by Parmy Olson
“Yes,” the other replied.
“You realize I’m going to use your computer to hack pm.gov.tn?”
“OK,” the main replied. “Tell me what to do.”
Sabu sent over some brief instructions for downloading and installing a program that would let Sabu take control of the man’s computer. Soon he was operating on an antiquated version of Windows and an achingly slow Internet connection.
“See me?” Sabu asked, moving the mouse cursor.
“OK!” the man typed back.
Sabu set to work while the Tunisian man sat and watched. Sabu opened up the command prompt and began typing programming code that his new friend had never seen before, a lengthening column of white text against a black background representing the back roads of the Web. About forty minutes later, Sabu brought up the official website of Tunisia’s president. Sabu imagined the man’s eyes growing wider at this point. Within minutes, the president’s official website was gone, replaced by a simple white page with black lettering. At the top, in large Times New Roman font, it read “Payback is a bitch, isn’t it?” Underneath was the giant black silhouette of a pirate ship and the name Operation Payback. The word operation reinforced the idea that this wasn’t just a protest or anarchy; it was a mission.
In the meantime, Tflow had told Topiary that a hack on Tunisia was under way, and he asked if he could create an official deface statement. Topiary wrote it up and passed the statement to Tflow, who sent it to Sabu, who used it to replace the official site of Tunisian prime minister Ghannouchi. “Greetings from Anonymous,” the home page of pm.gov.tn now read. “We have been watching your treatment of your own citizens, and we are both greatly saddened and enraged by your behavior.” It carried on dramatically before ending with the tagline: “We are Anonymous, We are legion…Expect us.”
Sabu stared at the new page and then sat back and smiled.
“You don’t know the feeling of using this guy’s Internet to hack the president’s website,” he later remembered. “It was fucking amazing.” The Tunisian government had set up a firewall to stop foreign hackers from attacking its servers; it had never expected attackers to come from within its own borders.
“Thanks, brother,” Sabu said. “Make sure to delete everything you downloaded for this and reset your connection.” After a few minutes, the man went offline, and some days later, Sabu hung a Tunisian flag in his house. Sabu then heard that the man had been arrested. While he felt bad for his volunteer, Sabu did not feel guilty. A higher cause had been served. “Operation Tunisia,” Sabu later recalled, “was the beginning of a serious technical advancement for Anonymous.”
On January 14, Tunisian president Ben Ali stepped down. It was a landmark moment, following a month of demonstrations by thousands of Tunisians over unemployment and Ali’s overarching power and culminating in a new form of online protest, an alliance of people on the other side of the world working with local citizens.
Ali fled Tunisia and took a plane to Saudi Arabia, and Sabu ended his weeks-long attack on Tunisian government servers. By February, Ghannouchi would resign too, and over the coming months, Internet censorship in the country would fall dramatically. In the meantime, Sabu, the hackers in #InternetFeds, and the Anons on AnonOps turned their attention to other countries in the Middle East. Sabu worked with hackers to take government websites in Algeria offline, then accessed government e-mails in Zimbabwe, seeking evidence of corruption. Sabu and Kayla continued doing the rooting; Tflow did the coordinating; and Topiary wrote the deface messages. Anonymous’s new Middle East campaign was moving at light speed, with teams of volunteers hitting a different Arab website almost every day. They were spurred on by the vulnerabilities they discovered, the newfound camaraderie—and the resulting media attention.
Kayla in particular was on a roll, but not just because she wanted to support the revolution. The hacker had struck a secret deal with someone who claimed to be with WikiLeaks.
Chapter 10
Meeting the Ninja
As Anonymous turned its attention to the Middle East in early January of 2011, Topiary continued organizing and writing deface messages in #propaganda and talking to journalists in #reporter. #Command wasn’t much to look at anymore—too many operators and too much squabbling. There were about twenty Anons in each publicity channel, most of them talented writers who had written Anonymous press releases in the past. Once in a while, Topiary talked to Tflow, who would drop into #propaganda to pick up a deface message; soon Topiary would see his text on an official government website for Zimbabwe. With the help of a French Anon, a French version was also posted.
