Hacker, Hoaxer, Whistleblower, Spy
Page 9
More than anything, though, it was the pilots’ banal tone of voice during their discussions with command about whether to attack—they were calm to the point of psychosis—that really sent waves of horror over you. One member of the crew laughs upon discovering that one of the victims is a young girl. “Well, it’s their fault for bringing their kids to a battle,” he remarks nonchalantly.
As we all now know, Chelsea Manning chose to leak the video, along with other vital documents, and a hacker named Adrian Lamo ratted her out. On May 22, 2010, Manning confessed to Lamo during a chat conversation that she’d gifted WikiLeaks the footage that was used to create “Collateral Murder.” Early in the conversation, Lamo earned Manning’s trust by misrepresenting himself:
I’m a journalist and a minister. You can pick either, and treat this as a confession or an interview (never to be published) & enjoy a modicum of legal protection.3
Manning subsequently spilled her guts to a person she had never met and whose claims of being a journalist and a priest were tenuous as best.4 Lamo turned the log over to both the FBI and Wired magazine. The FBI arrested Manning, ultimately leading to her admission that she had provided WikiLeaks with not only the video footage seen in “Collateral Murder,” but also the diplomatic cables WikiLeaks would release over the next two years. Manning was sentenced by a military judge to thirty-five years in prison, and is now at Fort Leavenworth, following a year in solitary confinement before being sentenced.5
At the 2010 HOPE conference, there was palpable tension in the air. Rumors swirled that Julian Assange was going to give the keynote. In a last-minute switch-up, it was not Assange who stepped out on stage, but American hacker Jacob Appelbaum. His riveting talk effectively outed him, in front of everyone in attendance (including the inevitable federal agents), as an affiliate of the embattled organization. It was a bold move, given the tactics of silencing, prosecution, and intimidation leveled against the organization by US authorities. His talk contextualized WikiLeaks historically into what is now commonly called “the fifth estate”: the hackers, leakers, independent journalists, and bloggers who serve the critical role that once fell to “the fourth estate,” the mainstream media. Or as Appelbaum put it, “When the media is gagged, we refuse to be gagged. We refuse to be silent”—a declaration that was met with thunderous applause. (The most glaring example of media silence in the past decade was when the New York Times refused, at the request of the government, to publish a story on the NSA’s illegal, warrantless wiretaps. The Times eventually ran the story—only because the author, James Risen, was about to scoop the paper by publishing a book on the topic. The article which they tried so hard to withhold ended up winning a Pulitzer Prize.)
While WikiLeaks, “Collateral Murder,” and Manning had found pride of place in talks among politically minded hackers and transparency advocates, a fourth figure dominated most conversations at HOPE: Lamo, the hacker traitor. He was on the tip of every tongue for one simple reason: he was, like them, a hacker himself—and present at the conference, no less. People were completely pissed off. Appelbaum, during his talk on WikiLeaks, promised not to utter a word about Lamo. As he said this, he unbuttoned his shirt to reveal a T-shirt that said “Stop Snitching.” The crowd went wild. Flyers bearing Lamo’s face subsequently popped up throughout the venue. Lamo was “WANTED// Dead or Alive// for bein’ a low-down good for nuthin’ rat bastard.”
As I stood staring at the flyer, a hacker friend of mine darted up from behind me to say hello. Shaking his head in Lamo-evoked disgust, my friend explained that Assange was “the real deal”—rare high praise from a fellow hacker. He had known him back in the 1990s when the hacker underground was in full force and roaming free, before the crackdowns against them in the late 1990s. This class of hacker would routinely disregard the law in his or her explorations of private networks and computer systems—not motivated by profit or malice, but instead by an insatiable curiosity: a desire to know how things worked. While the transgression itself offered a form of pleasure, back then only a small class of hackers was explicitly inclined toward activist-oriented politics. Julian Assange was one of them. He was a thoroughly conscientious hacker who even penned ethical manifestos explaining his actions. Assange was part of a small team of “International Subversives” who abided by a creed: “Don’t damage computer systems you break into (including crashing them); don’t change the information in those systems (except for altering logs to cover your tracks); and share information.”6
Wrapping up our discussion on Assange, my friend and I heard some exciting news. HOPE’s main organizer, Eric Corley—better known by his famous hacker handle “Emmanuel Goldstein”—had announced an impromptu panel on snitching and snitches, featuring none other than Lamo. Lamo was slated to sit alongside some of the most famous underground phone phreaks and hackers of all time: Bernie S., Mark Abene (aka Phiber Optik), and Kevin Mitnick. A couple had served jail time as the result of snitching. They themselves, in their own trials and travails, had all refused to “cooperate,” paying dearly with extended jail time for staying silent and not ratting out their peers.
