Hacker, Hoaxer, Whistleblower, Spy
Page 23
It was a bit of a struggle to keep up. I was in the midst of a nasty flu and was worried it was the forerunner of full-blown rabies. I had just had my last inoculation shot four days prior, after an unfortunate run-in with a bat a month earlier. Through the haze, the fever, and the sore throat, I offered:
To which PKE, spared from both the flu and irrational postulates about the onset of rabies, replied with a more incisive commentary:
In the end, left unsatisfied by what the mere mortals had to offer, the Anonymous tricksters opted to release the additional HBGary emails they had been holding onto for leverage. While most of the company emails were being seeded for release during the course of the chat conversation, the following week Anonymous also released Greg Hoglund’s 27,606 emails on AnonLeaks.24
A Team of Anonymous Ninjas Exposing Team Themis
For days following this epic showdown, the lulz pulsed through the IRC chat channels, electrifying and recharging the collective mood. The press could not get its fill of the hack. Journalists sought out Barrett Brown for commentary, which appeared from the New York Times to the BBC. On February 8, 2011, Brown jubilantly declared on #ophbgary:
From the outside, it appeared as if Brown was a beloved Anonymous activist at the top of his game. But from the inside, with just a tiny bit of poking, it was easy to witness the grumblings about the role he adopted just a little too willingly. At the time, Anonymous was fond of penning collectively written documents. Most of them were about operations. One appeared later in the same month bearing the title “All About Barrett Brown. Add your comments guise.” This defacto performance review dissected his contributions—securing legal help, writing editorials, getting the press online—in relation to a moral evaluation of his public behavior. None of this was done behind his back. Indeed, before the critiques were issued he was solicited to write a statement, included here in its entirety, to appear near the top of the document:
Yes. Anyone who doesn’t know what I’ve done for Anon hasn’t been involved in OpTunisia and OpEgpyt to any real extent, and anyone who wasn’t working on that campaign every fucking day can go fuck themselves. What’s fucked up is how many more people are in this document than are in any of Anon’s actual important documents. There’s my “statement,” sweethearts. Also note that the person who started all this did not get his paragraph put in the press release and is upset aboutr it.—Barrett Brown
Understandably—given that he had just told everyone to go fuck themselves—most of the following seven pages of commentary hashing out his personality, motives, and contributions slanted toward the negative. The critiques, while dotted with occasional positive assessments, found consensus in opposition to his self-promotion:
—This is important. It’s about the basic principles of Anonymous ideology, anonymity and the equality of all.—You seem to imply that you are special and important such that the principles mentioned below, anonymity and equality of all, do not apply to you.
---------------------------------------------------------------------------
*Your dedication isn’t under discussion. You most certainly are one of Anons most important friends. I just want to say that I don’t want to see you as ‘leader of Anonymous’ nor spokesperson. I know that would be of no benefit to Anonymous.+1 wholeheartedly +1 undoubtedly +1 *@Barrett: Anonymous will support you, as long as you do not form a personal army and you abstain from leaderfagging. +1+1+1
The small team of hackers working behind the curtain were also far from pleased by all the journalistic attention Brown was receiving from the HBGary operation. Roughly a month later, Gawker’s Adrian Chen and John Cook published an article, “Inside Anonymous’s Secret War Room,” detailing the aftermath of the HBGary hack. Brown had spoken to the journalists at length:
Barrett Brown, who is generally regarded by Anonymous members as a spokesman for the group, said he has known about the “security breach” for some time: “We’re aware of the security breach as other logs from ‘HQ’ have been posted before (and I should note that HQ is not really HQ anyway—you will note that the actual coordination of performed hacks will not appear in those logs).”25
Upon reading the article, many of the hackers, already annoyed at Brown, became infuriated, lashing out at him on #anonleaks, the channel dedicated to discussing the HBGary leaks.
Brown, along with Gregg Housh (c0s), who also frequently spoke with the media, blamed the journalists for identifying a spokesperson, even when instructed otherwise.
With that settled, they moved to other upsetting topics, notably how Brown claimed insider knowledge about #HQ, the HBGary breach, and the hacking, when he had not witnessed the operation, much less contributed to it. Even worse, he was simply wrong about #HQ; it was where the HBGary hack was coordinated:
<`k>: tbh there’s no need for you to even be talking to media in the first place you’ve done nothing yet you have an explanation for everything
t getting your name known.
