We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 23
The local college had liked his application for a preliminary psychology course and had accepted him straightaway. Having been out of the education system for four years, Jake was looking forward to the brisk twenty-five-minute walk to his new courses and pushed away concerns that someone in class might recognize his voice from the Westboro video. He had always known that Anonymous would come and go, and he didn’t want it to overshadow his first real crack at college. With around seven hundred pounds now saved in the bank account that he rarely touched, he had even started treating himself to a meal every Thursday night at the Ghurka, what he considered to be the island’s best Indian restaurant. Its Chicken-Madras Curry, complete with french fries, garlic naan bread, and Gurkha beer, cost £13.75 ($21.80), but he always paid with a twenty-pound note and didn’t take change. He liked the waiters and the way they chatted amiably about their lives back under the scorching sun in India, while the cold Shetland wind blew outside. Inside, the restaurant was a haven, garnished in Asian decor and with calming sitar music playing in the background. Jake would mostly sit and brood by himself. Over the coming months, as he became busier again, he would visit the Ghurka more than twenty times as a form of therapy, a chance to rest his mind before climbing up the hill to his front door and opening it to see lines of text frantically moving up the screen of his open laptop.
Kayla, Tflow, AVunit, and Q had also taken a break from Anonymous, leaving just Jake (as Topiary) and Sabu in the group’s private chat room. Sabu would later remember the others leaving because they had “got scared,” and he and Topiary being stuck together on their “own little island.”
The two were talking sometimes for several hours a day in between the other goings-on in their lives. They got to know each other a little better. Topiary never dared ask Sabu what he had done in the past, but the older hacker laid it out anyway. He told stories about hacking the Puerto Rican government, about cyber war with Chinese hackers, about his defacing spree, about going underground, and about why he had come back to support Anonymous the previous December. Topiary found himself in awe of Sabu’s relentless drive to be a hacktivist after an incredible eleven years, and of his long monologues about refusing to sit down to an authoritative society. Even when Sabu was tired after a long day of work and family, he’d perk up when talk turned to politics and society.
Though Sabu loved technology and hacking, it seemed that his heart lay in social and political change. In the real world, Hector Monsegur had come from New York City, gotten into real-life punch-ups with other men, and even done some jail time. He was deeply resentful of people who abused positions of authority, holding a particular disdain for white hat IT security firms and corrupt police officers. Right up to adulthood he was regularly getting stopped and searched by the police, the feeling not much different to when his high school’s head of security had taken away his screwdriver.
Monsegur claimed in one interview that, earlier in 2011, two cops, one African American and one hailing from the Dominican Republic, had stopped his car while he was driving through a wealthy part of town. One of the officers came to his window and claimed Monsegur had run a red light. Monsegur suspected it was more likely because he didn’t fit in with the local area. The officer requested his license and registration then asked what he was doing there. Monsegur showed him his papers. Then he was asked to step out of the car.
“What happened?” he asked.
“Just go to the back of the vehicle,” the officer said. Monsegur walked around to the back, where the second cop handcuffed him.
“What’s going on?” Monsegur cried as they put him in their squad car. “I got a family. Why you handcuffing me?”
“You fit the description of someone we’re looking for,” one of the policemen finally said.
“Okay. All right,” Monsegur said, trying to stay calm. “Give me the description.” The officers hesitated at first but eventually described a man who, while slightly similar to Monsegur, had a different height, date of birth, hair color, and skin tone. They finally showed him a picture of the suspect.
“Yo, listen,” he said after looking at it. “Look at me. We’re different in every way. He’s got tattoos on his neck. I’ve got short hair.” Then he turned to the Dominican cop and asked in Spanish why he was being arrested.
“You do kind of look like him,” the cop replied in English.
“So…where are the tattoos?” he asked, glaring at the cop.
“You could have had them removed.”
Monsegur rolled his eyes and fell back into his seat, his mind blazing. It was true he had tattoos, but nothing on his neck. As they drove him away, he heard one of the officers get on the radio and tell the precinct they were bringing in a “boy” that matched their suspect’s description. He heard a crackling, disembodied voice from base ask for details and if he definitely matched. As soon as one of the cops mentioned Monsegur’s height and date of birth, the voice asked why they were bringing him in. The cops looked at each other. “Let him go right now,” the voice continued. They shrugged and turned the car around.
Monsegur felt relief wash over him. As they pulled up next to his car, he realized his lights and radio had been left on. The battery was dead, and he was stranded at ten o’clock at night.
It was an especially maddening experience, but by no means the only one. Monsegur claimed that he was used to walking down the street, being stopped, and getting frisked, the phrase You fit the description echoing in his ears. Growing up on the Lower East Side in the 1990s, he had seen the effects of Mayor Giuliani’s order for the NYPD to concentrate on neighborhoods with high rates of drug use, and using recently enlarged tax revenues to hire around three thousand new police officers to hit the streets, bringing the total number of NYPD cops to around forty thousand. Monsegur saw them as the city’s biggest gang, authoritative thugs who made citizens like himself feel like animals. He wanted to change that. In addition to his hunger for recognition and respect as a skilled hacker, he wanted people like himself who had been brought up in the projects to know their rights.
