We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 17
“SUCH AN AWESOME CREW HERE,” the hacker known as Marduk (and also known as Q) said on February 8, the same day Aaron Barr and his family fled their home.
“An Anon Skype party should be in order,” said Topiary. (It eventually happened, but only with people from AnonOps who were willing to reveal their voices.)
They threw out occasional ideas for short projects. Marduk, who had strong political views and seemed to be older than most of the others, at one point asked Kayla to scan for vulnerabilities in websites for Algerian cell phone providers. He was looking for databases full of tens of thousands of cell phone numbers for Algerian citizens that he could then hand over to the country’s opposition party for a mass SMS on February 12. It would be another attempt to support the democratic uprising in the Middle East after the successful attacks on Tunisia and Egypt in January.
Kayla seemed more excited about publishing Greg Hoglund’s e-mails. “Greg’s e-mails are ready. Parsed and everything,” she said. “The time to fuck Greg is now. :3.”
That was one thing they could all agree on.
“Who is handling media?” Kayla asked.
“Housh and Barrett,” Topiary said, referring to Gregg Housh from Chanology, who now spoke to the media as an expert on Anonymous, and another man, called Barrett Brown, whom Topiary would deal with more closely in the coming weeks.
Eventually, Laurelai introduced herself.
“Hi,” Laurelai said when she first entered that morning.
“Ahai,” said Marduk. “Welcome to where the shitstorm began.” Then he got down to business. “Laurelai, we can’t tie [HBGary Federal] to WikiLeaks for sure?” he asked.
“I already have,” she answered. “We got enough to smear the shit out of them.” That confirmation pleased Marduk.
“They are one strange company,” said Marduk. “Actually I’m sure it’s a government coverup.”
“The government uses these companies to do their dirty work,” Laurelai explained.
The WikiLeaks connection Laurelai had found conveniently segued with the modus operandi of Operation Payback, making it look almost as if Anonymous had planned it all.
“*Kayla cuddles Laurelai :3 So much <3,” Kayla wrote with her usual cheerfulness.
“Haha,” Topiary said. “Women on the Internet.”
“You hear about HBGary being contracted by Bank of America to attack WikiLeaks?” Kayla told a rare newcomer to the #HQ chat room, proud to provide the news.
“Seriously?” the person answered. “Fuck this shit’s deep.”
“Fallen right off the diving board and drowned,” said Topiary. “That’s how deep it goes.”
Eventually, the group had to talk about what they would do next. After being away for about a week, Sabu was back online, claiming he had a new laptop and eager to discuss future hits.
“So are we going to focus on AnonLeaks, or should I start looking for targets?” he asked the group. He had been up for the last two days and was exhausted but wanted to make progress and hit more digital security firms. “HBGary was the tip of the iceberg.”
Overshadowing everything was a growing sense of unease about the authorities and, worse, spies and snitches from anti-Anonymous hackers like The Jester and his crew. They came to believe that HBGary Inc.’s Greg Hoglund had come onto AnonOps under a different alias, trying to track down Topiary and Marduk.
But one of the most prominent people criticizing Anonymous at that moment was doing so through Twitter, under the username @FakeGreggHoush. No one in #HQ knew the real person behind this account, which was created on February 16, the day after their HBGary e-mails viewer went live. This person was constantly making biting remarks and even threatening to expose the real names of the HBGary attackers on a specific upcoming date: March 19. @FakeGreggHoush was actually Jennifer Emick, the former Anon from Chanology who hated the real Gregg Housh and who, after breaking away from Anonymous, had begun her own campaign against it with a few online friends.
Another five Twitter accounts soon appeared, all equally spiteful and all claiming publicly to know who Topiary really was. They were not just making these claims to Topiary, but to the whole Anon community and anyone who followed it. A few tweeted to news reporters that he was leading Anonymous. “Troll Anonymous hard enough and they name one of their own,” one proclaimed. “Who will be first?” Another said, “Topiary, we are outside your flat, taking pictures, we will send you a few, just so you know we aren’t full of shit.” Topiary replied by asking for high-quality prints. Reading the tweets was like being poked with a blunt pencil. It didn’t hurt, but it was increasingly distracting. The fact was, anyone who really wanted to dox the HBGary hackers could make himself more dangerous than the FBI, especially if driven by a personal vendetta.