[…]
<`k>: it’s easy to say “no” to reporters
As was the case with Snapple before him, Brown got momentarily kicked off the channel, in this case by `k. This was followed by final remarks, including a few about the quality of the spectacle—as if the arguments doubled as an impromptu version of a high school debating match:
<`k>: im just sick of these faggots whoreing attention in the media when they claim they have no part in things yet think they know everything
Just as Brown became embattled due to his promotional activities in relation to the hacks, HBGary itself faced another set of tough challenges and necessary decisions.
The Aftermath
A day after chatting with Anonymous and a week before the premier North American security conference hosted by RSA Security Inc. was slated to begin, Greg Hoglund bemoaned his situation to a reporter: “They are causing me a great deal of pain right now … What they’re doing right now is not hacktivism, it’s terrorism. They’ve really crossed a line here.”26 The terrorism charge was new—never before appearing, either publicly or in emails, from Hogland or Barr. The reversal of terms was likely a carefully crafted PR tactic designed to paint these hackers as “terrorists” and thus as a grave danger to society; it was perhaps a calculated bid to convert the embarrassing reality of the gruesome hack—a potential (probable) disaster—into an advantage. Hoglund also made the decision to pull out of the RSA conference.
Though HBGary clearly hit a rough patch, the company came out the other side of this turmoil unscathed, or perhaps even stronger—aided by its rebranding of Anonymous as a “terrorist” element to which it was victim. A year later, HBGary was acquired by a defense contractor called ManTech International. Hoglund cooperated closely with law enforcement in its investigations of Anonymous, as duly noted in an FBI press release:
The broad case against six hackers, including [Hector Xavier] Monsegur, [aka “Sabu”], is the product of an extensive investigation … The attack on HBGary was carefully investigated by the FBI in Sacramento and the case was transferred to New York for Monsegur’s plea. Importantly, the Sacramento investigation greatly benefited from the assistance of HBGary itself.27
Aaron Barr and HBGary Federal fared less well. As CEO, Barr could not be fired, but he elected to step down by the end of February 2011, and the company subsequently folded. During an interview with Forbes’ Parmy Olson, he reflected on the events: “Do I regret [making those claims] now? Sure … I’m getting personal threats from people, and I have two kids. I have two four-year-old kids. Nothing is worth that.”28
The two other members of Team Themis, Berico and Palantir, which had schemed with HBGary Federal to discredit WikiLeaks, washed their hands of blood like Lady Macbeth, immediately severing all ties with HBGary Federal and disavowing full knowledge of the plan. But as Nate Anderson of Ars Technica put it: “both of the Team Themis leads at these companies knew exactly what was being proposed (such knowledge may not have run to the top). They saw Barr’s e-mails, and they used his work. His ideas on attacking WikiLeaks made it almost verbatim into a Palantir slide about ‘proactive tactics.’”29
In the aftermath, troubled by their new-found awareness of such proposed tactics, a group of Democratic congress members sought to investigate Team Themis. During an interview, the lead congressman for the committee, Hank Johnson, expressed why he supported the inquiry: American tax dollars were being used to fund tools and programs to spy on Americans and quell First Amendment rights.30 Other congressmen, notably Representative Lamar Smith, quietly dismantled and blocked this investigation. Regrettably, the mainstream press never followed up to write about the inquiry’s demise.
