We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 14
Born in New York City in 1983, Monsegur grew up in relative poverty. His father, also named Hector, and his aunt Iris sold heroin on the streets. When Monsegur was fourteen, they were both arrested for drug dealing and sentenced to seven years in prison. Monsegur went to live with his grandmother Irma in a sixth-floor apartment in the Jacob Riis housing project on New York’s Lower East Side.
As he settled into his new home, he discovered The Anarchist Cookbook, the notorious book originally published in 1971 that led him to tips for hacking phone lines to make free calls as well as directions for making napalm bombs out of soap. His grandmother could not afford a fast Internet connection, so the young Monsegur followed instructions to get the family computer hooked up to the Internet service EarthLink for free. As he explored the Web, he also found his way onto EFnet, a storied Internet relay chat network popular with hackers that Kayla would join years later. Monsegur eventually came across an online essay from a notorious 1980s hacker nicknamed the Mentor. It was called “The Hacker’s Manifesto” and spoke to Monsegur more than anything else he had read online. The Mentor, whose real name was Lloyd Blankenship, had written the short essay on a whim on January 8, 1986, a couple of hours before police arrested him for computer hacking.
“Did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? I am a hacker, enter my world.…”
“Oh man,” Monsegur said, recalling the event years later in an interview. “That right there is what made me who I am today.” The last line of the manifesto was especially resonant for him: “My crime is that of outsmarting you, something that you will never forgive me for.”
The idea that figures of authority, from teachers to the media, misunderstood the true talents of hackers was something Monsegur understood all too well. As a young Latino living in the projects where his own family dealt drugs, he did not fit the description of nerdy computer hacker. More than likely he was confronted by people who doubted his abilities. But he was eager to learn. After successfully hooking his family up with free Internet, Monsegur wanted to find the next challenge to conquer.
He read more online, experimented, and took a few pointers from people on IRC networks like EFnet. Still at just fourteen, Monsegur taught himself software programming in Linux, Unix, and open-source networking.
Outside of school, Monsegur was showing off his talents: he joined a local training scheme for talented young programmers called the NPowerNY Technology Service Corps, then got work experience researching network security at the Welfare Law Center. At eighteen he had joined mentoring program iMentor as a technology intern.
By now he had grown into a tall, broad-shouldered young man, but he had a tenuous relationship with authority. According to an essay the teenaged Monsegur wrote in August 2001, it boiled down to an incident at his Washington Irving High School in Manhattan. He had been working for the school during class hours, installing Windows on what he called their “obsolete” computers, when one day while Hector was walking through the school’s metal detector, its chief of security stopped him to ask about the screwdriver he was carrying.
“I am the geek that fixes your system when you forget not to execute weird .exes,” he recalled saying.
“Hey, don’t give me an attitude, boy,” the head of security replied, staring at him. Monsegur explained it again. He was a student who worked on the “non-functioning computers during my school time.” The security head took the screwdriver.
“Thanks,” he said. “I’m keeping this.” Embarrassed and angry, Monsegur wrote a complaint and gave it the school’s authorities, accusing the security head of “corporal punishment” and “disrespect.” When the complaint was ignored, he distributed a “controversial piece of writing” to his teachers. During class, the school’s principal paid him a visit, asking if he would step aside so they could talk. He and other school officials found Monsegur’s writing threatening, he said.
“The guy stares me down,” Monsegur wrote in his essay. “Disrespects me physically in front of tens of students. What happened to my complaint? Where is the justice I seek?” Monsegur felt jilted. Weeks later he got a call from his teacher, who he described as saying he was “temporarily expelled from the school.”
Monsegur replied, “Very well then, it is such a shame that one such as myself would have to be deprived of my education because of my writing.” Just as the teacher was about to reply, Monsegur hung up. New York’s Administration for Children’s Services then requested he meet with a psychologist for a mental evaluation. Monsegur claimed that he passed. But he also left high school without finishing the ninth grade.
