Hacker, Hoaxer, Whistleblower, Spy
Page 28
In the course of one of his earliest hacks, before he was involved in Anonymous—indeed, before Anonymous even existed as a name to channel activist causes—Hammond left the image of Guy Fawkes on a defaced website. As he briefly touched upon his Guy Fawkes defacement and described his love of the film V for Vendetta, his blue eyes sparkled, his otherwise pale face came to life, and the austere room seemed to soften. I prodded him for more details.
It was March 2006, only a year after he started to hack politically. He had teamed up with The BrigadaElectronica, a loose association of radical anonymous hackers. This coalition hacked into the websites of the Philippine National Police, the Malacañang Palace (the official residence of the Philippine president), the Office of the President of the Philippines, and the National Defense College of the Philippines in a show of solidarity with the Sagada 11, a cohort of activists, including a few volunteering with Food Not Bombs who had been detained in the northern Filipino province of Luzon and faced charges of terrorism.4 (Food Not Bombs is an association of radical collectives serving vegan and vegetarian food to the hungry.)
Hammond wasn’t the only budding anarchist fond of the Hollywood blockbuster V for Vendetta, released the same month as his hack in support of the Sagada 11. The film’s antihero dons a Guy Fawkes mask. Fawkes was once primarily known as a sort of mascot for seventeenth-century British regicide. His failed attempts at regicide are commemorated to this day in the form of a British holiday bearing his name, which celebrates the continuity of the monarchy through the widespread burning of bonfires. British writer Alan Moore adopted the mythologized figure into a dystopian comic book, which became a Hollywood film, which led to the reimagining of Fawkes’s visage as that of the quintessential terrorist-turned-icon-of-resistance. Even if all symbols are open to interpretation, some are more elastic than others. While the peace symbol can only signify one single position, this silent smiling man has, over the years, accrued a multiplicity of meanings before coming to stand as the face of popular dissent.
Soon after his first forays into political hacking, Hammond was arrested and detained in federal prison between 2006 and 2008. He had digitally infiltrated a right-wing organization called “Protest Warrior,” whose tag line is “Fighting the Left, Doing it Right”; he pilfered credit card information from their site’s database. Since he never used the credit card information, he was only charged for the computer intrusion, escaping the harsher sentence and fines that often attend fraudulent credit card use (the prosecutor was seeking a five-year jail term in addition to a $2.5 million fine, saying, “While Jeremy Hammond tried to make this about politics, we wanted to make this about what actually occurred, that he stole credit cards”).5 Sentenced to twenty-four months in jail and fined $5,358, he was sent to a medium-security prison and served eighteen months.
During our interview he offered a surprising confession. In 2008, as Anonymous began adopting the Guy Fawkes mask he adored, he was initially repelled by the group. He dismissed Anonymous as “script kiddies” (a derogatory term for a technologist lacking real skills) and found the “anything goes” culture of deviant trolling—which crossed the line into racism at times—“alienating.” But these were minor reasons compared to his broader rejection of hacktivism more generally. After a few years of political hacking, and two years in jail for the effort, he had asked himself whether “as an environmentalist … [he] was supporting the industrial beast with technology.” For a period he answered “yes,” and he backed away.
But with the emergence of WikiLeaks, and the leaks provided by Manning in particular, he saw the potential of technology “to expose crime.” At his sentencing, following his hacking stint for Anonymous, he would pay tribute to Manning: “She took an enormous personal risk to leak this information—believing that the public had a right to know and hoping that her disclosures would be a positive step to end these abuses. It is heart-wrenching to hear about her cruel treatment in military lockup.”
Hammond warmed to Anonymous early in 2011. He joined AnonOps during OpWisconsin but remained largely a spectator. As he learned the ropes, he also started to establish connections with others. On June 21, 2011, Hammond finally took the full plunge. He first approached Sabu and wanted to hand over some material but, after failing to connect with him, instead sent a private message to two members of LulzSec, first to Topiary and then to tflow, offering to offload some “candiez” that were in his possession. Hammond had recently gained privileged access to the Arizona Department of Public Safety website and siphoned the data he found there. LulzSec eventually accepted custody of the information and released it in four batches under the title “Chinga La Migra” (Spanish for “Fuck the Immigration Police”). It included email messages, names, phone numbers, home addresses, and passwords belonging to Arizona law enforcement, alongside operational materials such as private intelligence bulletins and training manuals.
