We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 32
“I’ve got a contact in WikiLeaks that wants to talk to you,” the person said, then directed him to a new IRC server that could serve as neutral ground for a private discussion. The network was irc.shakebaby.net and the channel was #wikilulz. Topiary was immediately skeptical and believed the contact was trolling him. When he finally spoke to a WikiLeaks staff member known as q, who was in the channel under the nickname Dancing_Balls, he asked for someone to post something from the WikiLeaks Twitter account. Assange, who allegedly had sole access, did so, putting out something about eBay, then deleting the post. Topiary did the same from the LulzSec Twitter feed. But he needed more proof, since the WikiLeaks feed could have been hacked. q said he could do that. Within five minutes, he pasted a link to YouTube into the IRC chat, and he said to look at it quickly.
Topiary opened it and saw video footage of a laptop screen and the same IRC chat they were having, with the text moving up in real time. The camera then panned up to show a snowy-haired Julian Assange sitting directly opposite and staring into a white laptop, chin resting thoughtfully in his hand. He wore a crisp white shirt and sunlight streamed through a window bordered with fancy curtains. q deleted the twenty-two-second video moments later. Also in the IRC channel with Topiary and q was Sabu, now likely with very interested FBI agents monitoring the discussion.
“Tell Assange I said ‘hello,’” Sabu told q.
“He says ‘hi’ back,” q said.
At first Topiary was nervous. Here was Julian Assange himself, the founder of WikiLeaks, reaching out to his team. He couldn’t think why he wanted to talk to them. Then he noticed what q and Assange were saying. They were praising LulzSec for its work, adding that they had laughed at the DDoS attack on the CIA. With all the flattery, it almost felt like they were nervous. For a split second, LulzSec seemed to be much bigger than Topiary had ever thought.
By now a few others from the core team knew about what was happening and had come into the chat room. Sabu had given them a quick rundown of what was going on, then said it could mean hitting bigger targets.
“My crew seems up for taking out traditional government sites,” he told Assange and q in the chat. “But seeing as that video was removed, some of them are skeptical.”
“Yes I removed the video since it was only for you, but I can record a new one if you want :),” q said.
“If we need additional trust (mainly my crew) then ok,” said Sabu. “But right now we seem good.”
Then q went on to explain why he and Assange had contacted LulzSec: they wanted help infiltrating several Icelandic corporate and government sites. They had many reasons for wanting retribution. A young WikiLeaks member had recently gone to Iceland and been arrested. WikiLeaks had also been bidding for access to a data center in an underground bunker but had lost out to another corporate bidder after the government denied them the space. Another journalist who supported WikiLeaks was being held by authorities. Assange and q appeared to want LulzSec to try to grab the e-mail service of government sites, then look for evidence of corruption or at least evidence that the government was unfairly targeting WikiLeaks. The picture they were trying to paint was of the Icelandic government trying to suppress WikiLeaks’s freedom to spread information. If they could leak such evidence, they explained, it could help instigate an uprising of sorts in Iceland and beyond.
The following day, q and Assange wanted to talk to LulzSec again. Perhaps sensing that Topiary was still skeptical, q insisted on uploading another video. It again showed his laptop screen and the IRC chat they were having being updated in real time, then a close-up of Assange himself, head in hand again, but this time blinking and moving the track pad on his laptop, then him talking to a woman next to him. The camera was then walked around Assange before the video ended. The video had been filmed and uploaded in less than five minutes. Topiary, who was experienced with Photoshop and image manipulation, calculated that doctoring the IRC chat and Assange in the same video image within such a short space of time would have been incredibly difficult, and he veered toward believing this was all real.
But q was not asking LulzSec to be hit men out of the goodness of their hearts. There was potential for mutual gain. q was offering to give the group a spreadsheet of classified government data, a file called RSA 128, which was carefully encrypted and needed cracking. q didn’t send it over, but he described the contents.
