Hacker, Hoaxer, Whistleblower, Spy
Page 33
Our seemingly trivial conversations would sometimes become much more interesting in retrospect. For example, the following conversation, which happened the day after we first met, seemed relatively mundane at the time:
At the time, I interpreted this as a reasonable gesture of solidarity. Now, these chats—and his motivations for reaching out to me in the first place—look different. The “we” he referred to was not Sabu and Anonymous. It was Sabu and the FBI—privileged with direct access to all his conversations, including the one above. It would not be the last time he tried to “to reach out to” Applebaum through me.
The Propensity to Sympathize with Others
In late October, as winds shook off the remaining leaves still clinging to branches, Occupy was blossoming. Organizers were branching out; alliances with unions and other civil society groups yielded new rivers of people flowing into Liberty Square on October 15, a planned “day of action.” As I marched for hours alongside throngs of strangers, everyone appeared energized and amazed by the vibrant turn Occupy had taken in the short course of a single month. “The Occupy assemblies were opening tremendous space in American political discourse,” reflected Nathan Schneider, who also noted that “by mid-October, Occupy Wall Street had an approval rating of more than 50 percent—higher than President Obama or Congress.”18
Naysayers and pundits would accuse Occupy of being led by lifestyle activists, for fizzling out after being unable to drum up broad-based support—a misguided account made clear by the repressive crackdown that would come, just one month later, to stamp out many of the US camps. Documents procured by the Partnership for Civil Justice Fund through a Freedom of Information Act request reveal that most every law enforcement entity—Department of Homeland Security, the FBI, local police, Fusion Centers, the Joint Terrorism Task Force, the Naval Criminal Investigative Service, and even, oddly, the Federal Reserve—took a keen interest in Occupy.19 Since the documents are so heavily redacted, it is hard to gauge the specific role played by each organization, but it is clear that, at minimum, they “Cast [a] Wide Net in Monitoring Occupy Protests,” as the New York Times titled its piece covering the documents.20 One reason why Anonymous had already thrived for five years was that despite the arrests of members of the collective, its decentralized and online character had made preemption extremely difficult. This would not prove to be the case with Occupy.
I continued to meet Sabu. On some occasions, his two younger brothers accompanied him. The older one was Sabu’s sidekick. He admired him and, while not as technically proficient as Sabu, he loved to talk about computers. The younger one, who sported sleek, straight, black-as-night hair and a lot of muscles, was, like many teenagers, absorbed in thought, totally uninterested in the geek talk that consumed the rest of us.
One meeting stands out. On an unusually warm November evening, we hung out in Tompkins Square Park with his brothers again. Then Sabu and I went to the Odessa, a classic New York City diner with a mind-boggling array of dining options. By now, one thing had become clear: Sabu was a talker. Entering the diner, Sabu greeted with a handshake a man whom I presumed to be the owner or the manager. Easing into a booth, we became one with the ageless Naugahyde seats, their well-worn springs clenching us desperately. That day he broached a dizzying number of topics in the course of our conversation: gentrification, the hacker Phiber Optik, Middle East politics, Occupy, his dog (whose name was China, and who had an awful skin condition), the sociology of hacker crews, the Anonymous haters, and dozens of other topics that his mind alighted upon. Among the deluge of details, a few stood out. It was the first time he mentioned a mysterious hacker he worked closely with, whom he called “burn.” I now know him as Jeremy Hammond. Sabu boasted that he liked to own security companies while “burn liked to hit the police.” And in this conversation, one thing became patently evident: more than anything else, Sabu seemed to genuinely care what others thought of not only himself, but the whole of Anonymous. His contempt for those critical of Anonymous—both journalists and random people on Twitter—was noticeable; he jeered at those who he felt had not treated him, or Anonymous, with respect. Soon after, winding down, he sighed in a weary voice. “I sometimes just want to walk away and quit.” He did seem tired, and he had developed a chronic cough since our previous meeting. I knew he had also talked extensively with Olson over Skype, and it struck me suddenly that he had a burning desire for his life story to be put out into the world.