“How much info do you have available on the Internet about yourself, Marduk?” Topiary asked. “I mean deep, like little personal tidbits from like 10 years.”
“All, but not as Marduk,” he said. “And nobody, absolutely nobody on AnonOps knows who I am.”
“Just be careful,” Sabu said. “Can’t afford to lose any of you guys.”
Sabu was also worried about his own safety. While Topiary could rest assured that his real name, Jake Davis, was nowhere on the Web in connection with him, Sabu knew that “Hector Monsegur” was dotted around the Internet. Also, from what little information the team members were sharing with one another, Sabu believed (correctly) that he was the only HBGary hacker who lived in the United States. This meant the FBI was almost certainly on his tail. He gave Topiary a Google Voice number and asked him to call it every day, without fail. The first time Topiary did, he noted a heavy New York accent and a surprisingly young-sounding voice.
“Hey,” Sabu answered.
“Hello,” said Topiary. It was the first time they were speaking to each other in voice, and while it was awkward at first, they soon had a normal conversation. Afterward, Sabu would always answer with a coded greeting that was an homage to an Internet meme: “This is David Davidson.” Sometimes he would answer the phone while he was driving; other times he’d be at home, the sound of TV or his two daughters playing in the background. Sabu made sure his Google Voice number was bounced through several servers all over the world before it finally got to his BlackBerry. His voice always sounded clear, though.
As the immensity of their heist made Sabu feel more paranoid, he also grew increasingly mistrustful of Laurelai, the newest member to #HQ. His irritation rose when he found out Laurelai had written up a manual for visitors to AnonOps about working in teams to carry out attacks similar to the one on HBGary.
“Remove that shit from existence,” he said. There were no hierarchy, leadership, or defined roles in Anonymous and so no need for an operations manual. “Shit like this is where the Feds will get American Anons on Rico abuse act and other organized crime laws.”
Laurelai began arguing with Sabu about how HBGary had been carried out, saying the hackers should have taken their time to exploit more internal info from the company. But Sabu was having none of it. Keenly aware of his group’s reputation and image and ever fearful of getting caught, he pointed out that an operations doc that gave guidelines for hitting other websites was no different from the proposals Aaron Barr had been creating on hitting WikiLeaks and the chamber of commerce.
“It makes us look like hypocrites,” he said. “Who the fuck is Laurelai and why is he/she/it questioning our owning of HBGary?…Who invited you anyway?” Sabu said he felt the channel was being compromised and left.
Over the coming days the group of still roughly half a dozen people became increasingly distracted by theories about their enemies, a crew of people hanging out on another IRC network who they believed were plotting to dox and expose them. Who was this @FakeGreggHoush on Twitter? Topiary got hold of the real Gregg Housh on IRC and asked him if he knew. Housh suggested it was a woman from back in the Chanology days (three years ago—almost a lifetime in Internet years) named Jennifer Emick.<
br />
Topiary had never heard the name, but he drew up a document adding Jennifer Emick and a few people allegedly working with her and showed it to the others in #HQ. When Laurelai looked at the document, she suddenly grew nervous. These were all the people who had supported her Scientology Exposed website. And while she and Emick had fought and grown apart, they still talked from time to time. Laurelai believed that Emick was being framed by someone else, probably Housh. Recently, Emick had told Laurelai privately that Housh was acting as a puppet master for AnonOps and that he was trying to create chaos in the network. If anything, this was Housh’s hand at work, trying to turn AnonOps into his personal army against Emick and run things like he did in #marblecake, Laurelai reasoned. She had no idea that Emick’s real plans involved tracking down the people behind Anonymous and unmasking them publicly.
“Topiary, they aren’t behind it,” she said. “Something a lot more sinister is going on.” She called up the memories from Chanology and asked a weighty question. “Does anyone know what ‘marblecake’ means?”