“That’s pretty heavy stuff to crack,” Sabu told q. “Have you guys tried simple bruteforce?” q explained they had had computers at MIT working on the file for two weeks with no success. Topiary wanted to ask if Assange was going to give the team other things to leak, but he decided not to. Part of him didn’t want to know the answer to that. It was already starting to look like LulzSec was on the road to becoming a black hat version of WikiLeaks. If WikiLeaks was sitting on a pile of classified data that was simply too risky to leak, then it now had a darker, edgier cousin to leak it through.
Topiary decided to mention that LulzSec had been the same team behind the HBGary attack. Assange said he had been impressed with the HBGary fallout but added, “You could have done it better. You could have gone through all the e-mails first.”
“We could have,” Topiary conceded, “but we’re not a leaks group. We just wanted to put it out as fast as possible.”
“Yes but you could have released it in a more structured way,” Assange said.
“We didn’t want to go through 75,000 e-mails looking for corruption,” Topiary countered again. He remembered how he had trawled through those e-mails looking not for scandal but for Penny Leavy’s love letter to Greg Hoglund and for Barr’s World of Warcraft character.
The team decided to invite Assange and q over to their IRC network on Sabu’s server. Topiary created a channel for them all to talk in and called it #IceLulz. q said he wished WikiLeaks could help the group more with things like servers or even advice, but they didn’t want to link the organization too obviously to LulzSec. In fact, when Topiary told q to go ahead and send the RSA 128 file over any time, q seemed to back off.
“Yeah, maybe in the future we’ll see how this goes,” q said. He never did send the file, at least not to Topiary.
Still, Sabu was “the most excited he had ever been,” Topiary later remembered, over the moon that WikiLeaks was asking for his help. It is unclear if Sabu was in reality haunted by the fact that he was now also helping to implicate Assange. Six months prior, he had believed so passionately in the WikiLeaks cause that he was willing to risk bringing his hacker name out into the public for the first time in nine years. Another possibility: the FBI was encouraging Sabu to reach out to Assange to help gather evidence on one of the most notorious offenders of classified government data in recent times. It seems probable that if Sabu had helped, for instance, extradite Assange to the United States, it would have improved his settlement dramatically.
“It’s our greatest moment,” Sabu told the crew. He and q started talking in more depth about various websites, and then Sabu sent links to two government websites and a company to the rest of the team, tasking them with finding a way to get into their networks and grab e-mails. Over the next few days, Topiary passed the job of staying in contact with WikiLeaks to Sabu, and for the next few weeks, Assange visited LulzSec’s chat network four or five more times.
Topiary left the #IceLulz IRC channel open on his laptop and kept it open. Pretty soon, though, it became just another one of the thirty other channels demanding his attention, another page of flashing red text.
Chapter 23
Out with a Bang
LulzSec was now so big that it made Anonymous and its fountainhead 4chan look like harmless pranksters. Over on 4chan, hardly anyone wanted to talk about the group. “Literally no one cares about LulzSec enough to post about them,” William noted at the time. “These guys are getting fame for the things that we’re used to getting fame for.” At one point, Topiary had made a /b/ thread asking what the locals thought of LulzSec. He got a fifty-fif
ty response, and the thread capped at 350 posts after a few minutes before disappearing. When he confirmed the legitimacy of the first post as OP from the LulzSec Twitter feed, the board was in uproar.
But the newfags, the folks who were always eager to be part of a raid organized on 4chan and who were now angry that LulzSec was stealing their site’s thunder, wanted to lash out at the new champions of Internet disruption. When Topiary and Ryan saw a thread on /b/ plotting to “hunt” the LulzSec hackers, the board, which hated outsiders knowing that it existed, was the next to look like fresh meat.
“Everyone go to /b/ and post stuff about Boxxy, LulzSec sending you there, and triforces,” Topiary commanded the Twitter followers. He promised to publish several thousand assorted e-mail addresses and passwords in return, not mentioning it would come out of his personal collection. Going after 4chan didn’t mean LulzSec was hitting Anonymous, as a few blogs suggested. “That’s like saying we’re going to war with America because we stomped on a cheeseburger,” Topiary said.
