Book Read Free

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

Page 34

by Parmy Olson


  When Topiary got wind from the others about Sabu’s private discussions, he suddenly realized the other reason why he wanted out: Sabu’s uncanny ability to get inside his head. If Sabu was a good hacker, he was an even better social engineer. Despite his fierce temper, he could coax love, admiration, and guilt out of just about anyone. Often it had been based on something intangible—the promise of a bigger hack on the horizon or the devotion that the LulzSec members had for one another as a team. The harsh reality was that the members now all had to fend for themselves.

  Topiary tried to ignore Sabu’s protestations and began writing his final press release, titled “50 Days of Lulz.”

  “Let it be known in an entirely sexual way that we love each and every one of you,” Topiary told the more than 325,000 followers on Twitter, “even the trolls.” Ten minutes later he published the release:

  “For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” it said. “All to selflessly entertain others.” These were Topiary’s words, not Sabu’s. It wasn’t the rousing address he and Tflow had discussed but a metaphor of what LulzSec had been over the past month: rambling, cocksure, and reaching for a sense of serious conviction about some issue while never seeming truly committed to it. It called on more people to follow the Twitter account Anonymous IRC. Controlled by several hard-core hacktivists who did not wish to be named, it had more than 125,000 followers and was slowly looking like an official line of communication for Anonymous.

  The final leak was a mishmash that included a technical document for AOL engineers, internal documents from AT&T, and user info from gaming and hacker forums. The statement revealed for the first time that LulzSec had been a “crew of six.” Topiary had said it loud and clear: LulzSec was over.

  Chapter 24

  The Fate of Lulz

  LulzSec’s significance had not been completely manufactured. For those who spend most of their time in the world of breathable air, traffic lights, and bimonthly paychecks, it meant the companies that stored their personal details on flimsy databases reconsidered how well those details were protected. LulzSec had pointed to an important fallacy held by companies like Sony—that customer data was safe because their own IT specialists couldn’t hack into them. Now any company could suddenly become a random target of someone else’s whims; it didn’t take an army of hackers to steal more than a million passwords, but a merry crew of six. LulzSec was doing what full disclosure had done in the late 1990s: widely publicizing flaws that companies might have left bare and allowed black hats to steal from if they hadn’t been embarrassed into patching them up.

  For those who spend more time looking at screens, immersed in the world of browsers, IRC, and new web scripts, LulzSec had revived an interest in disrupting the Web. You didn’t need to wait for a raid interesting or funny enough to get a few hundred supporters on /b/ or for an incident like WikiLeaks to spark a cyber insurgency with thousands of participants. You just needed a handful of talented, motivated people with a few good connections in the black hat community. LulzSec had reminded Anonymous that small groups could make a lot of noise. They didn’t always need big resources or connections with the press. Topiary had journalists contacting him every day via Twitter, but he had given only a handful of interviews as LulzSec. He had not used any special software, just the anonymous web tools of Twitter and Pastebin, Notepad to write all his missives, and a simple, retro-designed website that used a design template borrowed from HBGary Federal.

  Anonymous, as an idea, had been around for thousands of years. At some point, a few cavemen must surely have smeared buffalo blood over the rocks of a rival in the dead of night and then run away giggling, Topiary thought. With the dawn of the Internet and anonymous image boards, the process reached beyond a handful to dozens and then to hundreds of people reacting, thinking, and contributing to a collective thought process within very short spaces of time. Anonymous had become a joint psychological state, a sanctuary where a person’s mind could be relieved of the responsibilities that came with identity, or of baggage like guilt and fear. It spawned a new wave of creativity—memes and figurative writing—unhindered by social conventions. When that hive-thought turned to action, it created energy, a mass force that could not be contained. A few could occasionally direct it, but for the most part that nebulous force, as Topiary called it, seemed to have a life of its own.

