We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 11
After some planning, the group launched its first DDoS attack on Aiplex on September 17 at 9:00 p.m. eastern standard time. Just as they had hoped, the software company’s website went dark—and remained so for twenty-four hours. Feeling confident, the Anons quickly broadened their attack, posting digital flyers on /b/ so others could use LOIC against another organization trying to end piracy: the Recording Industry Association of America, or RIAA. The tech blog TorrentFreak.com posted a news article headlined “4chan to DDoS RIAA Next—Is This the Protest of the Future?” The group then hit another copyright organization, the Motion Picture Association of America (MPAA).
Two days later they began circulating a message to the media, saying that Anonymous was avenging The Pirate Bay by hitting copyright associations and “their hired gun,” Aiplex. They called the attacks “Operation: Payback Is A Bitch” and claimed to have taken down Aiplex thanks to a “SINGLE ANON” with a botnet.
“Anonymous is tired of corporate interests controlling the internet and silencing the people’s rights to spread information,” the letter said, adding, “Rejoice /b/brothers.”
In unashamedly romanticizing pirated movies and music, they were also positioning Aiplex’s attacks on The Pirate Bay as “censorship,” giving their fight-back broader appeal. For the first time in two years, it looked like Anonymous might be onto another major project after Chanology, and the spark had been that all-important provocation in hacker culture: you DDoS me, I DDoS you.
It was around this time that Tflow, the quiet hacker who would later bring together Sabu, Topiary, and Kayla, read the TorrentFreak article and jumped into his first Anonymous operation. It would later emerge that the person behind Tflow lived in London and was just sixteen years old. He never talked about his age or background when he was online.
“I thought it was a good and unique cause,” he later remembered. “Of course, DDoS attacks got boring after that.” What Tflow meant was that he was more interested in finding ways that Anons could disrupt antipiracy organizations other than knocking their sites offline. He hopped into #savethepb to observe what other supporters were saying and was pleasantly surprised. A few people appeared to have as much technical knowledge as he did. After Tflow approached a few privately and they met in a separate IRC channel, the smaller team started looking for vulnerabilities in antipiracy groups and found one in the website CopyrightAlliance.org.
About a week after the DDoS attack on Aiplex, the hackers in Tflow’s group carried out the first SQL injection attack in their campaign, possibly one of the first to be committed under the banner of Anonymous. They hacked into the CopyrightAlliance.org Web server and replaced the site with the same message used on September 19, “Payback Is A Bitch.” Defacing a site was harder to do than carrying out a DDoS attack—you had to get root access to a server—but it had a bigger impact. They then turned CopyrightAlliance.org into a repository for pirated movies, games, and songs, including, naturally, “Never Gonna Give You Up” by Rick Astley, and Classic Sudoku. They also stole 500 megabytes of e-mails from London copyright law firm ACS:Law and published them on the same defaced site.
Tflow and the others were all the while herding supporters from place to place. Between September and November 2010, he helped move roughly three hundred regular chat participants between ten different IRC networks so that they could keep collaborating.
“We chose whatever IRC we could go to really,” Tflow later recalled. “There weren’t that many options. Not many IRCs allow DDoS attacks.”
The group of organizers then created what would become a very important private channel, #command. Like #marblecake, it was a place to make plans without distraction. They started making digital flyers and inviting new people to join this new, broader battle against copyright, DDoSing legal firms, trade organizations, even the website of Kiss bassist Gene Simmons. Soon it looked like Anonymous was hitting benign targets—for instance, the U.S. Copyright Office—and the public support they’d been getting on blogs and Twitter was waning. By November 2010, the Anons themselves were losing interest, and only a few dozen were still talking in the Operation Payback chat room. The campaign had gone into hiatus.