Topiary liked explaining Anonymous to reporters and writing deface messages that shocked a website’s visitors and owners. He also liked learning how to deal with the press, how to get them interested in a story by offering them exclusive information. He wondered if the writers and spokespeople like himself were among the more influential members of Anonymous in the world outside the collective. Soon people started inviting him into more channels that no one else talked about publicly. On January 2, he got an important tap on the shoulder, this time from Tflow.
Sabu, via a local volunteer, had been preparing to take control of the prime minister’s website, and he needed a good deface message, quickly.
“The government of Tunisia’s main sites are going to be hacked,” Tflow told Topiary. “Can you design the deface message?” Topiary felt an instant buzz. This was the first time anyone had trusted him with the knowledge that a hack was about to happen. Eager to help, he and Tflow discussed the timing of what they referred to as the deface, and then Topiary wrote his usual ominous message to the repressive Tunisian government.
As the hack was happening and the deface message being uploaded, Topiary and Tflow went into the main AnonOps chat rooms and gave a running commentary of the attack, to inspire the troops a little.
When it was all over, Tflow surprised Topiary again by inviting him into #InternetFeds. He was effectively trusting Topiary to collaborate and share ideas with some of the most highly skilled hackers working with Anonymous. Topiary had been a stranger to these people, but gradually he was getting their attention.
Over the next month, much of Sabu’s hacking and Topiary’s writing would be at the forefront of Anonymous cyber attacks on the governments of Libya, Egypt, Zimbabwe, Jordan, and Bahrain. Anonymous was not only defacing sites but releasing government e-mail addresses and passwords. Attacks also continued in other parts of the world in the name of Anonymous; two Irish hackers defaced the website of Ireland’s main opposition party, Fine Gael. It was a flurry of revolutionary activity that made Anonymous suddenly look less like a bunch of bored pranksters and more like real activists.
Then on February 5, Tflow sent Topiary another private message on AnonOps IRC, this time inviting him into an even more secret IRC channel that would include just a handful of core people from #InternetFeds. When Topiary entered the exclusive chat room, he forgot he had (as a joke) set a programming script to run on his IRC client that would kick anyone out of the room who didn’t use at least 80 percent capital letters. His first interaction with Sabu involved kicking him out of the chat room. Embarrassed, Topiary apologized and quickly turned off the script. But Sabu took it well, and the group of five—Topiary, Sabu, Kayla, Tflow, and Q—quickly got to talking. The topic was HBGary and Aaron Barr’s article in the Financial Times.
Topiary couldn’t get his head around who or what Kayla was. He vaguely remembered seeing the name Kayla on his old MSN chat list, a 2008 4chan flood, and articles about her on Encyclopedia Dramatica. In between lots of smiley faces and lols, she talked about hacking like it was an addiction. She couldn’t look at a website without checking to see if there were holes in the source code that she could exploit, perhaps allowing her to steal a database or two. She was a conundrum: She seemed to be the chattiest, most happy-go-lucky person in the group, but she was also paranoid and apparently dangerous. She had developed a cast-iron pr
otection for her real identity, and the bold admission that she was sixteen, along with the overwhelming number of emoticons and hearts (<3), suggested she was trying too hard to come across as a girl.
Topiary knew that female hackers were extremely rare; a hacker who claimed to be female was more likely not in real life, though they were possibly transgender, gay, or at least thinking along those lines. An online friend of Topiary, nicknamed Johnny Anonymous, conducted his own ad hoc online poll in late 2010. He put a series of questions to a hundred and fifty users of the early AnonOps network. About sixty, or one-third, identified themselves as LGBT (lesbian, gay, bisexual, or transgender), while the rest said they were straight.
“We have jokes about transvestites because there are so many of them among us,” Johnny Anonymous said in an interview.
