by Parmy Olson
Chapter 26: The Real Sabu
Details about Sabu’s cooperation with police, and his criminal misdemeanors outside the world of Anonymous and LulzSec, were sourced from his criminal indictment and from a transcript of his August 5, 2011, arraignment in New York’s U.S. District Court. Further context and description was provided by an interview with a source who had knowledge of the FBI investigation of Sabu, as well as interviews with Anonymous hackers who had worked with Sabu in the months after LulzSec disbanded and during his time as an FBI informant. All sources claimed not to have known categorically that Sabu was an informant, though they had varying degrees of suspicion.
The description of Hector “Sabu” Monsegur was sourced from the Fox News report “Infamous International Hacking Group LulzSec Brought Down by Own Leader,” published on March 6, 2012, and from the New York Times story “Hacker, Informant and Party Boy of the Projects,” published on March 8, 2012.
Further descriptions of Sabu were sourced from my own conversations with him online and by telephone, from my observations of his Twitter feed, and from a leaked chat log between Sabu and hacker Mike “Virus” Nieves. The chat log was published on Pastebin on August 16, 2011, and entitled “sabu vs virus aka dumb & dumber part 2.”
The comprehensive dox of Sabu, which this time included a photo of Hector Monsegur, was posted by a white hat security researcher nicknamed Le Researcher, who pasted a variety of screenshots of e-mails, deface messages, and forum posts on http://ceaxx.wordpress.com/uncovered/.
The assertion that hacktivism is “extremely popular in Brazil” was sourced from a report by Imperva entitled “The Anatomy of an Anonymous Attack,” published in February of 2012, as well as from my own observations of the number of press reports about cyber attacks by Anonymous in Brazil.
Descriptions of and dialogue from Sabu’s interactions with sup_g, aka Jeremy Hammond, ahead of the Stratfor attack were sourced from Hector Monsegur’s criminal indictment, with further context, including details about his relations with WikiLeaks, taken from interviews with other hackers who took part in the Stratfor attack.
The reference to the New York Times article in which the FBI denied they had “let [the Stratfor] attack happen” is sourced from the story “Inside the Stratfor Attack,” published on the paper’s Bits blog on March 12, 2012.
Details about Donncha “Palladium” O’Cearrbhail hacking into the Gmail account of a member of the Irish national police to listen in on a call between the FBI and the Metropolitan Police were sourced from both O’Cearrbhail’s and Monsegur’s indictments.
Details about Monsegur passing himself off as a federal agent to the NYPD were sourced from his criminal indictment.
Chapter 27: The Real Kayla, the Real Anonymous
Descriptions of Ryan Mark Ackroyd were sourced from my observations of Ackroyd at his first court appearance, on March 16, 2012. Details about his younger sister, Kayleigh, were sourced from a directory search on Ryan Ackroyd’s name, which revealed the names of Ackroyd’s parents and siblings; the physical description of Kayleigh was sourced from her public Facebook account, as were the comments she posted on her brother Keiron’s Facebook wall.
The dates and basic details about the first and second arrests of Ryan Ackroyd were sourced from Metropolitan Police press releases for both incidents. Interview requests with the Metropolitan Police for further details about Ryan Ackroyd and the Met investigation into Anonymous generally were denied.
Details about the reaction in the Anonymous community to news that Sabu had been an informant for eight months were sourced from interviews with academic Gabriella Coleman, Jake Davis, and a handful of Anons, along with my observation of various Twitter feeds, blog posts, and comments on IRC channels frequented by Anonymous supporters.
Glossary
4chan: A popular online image board frequented by 22 million unique users a month. Originally billed as a place to discuss Japanese anime, it morphed into a meeting ground for the discussion of all manner of topics, including online pranks, or “raids,” against other websites or individuals (see chapters 2 and 3). A key feature is the forced anonymity of its users, who are thus able to post freely, fearing neither inhibition nor accountability.
Anonymous: A name that refers to groups of people who disrupt the Internet to play pranks or as a means of protest. Derived from the forced anonymity of users of the image board 4chan, it has evolved over the last five years to become associated with high-profile cyber attacks on companies and government agencies. With no clear leadership structure or rules of membership, it exists as a fluid collective of people who follow a loose set of principles derived from the 47 Rules of the Internet. The wider collective takes on various guises, depending on whoever happens to be endorsing the name at the time—e.g., the Chanology organizers of 2008 (see chapter 5) and the LulzSec hackers of 2011 (see chapter 17).
Antisec (Anti Security): A cyber movement started in the early 2000s in which black hat hackers campaigned to end the system of “full disclosure” among IT security professionals, often by attacking those same white hat professionals. LulzSec revived the movement in the summer of 2011, with the vague goal of attacking government agencies and figures of authority in a sometimes superficial effort to expose corruption.