The growing dissatisfaction with Barrett Brown inside Anonymous did not slow him down. He remained active within Anonymous for a few more months. The intimate portal into a private security firm like HBGary Federal galvanized him and facilitated the establishment of his web-based think tank ProjectPM (PPM), “a crowd-sourced wiki focused on government intelligence contractors.” It was clear to him that HBGary Federal was not an anomaly amongst defense contractors. In an op-ed published in 2013, Brown expressed his aims for PPM: “we must look not just toward the three letter agencies that have routinely betrayed us in the past, but also to the untold number of private intelligence contracting firms that have sprung up lately in order to betray us in a more efficient and market-oriented manner.”31
The ballooning size of this market-driven industry has been thoughtfully assessed by Tim Shorrock, one of the few investigative journalists to extensively research the topic. Information is scarce, as he explains, but there are a few telling details to suggest the enormity of these operations:
Outsourcing has become so pervasive that the Director of National Intelligence decided to study the phenomenon last year. But when the report was finally completed in April 2007, the results were apparently so stunning that the DNI vetoed the idea of putting out a report and instead told reporters that disclosure of the figures would damage national security.32
It is estimated from current figures that 70 percent of America’s $80 billion intelligence budget goes toward private contractors.33 While the HBGary and HBGary Federal emails provided no hard numbers about the size of the overall industry, they did offer qualitative measures that point to the massive scale of the government intelligence contracting world. Brown, aided by volunteers who did the bulk of the research and writing, and all the technical work, hosted a central repository to catalog the brave new world of corporations that specialize in intelligence gathering, espionage, and infiltration for corporate and government clients. Where the leaked documents truly broke ground was in providing insight into the types of tactics employed by private firms in the era of digital and networked technologies; the firms were evidently willing to propose and engage in reckless acts. After all, Barr was on the path to providing actionable intelligence, for instance, doxing some Anons who had done nothing illegal—even offering nicknames and locations to a reporter. His firm had also laid out detailed plans to sabotage the career of a journalist. Since this type of work is now also spread across hundreds of different private firms, it is unlikely there will ever be a single massive document dump equivalent to the one which busted open COINTELPRO detailing the corporate face of spying; instead, the public will have to rely on the piecemeal datasets it receives through leaks and hacks such as the HBGary one.
Inspired by the success of the HBGary hack, other Anons would soon seek to direct similar techniques to other security and intelligence firms. But first, the hackers who had decimated HBGary Federal would break away from AnonOps and embark on a fifty-day tour as an experimental performance troupe by the name of LulzSec. It would receive rave reviews from Internet denizens. But corporations watched the play, with its seemingly endless string of encores, in horror.
CHAPTER 8
LulzSec
LulzSec—a crew of renegade Anonymous hackers who broke away from Anonymous and doubled as traveling minstrels—appeared a few months after the infamous HBGary Federal hack. Crewed by the same individuals who had vindictively hacked Aaron Barr, LulzSec’s startling fifty-day catalytic run began in early May 2011 and abruptly ended on June 25, soon after one of their own, Sabu, was apprehende
d and flipped in less than twenty-four hours by the FBI. Among their targets were Sony Music Entertainment Japan, Sony Picture Entertainment, Sony BMG (Netherlands and Belgium), PBS, the Arizona Department of Public Safety, the US Senate, the UK Serious Organised Crime Agency, Bethesda Softworks, AOL, and AT&T. Despite the avalanche of activity—and numerous intrusions—LulzSec, when compared to Anonymous, was more manageable and contained, at least from an organizational perspective. Its members hacked with impunity, finally making good on the 2007 Fox News claim that Anonymous was comprised of “hackers on steroids.”
LulzSec members played their role knowing full well they were performing for a diverse audience. Even the haughtiest of security hackers who had earlier snubbed Anonymous cheered on LulzSec. Some old-school black hats lived vicariously through LulzSec, in awe of its swagger, its fuck-you-anything-goes attitude, and its bottomless appetite for exposing the pathetic state of Internet security. Journalists could not get enough of their antics, nor could they really keep up. With so many intrusions, exfiltrations, and data dumps, LulzSec blew out the usual three-day news cycle. For much of its reign, LulzSec taunted journalists with the lure of information and then gave them the silent treatment—with one notable exception: Parmy Olson of forbes.com. These hackers (almost) exclusively fed her info about their dealings and, to retain her privileges, she was discreet about the arrangement.1
Although they gave Parmy Olson enough information to write her stories, LulzSec’s main gateways to the world were their website, their Twitter account, and the website pastebin.com, where all their dumps were mirrored and their proclamations released. Pastebin is typically used by programmers to post small snippets of text, source code, or configuration information. It generates a unique URL that can then be pasted elsewhere, like IRC, for others to view. Instead of pasting multi-line text into IRC channels—something that will get you kicked out of a channel for “flooding”—you can simply provide the link. Typically, these generated links are unmemorable random characters and expire after some time. Pastebin is only one among a multitude of such sites, so why LulzSec chose this medium is a bit of a mystery. Regardless, it freed LulzSec from the need to host infrastructure for their missives. Their Twitter account amassed followers in bulk, sometimes twenty thousand per week. Penned by their resident trickster, Topiary crafted delightful updates, often maintaining a maritime character.