Kayla was obsessive about hiding her identity, which was why Topiary later called her the ninja. She rotated her passwords almost daily. She claimed to keep all her data on a tiny microSD card, and she kept her operating system on a single USB stick that she used to boot up her netbook. Like most hackers, she used a VM (virtual machine) to do all her Internet witchcraft; it acted as a buffer between her computer and her life online, so if anyone ever hacked her, he’d only get to the virtual machine. Unlike Topiary and many other Anons, she avoided using a virtual private network (VPN). She didn’t trust them, since a VPN provider could always give her details to the police. She kept a low-end cell phone with an unregistered SIM card, the most secure device she had, and she used it to note down all her passwords. She partitioned a small drive called sys on her phone that she used to store malicious code.
It sounded paranoid, but Kayla said later in an interview that she learned a terrifying lesson about the need to scrub the Web clean of her identity soon after she started attacking hacker forums. The story went that when Kayla was younger (she claimed fourteen) and trying to dox other hackers for fun, she had at one point picked the wrong target. It was a male hacker who managed to do some of his own digging, and he found one of her old e-mail addresses on another forum. He got her name, date of birth, town, and some information on her family. He called her house, and when she answered, he threatened angrily to call the police. In recounting the story, Kayla said that he refused to believe her age and that she broke down in tears. When he eventually calmed down, they arranged to meet in a nearby city. They picked a crowded mall and eventually the two found each other and sat down to talk. The man was interested in Kayla’s life and why she hacked. He revealed that he had found her details from old MSN profiles and hacker forum profiles, and for Kayla, the realization was like a slap in the face: her information was out there, just waiting to be discovered.
As soon as Kayla got home, she wiped everything from her accounts, deleting every e-mail, and read more about how to become completely invisible on the Internet. Within a year, she had her almost-militaristic regime in place and had become confident enough to start hacking bigger names. She couldn’t shake the lure of hacking—there was just something about having access to information that others didn’t have. Her online name, after all, meant “Keeper of keys” in old English. And the attack that would seal her place in the #InternetFeds chat room and in the minds of other hackers was her assault on the news site Gawker.
Gawker had once been in Anon’s good books. It had been the first news site to boldly publish the crazy Tom Cruise video that helped spark Chanology. But then the site’s famously snarky voice turned on Anonymous, reporting on major 4chan raids as examples of mass bullying. After Gawker’s Internet reporter Adrian Chen wrote several stories that poked fun at Anonymous, mocking its lack of real hacking skills and 4chan’s cat fights with Tumblr, regulars on /b/ tried to launch a DDoS attack on Gawker itself, but the attack failed. In response, Gawker writer Ryan Tate published a story on July 19, 2010, about the failed raid, adding that Gawker refused to be intimidated. If “sad 4chaners have a problem with that, you know how to reach me,” he added. Kayla, at the time, had bristled at the comment and felt her usual urge to punish anyone who underestimated her, and now Anonymous.
“We didn’t really care about it till they were like, ‘lol you can’t hack us no one can hack us,’” Kayla later said in an interview. Though Gawker had not said this literally, it was the message Kayla heard.
She decided to go after the site. Kayla and a group of what she later claimed was five other hackers met up in a chat channel called #Gnosis, on an IRC network she had set up herself called tr0lll. Anywhere from three to nine people would be on the network at any given time. Kayla actually had several IRC networks, though instead of hosting them herself she had other hackers host them on legitimate servers in countries that wouldn’t give two hoots about a U.S. court order. Kayla didn’t like to have her name or pseudonym on anything for too long.
People close to Kayla say she set up tr0ll and filled it with skilled hackers that she had either chosen or trained. Kayla was a quick learner and liked to teach other hackers tips and tricks. She was patient but pushy. One student remembered Kayla teaching SQL injection by first explaining the theory and then telling the hackers to do it over and over again using different approaches for two days straight.
“It was hell on your mind, but it worked,” the student said. Kayla understood the many complex layers to methods like SQL injection, a depth of knowledge that allowed her to exploit vulnerabilities that other hackers could not.