The timing was perfect. When Hammond handed over the data, LulzSec was in the midst of a tectonic shift, from Internet trickster-fabulists to revolutionary militants. They had a new agenda and a new flag: “AntiSec,” short for Anti-Security. The shift is difficult to explain. Insiders confirmed that even for them, this period was mired in chaos. One Anon told me during an interview: “This was more chaotic in terms of so many subgroups forming, splintering, and redefining themselves … This was the age of LulzSec, AntiSec, TeaMpOisin, the A-Team, CabinCr3w, Buccaneers, Panther Moderns, etc.” Mysteries aside, one thing was certain: over the summer of 2011, Anonymous experienced a Cambrian explosion of hacker crews. Where previously a single IRC network (AnonOps) and a breakaway group (LulzSec) dominated the North American and European scene, an archipelago of hacker islands—with AntiSec becoming the most visible and notorious of the bunch—suddenly emerged from the Anonymous waters.
“It’s now or never. Come aboard, we’re expecting you”
In early June 2011, LulzSec was sailing at a fast clip and leaving behind an extravagant wake for the enjoyment of other Internet denizens. They didn’t know at the time, but they were sailing headlong into stormy weather. Seemingly out of the blue, on June 19, 2011, four days before the Chinga La Migra release, LulzSec unfurled “Operation AntiSec.” This operation was announced, true to form, via a press release on pastebin.com. But there was one key difference: its language. Featuring only a trace of humor (some bits about lizard blood and a reference to lyrics from the Love Boat theme song), its tone was strikingly revolutionary. The release also claimed something that LulzSec had not claimed before—that the operation was an Anonymous project:
Welcome to Operation Anti-Security (#AntiSec)—we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art.
Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.
Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.
It’s now or never. Come aboard, we’re expecting you.6
Why did Topiary, who wrote the communiqué, push for this revolutionary stance? All evidence points to Sabu. A few weeks prior to the publication of the press release, Sabu had clamored online for the revival of an older AntiSec project.
The anti-security movement had briefly flourished at the turn of the century among some black hat hackers who had contempt for the security industry in general, and for white hat hackers in particular. This was a
period when increasingly hackers sought and landed employment in the security industry. Under the mantle of anti-security, a slice of black hat hackers targeted security professionals—doxing them, dumping their mail spools—to protest the increasingly common practice of publicly disclosing exploits and vulnerabilities. Their reasoning, as offered in a founding document, was as follows:
The purpose of this movement is to encourage a new policy of anti-disclosure among the computer and network security communities. The goal is not to ultimately discourage the publication of all security-related news and developments, but rather, to stop the disclosure of all unknown or non-public exploits and vulnerabilities. In essence, this would put a stop to the publication of all private materials that could allow script kiddies from compromising systems via unknown methods.7
While this statement may sound reasonable, the group’s actions were aggressively bold. A more recent anti-security manifesto reflects the mayhem these hackers wrought on the security industry (see figure overleaf). As odd as it might seem, part of the motivation behind the original anti-security was cultural preservation, “to take back the scene.”
The original anti-security vision was a different animal from the one conceived of by Sabu and Anonymous. While the contemporary Anonymous AntiSec movement held little regard for white hats and was disgusted at what it saw as flagrant greed in the security industry, these were not its main enemies.
antisec
/Exposed
•Fuck full-disclosure
•Fuck the security industry
•Keep 0days private
•Hack everyone you can and then hack some more
Blend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.
[Good reads:
Antisec Group Exposed [mirror] [mirror] [mirror] [mirror] [mirror]
[Attachments:
Antisec Group Attachments [mirror] [mirror] [mirror] [mirror] [mirror]
[Check list / Goals:
Take down every public forum, group, or website that helps in promoting exploits and tools or have show-off sections. Publish exploits rigged with /bin/rm to whitehats, let them rm their own boxes for you. Spread the anti-security movement. Revive pr0j3ct m4yh3m.
[Rules of Engagement:
Don’t get too cocky.
Don’t underestimate anyone.
[Contact / Submit paper:
Instead, the AntiSec revival was driven by a more general sense of justice. The point was to own banks, governments, security firms, and other corporations in search of politically damning, leakable information. And, perhaps most crucially of all, the contemporary manifestation of anti-security did not go about its business quietly.
LulzSec’s first public mention of AntiSec was on Twitter: “So gather round, this is a new cyber world and we’re starting it together. There will be bigger targets, there will be more ownage. #ANTISEC.”8
Just three days after this message was posted, on June 7, 2011, at 10:15 pm, the FBI visited a towering brick housing project called the Jacob Riis Houses in Manhattan’s Lower East Side. They came to this Puerto Rican stronghold to arrest Hector Monsegur, aka Sabu. According to a leaked FBI warrant filed to gain access to Monsegur’s Facebook account, a corporation previously hacked by Anonymous culled an IP address that was handed over to law enforcement. The FBI retrieved subscriber information for the IP address, which led to Monsegur’s postal and email addresses. The authorities sought access to Monsegur’s Facebook account because the “pictures” would allow them “to confirm the identity of the individual who assisted in the unauthorized intrusion” and possibly also land other leads if Monsegur shared any information on the social media platform with his hacker associates. Although only twenty-seven years old, he was the foster parent to his incarcerated aunt’s two girls, then both younger than eight. Along with his Anonymous/LulzSec activity, the FBI had evidence linking him to credit card fraud. Facing the prospect of decades in jail and the loss of his two foster children, he flipped.