The image board was soon overrun by LulzSec fans. “As always, LulzSec delivers,” the account tweeted: “62,000 e-mails/passwords just for you. Enjoy.” Within about ten minutes Topiary’s database had been downloaded 3,200 times, and people were using it to hack random web accounts from Facebook to World of Warcraft. One person found an e-mail and password combination that had been reused on an Xbox account, PayPal, Facebook, Twitter, YouTube, and “The whole lot!” he cried on Twitter. “JACKPOT.”
“Y’all were the inspiration I needed to mess with my roommate’s Facebook beyond all repair,” said another.
“Good to see some refreshing carnage,” Topiary told the horde, whom he now referred to as lulz lizards; he called their intended victims peons. “Releasing 62,000 possible account combinations is the loot for creative minds to scour. Think of it like digging a very unique mineshaft.” Pretty soon more than forty thousand people had downloaded the database and were using it to hack all manner of social media accounts.
LulzSec’s 220,000 Twitter followers had become a community for Topiary as much as an audience. For the next few days he was constantly joking with them on Twitter, telling the FBIPressOffice Twitter account that “we pissed in your Cheerios,” then funneling more requests to hit other smaller websites and sending the Twitter followers to a funny video and watching the site crash.
Anyone who had met Topiary would see hardly any similarity between his real-life persona and the cocksure voice he used as LulzSec’s front man. It was all an act, and to him it felt like acting. A few times he would try to sound like Sabu or Kayla so that it would look like more than one person was manning the feed, but for the most part he was speaking for the monocled man with the top hat. And dozens of people constantly asked how they could join in.
“We’ve got all this attention now,” Topiary said quietly to his core team, “and people asking to join us. How about I write something about the new Antisec movement attacking governments and banks? Is everyone up for that?”
The others in the team, including Sabu, said yes. With a respected name like WikiLeaks now silently behind them it made sense to, for once, put a serious face on what they were doing. Straightaway Topiary wrote up a new official statement saying that Antisec would “begin today,” calling on more people to join the cyber insurgency LulzSec was spontaneously reviving. On the evening of Sunday, June 19, he published a statement inviting white hats, black hats, and gray hats, and just about anyone else, to join the rebellion. Later he said that writing it was, as usual, like writing a piece of fiction:
“Salutations Lulz Lizards,” it started. “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean…We are now teaming up with Anonymous and all affiliated battleships….We fully endorse the flaunting of the word ‘Antisec’ on any government website defacement or physical graffiti art.…Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.”
Not really that interested in hitting banks and governments but more interested in how people would respond to the call to arms, he posted the official statement and headed to bed. His mind was still racing after another chaotic day keeping up with the media, his constantly changing passwords, the fast-paced operations, the new supporters, the tweets, the reactions, the uproar, the chaos of seeing more than a thousand news and blog posts written over a Pastebin post he’d typed out on Notepad. He had never expected this much to happen when he and Sabu had first discussed getting the team back together. It did not feel like things were spiraling out of control, at least not yet. If anything, Topiary was starting to feel that old, familiar itch in the back of his mind. A sense that this latest experience in disrupting the Internet through LulzSec had run its course and was becoming tedious. It was an echo of the restlessness he’d felt with AnonOps only a few months ago.
In the meantime, Ryan had become increasingly annoying to Topiary with his lonely and desperate bids for attention. A couple of days earlier, after twelve hours away from his computer because he’d been asleep, Topiary found more than a dozen messages from Ryan on his laptop asking why he was being ignored.
Of course, there was no way Topiary could stop. He was the main mouthpiece of LulzSec and a prime motivator for the team and its supporters, and leaving would be an enormous practical and emotional effort.