/b/: The most popular board on 4chan, visited by about a third of the site’s users. /b/ was originally billed as the site’s “random” board by 4chan creator Christopher “moot” Poole. It ended up serving as a blank slate on which a host of creative Internet memes, such as Lolcats, were born, and is widely considered to be the birthplace of the Anonymous “hive-mind.” Many Anonymous supporters say they first found Anonymous through /b/. It is infamous for its lack of moderators.
Black hat: Someone who uses knowledge of software programming for malicious means, such as defacing a website or stealing databases of personal information for the purpose of selling it to others. A black hat is also referred to as a “cracker.”
Botnet: A network of so-called zombie computers that have been brought together by spreading a virus or links to bogus software updates. Botnets can be controlled by one person, who can order thousands, sometimes millions, of computers to carry out Web-based commands en masse.
Chanology: Also known as Project Chanology, this is the series of cyber attacks, protests, and pranks conducted by supporters of Anonymous throughout most of 2008 against the Church of Scientology, the name being a portmanteau of “4chan” and “Scientology.”
DDoS (Distributed Denial of Service): An attack on a website or other network resource carried out by a network of computers that temporarily knocks the site offline by overwhelming it with junk traffic. The attack can be carried out by a network of volunteers behind each computer (see “LOIC”) or a network whose computers have been hijacked to become part of a botnet.
Deface: When used as a noun, this term refers to the image and text that is published on a site that has been hacked, announcing that it is a target and the reason it has been attacked. When used as a verb, it means to vandalize a website.
Dox: When used as a verb, this term refers to the act of unearthing personal details, such as real names, phone numbers, and home addresses, usually through Google or social engineering. The resultant information is a person’s “dox.” Doxing is often thrown around as a threat in Anonymous and among hacker communities, which are inhabited by online personalities who use nicknames and almost never reveal their true identities.
Encyclopedia Dramatica: A website that chronicles much of the goings-on in Anonymous, including Internet memes, 4chan language, and online discussions among the more popular users of various blogs and IRC networks. The site is almost a parody of Wikipedia; it has the same look and is also edited by users, but its style is irreverent, profane, and occasionally nonsensical, filled with in jokes and links to other ED entries that only insiders can understand.
Hacker: A loosely defined term that, in the context of Anonymous, refers to someone who has the
technical skills to break into a computer network (see “black hat” and “white hat”). Generally speaking, the term can refer to a computer programming enthusiast or hobbyist who enjoys tinkering with internal systems and creating shortcuts and new systems.
Hacktivist: A portmanteau derived from “hacker” and “activist,” it refers to someone who uses digital tools to help spread a political or sociological message. Among the more illegal methods used are DDoS attacks, website defacements, and the leaking of confidential data.
Image board: An online discussion forum with loose guidelines in which users often attach images to help illustrate their comments. Also known as “chans,” they are easy to create and maintain. Certain image boards are known for specific topics, e.g., 420chan is known for its discussion of drugs.
IP (Internet Protocol) address: The unique number assigned to every device that is connected to a computer network or the Internet. Each IP address consists of four sets of numbers separated by periods.
IRC (Internet Relay Chat): Perhaps the most prevalent method of communication among supporters of Anonymous, IRC networks offer the kind of real-time text conversation that image boards cannot. IRC allows users to talk to one another within chat rooms, or “channels,” and have existed since the late 1980s. Each IRC network attracts communities who share a common interest, such as the AnonOps IRC, which attracts those interested in Anonymous. Network and channel “operators” moderate the discussions on these networks; such roles are seen as an indicator of high social status.
LOIC (low orbit ion cannon): Originally created as a stress-testing tool for servers, this open-source Web application has become popular among supporters of Anonymous as a digital weapon that, if used by enough people, can be used to carry out a DDoS attack on a website.
Lulz: An alteration of the abbreviation LOL (laugh out loud), this term is thought to have first appeared on an Internet Relay Chat network in 2003 in reaction to something funny. It now refers to the enjoyment felt after pursuing a prank or online disruption that leads to someone else’s embarrassment.
LulzSec: A splinter group of hackers who temporarily broke away from Anonymous in the summer of 2011 to pursue a series of more focused, high-profile attacks on companies like Sony and government agencies like the FBI. Founded by hacktivists nicknamed Topiary and Sabu, it had six core members and between a dozen and two dozen second-tier supporters at any one time.
Lurk: To browse a site, IRC network, or image board such as 4chan without posting for any length of time, often with the intent of learning the site’s culture so as not to stand out as a new user. Lurkers can be deemed unwelcome in certain IRC networks if they never contribute to discussions.