When someone is wearing a mask, there is at least a symbolic reminder that insincerity, duplicity, and play might be at work. Sitting across from Sabu, seeing his face, hearing his voice, and looking into his eyes, I suspended my mistrust, even though I knew that with or without a mask, I really had no access to his true motivations. We can never really access the inner thoughts of other humans; we can only attempt to gauge sincerity or authenticity. Then there’s what Hume identified as one of the most enduring qualities of human nature: “No quality of human nature is more remarkable, both in itself and in its consequences, than that propensity we have to sympathize with others.”21
It’s hard to constantly question people’s motives. It is precisely the human proclivity to want to sympathize that enables the FBI to perform exploits through its informants. We left The Odessa and, as usual, Sabu lit up a sweet-smelling cigarette. He took a deep puff from the white filter. And then, suddenly, he confessed: “I was indeed a criminal. I used to sell heroin.” Then he walked away.
CHAPTER 11
The Sabutage
Although AntiSec had been on a hacking spree, compromising high-profile targets like the FBI, the group was not getting much attention—and the attention it did get was not exactly positive. Certain data dumps, such as those regarding police units (including the International Association of Chiefs of Police, Boston Police Patrolmen’s Association, and the Sheriff’s Office of Baldwin County, Alabama) struck some Anons as random and incoherent—many people, even within Anonymous, didn’t quite see the point. A supporter of information leaks, Anonymous9 felt that AntiSec’s ops weren’t cutting the mustard. “Just because a lunch menu at Fort Meade might be classified,” he told me, “doesn’t mean it is interesting much less worth leaking.” Then, just in time for “LulzXmas,” a mysterious hacker named hyrriiya delivered a gift. On December 13, 2011, a few AntiSec members pulled the journalist Quinn Norton and myself aside into a channel to ask a question:
[…]
***Anon checks the cheatsheet
***Anon thinks ‘fuck we r screwed’
Soon after this chat, an AntiSec member casually informed me that they possessed credit card data and intended to use it for charitable donations. While he kept the source of the database a secret, it remained one of the
few instances where sensitive information was sprung upon me. I publicly maintained my caveat: I could not guarantee the confidentiality of any information given to me. And, as if that wasn’t enough to freak me out, Jeremy Hammond (using the name “sup_g”) queried me on December 15:
By now, my interactions with Hammond were limited and contained. Most of our conversations were rolled into group chats in the private CabinCr3w channel (where he was “sup_g”) and in Barrett Brown’s Project PM (where he was “o”). With time, I connected these two nicknames and remained undecided about him. He kept a pretty low profile, except when political discussions would draw him out and suddenly he would flood the chat with his views, in a rather heated fashion. Hammond was hands down the most insurgent of the bunch. Though his dedication was evident, I could not help but at times imagine him to be an agent provocateur.
When he offered me a pre-release of the email spool, my alarms sounded. Is this entrapment? Unlike Brown, whose begging for these very emails fell on deaf AntiSec ears (he was never given them), I desperately tried to avoid receiving this kind of information. And, anyway, why—after all my caveats and all their attempts to remain mum—were they suddenly offering to toss me all this information? It seemed fishy, and it stressed me out.
Thankfully a deeper reservoir of secrets was actually being kept from me. Most significant was that the AntiSec crew, at the onset of December, had become deeply suspicious of Sabu. As one member told me later, various hackers continued appearing, at random, and insisting, mantra-like, that “Sabu is an informant.” Hammond too had grown tired of Sabu’s reluctance to get his hands dirty, an indicator that something was amiss. At the time, they kept their concerns to themselves.
On Christmas Eve, AntiSec decided to publicly release the details of its most memorable—and unforgiving—hack. In a politically motivated act of corporate sabotage, AntiSec infiltrated the internal network of the global intelligence firm Strategic Forecasting, Inc., better known as Stratfor. AntiSec collected over 50,000 credit card numbers, downloaded almost eight years’ worth of company emails—five million in total—and procured countless other records. As a finale, they gutted Stratfor’s servers of their data, removing everything they could find (including backups). In what AntiSec described as “an act of loving egalitarian criminality,”1 they attempted to use 30,000 of the credit cards to donate an estimated $700,000 to “the Bradley Manning Support Organization, the EFF, the ACLU, CARE, American Red Cross, Amnesty International, Greenpeace, some commies, some prisoners, various occupations, and many more unnamed homies.”2 (Only 9,561 of the cards were still valid.) Let’s now take a closer look at the events leading up to AntiSec’s mothership hack.