In all my years of attending hacker conferences, this panel remains the most extraordinary I have witnessed. Imagine 2,600 hackers sitting before a single despised traitor as he looks out at them from the stage and attempts to justify his actions.
Hacker Town Hall on Snitching with the Most
Reviled Hacker Snitch of All Time
The hackers opened the panel by recounting riveting stories of their exploits, eventual capture, and betrayal at the hands of trusted peers. The first to speak was Goldstein, who highlighted a truism I would see in action a little later with Anonymous. When cops or Feds show up (usually at daybreak and knocking loudly while pointing guns), Goldstein reminded the audience, “People panic … and the authorities count on this. The authorities live for this kind of thing so that they get as much information—they get all of us telling other people about other people.”
When Lamo climbed on stage and ambled slowly toward his chair, well … The circles under his eyes were deep brown, and when he blinked it was done in slow motion and with great difficulty, as if he had to force his eyelids down each time. It wasn’t that he seemed nervous—he just seemed genuinely zonked; it is quite possible that he was, along with being very tired, also medicated. Lamo had once been lauded as a black hat hacker, and listening to him justify his actions was spellbinding. He felt “compelled,” he explained, to hand over the logs in the interest of national defense. Bernie S., wanting details, respectfully interrupted: “In what way did you feel people were put at risk?” Lamo gave a rambling response: “The State Department is involved in a number of intelligence operations throughout the world, um, they are not supposed to be, but they are looking out for the interests of Americans.” This triggered immediate hisses from the crowd, and an audience member yelled, “The State Department activities put other people at risk!”
Goldstein sensed the crowd might turn into a lynch mob, sharpening their pitchforks and lighting their torches, ready to run Lamo out of town. He calmed the audience down, reminding them, “You will have your say”—but not before Phiber Optik first chortled, “We will be handing out darts and bows and arrows, so don’t worry.” The comic relief released some steam, but the tense atmosphere simply returned until the end. Time and again, Lamo’s attempts to rationalize his actions were met with angry boos. After Lamo defended the government and described his interactions with its agents as a “surprisingly pleasant undertaking,” even Goldstein couldn’t help himself; he interrupted Lamo before the Q and A period to ask how he felt about the possibility that Manning might spend the rest of her life in jail (someone in the crowd also lobbed out “Torture!”). Without missing a beat, Lamo intonated slowly: “We don’t do that to our citizens.” Some of the loudest hisses and boos of the day rustled through the audience, and someone yelled: “Guantanamo!” No matter what Lamo said, it was apparent that he was digging himself i
nto a deeper hole—and it was also apparent that nearly the entire auditorium was ready to fill in the dirt on top of him.
At the time, however engrossing the panel was, I could not see its relevance to my project on Anonymous. WikiLeaks and Anonymous were, back then, residing on different planets (even if they were, admittedly, part of the same geeky galaxy by way of their respective fights against censorship and Scientology).7 And yet, one year after the conference, on July 4, 2011, I had my very first private IRC chat with Anonymous’s most famous snitch: Hector Monsegur, who had previously been known only as “Sabu.” By then he had already been arrested and was secretly working with the FBI—though this fact was lost both on myself and many others at time (in spite of a litany of now obvious clues). Monsegur’s charisma—and his adeptness in psychological warfare tactics, like displacing suspicion by accusing others of snitching—blinded many to the hints he dropped in plain text a few months after his covert arrest: “Stick to yourselves,” he wrote on reddit. “If you are in a crew—keep your opsec up 24/7. Friends will try to take you down if they have to.”8 This echoed a lesson which Manning had learned first hand a year earlier.
But the mutual problem of snitches is the most tenuous of the emergent connections between WikiLeaks and Anonymous. We can trace a more direct coupling by looking at the trajectory of AnonOps.
DDoSing on Random Dice Day
AnonOps emerged in 2010, just a few months after HOPE ended. It began as a new Anonymous node and eventually grew into a full-blown IRC network. The network would take the world by storm thanks to its experiments—and I do mean, quite literally, experiments, as the group never carefully thought through anything until much later—with a slew of direct action political tactics. Many of these were straight up illegal, so it was only a matter of time before they drew the attention of the FBI.
Although the history of AnonOps would come to intersect with WikiLeaks in December 2010, these two entities could not be more different when judged from the perspective of organizational mechanics. WikiLeaks was built up as a carefully sculpted life’s work. Assange, as founder and spokesperson, controlled—too tightly, many would come to say—most aspects, and his personality and identity became hopelessly intertwined with the WikiLeaks name. When his personal reputation was sullied, it tarnished the organization as a whole. On the other hand, the constitution of AnonOps was a happenstance affair, like Project Chanology before it: born in the contingent convergence of timing, and media attention, each element contributed to its meteoritic rise and rapid success—a reminder again of how tricksters, like Anonymous, are perfectly poised to exploit the accidents gifted to them and sometimes benefit from acting on a whim.