On tr0lll, Kayla and her friends discussed the intricacies of Gawker’s servers, trying to figure out a way to steal some source code for the site. Then in August, a few weeks after Gawker’s “sad 4chaners” story, they stumbled upon a vulnerability in the servers hosting Gawker.com. It led them to a database filled with the usernames, e-mail addresses, and hashes (encrypted passwords) of 1.3 million people who had registered with Gawker’s site so they could leave comments on articles. Kayla couldn’t believe her luck. Her group logged into Nick Denton’s private account on Campfire, a communication tool for Gawker’s journalists and admins, and spied on everything being said by Gawker’s staff. At one point, they saw the Gawker editors jokingly suggesting headlines to each other such as “Nick Denton [Gawker’s founder] Says Bring It On 4Chan, Right to My Home,” and a headline with a home address.
They lurked for two months before a member of the group finally hacked into the Twitter account of tech blog Gizmodo, part of Gawker Media, and Kayla decided to publish the private account details of the 1.3 million Gawker users on a simple web page. One member of her team suggested selling the database, but Kayla wanted to make it public. This wasn’t about profit, but revenge.
On December 12, at around eleven in the morning eastern time, Kayla came onto #InternetFeds to let the others know about her side operation against Gawker, and that it was about to become public. The PayPal and MasterCard attacks had peaked by now, and Kayla had hardly been involved. This was how she often worked—striking out on her own with a few other hacker friends to take revenge on a target she felt personally affronted by.
“If you guys are online tomorrow, me and my friends are releasing everything we have onto 4chan /b/,” she said. The following day, she and the others graced the “sad 4chaners” themselves with millions of user accounts from Gawker so that people like William could have fun with its account holders.
Gawker posted an announcement of the security breach, saying, “We are deeply embarrassed by this breach. We should not be in a position of relying on the goodwill of hackers who identified the weaknesses in our systems.”
“Hahahahahahha,” said an Irish hacker in #InternetFeds called Pwnsauce. “Raeped [sic] much?” And that was hacker, “SINGULAR,” he added. “Our very own Kayla.” Kayla quickly added that the job had been done with four others, and when another hacker in #InternetFeds offered to write up an announcement on the drop for /b/, she thanked him and added, “Don’t mention my name.”
Gnosis, rather than Anonymous, took credit for the attack. Kayla said she had been part of
Anonymous since 2008 and up to that point had rarely hacked for anything other than “spite or fun,” with Gawker being her biggest scalp. But after joining #InternetFeds, she started hacking more seriously into foreign government servers.
Kayla had not joined in the AnonOps DDoS attacks on PayPal and MasterCard because she didn’t care much for DDoSing. It was a waste of time, in her view. But she still wanted to help WikiLeaks and thought that hacking was a more effective means of doing so. Not long after announcing the Gawker attack, Kayla went onto the main IRC network associated with WikiLeaks and for several weeks lurked under a random anonymous nickname to see what people were saying in the main channels. She noticed an operator of that channel who seemed to be in charge. That person went by the nickname q (presented here as lowercase, so as not to be confused with the hacktivist Q in #InternetFeds). Supporters and administrators with WikiLeaks often used one-letter nicknames, such as Q and P, because it was impossible to search for them on Google. If anyone in the channel had a question about WikiLeaks as an organization, he or she was often referred to q, who was mostly quiet. So Kayla sent him a private message.
According to a source who was close to the situation, Kayla told q that she was a hacker and dropped hints about what she saw herself doing for WikiLeaks: hacking into government websites and finding data that WikiLeaks could then release. She was unsure of what to expect and mostly just wanted to help. Sure enough, q recruited her, along with a few other hackers Kayla was not aware of at the time. To these hackers and to q, WikiLeaks appeared to be not only an organization for whistle-blowers but one that solicited hackers for stolen information.
The administrator q wanted Kayla to scour the Web for vulnerabilities in government and military websites, known as .govs and .mils. Most hackers normally wouldn’t touch these exploits because doing so could lead to harsh jail sentences, but Kayla had no problem asking her hacker friends if they had any .mil vulnerabilities.