Monsegur had not come from a family of political activists, but hacking had given him a voice. It got him noticed. Breaking into databases and disrupting servers was how you subverted the modern world’s corrupt powers. As he grew older, he had become more cynical about the world around him, and more temperamental when he became the target of criticism himself. Perhaps tellingly, for instance, he hated nothing more than being called a snitch.
But his cynicism was broken for a while when Operation Payback came along in late 2010. So excited was he at its potential he couldn’t help but inflate the importance of Anonymous and, later, his own importance in it.
“We give police officers in the United States the power to shoot us and get away with it. Anonymous can now stand up to that threat,” he said during an interview in April 2011. “The world has allowed dictatorships and tyrants to go unquestioned for decades. Now organizations like Anonymous can ask those questions.”
Sabu believed Anonymous’s greatest power was its lack of hierarchy. He pointed to a U.S. government counterintelligence program in the 1960s and 1970s called COINTELPRO, which saw the FBI quietly subvert activist and political organizations. They had used HBGary-like tactics of subterfuge and misinformation to erode the power of organizations from the Black Panthers to the Puerto Rican FLN to the KKK to Mexican gangs, often doing it from the inside. The reason many of these organizations died out, Sabu believed, was that they had a structured hierarchy.
Anonymous was different. If someone arrested Monsegur, there would be ten more like him to take his place. By leaking e-mails or helping Internet users around the world bypass government filtering, Anonymous could assist people like Julian Assange and his alleged whistle-blower Bradley Manning once they were arrested. When he had first heard about Assange’s arrest, Monsegur had gone online as Sabu and looked for vulnerabilities in the networks of organizations related to Assange’s case, from the court that a
llowed Assange’s warrant to those who ended up taking him to jail. Sabu claimed his research led to a wealth of information for future operations, though he never released it to the public.
“[It’s] for future use,” he said in one interview. “I’m sure sooner or later you’ll see my results. Juicy stuff, though.” A verbal teaser like this about having dirt on Assange’s prosecutors was typical of the Sabu persona. Hinting at the prospect of a big operation or leak was key to how he would later hook the attention of other Anons, like Topiary, and even of major newspapers, all from the comfort of his computer. As Sabu, he would often say things like “Something big is about to go down. I’ve found something. You’ll want to see it.” He would then keep quiet on details for several weeks, and sometimes he never explained it at all.
Sabu knew that many saw Anonymous as a group of miscreant trolls. “And I’m sure some people want it to stay that way,” he said. Even as AnonOps had become disorderly, Sabu believed Anons could become organized and change the world. “It lives, it thinks, it breathes,” he said.
As he and Topiary reflected on Anonymous throughout April, they realized that as much as they wanted to leave, they also wanted to stay. For Sabu it was the activism and recognition; for Topiary it was the fun, the learning, and the ability to cause a stir. If Topiary was socially awkward in real life, he had become a wisecracking hero online. They wondered how they could make these experiences continue now that Anonymous had gone quiet.
One night around mid-April, Sabu told Topiary again that as much as he believed in Anonymous, he wanted to go back into hiding more permanently. Suddenly, alarm bells went off in Topiary’s head. Something about that felt wrong, as if they were on the verge of missing out on something truly remarkable. He started talking Sabu out of it.
“You’re already out in the open now,” he told Sabu. Their team had created a media storm, meaning there was enough attention and momentum to work toward his goals, to continue the hacktivist movement. “If it doesn’t happen now it won’t happen ever,” he added.
Sabu took this in.
“Now’s a good chance to do it,” Topiary pointed out. “We’ve got the attention, the contacts, we’ve got AnonOps servers up and everything running smoothly. This might be your last chance to get this out there.”
In reality, Topiary wasn’t interested in hacktivism the way Sabu was. He had just enjoyed chatting with his team and wanted to have fun. Their elite team had drifted apart, with Kayla, Tflow, and AVunit still on their respective breaks from hacking. But the two had reminisced frequently about how well the group had gelled before, and now Topiary was broaching the idea of getting everyone back together again. He made a convincing argument, and Sabu started agreeing that in spite of his real name now out in the open, he and the others could do something great together. Sabu later talked about reaching a point of no return, and it may well have been during these discussions with Topiary that he decided to cross a line and not turn back.
Sabu later remembered things “clicking” with Topiary when talk had turned to inspirations and aspirations. It wasn’t that they suddenly wanted to hack the planet. “It was more like we both believe in Anonymous. Let’s work together and go from there. And of course, he [Topiary] liked the media attention.…I guess the obvious connection there is I do the hacking and you do the speaking.”
