two daughters and a family, the FBI now had some leverage. The FBI had watched and waited for the right moment. Then on Tuesday, the agents got the call to move in. Amid the growing number of small groups who were, like Backtrace, trying to dox LulzSec, one had published the name Hector Monsegur, along with his real address. Sabu had recklessly kept hacking till now, perhaps reasoning that he had come too far already and that arrest was inevitable. But the FBI didn’t want to take any chances. They needed him. The agents knocked on Monsegur’s maroon-colored door, and it swung open to reveal a young Latino man, broad-shouldered and wearing a white t-shirt and jeans. “I’m Hector,” he said. The agents, who were wearing bulletproof vests as a standard precaution, introduced themselves. Monsegur, apparently, balked. According to a later Fox News report that cited sources who had witnessed the interaction, he told the agents that he wasn’t Sabu. “You got the wrong guy,” he said. “I don’t have a computer.” Looking into the apartment, the agents saw an Ethernet cable and
Page 2 and 3:
Begin Reading Table of Contents Cop
Page 4 and 5:
his HBGary Federal account, possibl
Page 6 and 7:
culture and key figures within it.
Page 8 and 9:
dreadful fascination at his phone a
Page 10 and 11:
Aaron Barr would never have come fa
Page 12 and 13:
“nigger,” “faggot,” or just
Page 14 and 15:
owns my ass.” With his other hand
Page 16 and 17:
In 2008 he helped instigate Operati
Page 18 and 19:
death threats and threatened to bom
Page 20 and 21:
another poster described “Phase 2
Page 22 and 23:
though, they were usurped by what w
Page 24 and 25:
We are Legion We do not forgive We
Page 26 and 27:
day in federal prison. In the meant
Page 28 and 29:
Since childhood, Bailey had harbore
Page 30 and 31: oughly three hundred regular chat p
Page 32 and 33: 1. Get the latest LOIC from github.
Page 34 and 35: Asperger syndrome, rarely left his
Page 36 and 37: “It’s a troll,” another organ
Page 38 and 39: had joined mentoring program iMento
Page 40 and 41: choose a unique nickname on AnonOps
Page 42 and 43: time. Kayla actually had several IR
Page 44 and 45: was headquartered and where Barr wo
Page 46 and 47: “So are we going to focus on Anon
Page 48 and 49: Starting in early January, many sup
Page 50 and 51: “Well in my lifetime I’ve perfo
Page 52 and 53: uh, actual intelligence.” There w
Page 54 and 55: definitely unimpressed—the claims
Page 56 and 57: nude photos. Four years later, an e
Page 58 and 59: “Is this a new trend :D to see wh
Page 60 and 61: network collapsed, they would move
Page 62 and 63: large notice board with paperwork a
Page 64 and 65: April 2011, while he and Sabu were
Page 66 and 67: since they had a wider array of ski
Page 68 and 69: will get in trouble and might be gr
Page 70 and 71: passwords for almost every journali
Page 72 and 73: or online for most of the day and s
Page 74 and 75: a mixture of Anons, script kiddies,
Page 76 and 77: Sabu hated white hat security firms
Page 78 and 79: “Just looked at this guy’s sour
Page 82 and 83: wasn’t Sabu. “You got the wrong
Page 84 and 85: them that he was back. Topiary at f
Page 86 and 87: websites, bigger ones. He had a rap
Page 88 and 89: “Y’all were the inspiration I n
Page 90 and 91: LulzSec. Tflow created a torrent fi
Page 92 and 93: The Fate of Lulz LulzSec’s signif
Page 94 and 95: opposite of Kayla. And yet there wa
Page 96 and 97: one of the LulzSec accounts in resp
Page 98 and 99: on the network. He decided to try t
Page 100 and 101: morning of their meeting, William
Page 102 and 103: techniques like the Cain and Abel p
Page 104 and 105: hackers in private IRC rooms. It wa
Page 106 and 107: the open at the same time: the susp
Page 108 and 109: Kayla’s story had become more imp
Page 110 and 111: Stephane Fitch, who also introduced
Page 112 and 113: writes a spoof news article about t
Page 114 and 115: following twenty names in the ranki
Page 116 and 117: to websites that showed the steps o
Page 118 and 119: Minions.” Another helpful source
Page 120 and 121: “extreme version of Calvinism”
Page 122 and 123: 2011, however, we held our first re
Page 124 and 125: that were first leaked online by Pa
Page 126 and 127: on the CIA. Details about Julian As
Page 128 and 129: Descriptions of Ryan Mark Ackroyd w
Page 130 and 131:
Parmy Olson is the London bureau ch
show all

We are anonymous inside the hacker world of lulzse

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?