Meme: A catchphrase or image that has become inadvertently popular, thanks to the viral quality of the Internet, and whose meaning is typically lost on mainstream Web users. Often serving as in jokes for Anonymous supporters, many memes, such as “over 9000” or “delicious cake,” are sourced from old computer games or originate from discussions on /b/. Other examples: “Rick Rolling” and “pedobear.”
Moralfag: A label attached to either a 4chan user or an adherent of Anonymous who disagrees with the moral direction of a post, image, trolling method, idea, raid, or activity. Often used as a derogatory term.
Newfag: A user on 4chan’s /b/ who is either new or ignorant of the customs of the community.
Oldfag: A user on /b/ who understands the customs of the community, usually after spending years on the site.
OP (original poster): Anyone who starts a discussion thread on an image board. In 4chan culture, the OP is always called “a faggot.”
Pastebin: A simple but extremely popular website that allows anyone to store and publish text. The site has been increasingly used over the last two years by supporters of Anonymous as a means to publish stolen data, such as confidential e-mails and passwords from Web databases. It has also served as a platform for hackers to publish press releases, a method used by the Anonymous splinter group LulzSec during their hacking spree in the summer of 2011.
Rules of the Internet: A list of 47 “rules” that are thought to have originated from an IRC conversation in 2006, and from which the Anonymous tagline “We do not forgive, we do not forget” originates. The rules cover cultural etiquette on image boards such as 4chan and things to expect from online communities, such as an absence of women.
Script: A relatively simple computer program that is often used to automate tasks.
Script kiddie: A derogatory term used for someone who may hold ambitions to be a black hat hacker and who uses well-known and freely available Web tools, or “scripts,” to attack computer networks. Script kiddies often seek to boost their social status among friends by hacking.
Server: A computer that helps process access to central resources or services for a network of other computers.
Shell: A software interface that reads and executes commands. On certain vulnerable websites, a hacker can get a shell to a server on which the site is hosted, using its admin control panel, and the shell, as the new interface, then gives that hacker control of the site.
Social engineering: The act of lying to or speaking to a person in the guise of a false identity, or under false pretenses, in order to weed out information.
SQL injection: Also known as SQLi and sometimes pronounced “sequel injection,” this term refers to a method of gaining access to a vulnerable Web database by inserting special commands into that database, sometimes via the same web forms as the site’s normal users. The process is a way of acquiring information from a database that should be hidden from normal users.
Troll: A person who anonymously harasses or mocks another individual or group online, often by leaving comments on website forums or, in extreme cases, by hacking into social media accounts. When used as a verb, “trolling” can also mean spinning an elaborate lie. The goal is ultimately to anger or humiliate.
VPN (virtual private network): Network technology that provides remote, secure access over the Internet through a process known as tunneling. Many organizations use VPNs to enable their staff to work from home and connect securely to a central network. Hackers and supporters of Anonymous, however, use VPNs to replace their true IP addresses, allowing them to hide from authorities and others in the community.
White hat: Someone who knows how to hack into a computer network and steal information but uses that ability to help protect websites and organizations.
About the Author
Parmy Olson is the London bureau chief for Forbes magazine. She lives in London.
Contents
Title Page
Dedication
Before you read this book
Part 1: We Are Anonymous
Chapter 1: The Raid
Chapter 2: William and the Roots of Anonymous
Chapter 3: Everybody Get In Here
Chapter 4: Kayla and the Rise of Anonymous
Chapter 5: Chanology
Chapter 6: Civil War
Chapter 7: FIRE FIRE FIRE FIRE
Chapter 8: Weapons that Backfired
Chapter 9: The Revolutionary
Chapter 10: Meeting the Ninja
Chapter 11: The Aftermath
Part 2: Fame
Chapter 12: Finding a Voice
Chapter 13: Conspiracy (Drives Us Together)
Chapter 14: Backtrace Strikes
Chapter 15: Breaking Away
Chapter 16: Talking About a Revolution
Chapter 17: Lulz Security
Chapter 18: The Resurrection of Topiary and Tupac
Chapter 19: Hacker War
Chapter 20: More Sony, More Hackers
Chapter 21: Stress and Betrayal
Chapter 22: The Return of Ryan, the End of Reason
Chapter 23: Out with a Bang
Chapter 24: The Fate of Lulz
Part 3: Unmasked
Chapter 25: The Real Topiary
Chapter 26: The Real Sabu
Chapt
er 27: The Real Kayla, the Real Anonymous
Acknowledgments
Timeline
Notes and Sources
Glossary
