We Are Anonymous Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
By Parmy Olson
Little, Brown and Company Copyright © 2012 Parmy Olson
All right reserved. ISBN: 9780316213547
We Are Anonymous
Across America on February 6, 2011, millions of people were settling into their couches, splitting open bags of nachos, and spilling beer into plastic cups in preparation for the year’s biggest sporting event. On that Super Bowl Sunday, during which the Green Bay Packers conquered the Pittsburgh Steelers, a digital security executive named Aaron Barr watched helplessly as seven people whom he’d never met turned his world upside down. Super Bowl Sunday was the day he came face-to-face with Anonymous.
By the end of that weekend, the word Anonymous had new ownership. Augmenting the dictionary definition of being something with no identifiable name, it seemed to be a nebulous, sinister group of hackers hell-bent on attacking enemies of free information, including individuals like Barr, a husband and a father of twins who had made the mistake of trying to figure out who Anonymous really was.
The real turning point was lunchtime, with six hours to go until the Super Bowl kickoff. As Barr sat on the living room couch in his home in the suburbs of Washington, D.C., dressed comfortably for the day in a t-shirt and jeans, he noticed that his iPhone hadn’t buzzed in his pocket for the last half hour. Normally it alerted him to an e-mail every fifteen minutes. When he fished the phone out of his pocket and pressed a button to refresh his mail, a dark blue window popped up. It showed three words that would change his life: Cannot Get Mail. The e-mail client then asked him to verify the right password for his e-mail. Barr went into the phone’s account settings and carefully typed it in: “kibafo33.” It didn’t work. His e-mails weren’t coming through.
He looked down at the small screen blankly. Slowly, a tickling anxiety crawled up his back as he realized what this meant. Since chatting with a hacker from Anonymous called Topiary a few hours ago, he had thought he was in the clear. Now he knew that someone had hacked his HBGary Federal account, possibly accessing tens of thousands of internal e-mails, then locked him out. This meant that someone, somewhere, had seen nondisclosure agreements and sensitive documents that could implicate a multinational bank, a respected U.S. government agency, and his own company.
One by one, memories of specific classified documents and messages surfaced in his mind, each heralding a new wave of sickening dread. Barr dashed up the stairs to his home office and sat down in front of his laptop. He tried logging on to his Facebook account to speak to a hacker he knew, someone who might be able to help him. But that network, with his few hundred friends, was blocked. He tried his Twitter account, which had a few hundred followers. Nothing. Then Yahoo. The same. He’d been locked out of almost every one of his Web accounts, even the online role-playing game World of Warcraft. Barr silently kicked himself for using the same password on every account. He glanced over at his WiFi router and saw frantic flashing lights. Now people were trying to overload it with traffic, trying to jam their way further into his home network.
He reached over and unplugged it. The flashing lights went dead.
Aaron Barr was a military man. Broad shouldered, with jet-black hair and heavy eyebrows that suggested distant Mediterranean ancestors, he had signed up for the U.S. Navy after taking two semesters of college and realizing it wasn’t for him. He soon became a SIGINT, or signals intelligence, officer, specializing in a rare assignment, analytics. Barr was sent abroad as needed: four years in Japan, three in Spain, and secondments all over Europe, from Ukraine to Portugal to Italy. He was stationed on amphibious warships and got shot at on land in Kosovo. The experience made him resent the way war desensitized soldiers to human life.
After twelve years in the navy he picked up a job at defense contractor Northrop Grumann and settled down to start a family, covering over his navy tattoos and becoming a company man. He got a break in November 2009 when a security consultant named Greg Hoglund asked Barr if he wanted to help him start a new company. Hoglund was already running a digital security company called HBGary Inc., and, knowing Barr’s military background and expertise in cryptography, he wanted him to start a sister company that would specialize in selling services to the United States government. It would be called HBGary Federal, and HBGary Inc. would own 10 percent. Barr jumped at the chance to be his own boss and see more of his wife and two young children by working from home.
He relished the job at first. In December 2009, he couldn’t sleep for three nights in a row because his mind was racing with ideas about new contracts. He’d get on his computer at 1:30 a.m. and e-mail Hoglund with some of his thoughts. Less than a year later, though, none of Barr’s ideas was bringing in any money. Barr was desperate for contracts, and he was keeping the tiny company of three employees afloat by running “social media training” for executives, bringing in twenty-five thousand dollars at a time. These were not lessons in how to maintain friendships on Facebook but in how to use social networking sites like Facebook, LinkedIn, and Twitter to gather information on people—as spying tools.
In October 2010, salvation finally came. Barr started talking to Hunton & Williams, a law firm whose clients—among them the U.S. Chamber of Commerce and Bank of America—needed help dealing with opponents. WikiLeaks, for example, had recently hinted at a trove of confidential data it was holding from Bank of America. Barr and two other security firms made PowerPoint presentations that proposed, among other things, disinformation campaigns to discredit WikiLeaks-supporting journalists and cyber attacks on the WikiLeaks website. He dug out his fake Facebook profiles and showed how he might spy on the opponents, “friending” Hunton & Williams’s own staff and gathering intelligence on their personal lives. The law firm appeared interested, but there were still no contracts come January 2011, and HBGary Federal needed money.
Then Barr had an idea. A conference in San Francisco for security professionals called B-Sides was coming up. If he gave a speech revealing how his social media snooping had uncovered information on a mysterious subject, he’d get newfound credibility and maybe even those contracts.
Barr decided that there was no better target than Anonymous. About a month prior, in December 2010, the news media exploded with reports that a large and mysterious group of hackers had started attacking the websites of MasterCard, PayPal, and Visa in retaliation for their having cut funding to WikiLeaks. WikiLeaks had just released a cache of thousands of secret diplomatic cables, and its founder and editor in chief, Julian Assange, had been arrested in the U.K., ostensibly for sexual misconduct.
Hackers was a famously imprecise word. It could mean enthusiastic programmer, it could mean cyber criminal. But people in Anonymous, or Anons, were often dubbed hacktivists—hackers with an activist message. From what anyone could tell, they believed all information should be free, and they might just hit your website if you disagreed. They claimed to have no structure or leaders. They claimed they weren’t a group but “everything and nothing.” The closest description seemed to be “brand” or “collective.” Their few rules were reminiscent of the movie Fight Club: don’t talk about Anonymous, never reveal your true identity, and don’t attack the media, since they could be purveyors of a message. Naturally, anonymity made it easier to do the odd illegal thing, break into servers, steal a company’s customer data, or take a website offline and then deface it. Stuff that could saddle you with a ten-year prison term. But the Anons didn’t seem to care. There was strength and protection in numbers after all, and they posted their ominous tagline on blogs, hacked websites, or wherever they could:
We are Anonymous
We are Legion
We do not forgive
We do not forget
Their digital flyers and messages featured a logo of a headless, suited man surrounded by U.N.-style peace branches, supposedly based on the surrealist painting of a man with a bowler hat and apple by René Magritte. Often it included the leering mask of Guy Fawkes, the London revolutionary embellished in the movie V for Vendetta and now the symbol of a faceless rebel horde. Anonymous was impossible to quantify, but this wasn’t just dozens or even hundreds of people. Thousands from all over the world had visited its main chat rooms in December 2010 to take part in its attacks on PayPal, and thousands regularly visited Anonymous-related blogs and new sites like AnonNews.org. Everyone in the cyber security field was talking about Anonymous, but no one seemed to know who these people were.
Barr was intrigued. He had watched the world’s attention to this mysterious group grow and seen reports of dozens of raids and arrests in the United States and Europe. Yet no one had been convicted, and the group’s leaders had not been tracked down. Barr believed he could do better than the Federal Bureau of Investigation—maybe help the FBI, too—with his social media snooping expertise. Going after Anonymous was risky, but he figured if the collective turned on him, the worst they could do was take down the website of HBGary Federal for a few hours—a couple of days, tops.