  For those who wanted more control and more glory, there were the splinter groups. A month after LulzSec disbanded, several new hacker groups had popped up to launch their own ops, often in the name of Antisec and web activism. In July a group called the Script Kiddies hacked into the Twitter feed of Fox News to say that President Barack Obama had been assassinated, and then it defaced the Facebook page of drug giant Pfizer and claimed to have stolen data from Walmart. Groups from the Philippines, Colombia, Brazil, and Peru launched attacks in the name of Antisec, mostly publishing data of government or police officials. More groups followed suit. Through no clear objective of their own, Topiary, Sabu, and Kayla had inspired a trend for anarchic hacktivism.

  It was often not to the benefit of hackers, though. While Sabu had seemed disappointed with the end of LulzSec, the revival of Antisec meant that hackers and script kiddies were still approaching him with vulnerabilities that he could pass on to the FBI. He was fast proving himself to be a valuable informant. Days after the final release from LulzSec, there were more than six hundred people in the AnonOps chat room Antisec discussing both legal and illegal forms of protest against various targets. They were now looking to Sabu for direction, hanging on his every word, trying to impress him with their ideas for hacks.

  “I’m doing the same work, more revolutionary,” Sabu said in an interview on July 1, a few days after his bitter send-off with the LulzSec team members, and of course now secretly working for the FBI. “No more ‘FOR THE LULZ’ as Topiary and Tflow turned it into. I’m doing real work with real motivations.” With Topiary out of the picture, Hector Monsegur’s alter ego Sabu could comfortably take the virtual reins of what looked like a resurgent global movement. Even if it was on false pretenses, he could continue living the life of a revolutionary. Perhaps in an act of self-justification for turning on his old colleagues, he professed nothing but contempt for Topiary and Tflow. “They had me breaking laws and putting myself out there, and when the heat got too hot for them they copped out,” he said. “They’re fucking frauds.”

  Sabu dismissed the idea that he had ever controlled Topiary with intimidation. It’s “bullshit,” he said. “Never once have I mistreated anyone. I…I feel if they did get caught they’d point all fingers at me. When in reality it’s them organizing this bullshit. Don’t mind me. I’m just angry about this. I feel used.”

  If Sabu felt an ounce of guilt, he didn’t show it. It seemed that his perception of the world was that it had always been against him. In his version of events, the idea for LulzSec had started as a joke and to get the old crew back together. Then Topiary had motivated him to get involved, then it had turned into an organization, then something far more serious, with a website, servers, and press releases. Then Topiary had turned himself into the leader of LulzSec and closed up shop.

  “They wanted me to hack for them,” he said. “Then after I did that, they got too scared. It’s that simple.” Ironically, he claimed that the incident that hurt him the most was when he had gone offline for more than a day, and Topiary had worried that Sabu had been raided. In retrospect, it seemed he hated the idea that his colleague on the other side of the Atlantic might have correctly suspected the truth.

  “The truth is for a few days I took a break because I needed one and my family had some issues,” he explained, now giving a different version of what really happened that day. “And [Topiary] concocted some story in his mind that I got raided or something more sinister. He hurt me deep with that act. I would love t
o speak to him, mainly to see him apologize.”

  Sabu claimed that he resented having to clean up the reputational mess Topiary had left behind in the hacker community, responding to comments that LulzSec members were “shit scared about being nailed by the authorities” and had “run away.” After a couple weeks, Sabu finally cooled down, and, perhaps unfortunately for Topiary, he reconciled with the Shetland teenager. The two started speaking to each other regularly on IRC. It was awkward at first, but both accepted that they had been under tremendous pressure and tensions had been running high.

