We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

by Parmy Olson

  Intrigued, Brown invited him into his secret Skype group with Topiary and WhiteKidney for a conference call. OpLeakS came on with a thick New Jersey accent and monotone voice. At first Brown and Topiary were excited by what they were hearing. OpLeakS, a staunch Anonymous supporter, said he had been contacted by a former employee of Bank of America, someone who had worked there for seven years and who had joined when the bank bought Balboa Insurance. OpLeakS and the ex-employee talked by e-mail for several days. Whenever OpLeakS asked a question about Bank of America, he was met with increasingly damning responses about how the lender had been hiding loan mistakes or how managers practiced favoritism. It all pointed to fraudulent mortgage practices, he told Brown and the others on Skype, stuff that could bring down Bank of America.

  “Why don’t you send them over so we can take a look,” said Brown, who by now had become skeptical. OpLeakS sounded out of his depth with the subject matter.

  “I can probably help you with getting the word out,” Topiary offered, thinking any kind of leak involving Bank of America would generate interest after the WikiLeaks affair. He added they could host OpLeakS’s e-mail correspondence on the new AnonLeaks site.

  OpLeakS wasn’t interested in either offer, but he forwarded a handful of e-mails in the hope of some validation. Now Brown was definitely unimpressed—the claims by the ex-employee sounded embarrassing to Bank of America, but OpLeakS had nothing that could bring down an entire multinational bank. Because of recent rumors that WikiLeaks had a cache of explosive data on Bank of America, it was easy to get confused by OpLeakS’s claim and think that they were somehow related. By now, Anonymous and WikiLeaks were closely associated with each other, through the Payback DDoS attacks and then the announcement of the name AnonLeaks. But of course, OpLeakS’s data had nothing to do with WikiLeaks, and it was not substantially damaging either.

  “He didn’t seem to have what he thought he had,” Brown later recalled in an interview. Topiary remembered the man promising more information but not delivering. “He wasn’t forthcoming with it,” Brown added.

  But in spite of flimsy evidence and limited understanding of finance, OpLeakS posted several tweets over the weekend of March 12 and 13 hinting that “Anonymous” had e-mails that exposed “corruption and fraud” at Bank of America.

  Amazingly, the tweets were picked up by the media and taken seriously. “Anonymous, a hacker group sympathetic to WikiLeaks, plans to release e-mails obtained from Bank of America,” Reuters breathlessly reported on Sunday, March 13. Blogging sites like Gawker and Huffington Post echoed the news. OpLeakS had, by happy accident, stumbled upon the big story that everyone was waiting for. In December of 2010, Forbes magazine had published a cover story in which Julian Assange promised to leak a major cache of secret information from Bank of America that would be highly damaging to the bank. Aaron Barr had been working off this very threat when he had prospected the bank’s lawyers Hunton & Williams with proposals to discredit WikiLeaks. The trouble was, no one knew when the big leak would come, so when it appeared that Anonymous, attackers of HBGary, PayPal, Visa, and MasterCard, were about to hit Bank of America on their own, expectations ran high. Too high.

  On Monday morning, as promised, OpLeakS posted his e-mail correspondence with the ex–Bank of America employee on a website hosted by his own Wordpress blog, bankofamericasuck.com, and under the title “Black Monday Ex-Bank of America Employee Can Prove Mortgage Fraud Part 1.” (There never was a part 2.)

  “I’m OperationLeakS,” the post started, “read every line and screenshots.” This was followed by screenshots of the e-mails between OperationLeakS and the former bank employee. Among the questions were “Do you have proof you work at Bank of America?” “It’s like a cult?” “So why do you want BoA head so bad?” “When you were fired did you take your things like pictures etc.?” This last question was followed by a photo, provided by the ex-employee, of a mangled plant, some soil, and a small American flag crammed into a cardboard box.