There was silence. Nobody did. One person had vaguely heard the name and associated it with petty fighting over forums, something akin to a previous generation of Anonymous. Laurelai continued: “Jen’s a little weird, but she’s harmless.”
While the others quietly rolled their eyes, Laurelai began formulating a theory that she eventually came to fully believe: Gregg was trying to get back at her for an old vendetta in Chanology by implicating Jennifer Emick. This meant Emick was in danger of being attacked by Anon. Laurelai couldn’t help but feel convinced by the theory. She had just exposed Barr’s plot against WikiLeaks, hadn’t she? But she was also spending about twelve hours a day online while her mother looked after her two kids. The Internet was becoming her life, and it was hard not to let it take over.
Laurelai contacted Emick and blurted out the allegations, told her what Housh was up to, and said that she was in a private channel called #HQ with the HBGary hackers. Emick, sounding surprised, denied plotting anything.
“I don’t care about what’s going on in AnonOps,” Emick told Laurelai on the phone. “I have no idea what’s going on.” Laurelai took this information back to the others in #HQ as proof that Emick was not a saboteur and that all the rumors were Housh trying to “get at me.” Marduk and Topiary listened but were wary of the conspiracy theories. They were noise.
“Really this shit affects nothing,” Topiary concluded.
But it wasn’t over. Back on Twitter, the @FakeGreggHoush account started needling Laurelai, accusing her of being part of the group of people who had worked with Housh in the old Marblecake chat room (which was not true). That was the final straw. Laurelai wrote back on Twitter and said she had logs proving that she wasn’t talking to Gregg Housh and that she could provide them, privately, in exchange for new information about Housh to help her piece the conspiracy together and exonerate Emick. “The only thing I care about is protecting Jen and her friends,” Laurelai said. The Twitter account @FakeGreggHoush agreed.
Laurelai looked over the chat log she had been diligently keeping that noted everything said in #HQ for the past week and a half (from February 8 to February 19). She naively believed that if she showed them to whoever @FakeGreggHoush was, she would exonerate Emick and that no one would have to know she had leaked the chat logs. Laurelai copied the entire chat log, about 245 pages, and posted it on the web app Pastebin. She then sent a direct message on Twitter to @FakeGreggHoush, telling the person to take a look at the logs. Within a few minutes, Emick had copied the logs, and Laurelai, still oblivious, had deleted the Pastebin file.
“Holy shit,” Emick thought as she stared at the screen. She quickly started skimming the enormous chat log, the prize that had just been handed to her on a plate. Bizarrely, there was nothing that truly implicated Gregg Housh but plenty to implicate Sabu, Kayla, and Topiary in the attack on HBGary Federal. She started reading the huge log much more carefully.
Emick’s deceptions of Laurelai, as well as her alter ego as @FakeGreggHoush, were tactics aimed at outing the real people behind Anonymous. Emick had realized after HBGary that the best way to take Anonymous down was simply to show that people in it were not anonymous at all. All she had to do was find their real names. And thanks to Laurelai, she was about to find Sabu’s.
Part 2
Fame
Chapter 12
Finding a Voice
In mid-February of 2011, as Jennifer Emick dug into the HQ logs that Laurelai had handed her, Topiary was enjoying a newfound popularity on the AnonOps chat network. People on the network now knew that he had been involved in the HBGary attack and that he had hijacked Aaron Barr’s Twitter feed. For the Anons, this had been an epic raid, and Topiary was the Anon who knew how to make it fun, or “lulz-worthy.” Now, whenever Jake signed into AnonOps as Topiary, he got half a dozen private messages inviting him to join an operation, offering him logs from the CEO of a French security company, requesting that he intervene in a personal dispute, or asking his advice on publicity.
This was sort of like what was happening to Anonymous itself. Over the course of February, the public channels on AnonOps were inundated with requests from regular people outside the network asking what they thought was a group of organized hackers to hit certain targets. The requested sites included other digital security firms; individuals; government websites in Libya, Bahrain, and Iran; and, naturally, Facebook. None were followed up.