Online, he could live out his ambitions and avoid the “disrespect” he felt from figures of authority. By now he was learning how to break into the web servers of big organizations, from Japanese universities to third-world governments. Monsegur liked the buzz of subjugating a computer system, and soon he was veering from protecting them on his internships, to breaking into them in his spare time.
He had meanwhile discovered hacktivism. When he was sixteen and watching TV one day, Monsegur saw a news broadcast about protests in Vieques, an island off the coast of Puerto Rico. The U.S. Navy had been using the surrounding waters as a test-bombing range, and a year earlier, in 1999, a stray bomb had killed a local civilian guard. The guard’s funeral received global press attention and sparked a wave of protests against the bombings. In the TV broadcasts, soldiers pushed against protesters, including the Reverend Al Sharpton, a community leader in New York that Monsegur had become aware of through his growing interest in left-wing activism. Something snapped inside him.
He went to his computer and drew up a network map of the entire IP space for Puerto Rico, and he found that a company called EduPro was running the government sites. He hacked into the servers, discovered the root password, and got administrative access. In the heat of the moment, he also typed up an angry missive in Microsoft Word, ignoring his own typos: “Give us the Respect that we deserve,” he wrote. “Or shall we take it by force? Cabron.” He brought down the Puerto Rican government’s websites and replaced them all with his message, which stayed up for several days. Smiling at his work, Monsegur considered this his first act of hacktivism. When the U.S. military gave control of the Vieques base back to the locals two weeks later, he felt it was partly thanks to him.
Monsegur wanted to keep going. He threw himself into hacking, joining the first stirrings of a cyber war between American and Chinese hackers, which mostly involved young men from each side trash-talking and defacing websites in the other side’s country. Operation China took place in 2001, the same year that Monsegur appears to have dropped out of high school. Beijing at that time had refused to give President Clinton access to a U.S. spy plane that had collided with a Chinese fighter jet and crash-landed on Hainan island. The surviving U.S. crew were held for eleven days, and in that time a few gung-ho American computer hackers like Monsegur broke into hundreds of Chinese websites and defaced them with messages like “We will hate China forever.” The Chinese hackers hit back with the likes of “Beat down Imperialism of America.” By this point, Monsegur was regularly using the nickname Sabu, borrowed from the professional wrestler who was popular in the 1990s for his extreme style, and who played up his minority status by claiming to be from Saudi Arabia, when he was actually from Detroit and of Lebanese descent. Sabu, similarly, claimed online to be born and bred in Puerto Rico.
Monsegur’s group was called Hackweiser; it was founded in 1999 by a talented Canadian hacker nicknamed P4ntera. It counted between ten and fifteen hackers as members when Monsegur joined. His role in the group was one that would remain the same a decade later: he hacked into, or rooted, as many servers as he could. Later in 2001, after Sabu had spent several months learning the ropes with Hackweiser, P4ntera suddenly went missing. Monsegur realized that if the group’s charismatic leader could get arrested, the same could happen to him. He wrestled with his ego. He
loved seeing “Sabu” gain notoriety for the audacious hacks he was carrying out, but he did not want to go to jail.
“We humans suffer from egos,” Sabu later remembered. “We have a need to have our work appreciated.” But Monsegur decided to play it safe, and he stopped all public use of the name Sabu and went underground for the next nine years. If “Sabu” ever appeared online, it was only in private chat rooms. He also tried using his programming skills for legitimate means. In 2002 he started a group for local programmers in Python, a popular programming language. Introducing himself as Xavier Monsegur, he invited others to “integrate their knowledge into one big mass of hairy information” and said that the site he had made was “nere [sic] its final layout state…It’ll be all about us, our knowledge, our ideas, just ‘us’ having a fun time and enjoying what we have and can do.”