Just four days before his arrest, the LulzSec crew worried that some of its affiliates had jumped ship. Sabu had claimed he was going to wipe everything:
[…]
Whatever he did or didn’t do then, Sabu went from radical hacktivist to sitting in the FBI’s back pocket where he provided a direct portal to LulzSec. The LulzSec team, constantly online, found Sabu’s twenty-four-hour absence fishy. To test him upon his return, they asked him to own a server, which he did, quelling any concerns. Of course, the FBI gave him its blessing to proceed so he could maintain his cover.
Soon after his arrest, Sabu jacked up the AntiSec rhetoric previously hinted at in one brief Twitter message. He must have known that Hammond would find it enticing. Hammond would have likely been on the FBI’s radar, being one of the only anarchists and hackers in the United States who had already served time in jail. The rhetorical shift marked by AntiSec could just as easily have been a continuation of a sincere commitment. We may never know. But what we do know is that Sabu, just shortly after being flipped, pushed for the AntiSec press release to feature charged political language, and Topiary willingly wrote it. Topiary explained to me via email that
Sabu was highly interested in my writing of this message, but perhaps more so he was infatuated with LulzSec’s at-the-time follower count on twitter and saw it as a platform from which to push this kind of political stance. At the time it seemed no more than misguided angsty teenage performance art, but of course to others it was taken with a far more serious flavour.
The public, journalists, and Anonymous itself were all unaware that the FBI had Sabu on a tight leash. But everyone noticed just how much the press release diverged from LulzSec’s style. Media outlets from AdBusters to Fox News reported on the press release, with about half a dozen reporters pulling it apart to try and figure out what was going on. Stephen Chapman from ZDNet posed the key question:
What has existed up to this point as an aimless objective consisting of a series of random, pointless targets, is now coming together as a full-fledged anti-government/anti-establishment movement of potentially epic proportions. Has the digital revolution finally started—something we’ve been watching Hollywood play out for years now? Perhaps.9
Everyone was wondering, including myself, if this was yet another joke or the expression of a true sentiment.
The following day, LulzSec answered. They made good on Operation AntiSec’s promise by using Ryan Cleary’s botnet to DDoS Britain’s Serious Organised Crime Agency. The very next day, on June 21, law enforcement arrested Cleary at his residence in Essex, just outside of London. Newspapers across England were awash with dozens of images of the young man, a core AnonOps hacker and a LulzSec affiliate. As portrayed in the news, he conformed to the stereotype of a dysfunctional, isolated young male. Chubby with milky white skin, he rarely left his bedroom which, while not technically a basement, certainly resembled one, since every window was blocked with homemade silver-foil window blackout. The British tabloids did not miss a beat in sensationalizing every detail.
It was in this frenetic milieu that Hammond reached out to LulzSec with his Arizona material. He had originally wanted to give the data to Sabu, but Sabu was suddenly, and oddly, unresponsive to his queries. Seemingly kindred spirits, Hammond and Sabu had bonded o
ver a shared goal of uniting disparate black hats to rally against injustice and oppression.
So Hammond, operating under the name “Anarchaos,” privately messaged Topiary and tflow, emphasizing that he did not want to “touch the torrent seed server with a ten feet pole.” tflow happily took the “candiez” and LulzSec immediately pushed the material online, listing it on the Pirate Bay’s torrent servers on June 23. Hammond had not earned the trust of the core LulzSec hackers and was not allowed to enter their private chambers. But his hack provided the catalyst through which the AntiSec vision became deed. Hammond wrote the Chinga La Migra press release himself:
We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbes, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.
The documents classified as “law enforcement sensitive,” “not for public distribution,” and “for official use only” are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.
[…]
Hackers of the world are uniting and taking direct action against our common oppressors—the government, corporations, police, and militaries of the world. See you again real soon! ;D10
Soon after the Chinga La Migra release, Hammond, still on probation for his previous hack, was paid a visit by the Chicago police and FBI for a probation check. He found it odd that for a routine check an FBI agent had joined the probation officer. “When they discovered K2 [synthetic marijuana], they put state charges on me for felony possession of marijuana, charges I beat when the drug results came back,” explained Hammond. In jail for a few weeks, Hammond was not around to witness the controversy that his dump stirred among the LulzSec crew. A number of them, such as tflow, pwnsauce, and later Topiary, regretted their decision to release the data. Although these young men had previously doxed a whole batch of corporate executives and released other, equally sensitive data, targeting police officers felt riskier. This territory, while familiar to Hammond, was unfamiliar to them.