How did Anonymous hack the FBI?

In the last twelve months it has attacked government websites in Syria, declared cyber war on a brutal Mexican drug cartel, and exposed an anti-WikiLeaks "dirty tricks campaign" allegedly plotted by a prominent US security firm. But on Friday, Anonymous, a diffuse network of internet hackers, reached a new level when it intercepted and leaked a conference call between FBI agents and Scotland Yard detectives.

The astonishing feat - confirmed as genuine by the FBI - was apparently carried out after the hackers breached email accounts belonging to the authorities. In doing so, they were able to snoop on communications being exchanged between forces involved in a joint international anti-hacking operation across England, Ireland, Holland, France, Denmark, Sweden and America. In a piece of surreal real-life theatre, the tables were embarrassingly and dramatically turned. The investigators became the investigated; the watchers became the watched.

The call in question, which lasts around 16 minutes, is one of the boldest leaks ever produced by the hackers, and it may also be one of the most revelatory. A fascinating glimpse into a highly classified world, it shows the extent to which the Metropolitan police is willing to collaborate with its foreign counterparts as part of cyber-crime investigations, even if doing so means interfering with the British judicial process. At one point during the call, for instance, one of the Scotland Yard detectives tells his FBI colleagues that they secretly delayed an ongoing court case involving two UK-based suspected hackers - Jake Davis and Ryan Cleary - at America's behest.

"Following some discussion with the New York office, we're looking to try and build some time in to allow some operational matters to fulfil on your side of the water," the Scotland Yard detective is quoted as saying. "We've got the prosecution making an application in chambers, i.e. without the defence knowing, to seek a way to try and factor some time in, that won't look suspicious." He goes on: "Hey, we're here to help. We've cocked things up in the past, we know that."

The FBI has previously declined to comment on whether it would pursue extradition of Cleary or Davis, both of whom are facing a series of charges in Britain for their alleged involvement with Anonymous and its affiliated offshoot, LulzSec.

The call suggests, however, that the US could indeed be building its own case against the hackers. Davis in particular, who stands accused of being the audacious LulzSec spokesperson known online as "Topiary", would no doubt be wanted by the Americans. Over a two-month period in 2011, LulzSec perpetrated a series of high-profile attacks on the websites of US-based multi-national corporations and state agencies - including the CIA and the US senate - making it a prime target for cyber-crime investigators within the FBI.

Prior to the leaked call, it was clear that Davis's legal team already suspected US involvement on some level. This was made apparent last month, during a short hearing at Southwark Crown Court, when Gideon Cammerman, Davis's lawyer, expressed concern about outside interference, asking prosecutors that any "letters of request from a foreign jurisdiction" are presented to him when evidence is formally exchanged on 30 March, prior to Davis and Cleary entering pleas on 11 May. (A letter of request is a method used by a foreign court to seek judicial assistance, such as to obtain information or a witness statement from a specified person.)

Responding to concerns raised by Cammerman, a source within the Crown Prosecution Service said that they could not officially comment on the matter of foreign involvement until after 30 March, but stressed both prosecution and defence had a "common interest in the case being tried here [in the UK] effectively," hinting that any possible US extradition request could hinge on the outcome of the British trial.

In the meantime, the key question is whether Anonymous is sitting on more hacked information as explosive as the conference call, which, depending on its content, could have potentially massive repercussions.

To some extent, the authorities on both sides of the Atlantic have now been put on the back foot. Likely rattled and aghast that their own private conversations were hacked by the very hackers they are paid to investigate, they will be apprehensive about what could come next.

Cleary's lawyer, Karen Todner, has starkly warned that "whole cases could be blown apart" as a result of future security breaches; Anonymous, as ever, has promised more revelations are yet to come.

"You think we're done? Fuck no," tweeted one of its most prominent hackers, Sabu, on Friday. "Truth is we're still in the agents (sic) mailbox right now."

This article originally appeared at: http://www.newstatesman.com/the-staggers/2012/02/hackers-fbi-davis-call

LulzSec Interview: the full transcript

Last week, hacker collective LulzSec returned with a bang, attacking a series of websites owned by Rupert Murdoch's News International in apparent response to the ongoing phone hacking scandal.

For 50 days between May and June, the tight-knit, six-strong group made headlines across the world, rising to almost instant notoriety after perpetrating a series of audacious cyber attacks on high-profile government and corporate websites, before abruptly announcing that they would disband. Among just a few of LulzSec's targets: Sony, the US Senate, the CIA, the FBI and even the UK's Serious Organised Crime Agency.