He had started by lurking in the online chat rooms where Anonymous supporters congregated and creating a nickname for himself, first AnonCog, then CogAnon. He blended in, using the group’s lingo and pretending to be a young new recruit eager to bring down a company or two. On the side, he’d quietly note the nicknames of others in the chat room. There were hundreds, but he paid attention to the frequent visitors and those who got the most attention. When these people left the chat room, he’d note the time, too. Then he’d switch to Facebook. Barr had created several fake Facebook personas by now and had “friended” dozens of real-world people who openly claimed to support Anonymous. If one of those friends suddenly became active on Facebook soon after a nickname had exited the Anonymous chat room, Barr figured he had a match.
By late January, he was putting the finishing touches on a twenty-page document of names, descriptions, and contact information for suspected Anonymous supporters and leaders. On January 22, 2011, Barr sent an e-mail to Hoglund and HBGary Inc. co-president Penny Leavy (who was also Hoglund’s wife) and Barr’s second in command, Ted Vera, about his now forthcoming talk at B-Sides on Anonymous. The big benefit of the talk would be the press attention. He would also tell a few people in Anonymous, under a false persona, about the research of a “so-called cyber security expert” named Aaron Barr..
“This will generate a big discussion in Anonymous chat channels, which are attended by the press,” Barr told Hoglund and Leavy. Ergo, more press about the talk. “But,” he added, “it will also make us a target. Thoughts?”
Hoglund’s reply was brief: “Well, I don’t really want to get DDoS’d, so assuming we do get DDoS’d then what? How do we make lemonade from that?” Hoglund was refering to a distributed denial of service attack, which described what happened when a multitude of computers were coordinated to overwhelm a site with so much data that it was temporarily knocked offline. It was Anonymous’s most popular form of attack. It was like punching someone in the eye. It looked bad and it hurt, but it didn’t kill you.
Barr decided the best thing to do was reach out directly to the press before his talk. He contacted Joseph Menn, a San Francisco–based reporter for the Financial Times, offering an interview about how his data could lead to more arrests of “major players” in Anonymous. He gave Menn a taste of his findings: of the several hundred participants in Anonymous cyber attacks, only about thirty were steadily active, and just ten senior people managed most of the decisions. Barr’s comments and the story of his investigation suggested for the first time that Anonymous was a hierarchy and not as “anonymous” as it thought. The paper ran the story on Friday, February 4, with the headline “Cyberactivists Warned of Arrest,” and quoted Barr.
Barr got a small thrill from seeing the published article and e-mailed Hoglund and Leavy with the subject line, “Story is really taking shape.”
“We should post this on the front page, throw out some tweets,” Hoglund replied. “‘HBGary Federal sets a new bar as private intelligence agency.’ The pun on bar is intended lol.”
By the end of Friday, detectives from the FBI’s e-crime division had read the article and contacted Barr asking if he wouldn’t mind sharing his information. He agreed to meet them Monday, the day after the Super Bowl. At around the same time, a small group of hackers with Anonymous had read the story, too.
They were three people, in three different parts of the world, and they had been invited into an online chat room. Their online nicknames were Topiary, Sabu, and Kayla, and at least two of them, Sabu and Topiary, were meeting for the first time. The person who had invited them went by the nickname Tflow, and he was also in the room. No one here knew anyone else’s real name, age, sex, or location. Two of them, Topiary and Sabu, had only been using their nicknames on public chat rooms for the last month or two. They knew snippets of gossip about one another, and that each believed in Anonymous. That was the gist of it.
The chat room was locked, meaning no one could enter unless invited. Conversation was stilted at first, but within a few minutes everyone was talking. Personalities started to emerge. Sabu was assertive and brash, and he used slang like yo and my brother. None of the others in the room knew this, but he was a born-and-bred New Yorker of Puerto Rican descent. He had learned to hack computers as a teenager, subverting his family’s dial-up connection so they could get Internet access for free, then learning more tricks on hacker forums in the late 1990s. Around 2001, the nickname Sabu had gone underground; now, almost a decade later, it was back. Sabu was the heavyweight veteran of the group.
Kayla was childlike and friendly but fiercely smart. She claimed to be female and, if asked, sixteen years old. Many assumed this was a lie. While there were plenty of young hackers in Anonymous, and plenty of female supporters of Anonymous, there were very few young hackers who were female. Still, if it was a lie, it was elaborate. She was chatty and gave away plenty of colorful information about her personal life: she had a job in her salon, babysat for extra money, and took vacations in Spain. She even claimed Kayla was her real name, kept as a “fuck you” to anyone who dared try to identify her. Paradoxically, she was obsessive about her computer’s privacy. She never typed her real name into her netbook in case it got key-logged, had no physical hard drive, and would boot up from a tiny microSD card that she could quickly swallow if the police ever came to her door. Rumor even had it that she’d stabbed her webcam with a knife one day, just in case someone took over her PC and filmed her unaware.
Topiary was the least skilled of the group when it came to hacking, but he had another talent to make up for it: his wit. Cocksure and often brimming with ideas, Topiary used his silver tongue and an unusual knack for public promotion to slowly make his way up the ladder of secret planning rooms in the Anonymous chat networks. While others strained to listen at the door, Topiary got invited right in. He had become so trusted that the network operators asked him to write the official Anonymous statements for each attack on PayPal and MasterCard. He had picked his nickname on a whim. The low-budget time travel film Primer had been a favorite, and when he found out its director was working on a new film called A Topiary, he decided he liked the word, oblivious to its definition of clipped ornamental shrubs.
Tflow, the guy who’d brought everyone here, was a skilled programmer and mostly quiet, a person who strictly followed the Anonymous custom of never talking about himself. He had been with Anonymous for at least four months, a good amount of time to understand its culture and key figures within it. He knew the communications channels and supporting cast of hackers better than most. Fittingly, he got down to business. Someone had to do something about this Aaron Barr and his “research.” Barr had claimed there were leaders in Anonymous, which wasn’t true. That meant his research was probably wrong. Then there was that quote from the Financial Times story saying Barr had “collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.”
This now posed another problem: if Barr’s data was actually right, Anons could be in trouble. The group started making plans. First, they had to scan the server that ran the HBGary Federal website for any source code vulnerabilities. If they got lucky, they might find a hole they could enter, then take control and replace Barr’s home page with a giant logo of Anonymous and a written warning not to mess with their collective.
That afternoon, someone looked up “Aaron Barr” on Google and came up with his official company portrait: swept-back hair, suit, and a keen stare at the camera. The group laughed when they saw the photo. He looked so…earnest, and increasingly like fresh meat. Then Sabu started scanning HBGaryFederal.com for a hole. It turned out Barr’s site ran on a publishing system created by a third-party developer, which had a major bug. Jackpot.
Though its job was to help other companies protect themselves from cyber attacks, HBGary Federal itself was vulnerable to a simple attack method called SQL injection, which targeted databases. Databases were one of the many key technologies powering the Internet. They stored passwords, corporate e-mails, and a wide variety of other types of data. The use of Structured Query Language (SQL, commonly mispronounced “sequel”) was a popular way to retrieve and manipulate the information in databases. SQL injection worked by “injecting” SQL commands into the server that hosted the site to retrieve information that should be hidden, essentially using the language against itself. As a result, the server would not recognize the typed characters as text, but as commands that should be executed. Sometimes this could be carried out by simply typing out commands in the search bar of a home page. The key was to find the search bar or text box that represented a weak entry point.
This could be devastating to a company. If DDoSing meant a sucker punch, SQL injection was secretly removing someone’s vital organs while they slept. The language it required, a series of symbols and key words like “SELECT,” “NULL,” and “UNION,” were gibberish to people like Topiary, but for Sabu and Kayla they rolled off the tongue.