  Traffic to www.bankofamericasuck.com was so high that morning that many people trying to access the site got an error page or found it slow to load. Forbes’s Wall Street writer Halah Touryalai was one of the first to check out the e-mails, and early Monday morning she put together a blog post called “Bank of America E-Mail Leaks Are Here, How Much Will They Hurt?” Within a couple of hours thirty thousand people had looked at her article. As of today it has received more than forty thousand views.

  “It’s tough to tell if there’s anything truly damning in these e-mails,” Touryalai ventured in her story. She noted that while Julian Assange had told Forbes in December that he had troves of data that could “take down a bank, ” in February Reuters had reported that Assange was no longer sure his goods would have a truly negative impact. The bank’s publicity department was already calling the OperationLeakS assertions “extravagant.” The market would decide.

  Touryalai and other financial reporters watched Bank of America’s share price that morning. As the bell rang for the New York Stock Exchange’s opening, Wall Street traders looked over the e-mails—and did nothing. The bank’s share price moved down by just fifteen cents at the close of trading on Monday, suggesting investors didn’t care.

  The mainstream media, from CNN to USA Today to the BBC, had excitedly reported on the e-mails, but by the end of the week all agreed the “take-down” had been a flop. “Forgive me if I suppress a yawn,” said Annie Lowrey at Slate. The ex-employee’s comments to OpLeakS were small potatoes and too perplexing to mean much.

  This was perhaps the moment when the media learned a disappointing lesson about Anonymous. The collective had done damage, to be sure, but it was just as good at creating hype about secrets it had found as it was at finding anything secret at all. Worse, the hype had come not from a group of hackers, but from one monotone-sounding man with a limited understanding of finance whose voice had been globally amplified by invoking the name “Anonymous” at the right time and with the right subject matter. If Anonymous wanted credible attention, there needed to be some semblance of central organization, as with Operation Payback and Chanology, even if they hated the idea of leaderfags.

  After roughly two weeks of working with Operation Metal Gear, Topiary felt torn between his two different groups: the hackers who’d hit HBGary and the now ten or so investigators who were supporting Brown (numbers had been slowly dwindling since Radio Payback). He found he couldn’t explain to either side what the other was doing. Brown’s information group was too complex; Sabu’s and Kayla’s too secretive.

  Brown’s ideas also started to sound outlandish, especially after he began suggesting that someone from the military might assassinate him. Topiary thought he was joking at first, but Brown was serious.

  “I’m at the center of the world of information and I’m fearful for my safety,” Brown told him at one point. “I know too much about Middle Eastern governments working with the United States.”

  Brown confirmed this in an interview months later: “Someone else who has a semiregular dialogue with people at the State Department and is very well connected to these things was raising that possibility,” he said, quickly adding, “I didn’t take it that seriously.”

  At the time, Topiary did not doubt Brown’s sense of impending danger—Topiary also felt he was in too deep. “It was intense,” Brown agreed. “We were getting informants telling us much wilder things. Several of us were getting the impression that what we were looking into, and accidentally learning, was much larger than anything else, and by virtue of looking into it we were getting ourselves into trouble.”

  The topics they were delving into hit close to home because they encapsulated the one thing Anons had to fear: technology that was better than theirs and that could identify them. Then, in late March, Congress started a small investigation into the HBGary contracts. “Shit’s getting real,” Topiary observed.

  “Imagine losing your anonymity,” Topiary had said during the Radio Payback show t
o explain what persona management software was. “Imagine creating an online account under one alias and, months later, creating another… Imagine software that can correlate every login time from both of these accounts, every piece of grammar you use, every nickname…automatically finding out who you are online.” Topiary knew that people could tear out an Anon’s true identity by simply following a Google trail that started with the name of his favorite movie. He hated the idea of government-contracted software doing that a hundred times more efficiently.

  But the stress, the stream-of-consciousness Skype discussions, the conspiracies about the military were getting to be too much. He started thinking about his other group—Sabu, Kayla, and the others in #HQ. The hack on Westboro Baptist Church, on the Tunisian government, on Egyptian government websites, on copyright alliance, on the Tunisian anti-snooping script, HBGary—it had all happened because of people from that concentrated team. Topiary thought that if this group left, Anonymous, as the outside world knew it, would die. More important than Brown’s research was this other group sticking together.