The authorities continue to try to track them down, and on Tuesday 20 suspected hackers were arrested in the UK, US and Netherlands as part of an ongoing international investigation. In a joint statement with an affiliated network of hackers known as Anonymous, LulzSec responded to the authorities directly. "We are not scared any more," they wrote. "Your threats to arrest us are meaningless as you cannot arrest an idea."

Earlier this month, two weeks after they had announced their apparent split, I managed to track down "Topiary", a founding member of LulzSec and self described "captain of the Lulz Boat". The interview was long - almost three hours - and covered lots of ground. But a great deal of what Topiary told me never made it in to the final write up, published by the Guardian, due principally to restrictions of space.

It was troublesome, deciding what to include and what to omit; the entirety of the interview was valuable. So rather than let the sections that were not printed disappear into the ether, the most sensible thing to do, I felt, was to have the full transcript published here in its entirety.

In the sections that were until now unpublished, Topiary explains how he first became involved in hacktivism and pays credit to his fellow hackers. He details the basis for extortion claims levelled against LulzSec by one US security company; reveals that he recently engaged in a bout of philanthropy, donating thousands of dollars to organisations including WikiLeaks; and also takes time to talk politics - blasting the US government, who he says are "scared of an uprising"... (click read more below for the full interview.)

Why LulzSec went on the Attack

Its audacity was brazen and apparently fearless. Among its high-profile victims were Sony, the CIA, the FBI, the US Senate and even the UK's Serious Organised Crime Agency. Exposing frailties in government and corporate networks, the group leaked hundreds of thousands of hacked passwords, and in the process garnered more than a quarter of a million followers on Twitter. But after just 50 days, on 25 June, LulzSec suddenly said it was disbanding.

Just hours before this announcement, the Guardian had published leaked internet chat logs revealing the inner workings of the group, which appeared to consist of six to eight members. The logs showed that authorities were often hot on their heels, and that after an attack on an FBI-affiliated website two hackers had quit LulzSec as they were "not up for the heat". As media attention mounted, Ryan Cleary, an Essex-based 19-year-old suspected of affiliation to LulzSec, was arrested in a joint UK-US "e-crime" investigation. Had the pressure simply got too much to handle?

To find out, the Guardian tracked down one of LulzSec's founding members, "Topiary". A key figure in the tight-knit group, he was revealed in the logs to have managed LulzSec's Twitter account and to have written their press releases. After verifying his identity by asking him to send a direct message from the account – "This is the captain of the Lulz Boat," he confirmed – we began a long conversation by Skype.

"I know people won't believe this, but we genuinely ended it [LulzSec] because it was classy," he says. "The leaks we promised happened . . . 50 days were reached, we just about hit 275,000 Twitter followers, things were on a high, so we redirected our fans to [hacker collective] Anonymous and [hacking movement] AntiSec and wrapped it up neatly . . . A high note, a classy ending, a big bang, then a sail into the distance."

LulzSec's jovial public image undoubtedly helped it achieve unusual popularity within a short time. Its stated aim was to provide "high-quality entertainment at your expense," and the word "Lulz" is itself internet slang for laughs. The group's popularity spiked after it planted a fake story on US news outlet PBS.com in protest over what it claimed was a misrepresentative WikiLeaks documentary made by the broadcaster. The story falsely reported that rapper Tupac Shakur, who was killed in a shooting 15 years ago, had been found alive and well in New Zealand.

"What we did was different from other hacking groups," says Topiary. "We had an active Twitter (controlled by me), cute cats in deface messages, and a generally playful, cartoon-like aura to our operations. We knew when to start, we knew when to stop, and most of all we knew how to have fun."

But the group's mission, Topiary explains, was not calculated. Almost everything LulzSec did – from choosing its name to its next target – happened spontaneously. "We made it up as we went along. We were originally @LulzLeaks on twitter, but I forgot the password so we became @LulzSec. My first name was The Lulz Train, then The Lulz Cannon, then The Lulz Boat. I had no idea what The Love Boat was, it was a complete accident . . . I wrote every press release in Notepad without planning. That's what made us unique, we just came out and made stuff up out of nowhere . . . We released when it felt right, we tweeted what felt right, we wrote what we felt needed to be wrote. We weren't burdened by plans or board meetings, we just did it."

The leaked chat logs also revealed the hackers appeared to revel in the international attention they received. However, Topiary says it wasn't that LulzSec was media-hungry, but that the media was LulzSec-hungry.

"We didn't contact a single media outlet for at least the first 40 days, they just kept reporting on our humble tweets," he says, though he admits the attention "gave us more reasons to leak more. It was a thrill, sure, and it did play a role. We enjoyed occasionally confusing and pranking media with weird tweets, or giving exclusives to certain journalists to piss off other certain journalists. It was another aspect of the situation that helped us leverage the entertainment."