Now that they were in, the hackers had to root around for the names and passwords of people like Barr and Hoglund, who had control of the site’s servers. Jackpot again. They found a list of usernames and passwords for HBGary employees. But here was a stumbling block. The passwords were encrypted, or “hashed,” using a standard technique called MD5. If all the administrative passwords were lengthy and complicated, it might be impossible to crack them, and the hackers’ fun would have come to an end.
Sabu picked out three hashes, long strings of random numbers corresponding to the passwords of Aaron Barr, Ted Vera, and another executive named Phil Wallisch. He expected them to be exceptionally tough to unlock, and when he passed them to the others on the team, he wasn’t surprised to find that no one could crack them. In a last-ditch attempt, he uploaded them to a Web forum for password cracking that was popular among hackers—Hashkiller.com. Within a couple of hours all three hashes had been cracked by random anonymous volunteers. The result for one of them looked exactly like this:
Right there at the end of the string of letters and numbers was Aaron Barr’s password. When they tried using kibafo33 to access his HBGary Federal e-mails hosted by Google Apps, they got in. The group couldn’t believe their luck. By Friday night they were watching an oblivious Barr exchange happy e-mails with his colleagues about the Financial Times article.
On a whim, one of them decided to check to see if kibafo33 worked anywhere else besides Barr’s e-mail account. It was worth a try. Unbelievably for a cyber security specialist investigating the highly volatile Anonymous, Barr had used the same easy-to-crack password on almost all his Web accounts, including Twitter, Yahoo!, Flickr, Facebook, even World of Warcraft. This meant there was now the opportunity for pure, unadulterated “lulz.”
Lulz was a variation of the term lol—“laugh out loud”—which had for years been tagged onto the end of lighthearted statements such as “The pun on bar is intended lol.” A more recent addition to Web parlance, lulz took that sentiment further and essentially meant entertainment at someone else’s expense. Prank-calling the FBI was lol. Prank-calling the FBI and successfully sending a SWAT team to Aaron Barr’s house was lulz.
The group decided that they would not swoop on Barr that day or even the next. They would take the weekend to spy on him and download every e-mail he’d ever sent or received during his time with HBGary Federal. But there was a sense of urgency. As they started browsing, the team realized Barr was planning to meet with the FBI the following Monday. Once they had taken what they could, it was decided all hell would break loose at kickoff on Super Bowl Sunday. There were sixty hours to go.
Saturday started off as any other for Barr. Relaxing and spending time with his family, sending and receiving a few e-mails from his iPhone over breakfast, he had no idea that an Anonymous team of seven was busy delving into his e-mails, or how excited they were with what they had stumbled upon. Their latest find: Barr’s own research on Anonymous. It was a PDF document that started with a decent, short explanation of what Anonymous was. It listed websites, a timeline of recent cyber attacks, and lots of nicknames next to real-life names and addresses. The names Sabu, Topiary, and Kayla were nowhere to be seen. At the end were hasty notes like “Mmxanon—states…ghetto.” It looked unfinished. As they gradually realized how Barr had been using Facebook to try to identify real people, it looked like he had no idea what he was doing. It looked like Barr might actually point the finger at some innocent people.
In the meantime, Tflow had downloaded Barr’s e-mails onto his server, then waited about fifteen hours for them to compile into a torrent, a tiny file that linked to a larger file on a host computer somewhere else, in this case HBGary’s. It was a process that millions of people across the world used every day to download pirated software, music, or movies, and Tflow planned to put his torrent file on the most popular torrenting site around: The Pirate Bay. This meant that soon, anyone could download and read more than forty thousand of Aaron Barr’s e-mails.
That morning, with about thirty hours until kickoff, Barr ran some checks on HBGaryFederal.com and, just as he had expected, saw it was getting more traffic than usual. That didn’t mean more legitimate visitors, but the beginnings of a DDoS attack from Anonymous. It wasn’t the end of the world, but he logged into Facebook under the fake profile Julian Goodspeak to talk to one of his Anon contacts, an apparently senior figure who went by the nickname CommanderX. Barr’s research and discussions with CommanderX had led him to believe his real name was “Benjamin Spock de Vries,” though this was not accurate. CommanderX, who had no idea that a small group of hackers was already in Barr’s e-mails, responded to Barr’s instant message. Barr was asking politely if CommanderX could do something about the extra traffic he was getting.
“I am done with my research. I am not out to get you guys,” Barr explained. “My focus is on social media vulnerabilities.” Barr meant that his research was merely trying to show how organizations could be infiltrated by snooping on the Facebook, Twitter, and LinkedIn profiles of their members.
“Not my doing,” CommanderX said honestly. He had taken a look at the HBGary Federal website and pointed out to Barr that, in any case, it looked vulnerable. “I hope you are being paid well.”
Sunday morning, with eleven hours till kickoff, Tflow was done collating all of Barr’s e-mails and those of the two other executives, Vera and Wallisch. The torrent file was ready to publish. Now came the pleasure of telling Barr what they had just done. Of course, to play this right, the hackers wouldn’t tell him everything immediately. Better lulz would come from toying with him first. By now they had figured out that Barr was using the nickname CogAnon to talk to people in Anonymous chat rooms, and that he lived in Washington, D.C.
“We have everything from his Social Security number, to his career in the military, to his clearances,” Sabu told the others, “to how many shits a day he takes.”
At around 8:00 a.m. eastern standard time on Sunday morning, they decided to make him a little paranoid before the strike. When Barr entered the AnonOps chat network as CogAnon, Topiary sent him a private message.
“Hello,” said Topiary.
“Hi,” CogAnon replied.
In another chat window Topiary was giving a running commentary to other Anons who were laughing at his exploits. “Tell him you’re recruiting for a new mission,” Sabu said.
“Be careful,” said another. “He may get suspicious quickly.”
Topiary went back into his conversation with the security specialist, still pretending to believe CogAnon was a real Anonymous supporter. “We’re recruiting for a new operation in the Washington area. Interested?”
Barr paused for twenty seconds. “Potentially. Depends on what it is,” he said.
Topiary pasted the response in the other chat room.
“Hahahahhaa,” said Sabu.
“Look at that faggot trying to psyops me out of info,” Topiary said, referring to the tactics of psychological warfare. The word faggot was a word so liberally used in Anonymous that it wasn’t even considered a real insult.
“I take it from your host that you’re near where our target is,” Topiary told Barr.
Back in Washington, D.C., Barr held his breath. “Is it physical or virtual?” he typed back, knowing full well it was virtual but at a loss for what else to say. “Ah yeah…I am close…” How exactly could they have figured out he lived in D.C.?
“Virtual,” Topiary replied. “Everything is in place.”
Topiary relayed this again to the Anons. “I’d laugh so hard if he sends an e-mail about this,” he told them.
They couldn’t believe what they were reading. “THIS GUY IS A FUCKING DICK,” Sabu exclaimed.
“I want to rape his anus,” Topiary replied. “Raping” servers was typically a way to describe a hack into its network. Tflow made a new chat room in the Anonymous chat network called #ophbgary and invited Topiary to join it.
“Guys,” a hacker named Avunit piped up. “Is this really happening? Because this shit is awesome.”
Back in the conversation, Barr tried to sound helpful. “I can be in the city within a few hours…depending on traffic lol.”
Topiary decided to give him another fright: “Our target is a security company,” he said. Barr’s stomach turned. Okay, so this meant Anonymous was definitely targeting HBGary Federal. He opened up his e-mail client and quickly typed out an e-mail to other HBGary managers, including Hoglund and Penny Leavy.
“Now we are being directly threatened,” he wrote. “I will bring this up with the FBI when I meet them tomorrow.” Sabu and the others quietly watched him send it.
He clicked back into the chat with Topiary. “Ok well just let me know,” he wrote. “Not sure how I can still help though?”