With more time to focus, some of Operation Payback’s organizers started working on the first-ever communications infrastructure for Anonymous. Scattered between Britain, mainland Europe, and the United States, these mostly young men pooled their access to ten computer servers around the world. Some had rented the servers, some owned them, but with them they could make a chat network that Anonymous could finally call home. No more herding hundreds of people between different places before getting kicked off. That month they established what they called AnonOps, a new IRC network with dozens of chat rooms just for Anons, some public and some private. One of the first people to check it out was Topiary.
By now Topiary was almost eighteen and, in the offline world as Jake, had moved out of his mother’s home on the tiny island of Yell. He lived in a small, government-financed house in Lerwick, the capital of Shetland Mainland, and had been out of the education system for four years. Lerwick was more modern than Yell, but not by much. There were still no fast-food restaurants, no big department stores. It was a cold, windswept place with patches of green fields, craggy brown cliffs, and gray stone ruins dotting its rolling hills. Jake knew hardly anyone here, but he preferred to be on his own anyway.
His home was part of an assortment of chalet-style wooden houses on a hillside about a twenty-minute walk from the center of Lerwick, in an area known as Hoofields. Drug raids by the police were common on his street, some of his neighbors being avid heroin users. Jake’s house was small, yellow, and comprised one story, with a large living room and kitchen on one side and a bathroom and bedroom on the other. The front yard occasionally saw daisies in the spring, and in the back was a shed where he kept an old fridge—one that still smelled from when he accidentally left it filled with raw salmon, without power, for three weeks. He had bought all his furniture from local people, often benefiting from the good deals that could be found in a tight-knit island community. His cooker, for instance, had originally cost five hundred pounds (about eight hundred dollars), but he bought it off a family friend for twenty-five pounds (roughly forty dollars).
Jake had found a part-time job in an auto store and was just about getting by. He still looked forward to being online where most of his friends were and still got a small thrill from doing prank calls.
One evening while visiting his mother, Jake took a phone call from a man who claimed to be a friend of his father’s. This was a shock. Jake hadn’t spoken to his father for years. There had been occasional phone calls on his birthday, but even those had petered out after he turned thirteen. It was strange to suddenly be hearing about him. The man asked if he could take down Jake and his brother’s cell phone numbers, adding that his father wanted to get in touch with both of them. Apparently, he felt bad about something. His brother didn’t want to talk, but Jake gave the man his own number to see what would happen.
For several weeks, Jake kept his phone charged at all times and next to his bed when he slept, but there was no call. Then in mid-October, a week after his eighteenth birthday, a call came from his father’s friend again, this time with the weight of bad news in his voice. The man apologized for what he was about to say and then explained: Jake’s father was dead. He explained that in the preceding weeks, Jake’s father had sat at home for hours trying to make himself pick up the phone.
“But he didn’t have the confidence,” the man said, adding that, “instead,” he had killed himself. Jake wasn’t quite sure what to think. He felt numb at first. His father hadn’t been a member of the family, so in one way, Jake didn’t need to care or feel upset. When he asked how it had happened, the friend explained that his father had gassed himself, opening the double doors of a church garage late one night, driving inside, and turning the car on.
It was a surreal image. For the first two days after the phone call Jak
e felt angry. It seemed almost selfish of his father to ask for his number and suggest that he would call, almost as if he wanted Jake to pay attention to what was really about to happen. With more consideration, though, he realized he was probably wrong, and that his father may not have meant to hurt him.
Jake continued his online gaming and visits to 4chan, and a month later discovered the new chat network that had been set up for Anonymous: AnonOps IRC. Intrigued, he signed on, picking the name Topiary, and tried to get a better sense of how he could join in. He didn’t see himself as an activist, but Operation Payback sounded well organized and potentially influential. He had no idea that, even though the anticopyright battle was dying, Operation Payback was about to explode with support for a little organization called WikiLeaks.
Jake, now as Topiary, explored the AnonOps chat rooms while a former, widely-revered hacker from Australia named Julian Assange was getting ready to drop a bombshell on the American government. Earlier in 2010, a U.S. army private named Bradley Manning had allegedly reached out to Assange and given his whistleblower site, WikiLeaks, 250,000 internal messages, known as cables, that had been sent between American embassies. These diplomatic cables revealed American political maneuverings and confidential diplomatic reports. In exposing the documents, Assange would hugely embarrass American foreign policy makers.