Yet although many of LulzSec's attacks were perpetrated "for the lulz", the group was accused of attempted extortion by one US security company, Unveillance – a charge Topiary staunchly denies. It was also criticised after it hacked and dumped thousands of Sony Pictures Europe customers' usernames and passwords online, some of which were reportedly later used in scams by fraudsters. But Topiary is unapologetic.

"It's Sony's fault for not defending – and encrypting – its customers' data," he says. "Similarly, in a perfect world, we'd have dumped said data and nothing would have happened. These scams simply prove that other people (our fans/spectators) are more evil than us."

Towards the end of LulzSec's reign, it seemed to gravitate towards more overtly political causes. It occasionally compared itself to WikiLeaks in tweets, and its penultimate leak was a joint effort with Anonymous to expose Arizona police as "racist and corrupt", and to "sabotage their efforts to terrorise communities fighting an unjust 'war on drugs'."

Anonymous is well known for its acts of political "hacktivism". On Monday it reportedly threatened to attack the Metropolitan police over News International's phone hacking and the possible extradition to Sweden of WikiLeaks founder Julian Assange. Earlier this year the group claimed responsibility for a series of Distributed Denial of Service (DDoS) attacks on government websites in Tunisia, Iran, Egypt and Bahrain, and in 2008 it attacked the Church of Scientology after it allegedly attempted to suppress a leaked video interview with actor and scientologist Tom Cruise. Topiary has been heavily involved with Anonymous in the past, occasionally acting as its spokesman in televised interviews.

"Anonymous has been a great way for the younger generations to get involved through methods they understand, like utilising the internet," he says. "My main goal with Anonymous was to spread the word of revolution to those who might be seeking something new."

How does he define revolution? "Revolution is kicking the Tunisian government in the teeth by rendering their malicious Javascript embedments inert, allowing Tunisian citizens to surf Facebook without fear of password sniffing. Revolution is a horde of activists holding up Anonymous masks and thanking us for assisting their hard work by obliterating their government's ministry, stock and finance websites, replacing them with inspiring words. Revolution, to me, is bringing down the big guy while not forgetting to stand up for the little guy."

Though Topiary will not disclose his age, he describes himself as a teenager and "an internet denizen with a passion for change". He believes he is part of a generational shift in the way technology – specifically the internet – is increasingly being used as a tool to influence the world. The actions of Anonymous in particular, he says, have brought attention to the idea that actions taken online can have a major impact in real life – "linking the two realities". But he also recognises that the actions of Anonymous, LulzSec and other affiliated hackers can be used by governments as justification for greater control of the internet. So how does he balance his actions with that knowledge?

"It only results in greater government control if we remain apathetic and let it happen," he says. "The goal with Anonymous is to brutally cut down the middle of that decision and shout 'NO' to laws we don't agree with. Laws are to be respected when they're fair, not obeyed without question."

For now, however, Topiary is taking a break from law-breaking. He says he will continue operating on the margins of Anonymous, but will not engage in any more hacking. Instead, he intends to create art, video and graphics for the group to help with a new public relations project, to be titled Voice.

"I've been at this non-stop for a while, it's a big time-sink," he says. "Some people can handle it for years on end, and I respect those people. I just needed some air and a new page in the Anonymous/LulzSec era."

After the arrest of Cleary last month, suspected US hackers believed to be affiliated with LulzSec had their homes raided in Ohio and Iowa. In the past, hackers have been offered immunity from prosecution if they cooperate with the authorities. But, if caught, Topiary says he would "never snitch" on other hackers and that he would "pretty much" rather go to jail than work for the government in any capacity.

"Not sure I'd have a place in government security, unless they enjoy bizarre tweets," he says. "But again, no, I wouldn't accept a job that would fight against the things I've fought for. As for the authorities, well, if they have their claws in, they have their claws in, there's not much I can do about it. But I can only hope that they haven't pinned any of us, especially my friends from LulzSec."

This article originally appeared at: http://www.guardian.co.uk/technology/2011/jul/14/why-lulzsec-decided-to-disband

Inside LulzSec

It was a tight-knit and enigmatic group finding its feet in the febrile world of hacker collectives, where exposing and embarrassing your targets is just as important as protecting your own identity.

But leaked logs from LulzSec's private chatroom – seen, and published today, by the Guardian – provide for the first time a unique, fly-on-the-wall insight into a team of audacious young hackers whose inner workings have until now remained opaque.