“That depends,” Topiary said. “What skills do you have? We need help gathering info on Ligatt.com security company.”
Barr let out a long breath of relief. Ligatt was in the same line of work as HBGary Federal, so it looked (for now at least) like his company was not the target after all.
“Ahhhh ok let me check them out,” Barr replied almost gratefully. “It’s been a while since I have looked at them. Anything specific?” At this point he seemed happy to do anything that would keep HBGary from being a target, even if he was just playing along.
There was no reply.
He typed, “I didn’t realize they were local to D.C.”
A minute later he added, “Man I am racking my brain and I can’t remember why they were so popular a while back. I remember their [sic] being a lot of aggression towards them.”
“You still there?” Barr asked.
Topiary had gone back to planning with the others. There wasn’t much time left and he had to write the official Anonymous message that would replace the home page of HBGaryFederal.com.
About forty-five minutes later, Topiary finally replied. “Sorry about that—stay tuned.”
“Ok,” Barr wrote.
A few hours later and it was lunchtime, about six hours until the Super Bowl kickoff, with Barr sitting in his living room and staring in dreadful fascination at his phone after realizing he’d just been locked out of his e-mails. When he ran upstairs to try talking to CommanderX again on Facebook, he’d been locked out of that, too. When he saw that his Twitter account was under someone else’s control, it hit him how serious this was, and how potentially very embarrassing.
He picked up the phone and called Greg Hoglund and Penny Leavy to let them know what was going on. Then he called his IT administrators, who said they would contact Google to try to regain control of HBGaryFederal.com. But there was nothing they could do about the stolen e-mails.
At 2.45 p.m., Barr got another message from Topiary: “Right, something will be happening tonight. How available are you throughout the evening?” There were just a few more hours to go, and he wanted Barr to have a front-row seat to the end of his career.
As Sunday evening drew near on the eastern seaboard, the Anons, in their own homes and time zones around the world, got ready to pounce. Cowboys Stadium in Arlington, Texas, started filling up. There were a few songs from the Black Eyed Peas, and Christina Aguilera muddling the words to the national anthem. Finally, the coin toss. A player from the Green Bay Packers drew back his foot and kicked the pigskin across the field.
On the other side of the Atlantic, Topiary watched on his laptop as the football flew through the sky. Sitting in his black leather gaming chair, a giant pair of headphones resting on his hair, he swiftly opened up another window and logged into Barr’s Twitter account. He had locked Barr out six hours ago with the kibafo33 password and with the Super Bowl finally underway he started posting from it. He felt no inhibition, no sense of holding back from this man. He would let Barr have it: “Okay my fellow Anonymous faggots,” he wrote from Barr’s Twitter account, “we’re working on bringing you the finest lulz as we speak. Stay tuned!”
Then: “Sup motherfuckers, I’m CEO of a shitty company and I’m a giant media-whoring cunt. LOL check out my nigga Greg’s site: rootkit.com.” These were statements that Topiary would never have said out loud, or face-to-face with Barr. In real life he was quiet, polite, and rarely swore.
Rootkit.com was Hoglund’s website specializing in the latest research on programming tools that gave root access to a computer network. Ironically, Sabu and Kayla now had system administrator access, or “root” on rootkit.com, too. This was because Barr had been an administrator of the company’s e-mail system, meaning “kibafo33” let them reset the passwords of other in-boxes, including Hoglund’s.
Once he got into Hoglund’s in-box, Sabu had sent out an e-mail as Hoglund to one of HBGary’s IT administrators, a Finnish security specialist named Jussi Jaakonaho. Sabu was looking for root access to rootkit.com.
“im in europe and need to ssh into the server,” Sabu wrote in the e-mail to Jaakonaho, using lowercase letters to suggest he was in a rush. SSH stood for “secure shell” and referred to a way of logging into a server from a remote location. When Jaakonaho asked if Hoglund (Sabu) was on a public computer, Hoglund (Sabu) said, “no I dont have the public ip with me at the moment because im ready for a small meeting and im in a rush. if anything just reset my password to changeme123 and give me public IP and ill ssh in and reset my pw [password].”
“Ok,” Jaakonaho replied. “Your password is changeme123.” He added, with a smiley face, “In Europe but not in Finland?”
Sabu played along. “if I can squeeze out the time maybe we can catch up…ill be in germany for a little bit. thanks.” The password didn’t even work right away, and Sabu had to e-mail Jaakonaho a few more times with questions, including whether his own username was “greg or?” before Jaakonaho explained it was “hoglund.” Sabu got in. This was a prime example of social engineering, the art of manipulating someone into divulging secret information or doing something they normally wouldn’t.
Now Sabu and Kayla had complete control of rootkit.com. First they took the usernames and passwords of anyone who had ever registered on the site, then deleted its entire contents. Now it was just a blank page reading “Greg Hoglund = Owned.” Sabu found he enjoyed working with Kayla. She was friendly, and she had extraordinary technical skills. Sabu later told others that she had socially engineered Jussi Jaakonaho, partly because the idea of being “owned” by a sixteen-year-old girl would only embarrass HBGary further.
Sabu and Kayla then got busy on HBGaryFederal.com, removing the home page and replacing it with the Anonymous logo of the headless suited man. In place of its head was a question mark. At the bottom was a link that said “Download HBGary e-mails”—Tflow’s torrent file. Now anyone could read all of Barr’s confidential e-mails to his clients as easily as they might grab a song on iTunes, but for free. The new home page also had a message written by Topiary:
This domain has been seized by Anonymous under section #14 of the Rules of the Internet. Greetings HBGary (a computer “security” company). Your recent claims of “infiltrating” Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How’s this for attention? You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face.
By 6:45 eastern standard time, twenty-four minutes into the Super Bowl, most of the “hacking” was over. There were no distant cheers and whoops for the football game from Barr’s neighbors, who were mostly young families. The world around him seemed strangely quiet. With some trepidation, he logged back into the Anonymous chat rooms to confront his attackers. They were ready and waiting. Barr saw a message flash up, an invite to a new chat room called #ophbgary. He immediately saw a group of several nicknames. Some he recognized from his research and others he didn’t: along with Topiary, Sabu, Kayla, there were others: Q, Heyguise, BarrettBrown, and c0s. The last nickname was Gregg Housh, a longtime Anon in his midthirties who had helped coordinate the first wave of major DDoS attacks by Anonymous in 2008, against the Church of Scientology (COS).
Topiary got things going. “Now they’re threatening us directly,” he told Barr, quoting the earlier e-mail. “Amirite?”
Barr said nothing.
“Enjoying the Super Bowl, I hope?” Q said.
“Hello Mr. Barr,” Tflow said. “I apologize for what’s about to happen to you and your company.”
Finally, Barr spoke up. “I figured something like this would happen,” he typed.
“Nah, you won’t like what’s coming next,” Topiary said.
Barr tried persuading the group that he’d had their best interests at heart. “Dude…you just don’t get it,” he protested. “It was research on social media vulnerabilities. I was never going to release the names.”
“LIAR.” This was Sabu. “Don’t you have a meeting with the FBI Monday morning?”
“Sabu, he totally does,” said Topiary.
“Ok…Yep,” Barr conceded. “They called me.”
“Oh guys. What’s coming next is the delicious cake,” Topiary said.
It was up to Tflow to finally drop the bombshell. “I have Barr’s, Ted’s and Phil’s e-mails,” he said. All 68,000.
“Those e-mails are going to be pretty,” said Housh.
“Lol,” Barr replied inexplicably. He seemed to want to keep proceedings light, or to convince himself this wasn’t as bad as he thought. “Ok guys,” he added, “well you got me right :).”
Indeed they had. Topiary made his parting shot. “Well Aaron, thanks for taking part in this little mini social test to see if you’d run to your company with ‘news’ about Anon. You did, we leeched it, we laughed.” He paused. “Die in a fire. You’re done.”