  “Barrett,” he finally said in mid-March, “I have to step out of this. It’s just getting too weird and conspiratorial.”

  “Okay,” Brown replied. “I can’t expect you to be as involved as you already have been.” Brown was quietly irked, but Topiary got the feeling he understood. He closed his Operation Metal Gear documents and organized them in a folder holding about a hundred and fifty megabytes of data—text files and audio files from Brown’s conference calls—that he would probably never look at again.

  As he did so, Topiary was asked in an interview if he thought this “concentrated team” might ever break off from Anonymous to do its own thing.

  “Not really,” he answered. “I can envision it now. We could probably go on a rampage around the Web under some kind of nerdy hacker group name, get on the news a lot, leak, deface, destroy.” It would get boring, he said. “Under the Anonymous banner it’s done with a purpose, and a meaning, and without ego.”

  A few weeks later he would completely change his mind.

  Chapter 14

  Backtrace Strikes

  It was late February and bitterly cold in Michigan. A blizzard had followed a false spring and covered Jennifer Emick’s front lawn in several feet of snow. Squirrels were poking in her mailbox and stealing packages in the hopes they contained cookies, but Emick didn’t consider going outside to check. Not only was there the muscle-spasming freeze, she was now deep into the investigation into Anonymous she had initiated. It had reached a new level after Laurelai had passed over logs from the HQ channel. Emick’s goal was to show the world what Anonymous really was—vindictive, corrupt, and not really anonymous at all.

  Back in December of 2010, when Operation Payback had really taken off with its attacks on PayPal and MasterCard, Emick had already pulled away completely from Anonymous. It wasn’t that she didn’t like the targets—it was the cruelty she was seeing more and more throughout the network, ever since Chanology. Emick had kept friendships with a few Anons, hosted some supporters in her home, and joined a Skype group sometimes called the Treehouse. She described them as “just some friends who hung out and talked.” Chanology had spawned new Anonymous cells, or sometimes just friendship groups. Some of these groups died off, and many Chanology participants went off to college or stopped associating with Anonymous for good. There were a dedicated few, like Laurelai and Emick, who had come back for the next wave in 2010. Except Emick had become part of a minority that wanted to stop Anonymous.

  Like Barrett Brown, Emick tended to see the world through theories, and her big one about Anonymous was that it had become just like Scientology: vindictive, reactionary, and a scam. When she watched the creation of the AnonOps IRC network, she believed operators were trying to revive “this old spirit of being intimidating.” Emick saw young people who wanted to be part of a group of nameless bullies because they were getting picked on at school. Suddenly, they could be part of a group that people were afraid of, she explained.

  Emick was gradually creating a crusade that was part principle, part personal. She had four children, three of them teenagers, and she resented the idea that they could fall for “some idiot story” online that romanticized bullying tactics. “Kids are dumb,” she said. They weren’t going to question legalities. “They’re going to say, ‘Ok, cool.’”

  She was right about the lack of legal awareness. When thousands of people joined the AnonOps chat rooms eager to help take down PayPal, most didn’t realize that using LOIC could land them in jail. Emick became indignant when she went into the chat rooms at the time and saw IRC operators telling new Anons they had nothing to fear from taking part in a digital sit-in. When Emick confronted the operators Wolfy and Owen under a pseudonym and accused them of trying to raise a personal army, they banned her from the network.

  By late February, authorities in the Netherlands and Britain had arrested five people involved in Operation Payback; the FBI continued to follow up on its forty search warrants in the United States. Later, in July, the authorities would arrest sixteen suspects. The one thousand IP addresses that PayPal had given the FBI were paying off. The operators had been wrong, or possibly lying, and what irked Emick more was that they knew how to avoid arrest better than new volunteers.

  Soon after learning about the HBGary attack, Emick had started spending hours in front of her computer, egged on by suspicions that the people controlling Anonymous were criminals. She was especially interested in the nickname Kayla, and when she started searching on forums, the name appeared on a popular site for aspiring hackers called DigitalGangsters.com.