Sabu had been wary of how public Topiary could be, but he admired his speaking and debating skills. This explained the unusual nature of their collaboration; though they were almost polar opposites in personality, there were ways in which the two dovetailed. Sabu seemed to like Topiary’s tabula rasa worldview, which made a good sounding board for his rails against the system. Topiary hadn’t had a personal beef with white hat security firms, but after enough conversations with Sabu on the matter, he soon hated them too.
Sabu was also drawn to Topiary’s celebrity in the world of AnonOps IRC. His nickname had a buzz—if it appeared in a chat room, conversations stopped and people called on him to talk. It was this point that would later give Topiary pause when he thought back to why he had ended up collaborating with Sabu. It wasn’t that Sabu was using him, necessarily, “but there was definitely a reason he wanted me around.”
Sabu was open about this.
“When you’re in a chat room, it motivates people,” he told Topiary, who couldn’t help but feel flattered. And Sabu would also tell Topiary that he was his “brain of reason.” The tautology referred to the way Topiary would help calm Sabu down when he got too excited or upset about an issue. “I would explain things,” Topiary later remembered. “I would guide him on how to go about an operation a certain way, rather than going full throttle. Don’t release everything in one go. Release it bit by bit.” HBGary was a case in point: the teaser e-mails, the Tweets to draw press attention. There would be much more of that in the coming months.
Within the space of two weeks, each had somehow convinced the other to stay in the game and to bring the old HBGary team back together. With their small group, maybe they could get the masses moving again. They could support Anonymous 100 percent, but they didn’t have to be called Anonymous.
“This means if we want to mess with some white hat company, we wouldn’t ruin the Anon image,” Topiary said during an interview in April 2011, while he and Sabu were still discussing the idea. “We figured it’d be too far to call ourselves a hacking team with a cheesy banner, so we haven’t decided much.”
Kayla had been flitting about online, so they created an IRC channel called #Kayla_if_you_are_here_come_in_this_channel. Once Kayla came back, she said she was interested, and the three of them started throwing ideas around. One was to set up a new IRC network for Anonymous, since Ryan’s leak in April had turned hundreds of users off its channels. Detractors had bombarded the network with DDoS attacks, and while regular visitors had dwindled, the number of people claiming to be operators had swelled to forty. With AnonOps now so top-heavy, there was chaos in nine different “command” channels, leader-of-leader channels, and secret channels to talk about other operators. The network was about to crash under its own weight, and Anonymous needed a safe, organized place to meet. But by early May, the AnonOps operators had got it together. They had whittled their servers down from eight to two, and their operators from forty to eight. An IRC network now looked less necessary.
“I probably would have quit if we hadn’t talked so much and ended up getting Kayla back,” Topiary would say many months later. “In a way I wish Sabu hadn’t trusted me so much.” In a few days, AVunit came back from his break and joined the group too. There were now four of the old team back together who were interested in doing something big—they weren’t sure what exactly—to reinspire Anonymous. There was no turning back now.
One late morning, during a period when the team was still mulling over what they could do together, Topiary got out of bed, got on his laptop, and saw Sabu online, along with Kayla. It must have been about five in the morning in New York.
“Guys I was up all night looking at sites to go after,” Sabu said. “And I found this big FBI site.” Topiary’s breath quickened for a moment. “I’ve got access to it,” he added.
Sabu then pasted a long list of around ninety usernames and encrypted hashes (which corresponded to their passwords) from a website called Infragard. The list of names represented half the site’s user base. Topiary and Kayla immediately started trying to crack them, excited by the prospect of “hacking the FBI.” Just a few minutes in, Topiary Googled Infragard, and he realized they were dealing with a nonprofit affiliate of the FBI, not the organization itself. He thought briefly about asking how Sabu had found the security hole or pointing out that it wasn’t exactly a “big FBI site.” But he didn’t want to dampen the team’s excitement.
All the users had been verified by the FBI to gain access and all worked in the security field; some were even FBI agents. Yet their password choices were questionable, at best. One of the users had used “shithead” as a pass
word for everything online; another had “security1.” Only about a quarter of the users had passwords the team couldn’t crack. It is a general rule in IT security that any password that isn’t a combination of letters, numbers, and symbols is weak. It is not particularly hard to memorize “###Crack55##@@” or “this is a password 666,” but both of these would be extremely difficult to crack. (The hardest passwords to decipher are phrases, which are also easier for password holders to remember.)
After someone downloaded the entire database of users and then converted it into a simple text file, Sabu loaded the 25 percent of password hashes that the team couldn’t crack into the don’t-ask-don’t-tell password cracking service he’d used for HBGary Federal, HashKiller.com. Sometimes kids used the site to send encrypted messages to one another, with the challenge to crack them. When nefarious hackers broke into the user base of a website, they would typically dump all the so-called MD5 hashes into a database and start cracking the easy ones first, then let HashKiller’s forum users do the rest.
An MD5 hash was a cryptic language that corresponded to words or files, and it typically looked like this:
11dac30c3ead3482f98ccf70675810c7
This particular string of letters and numbers translated to “parmy,” so the result on the site would look like:
11dac30c3ead3482f98ccf70675810c7:parmy