It was hard to sleep. Topiary now habitually glanced out of his window whenever he heard a car drive past. He said privately that he was expecting a raid any day. Acceptance seemed the best way to deal with these things. His emotions lurched from the high of an outrageous new leak to the gut-wrenching paranoia that he was about to get doxed or, worse, raided. Ryan thought the same. He claimed he often went to sleep each night expecting to be raided the next day.
“I’ve given up caring,” Topiary said. Was he imagining what jail might be like? “I don’t like to think about that,” he answered. He also couldn’t help thinking about the second, stiffly worded tweet that Greg Hoglund had added just few days before, the one he had blithely dismissed at the time.
“Aaron,” Hoglund had said. “I wanted to be here to see the fruits of our labour over the last two months. LOL.”
Topiary woke up on Monday, June 20, to a surprise. There had been a much bigger response to his Antisec statement than he had anticipated. Tens of thousands of people had read it (eventually almost a quarter of a million accessed the page) and the media was eagerly reporting the line that LulzSec had “teamed up with Anonymous” and declared war on just about everything in a position of authority in the hope of rooting out corruption. It seemed that cyber anarchists everywhere were running amok. That day CBS local TV news for San Diego reported on some mysterious black graffiti that had appeared on the boardwalk along Mission Beach: a crudely drawn man in a top hat and mustache and the words “Antisec” in a speech bubble.
“I was taken aback,” Topiary later remembered. “My Notepad-forged declaration of Antisec had the AnonOps servers teeming with users. It was like Operation Payback’s prime on steroids. For a while I felt horribly guilty for some reason. The words were almost fiction to me, just another piece of writing, but it got through to so many people, who were now putting their necks on the line for the cause. Someone had even gone out and tagged beach walls with Antisec, getting on the news.”
Ryan was also galvanized by the new mass enthusiasm for Antisec. Naturally, he became more eager than ever to put his botnet to good use. Later that day he started trying to lash out at other major targets: Britain’s Ministry of Finance, then the NSA, then the FBI. Finally, he successfully hit the site for the U.K.’s Serious Organised Crime Agency (SOCA). Anything ending in .mil or .gov, he wanted to get. Topiary watched, transfixed, and after a while decided it would be good to calm Ryan down. He didn’t want things getting out of hand. Even so, he didn’t want to let LulzSec’s credit
for the SOCA hit go to waste, so he announced it on Twitter, again without the usual loud flair. “Tango down—soca.gov.uk—in the name of Antisec.”
Compared to the CIA, this felt like a minor attack, and it hadn’t even completely worked, since the SOCA site was down only for certain visitors. But moments later, someone at SOCA sent an e-mail to London’s Metropolitan Police saying the website had been brought down. Ryan had been launching DDoS attacks from his computer for many months, but now, finally, the police were spurred into action.
Later that same Monday, at around 10:30 p.m., while Ryan was still DDoSing the website of the Serious Organised Crime Agency, ten police cars quietly pulled up outside his house. The address they’d been given belonged to Ryan Cleary, a nineteen-year-old computer nerd who lived with his parents in a nondescript, semidetached house in Essex, England. It turned out the dox that Ryan had claimed was fake was real. He really did live at that address, and he really had been using his actual first name this whole time. When the police entered his rectangular bedroom, they found windows covered in foil to block out any sunlight, a single bed, a messy desk covered in potato chips, and allegedly about £7,000 (about $11,340, based on the exchange rate that day) in cash in his desk drawer. Ryan was pale, had a boyish wisp of a mustache, and was a little on the chubby side. The last time he had been outside the house was Christmas—six months earlier.
The police questioned Ryan for five hours, then said they were arresting him. At around 2:00 a.m. he signed off from MSN with the quit message “leaving.” It wasn’t the “brb Feds at the door” inside joke, but neither was it the leaving message he normally used. The police drove him in the early hours of Tuesday morning back to Charing Cross police station in Central London for further questioning. At that moment, agents from the FBI were on a plane headed for London, and Topiary was fast asleep in his bed, completely oblivious to what was happening.