The sociable programmer went on to freelance for a Swedish IT security company called Tiger Team, then found work with the peer-to-peer file-sharing company LimeWire. He continued living with his grandmother and used his computer-hacking skills to help neighbors in the apartment block fraudulently raise their credit ratings. Money thus came sporadically from both legal and illegal sources: sometimes it was from Monsegur’s legitimate work; other times it was from selling marijuana on the streets, or hacking into a computer network to steal credit card numbers.
But problems came all at once in 2010, when he was twenty-six. Monsegur’s father and aunt had been released from prison, but his aunt Iris had resumed selling heroin and that year was arrested again. She left her two daughters in Monsegur’s care, and he got legal custody. At around the same time, he lost his job at LimeWire after the recording-industry group RIAA hit the company with a $105 million lawsuit and it was forced to lay off workers. Worse, Monsegur’s grandmother with whom he had lived since the age of fourteen died.
“That messed him up,” a family member later told the New York Times, referring to his grandmother’s death. Monsegur became more disruptive, hacking into auto companies and ordering car engines and disturbing his neighbors by playing loud music, often until 4:00 a.m. in the home where his grandmother no longer lived. Monsegur was unemployed and drifting.
Then in early December, out of nowhere, Anonymous burst onto the scene with WikiLeaks, offering a cause that Monsegur could be passionate about. He watched the first attack on PayPal unfold and saw echoes of his work with Hackweiser and his protest attack for the island of Vieques, but on a much grander scale. He would later say that Anonymous was the movement he had been waiting for all those years “underground.”
On December 8, when AnonOps had its highest surge of visitors for the initial big attack on PayPal, Monsegur signed into the public chat room, using the nickname Sabu for the first time in almost a decade. It was chaos on AnonOps IRC, with hundreds of trolls and script kiddies (wannabe hackers) all talking over one another.
“We need the name of the wired employee who just spoke on cnn,” he said, referring to Wired magazine’s New York City bureau chief, John Abell. “john swell? john awell? pm me the name please.!!!” As Sabu, he repeated the request three times. Eventually he zeroed in on Tflow, who was dropping advanced programming terms. After Sabu and Tflow talked via private messages, neither of them revealing his true location or any other identifying information, Tflow showed Sabu into the secret channel for hackers, #InternetFeds.
#InternetFeds was secure and quiet. In the open AnonOps chat rooms, hundreds clamored for large, impossible targets like Microsoft and Facebook. There was little point trying to reason with the horde and explain why those targets wouldn’t work, that you needed to find a server vulnerability first. It was like trying to explain the history of baseball to a noisy stadium full of people itching to see a home run. It had been the same in Chanology, when the #xenu channel was backed by the quiet planning in #marblecake. Discord grew in #operationpayback over who should feel the wrath of Anonymous next; the WikiLeaks controversy was receding from the headlines, and the hackers had grown bored with trying to attack Assange’s critics. Sabu, Kayla, and the others in #InternetFeds increasingly talked about focusing their efforts on another growing news story: revolution in the Middle East.
Sabu was already interested in the region, having attended a protest march or two for Palestine when he was younger. Now he and the others were seeing articles about demonstrations in Tunisia that had been sparked by documents that WikiLeaks had released. Tunisia’s government was known for aggressively censoring its citizens’ use of the Internet. Websites that were critical of the government were hacked, their contents deleted and their servers shut down. Locals who visited prodemocracy e-newsletters and blogs would often be met with error messages.
In early January of 2011, the government censorship appeared to get worse. Al Jazeera reported that the Tunisian government had started hijacking its citizens’ Facebook logins and password details in a process known as phishing. Normally this was a tactic of cyber criminals; here, a government was using it to spy on what its citizens were saying on social networks and mail services like Gmail and Yahoo. If officials sniffed dissenters, they sometimes arrested them. Locals needed to keep changing their Facebook passwords to keep the government out. At a time when the country of more than ten million people was on the edge of a political revolution, protesters and regular citizens alike were struggling to avoid government spies.
