We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Page 22
Much of the drama between people in Anonymous stemmed from fights about status on an IRC chat room. Organizing things on the network was a bit like organizing a company in a headquarters building. Some rooms, like the boardroom, were designated well-known places where executives could discuss important issues. But important, deal-breaking events were just as likely to be muttered under the breath in the bathroom or at the local bar. It was similar on IRC, except here the entire building was constantly in flux, with rooms you could create out of thin air and destroy in a moment, where you could decide who entered, how many people could come inside, and what sort of speaking status each could have. There was never one channel where all the important things were discussed, and if there had been, it wouldn’t have been around for long. Anons were always switching from one network to another to prevent leaks like Laurelai’s, and hackers in particular rarely met on the same servers, networks, or channels for too long, lest someone snitch on them.
“I sometimes curse at the amount of channels,” said a member of the #HQ hacker team, AVunit. The hackers often needed to keep their rooms secret for security’s sake, and there were sometimes hundreds floating around on AnonOps. Of course, this made other Anons feel there was a hierarchy and that operations were being directed behind closed doors. (Not entirely wrongly.) Putting a +i or invited-only mode on a channel like #InternetFeds was like waving a red flag in front of a bull. “It makes people think the weirdest things” about what was really going on, AVunit said. And despite #HQ’s name, it wasn’t a headquarters for all of Anonymous. It was just a name one person had picked on a whim. Making a channel was like making coffee for everyone else in the group. People took turns.
There were different ways of getting into the secret channels. One idea of Aaron Barr’s had been to infect the LOIC program and then, under a new nickname, call out the infection to get himself into private coding channels. And you could be in multiple channels at once. By mid-March, Topiary himself was moving between twenty-three different AnonOps channels, including Command, OpMetalGear, OpNewBlood (for coaching new Anons), and StarFleetHQ, the channel that housed a massive botnet belonging to the AnonOps operator Ryan. Tflow was in more than fifty. People tried pretending to be one another but it often didn’t work since nicknames were registered with a password.
There was an array of symbols— ~, &, @, %, and +—used to show the status and power of each person in each channel; every symbol corresponded to one of the five levels of status. These status levels were known as channel owner, super op, admin op, half op, and voice. The sight of these seemingly innocuous icons could mean everything to people who were regularly on IRC because of what they allowed you to do. If you were an op (% or above) you could mute the majority of users who didn’t have a symbol by hitting +m. Someone with % could kick out anyone below their status. With @ you could edit a channel topic and ban people, while & could ban a user on sight.
The idea behind all this was to ensure IRC channels didn’t turn into a spam-fest. Unfortunately, power often went to people’s heads, and operators would squabble and kick out people they didn’t like. The ability to threaten permanent bans gave them the power to disrupt entire operations if they wanted.
No, the name of the female operator who had told new Anons that LOIC was legal and fine to use was known for regularly booting users out of the informal #lounge channel if they were spamming too much. It wasn’t clear if she did this just for kicks or because she was genuinely trying to maintain the peace. You didn’t have to own servers or have technical skills to become an Anonymous IRC operator. Rumor had it that No had gained her status by flirting with other male operators.
Many Anons hated or feared the IRC operators—they were like the bosses who didn’t deserve to be bosses. And the operators could get away with telling police that they were not part of Anonymous. The police came to No’s house in Las Vegas at 6:00 one morning in February. Mercedes Renee Haefer, who was nineteen at the time, answered the door in her pajamas to find police officers wearing vests and wielding guns. They raided her home, took two computers (one a Mac), an iPhone, and a router, all part of a sweep by the FBI to find people involved in Operation Payback and the attack on PayPal. When they found a mock-up flyer of her little sister with revolutionary imagery, part of a family joke, they asked with dead seriousness if it was an upcoming operation for Anonymous. She laughed and almost said yes.
Other Anons had been getting arrested too, mostly men in their midtwenties. On January 27, about a week before the HBGary attack, British police arrested five men in connection with the Operation Payback attacks on MasterCard, Visa, and PayPal. Two of them were alleged to be AnonOps operators: Christopher “Nerdo” Weatherhead, a plump twenty-year-old student from the city of Northampton in England, and “Fennic,” a skinny seventeen-year-old with long hair from South London whose suspected real name could not be published for legal reasons. By June of 2011, at least seventy-nine people in eight countries would be arrested in connection with Anonymous activities.
News of these early arrests in January, followed by persistent doxing by people like Emick, meant that Topiary’s primary concern was no longer what would happen to Anonymous if his small group went quiet. Others would find a way to carry the movement forward. If the IRC network collapsed, they would move back to image boards. If someone was arrested, more would join. Almost nothing had happened with Anonymous for two years until #savethepiratebay suddenly snowballed into WikiLeaks and thousands of newcomers started seeing a solid infrastructure to Anonymous. Then the buzz on AnonOps IRC had nearly died until HBGary magically came along. It was often just a matter of circumstances—major news events like WikiLeaks or a single clarion call on /b/ to fight Scientology.