The WikiLeaks founder had struck deals with five major newspapers, including the New York Times and the U.K.’s Guardian, and on November 28, 2010, they started publishing the cables. Almost immediately, Assange became both a global pariah and a hero. Until then, WikiLeaks had been moderately well known for collecting leaked data pointing to things like government corruption in Kenya or the untimely deaths of Iraqi journalists. But exposing private data from the American government sparked a whole new level of controversy. U.S. news commentators were calling for Assange to be extradited, charged with treason, even assassinated. Former Alaskan governor Sarah Palin said the United States should pursue Assange with the same urgency as it did the Taliban, while Fox News commentator Bob Beckel, live on television, suggested someone “illegally shoot the son of a bitch.” Secretary of State Hillary Clinton said the leaks “threatened national security,” and U.S. State Department staff were barred from visiting the WikiLeaks website.
WikiLeaks.org quickly came under attack. An ex–military hacker nicknamed The Jester DDoS’d the site, taking it offline for more than twenty-four hours. Jester was a self-styled patriotic hacker who had been known for attacking Islamic jihadist websites; later he would become a sworn enemy of Anonymous. Now he claimed on Twitter that he was hitting WikiLeaks “for attempting to endanger the lives of our troops.”
To try to stay on the web, WikiLeaks moved its site to Amazon’s servers. It was booted offline again, with Amazon claiming it had violated its terms of service on copyright. The rebuffs kept coming: a hosting firm called EveryDNS yanked out its hosting services for WikiLeaks. On December 3, online payments giant PayPal announced it was cutting off donations to the site, saying on the official PayPal blog that it had “permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy.” Soon MasterCard and Visa cut funding services.
It is doubtful that anyone from these companies had any idea that a brand of Internet users known for pranking restaurant managers, harassing pedophiles, and protesting the Church of Scientology would suddenly team together to attack their servers.
The people who had set up AnonOps were talking about the WikiLeaks controversy in their private #command channel. They were angry at PayPal, but, more than that, they saw an opportunity. With Anons no longer riled up about copyright, this could be the cause that brought them back in droves. The copyright companies had been bad, but PayPal snubbing WikiLeaks was even worse. That was an unholy infringement on free information in a world where, according to the slogan of technology activists, “information wants to be free” (even if it was secret diplomatic cables). The victimization of WikiLeaks, they figured, would strike a chord with Anonymous and brings hordes of users to their new network. It was great publicity.
Who were these people in #command? Known also as “operators” of the new chat network, they weren’t hackers per se but computer-savvy individuals who maintained the network and who would play a crucial role in organizing ad hoc groups of people, large and small, over the coming weeks. Many of them got a kick out of hosting hundreds of people on their servers. It was often argued that these operators, who had names like Nerdo, Owen, Token, Fennic, evilworks, and Jeroenz0r, were the true, secret leaders of Anonymous because of the power they could wield over communication. They avoided culpability for what Anonymous did, though, in the same way that Christopher “moot” Poole avoided litigation by claiming he was not responsible for what happened on 4chan.
Now, though, the operators were doing more than just maintaining the chat network. They were organizing an attack on the PayPal blog, where the company had made its announcement about WikiLeaks. On Saturday morning, December 4, the day after PayPal said it would cut funding, the AnonOps organizers DDoS’d thepaypalblog.com. The blog went down at 8:00 a.m. eastern standard time.
Soon after, the Twitter account @AnonyWatcher posted “TANGO DOWN—the paypalblog.com,” adding: “Close your #Paypal accounts in light of the blatant misuse of power to partially disable #Wikileaks funding. Join in the #DDoS if you’d like.”
PayPal’s blog remained offline for the next eight hours. Anyone who visited it saw a white screen and the “error 403” message “Access forbidden!” in large type.