LulzSec is not, despite its braggadocio, a large – or even coherent – organisation. The logs reveal how one hacker known as "Sabu", believed to be a 30-year-old security consultant, effectively controls the group of between six and eight people, keeping the others in line and warning them not to discuss what they have done with others; another, "Kayla", provides a large botnet – networks of infected computers controlled remotely – to bring down targeted websites with distributed denial of service (DDoS) attacks; while a third, "Topiary", manages the public image, including the LulzSec Twitter feed.

They turn out to be obsessed with their coverage in the media, especially in physical newspapers, sharing pictures of coverage they have received in the Wall Street Journal and other papers. They also engineered a misinformation campaign to make people think they are a US-government sponsored team.

They also express their enmity towards a rival called The Jester – an ex-US military hacker who usually attacks jihadist sites, but has become embroiled in a dispute with Anonymous, WikiLeaks and LulzSec over the leaked diplomatic cables and, more recently, LulzSec's attacks on US government websites, including those of the CIA and the US Senate.

In a further sign that the spotlight is beginning to engulf LulzSec, a lone-wolf hacker managed to temporarily cripple the group's website on Friday morning. Originally thought to be the work of The Jester, an activist, known as Oneiroi, later claimed responsibility for the attack but did not provide an explanation.

The group's ambitions went too far for some of its members: when the group hit an FBI-affiliated site on 3 June, two lost their nerve and quit, fearing reprisals from the US government. After revealing that the two, "recursion" and "devrandom" have quit, saying they were "not up for the heat", Sabu tells the remaining members: "You realise we smacked the FBI today. This means everyone in here must remain extremely secure."

Another member, "storm", then asks worriedly: "Sabu, did you wipe the PBS bd [board] logs?", referring to an attack by LulzSec on PBS on 29 May, when they planted a fake story that the dead rapper Tupac Shakur was alive. If traces remained there of the hackers' identities, that could lead the FBI to them.

"Yes," Sabu says. "All PBS logs are clean." Storm replies: "Then I'm game for some more." Sabu says: "We're good. We got a good team here."

Documenting a crucial five-day period in the group's early development from 31 May to 4 June, the logs – whose authenticity has been separately confirmed through comments made online by LulzSec's members – are believed to have been posted online by a former affiliate named "m_nerva". They contain detailed conversations between the group, who have in recent weeks perpetrated a series of audacious attacks on a range of high-profile targets, including Sony, the CIA, the US Senate, and the UK's Serious Organised Crime Agency (SOCA).

LulzSec threatened m_nerva on Tuesday in a tweet saying "Remember this tweet, m_nerva, for I know you'll read it: your cold jail cell will be haunted with our endless laughter. Game over, child." As an explanation, they said: "They leaked logs, we owned them [took over their computer], one of them literally started crying for mercy". The leaked logs are the ones seen by the Guardian.

The conversations confirm that LulzSec has links with – but is distinct from – the notorious hacker group Anonymous. Sabu, a knowledgeable hacker, emerges as a commanding figure who issues orders to the small, tight-knit team with striking authority.

Despite directing the LulzSec operation, Sabu does not appear to engage in the group's public activity, and warns others to be careful who and how they talk outside their private chatroom. "The people on [popular hacker site] 2600 are not your friends," Sabu warns them on 2 June. "95% are there to social engineer [trick] you, to analyse how you talk. I am just reminding you. Don't go off and befriend any of them."

But the difficulty of keeping their exploits and identities secret proves difficult: Kayla is accused of giving some stolen Amazon voucher codes to someone outside the group, which could lead back to one of their hacks. "If he's talking publicly, Kayla will talk to him," Sabu comments, bluntly.

Topiary, who manages the public image of LulzSec – which centres around its popular Twitter feed, with almost 260,000 followers – also acted previously as a spokesman for Anonymous, once going head-to-head in a live video with Shirley Phelps-Roper of the controversial Westboro Baptist Church, during which he hacked into the church's website mid-interview.

His creative use of language and sharp sense of humour earns praise from his fellow hackers in the chat logs, who tell him he should "write a fucking book". On one occasion, after a successful DDoS attack brings down a targeted web server, Topiary responds in characteristic fashion to the hacker responsible, Storm: "You're like our resident sniper sitting in the crow's nest with a goddamn deck-shattering electricity blast," he writes. "Enemy ships being riddled with holes."

But while LulzSec has a jovial exterior, and proclaims that its purpose is to hack "for the lulz" (internet slang for laughs and giggles), Sabu is unremittingly serious. Domineering and at times almost parental, he frequently reminds the other hackers of the dangers of being tracked by the authorities, who the logs reveal are often hot on their heels.

During one exchange, a hacker named Neuron starts an IAmA (Q and A) session for LulzSec on the website Reddit for "funzies" and to engage with the public. This immediately raises the ire of Sabu, who puts an angry and abrupt halt to it.