Topiary marked his split from Anonymous with an elaborate getaway. He typed up a fake IRC chat log between two friends discussing how Topiary had been arrested and then made sure it was passed around until several people bought the story.
The complete fake log was long and full of typos, inept questions from “contact” about AnonOps to suggest he was new to the network, along with healthy skepticism from Marduk. The idea was to make the “friend” sound scared but never push the idea that Topiary had actually been arrested. If he left enough gaps, others would come up with the rumor themselves.
Topiary leaked the log to five trusted individuals, making sure each version was slightly different—an extra punctuation mark or a tiny difference in spelling. If the log ever leaked to a group like Backtrace, he would be able to pinpoint who had done it. Topiary changed his nickname to Slevin and, with a slightly heavy heart, whittled his contacts on Skype down to three unnamed people.
There was the sound of clattering as Jake put dishes in the sink, including a plate covered with crumbs from a fish pie he had just eaten. Still a frequent visitor to 4chan’s “cooking” board, he enjoyed making his own meals, particularly fish or meat pies. Turning on the water, he glanced out his kitchen window and noticed a police van parked on the road a few houses down. His heart raced. Quickly he went back to his laptop to let his small group know what was up.
“Back in 15,” he told AVunit under his new nickname, Slevin. He would not manage to keep the name for long; it just wasn’t how people knew him.
“Good luck and stay safe, Top.”
By the time Jake had signed out of his IRC channels and put his coat on, the
police van was gone. It was a sunny day, cold and brisk, with the usual wind carrying scented undertones of the salty sea. Jake put on his earphones and took the twenty-minute walk into town, his head lowered as usual, his shoulders slightly hunched. He glanced around for any sign of the police van. There was none.
He went to a café near a hill. Resplendent with leather chairs, wooden tables, and soft lighting, it was probably the most modern eatery in town. He ordered a latte to go and hiked to the top of the hill to sit in his usual thinking spot on finely cut grass, a place where he could drink and look out at the view. Next to him were a handful of iron-black cannons, used generations ago to blast holes into the ships of marauders trying to invade Shetland. Now they were quiet relics, their shells varnished with protective paint. He could have sat on one, but it felt somehow disrespectful.
He walked back. The police van was still nowhere to be seen. Most likely they had been there to check on the local druggies. Jake lived in a poor neighborhood, and the several heroin users next door often played loud music. One male resident had once been so high he had hung a heavy rug outside on the clothesline to dry even though it was raining. The next morning he wrestled it off the line and swung it around in an attempt to dry it even though it was now waterlogged beyond repair. When the druggies were being loutish or annoying, Topiary would redirect their wireless connection so every click would go to the Goatse shock site and then rename their WiFi connection heroin-hidden-under-the-house. In the past year, they hadn’t so much as thrown a beer can on his front lawn.
Jake stepped back into his house and went to his laptop. He got online and caught site of a news headline about Anonymous. It appeared that Anonymous had just declared war on Sony, an enormous target. This time he had no idea who was driving the attack, and he was completely fine with that, even happier to have stepped away from it all.
It was April 1 and a few Anons had just published a new digital flyer. “Congratulations, Sony,” it read. “You have now received the undivided attention of Anonymous.” This time, while Topiary was AWOL, 4chan vigilante William had jumped into the attack with gusto, his main role being to help dox Sony executives and their families as part of a side operation called SonyRecon. All of this was happening because earlier that spring, Sony had sued a hacker named George “Geohotz” Hotz after he had figured out how to jailbreak the until-then unhackable PlayStation 2 game console and then announced on his blog how people could download games onto their own systems for free. Age twenty-one at the time, Geohotz was already well known for jailbreaking Apple’s iPhone and iPad. Now Sony was accusing him of breaking the U.S. Computer Fraud and Abuse Act by hacking their console.
Over the next few days, Anons who had downloaded LOIC launched a DDoS attack on several Sony websites and its PlayStation Network (PSN) for gamers. The PlayStation Network then went offline, angering millions of gamers around the world.
William, who was usually skeptical of larger Anonymous raids, was inspired by this particular attack and the side operation he was working with. Already his team had dug up personal information on several Sony executives and their families, including Sony CEO Howard Stringer and his grown children.
“This is the most focused attack yet,” he enthused at the time in an interview. “The social engineers know their place and so do the hackers. This is one of the first times I’ll be working as part of a team, and knowing EXACTLY my role within that team.” He reasoned that Sony had treated Geohotz (“one of our own”) in a way that was anti-freedom, anti-expression, anti-individualism, and, thus, “anti-Anonymous.”
William did not mind that there were obvious tiers in Anonymous, with hackers and writers at the top and social engineers and LOIC users near the bottom. Each side rode on the other’s reputation—William scared his targets by claiming he was a hacker, and hackers could ride on the infamy of Anonymous because of the way less skilled people bandied the name around.
The DDoS attacks on Sony continued for several more days, and they became so unpopular that just before April 7, Anonymous announced it was calling them off.