Total Mayhem
On December 4, hyrriiya, a member of a small hacker crew called RevoluSec (which worked on infiltrating Syrian government computers, among other projects) reached out to Sabu:
This immediately piqued Sabu’s interest:
The next day, hyrriiya provided, as Jeremy Hammond later related to me, “the entire [AntiSec] channel a link to Stratfor order databases, including addresses, and credit cards [and] random credit card numbers swiped from the Stratfor database.” Sabu created another channel called “#!sec” and hyrriiya delivered the information about the exploit. Hammond described the hack to me in great technical detail (though it’s not essential to understanding the story):
No password, oops! which lets you download the entire db dump, from mysql db access, here I am able to insert users into str’s [Stratfor’s] drupal system, creating an administrator account, then enabling PHP code on drupal articles, and inserting a PHP backdoor into a drupal article allowing remote code execution on str’s webserver (they kept different boxes for various services), then rooted the webserver, then was able to log onto their mailserver using an “autobot” user that had access to several of their other internal servers for backup purposes, rooted that too.
As if having no password protection was not negligent enough, Stratfor’s credit card information was saved in clear text, instead of behind a digital fortress of encryption, as is standard industry practice. Apparently, while Stratfor sold security briefings to its clients, it did not seem to follow any of its own advice.
AntiSec intended to liberate eight years of emails from Stratfor’s servers—more than two hundred gigabytes. Finding a good place to put it, with enough space and bandwidth, was a bit of an issue. Hammond opted to hack some other machines to provide this service. A few other AntiSec members began researching methods toward deeper infiltration into Stratfor’s systems, while some who had only wanted to ignite the fire soon departed.
hyrriiya’s role was as a messenger alone, and he eventually bailed on the rest of the operation:
On Christmas Eve, I received a query from a mysterious user named “ghost__”—another incarnation of Hammond himself, as I later learned. He gave me the most explosive news I would receive in all my time studying Anonymous:
I was not sure what he meant by the first statement, but the second was clear. I may be no technology wizard, but I knew what “rm -rf/” was, having been a Linux user for over fourteen years. Once you have root access, this command can delete everything on the system (technically speaking, Hammond conveyed his actions in shorthand because newer UNIX systems have protections built-in, such as requiring the “--no-preserve-root” flag to be passed first, making it harder to delete everything by accidentally typing six characters). I tried to play it cool. I still wasn’t sure what he was talking about. He gave a few more details:
Soon, my confusion was cleared up by tweets like the following from Sabu: “http://www.stratfor.com - #ANTISEC DISMANTLES A MULTI-MILLION DOLLAR INTELLIGENCE CORPORATION - watch the video and read the essay. #antisec.”3 I thought to myself, holy sweet birth of the baby Jesus, this is really happening!
A handful of people were livid or confused, but most seemed to be riding the wave with trolling/humorous responses on the public channels: “VOTING STILL GOING ON FOR LULZXMAS DONATION PICK; options are (in order of leading to losing); CANCER, TOR, AIDS, WIKILE
AKS, SHELTERS, REDCROSS, ANONOPS.”
AntiSec replaced Stratfor’s webpage with The Coming Insurrection, a revolutionary tract written by the radical, anonymous Invisible Committee. Its ostensibly French authors, seeking to hasten the demise of capitalism, call for new modes of collective association and the rapid deployment of an “effective guerrilla war that restores us to our ungovernability, our primordial unruliness.”4 From Christmas Day through to New Years, the pace of hacking redoubled. Pursuant of a generalized sort of mayhem, AntiSec thought it necessary to thrash more than just a single organization; while news coverage focused almost exclusively on Stratfor, AntiSec had in fact carried out a “coast-to-coast hacking” bonanza, and announced as much proudly in their zine:
On New Years Eve, while revolutionary comrades brought the noise to the front of jails across the world in support of the incarcerated, we were opening fire on the websites and emails of the 1%, publishing stolen information from police departments in both California and New York. From coast to coast we lulzed as we hit the top police chiefs: skimming their private email and Facebook accounts, blissfully abusing their internal law enforcement portals, and making off quick with their private documents which we then published on tor hidden services and BitTorrent. Finally, we defaced their websites and rm’d their servers, live on IRC and Twitter for the whole world to see.5
AntiSec’s three additional targets were cslea.com (the California Statewide Law Enforcement Association—self-touted, it is worth noting, as “America’s most fascinating law enforcement association”); nychiefs.org (New York State Association of Chiefs of Police); and specialforces.com (a marketplace for, as the name may suggest, gear oriented toward special forces operations). Each site added to the growing AntiSec collection of mail spools, usernames, passwords, emails, phone numbers, and “Law Enforcement Sensitive” documents.