Most attacks came from discussions that occurred directly on AnonOps IRC, especially discussions between operators like Owen and Ryan. There was no schedule, no steps being taken. People would often start planning an op, run into a roadblock, and shelve it. Everything seemed to overlap. Topiary himself would rarely finish one project before moving onto another—he’d be writing deface messages one minute and the next start reading the Aaron Barr e-mails again.
After his recent invitation into #InternetFeds, Topiary was granted unusually high status in chat channels by operators. He would sometimes spend a whole day flitting between chat rooms, cracking jokes, then segueing into some serious advice on a side operation before going to bed, feeling fulfilled. It was better than the buzz he’d gotten from doing prank calls back on 4chan and unlike anything he had ever experienced in the real world, let alone in school. Operators and other hackers confirm that he came across as “charming” and “funny.” Being a talented writer was useful in a world where you communicated in text, and Topiary’s style had hints of mature world-weariness that appealed to Anons.
Topiary rarely interacted with people in the real world. There was the occasional visit to his family, a trip to the store, or a once-in-a-while meeting of some old friends in his town whom he knew from online gaming. Perhaps 90 percent of all his social interaction now took place online. And this suited him fine. He liked entertaining people, and soon he’d get to do the prank call of his life.
Starting in early January, many supporters in Anonymous had suggested going after the Westboro Baptist Church, a controversial Kansas-based religious group known for picketing the funerals of soldiers with giant signs blaring GOD HATES FAGS. They claimed God was punishing the United States because it “enabled” homosexuality. Westboro seemed like an obvious target for Anonymous, even though the church was practicing its right to free speech, something that Anonymous was supposed to fight for.
But soon enough, someone laid down the gauntlet. On February 18, out of the blue, a public letter was posted on AnonNews.org (anyone could post one on the site) issuing a threat with the flourish of unnecessarily formal language. “We have always regarded you and your ilk as an assembly of graceless sociopaths and maniacal chauvinists,” it told Westboro. “Anonymous cannot abide by this behavior any longer.” If the message was ignored, Westboro would “meet with the vicious retaliatory arm of Anonymous.” The letter ended with the “We are Anonymous, We are Legion” slogan. The first day, no one noticed the letter. The next day, however, someone from #Philosorapt
ors asked if anyone knew where it had come from. Nobody did. An empty threat that wasn’t followed up would make Anonymous look weak if the media picked up on it. One of the operators ran a search on all the network’s chat channels and found a secret, invite-only room called #OpWestboro. It looked like a couple of bored trolls had been trying to get some press attention.
To everyone’s chagrin, the trolls got it. The attack on HBGary had excited news reporters so much that any hint of an Anonymous threat suddenly had a veneer of credibility. Several news outlets, including tech site Mashable, reported on the latest Anonymous “threat,” updating their stories on the same day with a gleeful public riposte from Westboro. Megan Phelps-Roper, the curly-haired granddaughter of Westboro Baptist’s founder, Fred Phelps, quickly tweeted, “Thanks, Anonymous! Your efforts to shut up God’s word only serve to publish it further.…Bring it, cowards.” The church also posted an official flyer on its website in a screaming, bold font, headlined “Bring it!” and calling Anonymous “coward cry-baby ‘hackers,’” “a puddle of pimple faced nerds,” and adding that “nothing will shut-up these words—ever.” They were clearly reveling in the prospect of a dogfight.
About five writers in #Philosoraptors scrambled to write a new, official-sounding press release to douse the fire. “So we’ve been hearing a lot about some letter that we supposedly sent you this morning,” they said. “Problem is, we’re a bit groggy and don’t remember sending it.” Several news reports quickly picked this up. “It’s a Hoax,” cried PCWorld.com, “Anonymous Did Not Threaten Westboro Baptist Church.” Now people were getting confused. Was Anonymous going to attack Westboro Baptist Church or not? This troubled Topiary. He disliked the public confusion about what Anonymous was planning to do. He had seen it in December of 2010, when Anonymous said it would take down Amazon.com and then didn’t because of the squabbles with botmasters Civil and Switch. He didn’t want it to look like Anonymous had failed again.