  Topiary had meanwhile taken a break from Anonymous and was trying to spend less time online. He was selling more of his stuff, things like his cooker, fridge-freezer, and bed frame, packing his books, playing his Xbox. His mother and brother had moved to a suburb in England, and he was planning to join them, then find his own place in the southeast region of Kent. He’d bought a sixty-five-liter backpack to prepare for his big move, and he would fit everything else into his laptop bag and a small suitcase. He chatted frequently with Kayla, with whom he was still good friends. She claimed to be on vacation in Spain with her dad and a friend, and on Twitter she dispensed extraordinarily detailed stories about hearing noises from the hotel room above her and splashing in the pool. Between these anecdotes, Kayla would teach Topiary more about hiding himself online and “reverse trolling.” He had set up an e-mail address, Topiaryhatemail@gmail.com, and posted it on the bio of his personal Twitter account. If anyone sent a malicious link to the account, he and Kayla would grab it and reverse-engineer it, then embarrass whoever was trying to infect him. It was a bit of lighthearted fun.

  After a week, he signed back onto AnonOps IRC and was inundated with about fifteen private messages. People asked him questions about LulzSec. They showed him website vulnerabilities, invited him into secret channels.

  “Fuck, it’s THE Topiary,” someone said without any hint of sarcasm. The Anons were desperate to get him to respond to their comments and questions, and several followed him from channel to channel. One person sent him seven hundred FBI logins. Another asked for advice on destroying a few lawyers. He was asked to help with five different operations. Everything seemed to have gotten a bit more loopy since he’d left, even the operators.

  “Topiary, you worm. You anarchist. I love you, bro,” said the AnonOps operator Evilworks. “I bet my left nut that government is DDoSing us.…But I have news for you. AnonOps ain’t going down. NEVER EVER.”

  “My private message windows were flying,” Topiary remembered. “People I’d known from the writing channel back in January were reminding me of who they were, even though I remembered them perfectly.” One anonymous user even mashed his keyboard in excitement when Topiary started talking back to him, saying he didn’t expect “someone like Topiary” to respond. “This made me feel mindfucked to say the least.”

  If he came up with a new channel, named something like #BananaEchoFortress, within minutes it would have a dozen people in it simply because so many were making /whois requests on his name to see which channels he was in.

  “I couldn’t help but wonder what I had done to deserve this much praise,” he said. “I’m far from the most skilled hacker or comedian, writer, or designer.” Topiary came to the conclusion that, throughout the first half of 2011, he was simply in the right places at the right times, supported by the right people.

  Topiary eventually came across a new op that he couldn’t say no to. He didn’t want to get too involved, but a hacker with ties to LulzSec had found a vulnerability in the website for the Sun, a tabloid that was the most popular newspaper in the United Kingdom. It was also a staple title in News International, the media powerhouse owned by Rupert Murdoch. Around this time, the issue of hacking was all over the news—not computer hacking, but phone hacking. The British government had just launched an investigation into reports that journalists from the Murdoch paper the News of the World had hacked the phone of a murdered British schoolgirl and then hindered the case after deleting some of her voice mails. Phone hacking was an open secret in the British press, used most often on celebrities. In fact, the way to listen to someone else’s voice mail was well known across 4chan and other image boards: you simply waited for a dial tone, then held down the # key and hit the common password of “0000.” But news that reporters had hacked a murdered schoolgirl’s phone got the public baying for blood. With Murdoch himself soon to be questioned by a parliamentary committee, it seemed a fitting time to cut Murdoch down to size.

  The hackers who had contacted Topiary on AnonOps wanted him to write a spoof news story reminiscent of his Tupac article on PBS. It was a simple job, and Topiary agreed, thinking it was a good idea. The hackers had managed to take almost absolute control over theSun.co.uk and on July 18 broke into the tabloid’s network and redirected every link on the Sun’s website to Topiary’s story. It was headlined “Media Moguls [sic] Body Discovered” and detailed how Murdoch had been discovered dead in his garden. Topiary couldn’t leave it without a calling card for himself and one of the hackers, adding that Murdoch had “ingested a large quantity of palladium before stumbling into his famous topiary garden.” When News International released an official statement about the attack, the hackers reconfigured the page so it linked to the LulzSec Twitter feed.