It was now well into the early hours of Monday morning. Barr was sitting in his home office in front of the laptop, his hopes of a turnaround having dwindled to nothing. On the wall in front of him was a photo he’d bought in New York in October 2011. The 9/11 attacks were still raw, and after visiting Ground Zero he’d popped into a small gallery selling amateur photographs taken during the attacks. One stood out. In the background was the chaos of the fallen towers: papers and bricks strewn everywhere, dazed commuters covered in dust, while in the foreground was John Seward Johnson’s Double Check, the famous bronze statue of a suited businessman on a park bench, looking into his open briefcase. Something about its incongruence made him like it instantly. Now Barr was that man, so caught up in his ambitions that he’d become oblivious to the chaos going on around him.
His public Twitter feed, an important reputational tool with the public, his clients, and the press, was now an obscene mess. Topiary had posted dozens of tweets filled with swear words and racist commentary. His bio now read, “CEO HBGary Federal. Cybersecurity and Information Operations specialist and RAGING HOMOGAY.” His photo had the word NIGGER defaced across it in bold red lettering. Topiary did not consider himself racist—no one in his group did. But the graffiti was perfectly in tune with the underground culture of crude humor and cyber bullying that ran through Anonymous.
Topiary felt a thrill as he then posted Barr’s home address. Then he tweeted Barr’s social security number, then his cell phone number. Anyone with an Internet connection could read this. “Hi guys, leave me voice mails!” Then the number. Then “#callme.”
Soon, hundreds and then thousands of people who perused Anonymous chat rooms, blogs, and Twitter feeds had heard about what was happening to Aaron Barr. They clicked on links to Barr’s website, now a white screen with the Anonymous logo and message. They watched the Twitter feed and called his number. Quite a few started taking his earnest corporate photo and defacing it, cutting out his head and sticking it on a movie poster for James Bond to mock his spying methods. Another bloated his chin to make him look like the grotesque cartoon from a well-known Internet comic, or “rage comic,” called Forever Alone.
Barr had been unable to tear himself away from the Anonymous chat rooms, mesmerized as people joked about the “faggot” Barr and egged each other on to call his cell phone. His phone rang through the night. He answered it once to hear a woman’s voice say something inaudible and then hang up. There were a few silent voice mails and one person singing what sounded like “Never Gonna Give You Up,” the 1987 song by Rick Astley, homage to a popular prank in Anonymous to “rickroll” someone.
Barr had called in reinforcements. Penny Leavy went online to try her luck at sweet-talking the attackers. They were friendly and polite to her at first, but her requests were met with cold answers.
“Please do not release the HBGary e-mails,” she had pleaded. “There is private information there of clients.”
“Shouldn’t be sending e-mails you don’t want your mother reading,” Heyguise had said. And the e-mails, in any case, had already been published as a torrent on The Pirate Bay.
“Dozens of innocent people could have gone to jail,” Sabu said angrily. Before their attack, his newly formed small clique of Anons, who’d found each other amid hundreds of others in the Anonymous chat networks, had no idea that Barr’s research had been so flawed, or that his e-mails would be so easy to hack into. In fact, they still didn’t know that Barr had been proposing a dirty-tricks campaign against trade unions and WikiLeaks to a government agency and a major bank. They had been motivated by revenge and a desire, intensified by group psychology, to bully someone who seemed to deserve it. Once enough people trawled through Barr’s e-mails and found out what he had done to Hunton & Williams, the attack would suddenly look more than justified, to them almost necessary. Within the Anonymous community, Sabu, Kayla, Topiary, and the others would become heroic purveyors of vigilante justice. Barr had been fair game. He’d provoked a world where taunting, lying, and stealing was how everybody got by. A world that brought euphoric highs, fun, and fulfillment, with hardly any real-world consequences.
As Barr spent the next day fielding phone calls from journalists and trying, desperately, to pick up the pieces, Topiary, Sabu, Kayla, and Tflow met up again in their secret chat room. They celebrated their accomplishments, relived what had happened, laughed, and felt invincible. They had “owned” a security company. In the back of their minds they knew that agents from the Federal Bureau of Investigation would start trying to find them. But over time, members of the small team would conclude that they had worked together so well on Barr, they had to do it all over again on other targets, for lulz, for Anonymous, and for any other cause that came up along the way. No quarry would be too big: a storied media institution, an entertainment giant, even the FBI itself.
William and the Roots of Anonymous
Aaron Barr would never have come face-to-virtual-face with Anonymous if it hadn’t been for a skinny blond kid from New York City named Christopher Poole and the extraordinary contribution he made to the Internet. Seven years earlier, in the summer of 2003, fourteen-year-old Poole was surfing the Web in his bedroom, looking for information on Japanese anime. Like thousands of other American teens, he was a big fan. Eventually, he found a peach-colored Japanese image board dedicated to anime called 2channel, or 2chan. Poole had never seen anything like it. Founded in 1999 by a college student named Hiroyuki Nishimura (age thirty-five in 2012), it featured anime discussion threads that moved at lightning speed. Poole would wait thirty seconds, hit F5 to refresh the page, and it would suddenly refill with a stream of new posts, numbering up to a thousand. Almost every poster was anonymous. Unlike English-language Web forums, 2chan didn’t require you to register in a name field, and hardly anyone did.
In Japan that same summer, the news media had noticed that 2chan was becoming a rather embarrassing window to the country’s underbelly. Discussions of anime had spilled over into talk of kids murdering their teachers, attacking their bosses, or blowing up a local kindergarten. And it was becoming one of the country’s most popular websites.
Poole wanted a place to talk to people in English about anime, and 2chan had started blocking English posters. So he decided to clone 2chan by copying its publicly available HTML code, translating it to English, and building from there. He put the whole thing together on his bedroom computer and called it 4chan. When an online friend asked Poole, who went by the nickname moot, what the difference between 4chan and 2chan would be, he replied with some chutzpah, “It’s TWO TIMES THE CHAN MOTHERFUCK.” On September 29, 2003, Poole registered the domain 4chan.net and announced it on Something Awful, a Web forum where he was already a regular. He entitled the thread: “4chan.net—English 2chan.net!”
4chan had almost the exact same layout as 2chan: the simple peach background, the dark red text, the shaded boxes for discussion threads. Both 4chan and 2chan have barely changed their designs to this day, apart from adding a few color schemes. After opening 4chan to the public, an English-speaking anime hub called Raspberry Heaven started linking to it, as did Something Awful. The first few hundred visitors took to it right away. Discussion boards were listed alphabetically across the top of the site: /a/ was for anime, /p/ was for photography, and so on. Poole had set ups /b/, the “random” board that would become 4chan’s most important feature, within the first two months. In one discussion with early users, moot said that /b/ was “the beating heart of this site,” but he added that it was “a retard bin.” The random board was a free-for-all.
Poole at first configured 4chan so that anyone who posted a comment could do so under a nickname. This continued until early 2004, when a 4chan user and PHP programmer who went by the nickname Shii became irritated with the enforced nicknames. That year, Shii published an essay about the value of anonymity on image boards, pointing to Japan’s 2chan as a place where anonymity could counter vanity and stop users from developing cliques and elite status. When a site forced people to register with a nickname, that also kept out interesting people with busy lives, instead attracting those who had too much time on their hands and who tended to make nasty or senseless comments. “On an anonymous forum,” he wrote, logic will overrule vanity.
Poole saw the post, liked it, and appointed Shii as a moderator and administrator on 4chan’s boards. He asked another admin to implement a new feature called “Forced_Anon” on different parts of the site. Many users were deeply upset when Forced_Anon was implemented on a few of these boards, and some typed in “tripcodes” so they could override the forced anonymity and use a nickname. Others, who embraced the anonymity feature, mocked the signers and christened them “tripfags.”