  Started by twenty-nine-year-old Bryce Case, known on the Internet at YTCracker (pronounced “whitey cracker”), DigitalGangsters was founded as a forum for black hat hackers, and one of its users was named Kayla, a twenty-three-year-old in Seattle. Emick did some more digging. YTCracker was a hacker himself; he’d been programming since he was four, gaining notoriety after he hacked into government and NASA websites and defaced them. He went on to develop a taste in hip-hop music, and he founded a record label and gave concerts at the hacker convention DEF Con. DigitalGangsters had originally been a production for his club nights and raves, but he turned it into a forum for his hacker friends who were moving off of AOL chat rooms and onto IRC. It was a hub for old-school hackers and a proving ground for new ones. In 2005, one of its users, a sixteen-year-old from Massachusetts, hacked into Paris Hilton’s T-Mobile account and accessed her nude photos. Four years later, an eighteen-year-old hacker got the password credentials for President Obama’s official Twitter account. Another hacker got photos of Hannah Montana. The forum was a place where crackers could trade ever more ambitious bragging rights, a place where a person could get in touch with spammers (also known as Internet marketers) and sell a stolen database or two.

  YTCracker didn’t like Anonymous because he didn’t like the way innocent people got caught in the crossfire. It had happened to him. In March of 2011, a few hackers on his forum, including one named Xyrix, attacked his site for no reason other than that he hosted some of their enemies. To get his administrative access, they called AT&T and reported YTCracker’s phone stolen, got a new phone and SIM card, and were able to grab his Gmail password. From that they were able to hack into the Digital Gangsters forum, then deface it with a message that said it had been “hacked by Kayla, a 16-year-old girl.”

  Here’s where Emick stumbled into a world of confusion. Kayla was described as a twenty-three-year-old on this site, but she had read an Encyclopedia Dramatica article saying that back in 2008, “Xyrix posed as a woman using the name ‘Kayla’ on the Partyvan network.” Xyrix was widely known to be a heavyset twenty-four-year-old man from New Jersey named Corey Barnhill. Emick thought, incorrectly, that this meant Kayla was Barnhill.

  Kayla had an explanation for why everyone thought she was Xyrix: back in 2008, she had hacked his main web account and pretended to be him to get inform
ation out of a Partyvan admin; the admin then mistakenly thought that Xyrix and Kayla were the same person and added her into Xyrix’s Encyclopedia Dramatica page. The “hacked by Kayla, a 16-year-old girl” deface on YTCracker’s site may well have been Xyrix taking advantage of that misunderstanding to try to humiliate YTCracker.

  Emick was going down the wrong path with Kayla, but she still felt she was onto something. She started spending more time on these forums, piecing together nicknames, fake identities, and false information, being led down new trails. While many hackers varied their nicknames, a lust for credibility compelled many more to stay with one name. In many cases, all Emick needed to do was plug a nickname into Google, search for it against forums like DG and Reddit, and then talk to a few of that person’s friends on IRC. She used note-taking software to cross-reference everything.

  “You have to be anal retentive,” she later explained. Soon she had amassed gigabytes of data on her computer and had enough to put real names, even addresses, to a few Anons.

  Emick felt an urgency to turn her research into something that would better Barr’s faulty approach. Beating Barr at his own game became a personal challenge. Realizing she would need help, she began talking to an online friend from her old Chanology days about forming an anti-Anonymous tag team.

  Jin Soo Byun was a twenty-six-year-old security penetration tester who had once been an air force cryptologist but had retired when he was caught in an IED roadside bombing in Iraq. The accident left him with serious brain damage and memory loss, but he threw himself into the 2008 Chanology protests and built up a reputation for social engineering under the nicknames Mudsplatter and Hubris. He and Emick served as administrators on Laurelai’s website, and the pair developed a friendship via Skype, instant-message chats, and phone calls. Often they would just gossip about the hacking scene, taking pleasure in trash-talking their enemies.