  Major news outlets picked up the story immediately, sending it to the top of Google News and saying that LulzSec had struck again. Topiary got messages from the BBC and TV news reporters in the United States, Canada, and Australia seeking voice interviews, but he declined every one. Sabu capitalized on the interest by announcing on Twitter that he was also sitting on a huge cache of the Sun’s e-mails, then announced, “We’re working with certain media outlets who have been granted exclusive access to some of The News of the World e-mails we have.” None of this was true, but several mainstream press outlets’ ears perked up in envy and they reported on the claim.

  LulzSec had successfully made the world’s most powerful media man the butt of a joke that millions of people were laughing at. The day after the Sun hack, Murdoch appeared before the parliamentary committee, and a rogue comedian took things a step further by shouting “You naughty billionaire!” before throwing a shaving-cream pie at Murdoch’s face.

  Rebekah Brooks, former editor of the Sun and the News of the World, was also being investigated for her knowledge of phone hacking. In the midst of the police investigation, a police officer found that her husband had tried to discreetly dump her laptop in a black garbage bag back behind their home. They retrieved it. Topiary read the story and thought that the couple should have melted the laptop. He considered that was something he should do too but figured he could put it off. He was ready to turn over a new leaf, find a new apartment, and even meet his online girlfriend for the first time. She was planning to fly over from Canada in September. But he wouldn’t wipe his laptop or say good-bye to Anonymous just yet.

  Then on July 20, two days after the Sun hack, Topiary was reading the news, and his heart leaped into his throat. According to a Fox news report, British police had arrested a suspected core member of LulzSec in London, a man who went by the nickname Tflow. The official statement said that the male they had arrested was sixteen. Topiary read that again. Tflow, the genius programmer who had written the Tunisian anti-snooping web script, configured their website, compiled all that data, was just sixteen years old. He checked his IRC client and saw the last message he’d received from Tflow had been just four hours before his arrest:

  “Nice work with Sun. Do you guys have everything you need for a proper e-mail release? I don’t want to leave you guys hanging.” And that was it. Tflow had been the most reserved member of LulzSec. Mysterious, mature, and quiet, he was assumed by most people on the team to be in his twenties. He was a levelheaded programmer and evaded most questions about himself and his personal life—the complete opposite of Kayla. And yet there was the Metropolitan Police statement in an article titled “Youth Arrested under Com
puter Misuse Act” that added that computer equipment had been taken in for analysis.

  “If that’s really him, I’m really worried now,” Topiary said at the time. “I’m on the same ISP as him and everything.” Topiary was on a twelve-month contract with his Internet service provider, and he couldn’t afford to break the clause by paying for the entire year.

  Topiary saw a pattern with the arrests. He went to Sabu and suggested that Ryan and Tflow might have been on the police’s radar for months but were arrested only after a big U.K. hit, Ryan after the SOCA attack, Tflow after the Sun (though he had not taken part in the hack). Since several LulzSec members were located in Britain, “we should stop hitting U.K. targets now,” Topiary said.

  Sabu was indifferent. “So it’s ok for us to stop U.K. targets because you gimps are in the U.K., but not to stop hitting USA targets because I’m in the U.S.A.? Thanks.” Topiary gritted his teeth. He felt he had a right to be worried, considering that he was in the U.K. too when the arrests had occurred, but Sabu was suggesting it was selfish to avoid British targets.

  “I’ve missed you, brother,” Sabu then added, before asking if Topiary might give him the password to the LulzSec Twitter feed. Topiary declined and left the chat room.

  Topiary hated to admit it, but the lulz were slowly coming to an end. The music had stopped; the harsh lighting had flickered back on. By the time LulzSec officially ended in late June, police across eight countries, including the United States, Britain, Spain, and Turkey, had arrested seventy-nine people in connection with activities carried out under the names Anonymous and LulzSec. Most of the arrested were male, and the average age about twenty-four. Being part of the large crowd hadn’t helped. Fourteen, including twenty-year-old Mercedes “No” Haefer, had been arrested for taking part in the LOIC attacks on PayPal and were now on trial.

 

‹ Prev