Perhaps as an omen of what was to come, conflict ensued. Supporters of anonymity and tripcodes started creating separate threads, calling on anyone who supported their own view to post a message and demonstrate support, or starting “tripcode vs. anon” threads. The tripfags began mocking the anonymous users as a single person named “Anonymous,” or jokingly referring to them as a hive mind. Over the next few years, however, the joke would wear thin and the idea of Anonymous as a single entity would grow beyond a few discussion threads. Poole would fade into the background as Anonymous took on a life of its own. Over the years, /b/ in particular would take on a dedicated base of users whose lives revolved around the opportunities the board afforded them for fun and learning. These users were mostly in the English-speaking world, aged between eighteen and thirty-five, and male. One of them was named William.
William cracked open an eye and stared ahead. It was a cold afternoon in February 2011, and the hard-core user of 4chan considered getting out of bed. In another part of the world, Aaron Barr was trying to repair the damage caused by a group of hackers with Anonymous. William was part of Anonymous, too, and sometimes he liked to attack people. He didn’t have the technical skills of Sabu and Kayla, but his methods could still have an impact.
A sheet hung from the wall of his bedroom, draped from the ceiling to the floor, tacked up with nails. More had been suspended around the room. At the end of his bed was a set of low shelves, with a pile of clutter to the left and a window on the right, hidden behind a blackout blind. The room was his cocoon in the winter, his bed a safety net. At twenty-one, he had been on 4chan most days since leaving school six years earlier, sometimes for many hours at a stretch. For various reasons, he had never held a full-time job for longer than a few months. He wanted to. But William was deeply conflicted. In the real world he was kind to his family and loyal to his friends. As an anonymous user on 4chan’s /b/, he became something more dark, even venomous.
4chan was more than just a drop-in site for random kicks that millions of people visited every day. For William and a dedicated core, it was a life choice. Beyond the porn, jokes, and shocking images, it offered targets to toy with. On 4chan, toying with or seriously harassing someone was called a “life ruin.” Using many of the same Internet sleuthing tactics as Aaron Barr, William would find people on 4chan discussion forums who were being ridiculed or deserved ridicule. Then he would “dox” them, or find their true identities, send them threats on Facebook, or find their family members and harass them, too. The jackpot was nude photos, which could be sent to family, friends, and co-workers for pure embarrassment or even extortion.
Ruining people’s lives gave William a thrill, and a sense of power unlike anything he had felt in the outside world. The only other time he felt anything similar was when he would quietly slip outside his house in the dead of night, meet up with a few old friends, and spray colorful graffiti on the local walls or trains. Graffiti was his mistress on summer nights. In the winter, it was 4chan and now, sometimes, the wider activities of Anonymous.
4chan offered some tame content and mature discussion, and plenty more porn, gore, and constant insults between users that created a throbbing mass of negativity. It sometimes got William thinking scary thoughts about suicide. But 4chan also kept him alive. Sometimes he felt depression coming on and would stay up all night on the site, then remain awake for the rest of the next day. When thoughts of killing himself came, he could hide in sleep, tucked safely under his blanket, against the wall that he’d covered with a sheet.
William was brought up in low-income British housing. His parents had met at the YMCA after his mother, an immigrant from Southeast Asia, escaped an unhappy marriage and became temporarily homeless. The couple split when William was seven and he chose to live with his father. He went on to misbehave at school, statistically one of the worst in his country. He would swear at teachers or just walk out of class. It became an endless stream of detentions. He wasn’t a social outcast; William just couldn’t see the point of his education. After getting expelled at fourteen he was allowed to return, but by the following year, in October 2004, he decided to leave entirely.
By this time, William had already created a new life online. It started when he and some friends began visiting websites frequented by pedophiles, and signing up with usernames like “sexy_baby_girl” to get attention. They’d ask the men to go on webcam, and if they came on naked, as they often did, the boys would burst out laughing. To raise the stakes, they’d paste an official warning from Child Protective Services in MSN Messenger, Microsoft’s popular chat client, adding that they had the man’s IP address, a series of numbers that corresponded to his computer, which they’d make up. The man would usually just sign off, but they got a buzz knowing he was probably terrified, and that he probably deserved it.
William was always the one who would push his friends to take the joke further or get the male target more sexually excited. Eventually, he started continuing the pranks at home on iSketch.com, TeenChat.net, and other hotbeds of sexual deviants at that time. None of the images shocked William any more. He had first seen porn when he was eleven.
He was soon spending many hours every day immersed in the so-called Deep Web, the more than one trillion pages of the Internet that cannot be indexed by search engines like Google. As well as dynamic Web forums, much of it is illegal content. William trapped himself in a daily digest of images of gore, horrific traffic accidents, and homemade porn, all on the family computer. When some of the more depraved images would flash up on the screen, William would panic and quickly close the browser window. Somehow, though, he’d stumble upon them again that night. And then again the following night. At around fifteen, he finally found 4chan, the website that would become his world for the next few years.
Many people who involve themselves in Anonymous claim to have first found it through 4chan. This was the case for William and Topiary, who both discovered the site at the same time, in 2005. Already that year, the tagline “We are Legion” was appearing around the Internet. Tripcode users on 4chan were rare. A year after Shii wrote his essay, forced anonymity had become widely accepted on the image board. Anyone deemed a tripfag was quickly shot down and mocked.
4chan was booming, a teeming pit of depraved images and nasty jokes, yet at the same time a source of extraordinary, unhindered creativity. People began creating Internet memes—images, videos, or phrases that became inside jokes to thousands of online users after they got passed around to enough friends and image boards. Often they were hilarious.
Alongside gore and videos of abuse, pictures of naked women and men, and anime characters, there were endless photos of people’s cats. In 2005, users on /b/ had started encouraging each other to put funny captions under cute cat photos on Saturdays (or what became known as Caturday). These so-called image macros, photographs with bold white lettering at the top and a punch line at the bottom, eventually led to the LOLcats meme. It was the first of many memes to find mainstream popularity outside of 4chan, ultimately spawning other websites and even books.
Thousands of image macros were made and then posted to 4chan and other image boards every day. A few went viral, turning into phrases repeated by millions of others for years afterward. One person who made an image macro that turned into a well-known meme was Andrew “weev” Auernheimer. A former hacker and Internet troll, he had found a stock photo of a man raising his fist in victory in front of a computer. He typed the words “Internet is serious business” over the photo. The meme is now even past the point of cliché as an online catchphrase.
Weev claims to have been in the same online discussion in which the word lulz was born. In 2003, a forum moderator on another site was commenting on something funny when he suddenly typed “lulz!” Others in the chat room started repeating it, and it spread from there. “It was far superior to lol,” Weev later remembered. Eventually, “I did it for the lulz” or just “for the lulz” would become a symbol of Internet culture and Anonymous itself, as well as an ever-popular catchphrase on 4chan.
Though the site often seemed superficial and crass, 4chan started developing a dedicated following of passionate users. It became the biggest of the Web’s English-speaking image boards, and its users accepted one another not despite their offensive desires and humor but because of them. One attraction of /b/ was that, like some secret club, it wasn’t advertised anywhere. People came via word of mouth or links from similar sites, and they were urged not to invite those who wouldn’t fit in with the culture. These people were called “newfag cancer.” This was why numbers 1 and 2 of the so-called 47 Rules of the Internet, thought to have originated from discussions in 2006 on /b/ and real-time chat networks, were “Don’t talk about /b/,” and “Don’t talk about /b/.”
4chan’s constituents soon developed their own language, with phrases like “an hero,” which meant to commit suicide. This phrase came into use when some MySpace users set up a tribute page for a friend who had committed suicide. One of them, probably meaning to type the phrase “he was truly a hero,” instead wrote, “he was truly an hero.” It soon became a trend on 4chan to describe someone as “an hero”—before it morphed into the verb form: “I’m going to an hero.” There was also “u jelly?,” a way of asking if someone was jealous, and “cheese pizza,” or “CP,” slang for child porn. More shrewd 4chan users would start discussion threads about literal cheese pizza, including photos of pizzas, and add hidden links to a child porn archive within the image code—accessed by opening the pizza images in a text program instead of an image viewer.