The hackers in #InternetFeds came up with an idea, partly thanks to Tflow. The young programmer wrote a web script that Tunisians could install on their web browsers and that would allow them to avoid the government’s prying eyes. The script was about the length of two sides of paper, and Tflow tested it with another Anon in Tunisia, nicknamed Yaz, then pasted it onto a website called userscripts.org. He and a few others then advertised the link in the #OpTunisia chat room on AnonOps, on Twitter, and in digital flyers. It got picked up by a few news outlets. The hacktivist Q was one of the #InternetFeds members and also one of the dozen channel operators in the #OpTunisia channel. He began talking with Tunisians on AnonOps—the ones who were web-savvy enough to access it via proxy servers—and encouraged them to spread news of the script through their social networks.
“OpTunisia fascinated me,” Q later said in an interview. “Because we actually did make an impact by pointing Western media to the things happening there.” Within a few days, news of the script had been picked up by technology news site ArsTechnica and it had been downloaded more than three thousand times by Tunisian Internet users.
Sabu was impressed, but he wanted to make a different kind of impact—a louder one. Thinking back to how he had defaced the Puerto Rican government websites, he decided he would support the Tunisian revolution by embarrassing its government. It helped that Arab government websites were relatively easy to hack and deface.
Sabu and a few others from #InternetFeds discovered there were just two name servers hosting Tunisia’s government websites. This was unusual—most governments and large companies with Web presences ran on several name servers, so a hacker taking down a few usually didn’t do much damage. In Tunisia’s case, however, shutting down just two name servers would take the government completely offline.
“It was a very vulnerable set-up,” one hacker that was in #InternetFeds recalled. “It was easy to shut them off.”
To take the Tunisian servers offline, Sabu did not use a botnet. Instead, he later claimed, he hijacked servers from a web-hosting company in London that allowed him to throw ten gigabytes worth of data per second at the Tunisian servers. These were broadcast servers, which could amplify many times the amount of data spam of a basic server; it was like using a magnifying glass to enhance the sun’s rays and destroy a group of ants. Sabu single-handedly kept the Tunisian servers down for five hours. Soon, though, authorities on the other side were filtering his spoofed packets, like the owner of a mansion telling his butler not to bring in mail from a particular person. The traffic he was sending was losing its effect. Undeterred, Sabu called
an old friend for help, someone he knew from his days of dabbling in cyber crime. While Sabu hit the first name server, the other took down the second.
Tunisia was where Sabu really got involved in Anonymous for the first time. He not only took down the government’s online presence; he and a few others also trudged through dozens of government employee e-mails.
But the government fought back again. It blocked all Internet requests from outside Tunisia, shutting itself off from foreign Internet users like Sabu. Sabu wanted to deface the site of Tunisian prime minister Mohamed Ghannouchi, but he would have to do that from inside the country, and he wasn’t about to get on a plane. So on January 2, he signed into the #OpTunisia chat room with its dozen channel operators and several hundred other Anons from around the world, including Tunisia. There was talk of using proxies and potential DDoS attacks; questions about what was going on. Then Sabu hit the caps lock key and made his grand entrance.
“IF YOU ARE IN TUNISIA AND ARE WILLING TO BE MY PROXY INTO YOUR INTERNET PLEASE MSG ME.” The room went almost silent. After a few minutes, Sabu got a private reply from someone with an automated username like Anon8935—if you didn’t choose a unique nickname on AnonOps, the network would give you one similar to this—a man who claimed to be in Tunisia. Sabu didn’t know the man’s real name and didn’t ask. He didn’t know if Anon8935 was sitting in the sweltering heat of a city or tucked away in a quiet suburb. The man said only that he’d been a street protester and now wanted to try something different, something with the Internet. Trouble was, Anon8935 didn’t know a thing about hacking. Sabu gave him some simple instructions, then said, “My brother. Are you ready?”