The next day, Sunday, someone posted an announcement on Anonops.net, the official website for AnonOps IRC, saying that Anonymous planned to attack “various targets related to censorship” and that Operation Payback had “come out in support of WikiLeaks.”
At around the same time, a digital flyer was being circulated on image boards and IRC networks, with the title Operation Avenge Assange and a long note that stated, “PayPal is the enemy. DDoS’es will be planned.” It was signed, “We are Anonymous, We do not forgive, We do not forget, Expect us.”
These flyers came from new channels on AnonOps called #opdesign and #philosoraptors, which later combined to make #propaganda. Here, anyone who wanted to help with publicity collaborated on writing press releases and designing digital flyers to advertise future attacks. Others would then post the flyers all over 4chan and Twitter. Another channel, #reporter, was where Anons could answer the questions of any bewildered journalists who had figured out how to access IRC. Topiary was jumping between the publicity channels, more interested in spreading the word than firing weapons.
At around 5:00 p.m. eastern standard time on Monday, December 6, the organizers from AnonOps started DDoSing PostFinance.ch, a Swiss e-payment site that had also blocked donations to WikiLeaks. The site would stay down for more than a day.
The attack was “getting in the way of customers doing business with the company,” Sean-Paul Correll, a researcher with Panda Security, said in a blog post that day. Correll, who was on the West Coast of the United States, stayed up into the early hours to monitor the attacks, which seemed to keep coming.
That day, nine hundred people suddenly jumped into #operationpayback, the main public chat room on AnonOps IRC, which had been quiet for months. About five hundred of these people had volunteered their computers to connect to the LOIC “hive.” By now LOIC had an automatic function; you only needed to set it to hive mode and someone in #command would set the target and time. They would type simple instructions into their configured IRC channel—“lazor start” and “lazor stop.” Normal users didn’t have to know who the target was or when you were supposed to fire. They could just run the program in the background.
At 2:00 p.m. eastern standard time on Tuesday, AnonOps started attacking the website of Swedish prosecutors against Assange, who was now looking at extradition to Sweden where he faced questioning for sexual misconduct against two women in that countr
y. Many in Anonymous saw the case as a whitewash. Once again, some five hundred people were using LOIC, and now more than a thousand people were in the main chat channel. At 6:52 p.m., AnonOps announced a new target: EveryDNS.com, the server provider that had yanked the rug from under WikiLeaks.org. One minute later, that site was down. At 8:00 p.m. the target switched to the main site of Senator Joseph Lieberman, the chairman of the U.S. Senate Homeland Security and Governmental Affairs Committee, which had first pushed Amazon to stop hosting WikiLeaks. All of these sites were going down for minutes or sometimes hours at a time, one by one, like dominoes.
By the early hours of December 8 on the West Coast, Correll had tallied ninety-four hours of combined downtime for these sites since December 4. The worst-hit were PostFinance and the PayPal blog. But this was just the beginning.
Word was spreading that if you wanted to help WikiLeaks, all the action was happening on AnonOps IRC. Newcomers could get a quick overview of what was happening from different chat rooms: #target was for talking about future or current attacks and #lounge was a place to just shoot the breeze. In #setup, new recruits could find a link to download LOIC and get help using it from experienced users.
The room contained a link to a digital flyer with step-by-step instructions titled “HOW TO JOIN THE FUCKING HIVE—DDoS LIKE A PRO.”
Get the latest LOIC from github.com/NewEraCracker
FIX YOUR GODDAMN INTERNET. THIS IS VERY FUCKING IMPORTANT
(If your broadband kept cutting out, LOIC wouldn’t work properly.)
Things were moving quickly. Topiary had now gained higher “operator” status in the publicity channels, which gave him the ability to kick out participants and a generally louder voice in the room. His enthusiasm, ideas, and witty remarks caught the attention of one of the AnonOps operators in #command, and they sent Topiary a private message inviting him into a secret command channel, which Topiary had never heard of. Intrigued, he went in.