The /r/ board stood for requests, for anything from pictures to advice on what to do about being dumped. Pr0nz, n00dz, and rule 34 meant porn. Rule 34 was another one of the 47 Rules of the Internet, which simply stated: “If it exists, there is porn of it.” So /r/ing rule 34 on a female celebrity meant requesting porn, perhaps digitally altered, of a singer or actress. “Moar!” meant more, and “lulz” of course meant fun at someone else’s expense, typically through embarrassment.
The original posters, or OPs, to each thread were the sole semblance of hierarchy in an otherwise anarchic community. Still, they could only ever expect irreverent responses to their posts and, more often than not, insults. “OP is a faggot” was a generic response, and there were no exceptions. Racist comments, homophobia, and jokes about disabled people were the norm. It was customary for users to call one another “nigger,” “faggot,” or just “fag.” New 4chan users were newfags, old ones oldfags, and Brits were britfags, homosexuals were fagfags or gayfags. It was a gritty world yet strangely accepting. It became taboo to identify one’s sex, race, or age. Stripping 4chan users of their identifying features made everyone feel more like part of a collective, and this is what kept many coming back.
A source of the most unpalatable stories and images users could find, /b/ was called “the asshole of the internet” by Encyclopedia Dramatica (ED), a satirical online repository of Internet memes that had the look and feel of Wikipedia, but was far ruder. Like the users’ anonymity, /b/ was a blank slate with no label—the users had complete freedom to decide the content and direction it took. Over time, regulars, who called themselves /b/rothers or /b/tards, created their own world. One of the more common threads people started posting on /b/ (besides pr0nz) was titled “bawww.” Here users appealed to the sympathetic side of 4chan, with titles such as “gf just dumped me, bawww thread please?” posted with the photo of a sad face. This was the rare instance where /b/ users would offer sincere advice, comfort, or funny pictures to cheer up the OP. There was no way to tell for sure, but the types of people who were hanging out on 4chan appeared to be tech-savvy, bored, and often emotionally awkward. By the time Anonymous started grabbing the world’s attention in 2008, most people who supported Anonymous had spent some time on 4chan, and it is said that around 30 percent of 4chan users were regularly visiting /b/.
When William first came across 4chan, he had already seen much worse at sites like myg0t, Rotten, and the YNC. But he lingered on /b/ because it was so unpredictable, so dynamic. Years later, he would marvel at how he could still be surprised each day when he opened up /b/, now his home page. Browsing was like a lottery—you never knew when something salacious, seedy, or funny would pop up. There was something unifying about its utter nihilism. As the media and other outsiders started criticizing what /b/ users got up to, many felt a sense of righteousness too.
There were still two big no-no’s on /b/. One was child porn (though this is disputed by some hardcore users who like the way it puts off the newfags) and the other was moralfags. Calling someone a “moralfag” on 4chan was the worst possible insult. These were visitors to /b/ who took issue with its depravity and tried to change it or, worse, tried to get /b/ to act on some other kind of wrongdoing. They knew that hundreds of users on /b/ would often agree en masse about an issue on a discussion thread. And sometimes they would not just agree on an idea, they would agree on an action. Though /b/ was completely unpredictable, sometimes its users seemed to be contributing to a kind of collective consciousness. They created jokes together, hit out at OPs they didn’t like together. Like it or not, moralfags would eventually take advantage of this ability to act in sync by persuading /b/ to join protests.
What /b/ eventually became most famous for was how a poster could inspire others on the board to gather together for a mass prank or “raid.” Someone would typically start a thread suggesting an issue that /b/ should do something about. The refined way to coordinate a raid was never to suggest one directly but rather to imply that a raid was already about to happen. “Hey guys should we do this?” was almost always met with “GTFO” [get the fuck out]. Whereas “This is happening now. Join in” would appeal to the crowd. If a poster had prepared an image with instructions, like a digital image with instructions on how to join in, it was more likely to have staying power because it could be posted over and over.
There was no exaggerating the speed of /b/. The best time of day to get attention, when the United States was waking up, was also the worst, since this was when your post could get lost in the deluge of other popular posts. You would start a thread with one post at the top, then refresh the page after ten seconds to find it had been pushed from the home page to page 2. The threads were constantly swapping places—once someone contributed a comment to a thread, it would come back to the home page. The more comments, the more likely it would stay on the home page and attract more comments, and so on. A raid was more likely to happen if lots of people agreed to take part. But it could be manipulated if a small group of four or five people suggested a raid and repeatedly commented on it to make it look like the hive mind was latching on. Sometimes this worked, sometimes it didn’t. It was a game where seconds counted—if the original poster couldn’t post for two minutes, the chance could be lost and the hive mind would lose interest.
Another reason to stick around: /b/ was an endless source of learning, whether it was how to prank pedos or unearth someone’s private data. Soon enough, the /r/ requests for porn weren’t just for celebrities but for the n00dz of real-life girls, exes, or enemies of /b/tards. As they took up the challenge to sniff out homemade porn, /b/ users taught one another best practices—for instance, how to find a unique string of numbers from each Facebook photo URL, or website address, and use that to access someone’s profile and their information. The methods were simple and crude. The kind of skilled hacking used by cyber criminals or the folks who attacked HBGary Federal was often not needed.
From age eighteen onward, William began filling a collection of secret folders on his family computer with homemade porn and information about people, including suspected pedophiles and women he’d met online. Soon he was encouraging other newfags to “lurk moar,” or learn more on 4chan. He created another hidden folder called “info,” where he would save any new techniques or methods for his snooping, often as screencaps, for anything from hacking vending machines and getting free Coke—posted in “Real Life Hacking” threads—to bringing down a website. The /rs/ (rapid share) board, which compiled links to popular file-sharing sites, became a source of helpful, free programs like Auto-Clicker, which could help swing an online poll or spam a site. Lurk long enough, he figured, and you could get access to almost anything you wanted.
William was primarily attracted to women. But lurking on 4chan he noticed other users saying they were swaying into bisexuality or even homosexuality. A recurring thread ran along the lines of “How gay have you become since browsing /b/?” Many male heterosexuals who visited /b/ found their reaction to gay porn went from negative to indifferent to positive. William didn’t feel himself becoming gay or even bi, but he’d come across so much male porn over the years that it was no longer a turnoff. You could almost call it penis fatigue.
William’s morals were also becoming increasingly ambiguous as he constantly watched and laughed at gore, rape, racism, and abuse. Everything was “cash” or “win” (good and acceptable). /b/tards knew the difference between right and wrong—they just chose not to recognize either designation on 4chan. Everyone accepted they were there for lulz, and that the act of attaining lulz often meant hurting someone. It was no wonder that a future tagline for Anonymous would be, “None of us are as cruel as all of us.” William’s increasing ambivalence over sex and morality was being multiplied on a mass scale for others on 4chan and would become a basis for the cultlike identity of Anonymous.
William’s online vigilantism meanwhile became his full-time job. It was fulfilling and effective. He didn’t need to hack people’s computers to get their private data—he just needed to talk to them, then employ the subtle art of “social engineering,” that fancy way to describe lying.
Once William had peeled himself out of bed on that chilly February afternoon, he had something to eat and found his way back to the family computer. As usual, he opened up his Internet browser, and 4chan’s /b/ popped up as the home page. He clicked through a few threads and after a few hours stumbled upon the photo of a girl. Black hair partly hid her green eyes and a bewitching half smile. The photo had been taken from above, the customary self-portrait for teenage girls. The original poster wanted /b/ to embarrass the girl by cracking into her Photobucket account, finding several nude photos, and sending them to her friends and family. Clearly there was some sort of grudge. “She’s a bitch, anyway,” he said, adding a link to her Facebook profile. This was the sort of thing William would do to someone all the time, but the OP had vastly misunderstood /b/.