It was late August 2010, about two and a half years after hackers had first adopted the name Anonymous to venture into activism. By this time, Chanology had organized street protests, forged tight alliances and friendships with ex-Scientologists, dabbled in Iran’s unsuccessful Green Revolution, and branched out into other areas of Internet activism. In February 2010, after Australia’s Telecommunication Minister proposed regulation to filter Internet pornography, some Anons rolled out “Operation Titstorm” and successfully overwhelmed government servers with a barrage of traffic requests. This op, proclaimed as part of the Operation Freedom Movement, was a harbinger of what was soon to come.
A number of Anons relaunched the Operation Freedom Movement, rebranded the Internet Freedom Movement (IFM)—on July 5, eleven days before HOPE.9 Those involved in the IFM, along with the geek world at large, had set their sights on protesting the Anti-Counterfeiting Trade Agreement (ACTA). ACTA sought, among other things, to introduce sweeping regulations which would criminalize copyright infringement and encourage Internet service providers to profile, track, and monitor their users. Opposition was fierce, and nearly every group involved in the politics of access—Electronic Frontier Foundation, the Free Software Foundation, Public Knowledge, La Quadrature du Net—criticized the secrecy under which the treaty was being negotiated, and categorically opposed its ratification.
The proposed methodology of the IFM was to lobby politicians and raise public awareness using propaganda materials and websites. As part of these efforts, advocates created a dedicated chat room called “#antiactaplanning” on the IRC server OccultusTerra. In late August 2010, an Anon activist going by the nickname “golum” (not his usual pseudonym) entered the chat room and boldly declared his intent to move things forward by DDoSing the Office of the US Trade Representative (USTR) website, ustr.gov, at 9 pm EST on September 19, 2010. The USTR’s office was a natural choice given that ACTA was a US-led trade agreement and the USTR had the muscle to levy sanctions against nations that violated trade treaties.
But many people in the chat room had concerns: First, Chanology had already set a political precedent by disavowing the use of illegal tactics like DDoS. And second, no one could understand why that particular date had been chosen. It struck many as completely arbitrary, and it (mostly) was; the one connection was that September 19 is Talk Like a Pirate Day. golum faced vehement opposition, at least from those who were paying attention to their screens (all pseudonyms have been changed):
[…]
Although everyone on the channel savaged golum’s proposal, he remained unmoved:
[…]
<+void>: OMG ITS THE ANONYMOUS, THE ONLY THING THEY DO IS DDOS, OMGOMGOMOGMOMG LETS MAKE ACTA PASS ON POSITIVE
A few Anons, conveying the legal risks, highlighted the difference between targeting the US government and targeting other entities, and then considered the conversation over. (Note also that the risk assessment about arrests was accurate—over twenty-seven individuals have been since indicted for the ensuing spate of DDoS actions—and in the United States you can still get in deep trouble for targeting anyone famous):
[…]
[…]
If you are wondering about just what “official” means in Anonymous: well, yes, something can be deemed “official” if someone declares it as such and, crucially, if enough people also support it. But at the time, support for militant direct action tactics on this IRC channel were lacking. Although someone had initiated an IRC channel called “#ddos” with the mandate of discussing the possible use of the tactic, the freewheeling aspect of Anonymous IRC chat only goes so far before bumping up against norms and rules:
The next day Lola appeared again—this time to discuss botnets (networks of remotely controlled computers which can be used to strengthen a DDoS assault):
Lola is told, again, to stop “discussing illegal activities.”
This is, perhaps, an opportune moment to discuss botnets in more detail—especially since they became increasingly important to the Anonymous DDoS operations we will consider a little later. There is a Wild West cattle rustling aspect to the whole affair. A botnet is essentially just a collection of computers connected to the Internet, allowing a single entity extra processing power or network connections toward the performance of various tasks including (but not limited to) DDoSing and spam bombing. A botnet is a very powerful tool, involving (as it does) computers that are connected across various parts of the world and capable of distributing tasks. Participants whose computers are tapped for membership in a botnet usually have no idea that their computer is being used for these purposes. Have you ever wondered why your computer worked so slowly, or strangely? Well, you might have unwittingly participated in a DDoS.
A computer most often becomes a member of a botnet by getting infected by malware. This can happen through a number of different methods—that hilarious cat video you downloaded, the malicious link in an email from your aunt, a phishing attack you didn’t even know about, or a virus piggybacking on some software you downloaded from the Internet. Once infected, the computer runs a small program, usually hidden in the process table so it is not easily found, which mediates its involvement in the botnet.