“Anonymous is not attacking the PSN at this time,” a new press release said. “We realize that targeting the PSN is not a good idea. We have therefore temporarily suspended our action, until a method is found that will not severely impact Sony customers.”
Strangely, though, the downtime for the PlayStation Network continued, and gamers were furious. On April 22, Anonymous posted a new press release on AnonNews.org titled “For Once We Didn’t Do It.” The network had been down for almost three weeks now, and it was clearly not because of an ongoing DDoS attack.
Just as strange: Sony itself had been quiet for weeks. Finally, on May 2, the company made a startling announcement. There had been an “intrusion” to its network some time between April 17 and 19. Hackers had compromised personal and financial details of more than seventy-five million accounts with the PlayStation Network. This was a hack that affected tens of millions of people. Nobody in Anonymous was taking responsibility, and nobody on AnonOps seemed to know who had stolen all those user details. Yet by the end of that month, Sony had spent $171 million trying to patch the security breach, and within a few months, news outlets were reporting that Sony’s related costs from the breach could push past $1 billion.
Sony then wrote an explanatory letter to the U.S. House of Representatives. The cyber criminals, they said, had left a file marked “Anonymous” and “We are legion” in the system. It might have been a calling card or an attempt by criminal hackers to throw police off their scent, but in any case the news quickly removed any public legitimacy Anonymous had gained from its protests for WikiLeaks and the Middle East and from the information it had uncovered during its attack on HBGary.
At first, many Anons liked the notion that hackers had damaged Sony so drastically—but the taste was bittersweet. No one knew who had performed the heist, and there had been no official Anonymous statement—only a strange file left in secret. The whole affair had a dishonorable feel to it.
To make matters worse, AnonOps soon had internal problems to deal with, as word started spreading of a major leak on the network. A rogue operator had published a list of 653 nicknames and their IP addresses, the strings of numbers that if naked could lead police, Internet trolls, and anyone who knew how to use Google straight to the individuals’ doors. Once again the newbies, not the real hackers, were most at risk.
Almost immediately, AnonOps IRC became a ghost town. The hundreds of regular participants who’d been on the list were too scared to sign back on. Some retreated to other IRC networks like EFnet and Freenode, while some kept talking on blogs and forums. Anonymous was suddenly a diaspora with no natural meeting ground.
Former AnonOps admins, including Owen, Shitstorm, Blergh, and Nerdo, released an official statement saying they were “profoundly sorry for this drama” and urging visitors to stay away from the AnonOps IRC servers.
After two days the name of the culprit finally emerged. Ryan had been an IRC operator who used his servers to host two popular websites for Anonymous supporters. He was known for being a temperamental web administrator who got a kick out of hosting thousands of people on his servers, and as the guy who had told Topiary about faking the LOIC hive number back in January. He was also one of the rare handful of people who controlled a large botnet. Ryan was considered something of a loose cannon, and it seemed that as clashes with network operators became more bitter, he had gone off the rails.
Ryan should have expected repercussions, and they came when someone dredged up his real-life details. Ryan had allegedly begged Sabu to prevent his details from getting published. When that didn’t get him anywhere, he used his botnet to DDoS the AnonOps network and several other Anon-related websites. Despite this, on May 11, Ryan’s full name was published online, along with his home address in Essex, Great Britain, his age, cell phone number, Skype name, and the e-mail associated with his PayPal account—all presented on a simple black web page. The
doxer had listed his full name, correctly, as Ryan Cleary. The top of the document said “Doxed by Evo,” adding, “Shouts to Kayla, Sabu, Owen, #krack, #tr0ll and all of AnonOps.” Evo was someone who frequented Kayla’s IRC network, #tr0ll. As a few media outlets reported on a “civil war” in Anonymous, Ryan denied the details were true, claiming in one IRC chat that they were false details he had released himself three years prior.
Anonymous was starting to look like a joke. Operation Sony had been called off and then apparently hijacked by hackers who had tried to use it for cover. And now a former AnonOps operator had turned against the network too. Nobody was interested in raids and operations anymore, only in gossip, politics, and defending Anonymous’s reason for existing.
“Sony and Ryan may have capped an end to a crazy roller-coaster ride,” Topiary observed at that time. But while he was glad to be on his break from the ongoing drama, he was also talking to Sabu again. He couldn’t help feeling compelled to relive the whirlwind experience of the previous winter. If they got the HBGary hackers back together, they could show Anonymous something new, something that would be not only inspiring, but jaw-dropping.
Chapter 16
Talking About a Revolution
Distance from Anonymous meant Jake was getting real-life things done. His house had never been cleaner. To the left of his desk was a large notice board with paperwork and a calendar, and there was a thirty-eight-inch monitor to supplement his laptop. The couch in his living room was cleaned, and next to it was a table with cables stored neatly underneath. Psychology books were stacked on top, along with a James Patterson novel about wizards called The Gift. He had time to iron his clothes properly—no more creases that made him feel like he was wearing crumpled paper. Some of his recently washed clothes were hanging on a rack, soaking up the heat from a radiator that was inches away. It was spring but still bitterly cold outside.