/b/ users, for a start, wanted more for their time than just n00dz, which were already the biggest commodity on 4chan. More importantly, an OP must never believe he had /b/ at his mercy. Within minutes, his post had accumulated more than a hundred comments—almost all saying “NYPA” (not your personal army)—along with a few other insults.
William said the same, but he was also intrigued. He clicked on the girl’s photo again and decided he had nothing to lose by pursuing a night of fun and justice. It was now 1:00 a.m. on a Saturday. Neighbors strolled home from local bars outside as William sat, legs splayed in front of the old computer in his family’s kitchen, occasionally running a hand through his ragged hair.
He clicked on the Facebook link and saw another photo of the girl; in this one she was sitting on a brick wall in colorful dancer’s leg warmers, scowling at the camera. Her name was Jen, and she lived in Tennessee.
William signed into Facebook with one of his stock of twenty fake profiles. Almost all were fake women. It was much easier to collect friends on Facebook if you were female, and having friends was crucial for a profile to look real. His main fake Facebook account had around 130 friends who were real people. To collect them, he would pick a location like Chicago, then add local guys. If they asked who “she” was, William would claim to have just moved there. Most of the other fake accounts were throwaways, in the sense that most of the friends were other fake profiles of /b/ users. He would collect the friends on /b/ itself, via the occasional thread titled “Add each others’ troll accounts here!” The fake users would connect on Facebook and write on each others’ walls to make their profiles look more realistic. William would add profile pictures and faked “vacation photos” by downloading whole folders of photos of a single female from online photo repositories or 4chan itself, or by coercing a girl into giving him her photos. Facebook would sometimes delete “troll” accounts like these, especially if they had inane names like I. P. Daily. (William lost about two accounts a month this way.) But real-looking accounts could last for years. This time around, to speak to Jen, he was using a key account populated by real people, under the name Kaylie Harmon.
He took a screenshot of the 4chan post with the girl’s photo. Then under the guise of Kaylie, he typed out a private message on Facebook to Jen. Anyone on Facebook can send a private message to another user, even if they aren’t connected as friends. “Look what someone’s trying to do to you,” he said, attaching the screenshot from 4chan. He signed it “Anonymous,” as he often did to frighten his targets.
Jen’s reply was almost instant. “OMG. Who is this? How did you get my Facebook??” she wrote back.
“I’m a hacker,” William replied, lying. “I’m going to hack your Facebook and pictures on Photobucket. No matter how many pictures you’ve got online I’ll make them all public.” He kept his answers short and ominous.
“What do I have to do to stop this?” she asked, apparently desperate not to have her photos published. William smiled to himself. Years of raiding girls’ Web accounts had taught him this meant she definitely had nude photos she was willing to bargain with.
“Give me the nude photos of yourself and I’ll stop everyone else hacking you,” he said. “There’s dozens of other people trying to hack you as we speak.”
Having no reason to believe he was lying, Jen consented and sent him the relevant login details. “Take what you want,” she said.
There were maybe three hundred photos in Jen’s Photobucket account, mostly of her with friends and family, holiday snapshots on the beach, a group of family members giving the thumbs-up at a Ruby Tuesday restaurant. And about seventy nude photos. One by one, William started downloading each one to his personal collection of homemade porn.
“Done,” William told Jen on Facebook’s chat feature. “Glad you went along with this. It could have been a lot worse.” He advised her to tighten her privacy settings on Facebook and get rid of her security question. The security question, which websites will use to help you recall a lost password, will be along the lines of “What was your first pet’s name?” William would have only needed to engage her in small talk to find out the answer, then retrieve her password if he wanted—but this time he was warning her of the ruse.
Within an hour, Jen had forgiven William for his strange actions. She was more intrigued with getting to know the “hacker” who had saved her from an embarrassing fate. The two began chatting about small things like Facebook and friends. Then William proposed an idea. “If you want, I could find out the name of the guy that posted your photo on 4chan,” he said.
Jen agreed. “Find the guy, and I can send you over some more pics, especially for you.”
“Who’s on your blocked list, on Facebook?” William asked.
“Six people, I think.”
William studied each of their profiles. By now, it was 6:00 a.m. Eventually, his eyes fell on the Facebook profile photo of Joshua Dean Scott, a sneering, unshaven man in a ripped denim shirt and with piercings in his eyebrow. He instantly knew this had to be the OP from 4chan.. He looked like someone thoroughly distasteful. A smiling woman with punk-shaved hair in several photos appeared to be Josh’s fiancée.
Still in his fake Kaylie account, complete with a smiling profile photo of a woman and 130 real friends, William typed Josh a message. “Hello, OP.” He clicked send.
William then sent messages to six of Josh’s Facebook friends, chosen at random, asking if anyone with an axe to grind would help him punish Josh. A close friend of Josh’s named Anthony replied. William explained what had happened on 4chan—that Josh had tried to take revenge on a girl by turning /b/ into his personal army. It turned out Anthony was a longtime 4chan user himself and was instantly appalled at Josh’s lack of etiquette on the image board.
“I’ll help you out,” Anthony said. “He shouldn’t have done that.” Anthony gave William Josh’s full name, cell phone number, and area of residence. Sometimes in social engineering, all you needed was to ask for something nicely.
William sent a few more messages to Josh, the first one posting his home address, the next his cell phone. He was signing the messages “Anon” so that Josh would think there was a group of people behind this. Soon Josh wrote back, begging for mercy.
“Please don’t hack me,” he wrote. William replied with instructions. Josh was to send a photo of himself holding a paper sign saying, “Jen owns my ass.” With his other hand, he was to hold a shoe over his head. The shoe-on-head pose was hugely symbolic on 4chan and was the ultimate admission of defeat in any kind of online argument or attack. (Do a Google Image search on “shoe on head” and see for yourself. Oddly, many people smile for the camera.) For good measure, William told Josh to send a photo of his fiancée, without clothes, holding up a sign that simply said /b/. In full belief that William, a young unemployed guy in his family home who’d been up all night, was actually a group of skilled hackers, Josh did just as he was asked. William forwarded both photos to Jen. By now it was 7:00 a.m. and the rest of his neighborhood was getting ready to go to work. William headed back up to bed.
Not everybody on /b/ did what William did, but he and plenty of others on 4chan lived for this sort of nightly experience. Despite being a young man who struggled to hold down jobs for more than a few months at a time, William, sometimes within the space of an hour, could frighten and coerce someone on the other side of the world into doing something most of us would never dream of: take off their clothes, snap a photo, and send it to a complete stranger. /b/ offered a unique sense of power and unpredictability that drew many more like him into Anonymous, and it kept them hooked. Over time, people found their own roles in the ever-shifting crowd. For the smart-mouthed Anon known as Topiary, that role was to perform.
Everybody Get In Here
The raid on Aaron Barr in February 2011 would be a landmark attack for Anonymous for several reasons: It showed the collective could make a bigger impact by stealing data, not just by knocking a website offline. Once Barr’s e-mails were put online, they would have major repercussions for his reputation and that of his associates. It also showed how much more powerful an attack could be with Twitter. The process of signing into Barr’s Twitter account had been easy.
Topiary had simply tested the “kibafo33” password he’d been shown and it logged him right in. But hijacking the account and tweeting a stream of ribald humor would end up becoming a highlight of the raid for other Anons and for the press. These tweets were suddenly giving a new voice to Anonymous, showing this was not just a sinister network of hackers who wanted to attack things. They wanted to have fun, too. Continues...
Excerpted from We Are Anonymous by Parmy Olson Copyright © 2012 by Parmy Olson. Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.