"You guys started an IAmA on reddit?" Sabu asks in disbelief. "I will go to your homes and kill you. If you really started an IAmA bro, you really don't understand what we are about here. I thought all this stuff was common knowledge ... no more public apperances [sic] without us organizing it."

He adds: "If you are not familiar with these hostile environments, don't partake in it."

The logs also reveal that the group began a campaign of disinformation around LulzSec. Their goal was to convince – and confuse – internet users into believing a conspiracy theory: that LulzSec is in fact a crack team of CIA agents working to expose the insecurities of the web, headed by Adrian Lamo, the hacker who reported the alleged WikiLeaks whistleblower Bradley Manning to the authorities.

"You guys are claiming that LulzSec is a CIA op ... that Anonymous is working to uncover LulzSec ... that Adrian Lamo is at the head of it all ... and people actually BELIEVE this shit?" writes joepie91, another member. "You just tell some bullshit story and people fill in the rest for you."

"I know, it's brilliant," replies Topiary. The attempts did pay off, with some bloggers passing comments such as: "I hypothesize that this is a government 'red team' or 'red cell' operation, aimed at building support for government intervention into internet security from both the public and private sectors."

The group monitors news reports closely, and appears to enjoy – even thrive – on the publicity its actions bring. But the logs show that the members are frustrated by the efforts of a self-professed "patriot-hacker" known as the Jester (or th3j35t3r), whose name is pejoratively referenced throughout.

The Jester is purportedly an ex-US military hacker, and was responsible for high-profile attacks on WikiLeaks prior to the release of US diplomatic cables in November. In recent weeks he has made LulzSec his principal target, describing them as "common bullies". Topiary in turn dismisses The Jester as a "pompous elitism-fuelling blogger" – but the group is always worried that The Jester or his associates are trying to track them down.

The Jester claims LulzSec are motivated by money and points to allegations that the group tried to extort money from Unveillance, a data security company. Similar accusations against LulzSec by two other groups, "Web Ninjas" and "TeaMp0isoN_". Web Ninjas say they want to see LulzSec "behind bars" for committing "insane acts ... in the name of publicity or financial gain or anti-govt agenda".

The logs do not reveal any discussion of extortion between the LulzSec inner circle; nor do they indicate any underlying political motivations for the attacks. But amid the often tense atmosphere depicted in the logs the hackers do occasionally find time to talk politics.

"One of these days we will have tanks on our homes," writes trollpoll, shortly after it emerged the US government was reclassifying hacking as a possible act of war. "Yea, no shit," responds Storm.

"Corporations should realize the internet isn't theirs," adds joepie91. "And I don't mean the physical tubes, but the actual internet ... the community, idea, concept."

"Yes, the utopia is to create a new internet," says trollpoll. "Corporation free."

On Monday 20 June, Sabu's worst fears may have been confirmed when a 19-year-old named Ryan Cleary was arrested in Wickford, Essex and later charged with a cyber attack in connection with a joint Scotland Yard and FBI probe in to a hacking group believed to be LulzSec.

Metropolitan Police Commissioner Sir Paul Stephenson described the arrest as "very significant", though LulzSec itself was quick to claim Cleary was not a member of the group and had only allowed it to host "legitimate chatrooms" on his server.

"Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us," the group tweeted.

An individual named "Ryan" is occasionally referenced by the hackers in the logs, though he himself does not feature and appears to have only a loose association with the group.

Scotland Yard confirmed on Thursday that it was continuing to work with "a range of agencies" as part of an "ongoing investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group".

In response to the leaked logs, LulzSec posted a statement on the website pastebin, claiming users named joepie91, Neuron, Storm and trollpoll were "not involved with LulzSec" and rather "just hang out with us".

They added: "Those logs are primarily from a channel called #pure-elite, which is /not/ the LulzSec core chatting channel. #pure-elite is where we gather potential backup/subcrew research and development battle fleet members – ie, we were using that channel only to recruit talent for side-operations."

The group has vowed to continue its actions undeterred. But they now face a determined pincer movement from the FBI, UK police, and other hackers – including The Jester, who has been relentless in his pursuit of them for more than a fortnight. If its members' real identities are revealed, LulzSec may vanish as quickly as it rose to prominence.

This article originally appeared at: http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

Read the full chat logs here: http://www.guardian.co.uk/technology/2011/jun/24/lulzsec-irc-leak-the-full-record

Follow up coverage: New York Times, ZDNet, The Age, Yahoo, Maximum PC, Salon, Thinq, the Register, Washington Post, BGR.