Re: proposal

On Sat, Jul 23, 2011 at 4:22 PM, Barrett Brown <barriticus@gmail.com> wrote:

On the morning of February 5^th, 2011, Karen Burke - director of marketing and communications for the intelligence contracting firm HBGary - made an exciting announcement regarding an apparent media coup on the part of their closely-aligned sister company, HBGary Federal. Last night The Financial Times published a story about HBGary Federal CEO Aaron Barr's social media analytics research on the Anonymous Group, she wrote in an e-mail sent out to employees and principals of the two companies. Pasted below was the text of the article in question, in which it is asserted that Barr had managed to discover information on the co-founder of Anonymous, said by Barr to be a user called Q, as well as identifying details of a number of important members, including Owen, whom Barr also identified as a leader.

We should expect more media interest as this story receives wider attention, added Burke.

It was a reasonable prediction. Two years after first making its presence felt by way of a multifaceted and globe-spanning campaign against the Church of Scientology, the mysterious online collective known as Anonymous was clearly developing into a significant new player on the world stage. A year before, participants had launched a series of attacks on Australian government websites, bringing several of them down in a symbolic act in opposition to proposed internet censorship laws. For the past several weeks, Anonymous had been engaged in cyberwarfare against the dictatorships of Tunisia and Egypt in support of an internet-driven protest movement that would soon spread across the Arab world.

But it was Anonymous' forceful support of Wikileaks that first provoked a serious response from federal authorities. In December of 2010, MasterCard, Visa, and PayPal ceased processing donations to Wikileaks, apparently at the behest of some facet of the federal government, which in turn sought to marginalize the transparency group after it had released a quarter-million diplomatic cables stolen from the U.S. An estimated 50,000 Anonymous participants responded by launching a distributed denial of service (DDOS) attack against the websites of those financial firms, bringing them down for much of the day. Although the attack itself was largely symbolic, it had the end effect of drawing more attention to the fact that elements of state and commerce were colluding against an organization that threatened to reveal damaging information on both. It also drew the attention of law enforcement agencies. In late January of 2011, armed FBI agents descended upon 40 U.S. residences to carry out search warrants, seizing everything from computers to cell phones to servers; five U.K. citizens were arrested the previous day. The subsequent launch of a federal grand jury investigation further confirmed the seriousness with which Anonymous was now taken by the powers that be. The fact that many of those who'd been detained by authorities were back online within hours confirmed that whatever Anonymous was, exactly, it wasn't going to be brought down quickly.

For Aaron Barr, the coming conflict between Anonymous and law enforcement was well-timed. Having spent weeks secretly monitoring AnonOps a chat server that had come to serve as the group's de facto center of operations the longtime intelligence contractor and information security specialist was now set to parlay his counter-intel coup into a reputation as an innovator who could be counted upon to deal with the new breed of online threats that Anonymous represented. Next Monday, he'd be meeting with the FBI to provide them with information on individual participants; a few weeks later he was scheduled to give a talk at a San Francisco technology conference on how he'd leveraged data from social networks to determine the real names of Anonymous' top lieutenants.

As the day proceeded, HBGary's executives worked together via e-mail to make the most of the Financial Times piece. Around 11:00 am, HBGary CEO Greg Hoglund weighed in. I think these guys are going to get arrested, it would be interesting to leave the soft impression that Aaron is the one that got them, and that without Aaron the Feds would have never been able to get out of their own way, Hoglund advised. So, position Aaron as a hero to the public. At this point they are going to get arrested anyway. With the investigation presumably coming quickly towards it logical conclusion, there would be plenty of credit to go around, earned or otherwise.

As the day continued, a bizarre press release entitled Anonymous Concedes Defeat suddenly appeared at various venues used by the collective to convey its messages, including an account on the user-driven blog Daily Kos. Barr, it was sarcastically noted, had made his discoveries in large part by an infiltration of our entirely secret IRC server anonops.ru and in particular our ultra-clasified channels #opegypt, #optunisia, and, of course, #reporters, which itself is the most secret of all.... As Mr. Barr has discovered in spite of our best efforts, Anonymous was founded by Q last Thursday at the guilded Bilderberg Hotel after a tense meeting with one Morrowind mod collection, which itself includes the essential Morrowind Comes Alive 5.2 as well as several retexturing packs, all of which seem to lower one's FPS...- the nonsense continued for several paragraphs.you

It seemed a flippant response in light of what Barr had on the group. They still don't get it. They think all I know is their irc names!!!!!, Barr wrote to his company colleagues as they tried to determine what to make of it all. I know their real fing names.

I'll look at the blogpost, replied Burke, but I am concerned about escalating the 'brawl'. They seemed freaked out on the Daily Kos post.

No they are not freaked out, Barr replied. They don't get it...Greg will tell you. They think I have nothing but a heirarchy [sic] based on IRC aliases! as 1337 as these guys are suppsed [sic] to be they don't get it. I have pwned them! :)

Barr's assessment of the cards he held was understandable. Over a few months the longtime security contractor had spent a great amount of time on the internet relay chat server from which much of Anonymous' work was conceived, coordinated, and executed. The server wasn't secret by any means; as Anonymous had noted in that day's press release, there was even a channel for those reporters who sought to better understand the group, and with a few exceptions, anyone could join the various channels on which specific operations were discussed. After all, participants tended to hide their IP addresses by way of various means and used screen names to hide their identities. But Barr - who was fast gaining a reputation as an innovator in the field of information operations - had conceived a complicated plan involving the comparison of log in times, conversational clues, and information gleaned from social networking accounts in such a way as to form a data set from which could be determined, with 80 percent accuracy, the real names and locations of notable Anonymous participants, including the movement's leadership. With the hard work nearly finished, it was now time to win the notoriety that was his due and perhaps a bit more, as per Hoglund's suggestion.

But in the meantime, there was bound to be some splashback. Barr noticed suspicious activity directed at the server which the two companies shared. Our website is getting probed pretty heavily, he wrote to Hoglund and other principals at 8:00 that same evening. You might want to check hbgary.com. Whatever was coming, HBGary could certainly handle it. In fact, Barr could likely prevent it he would just have a talk with the leader of Anonymous.

The leader in question, Barr had come to discover through his research, was a fellow named Benjamin Spock de Vries. In his capacity as the supreme head of the Anonymous collective, de Vries had cleverly opted to go by several online names to confuse authorities. To some, he was Commander X. To others, he was known merely as Q. Barr was the only one who had discovered the truth that all three were one in the same. He even knew the fellow's Facebook account. So that night, using his own Facebook account he himself had created in order to better to infiltrate and assess the mysterious world of Anonymous, Barr approached the collective's co-founder and acting leader in hopes of convincing him falsely that he meant no harm to the organization.

CommanderX. This is my research. I will be posting a response shortly to the DailyKos post. I am not going to release names I am merely doing security research to prove the vulnerability of social media so please tell Chris or Jules or whoever else is hitting our site to stop.

Commander X/Q/de Vries played coy, claiming that any such thing was not my doing. But Barr knew better, and continued to make his case. I am done with my research...doing my slides...I am not out to get u guys. My focus is on social media vulnerabilities only. So please tell the folks there that I am not out to get u guys... if you have to just tell folks that anon can not afford to attack another target within the US for now...blah blah...that should be enough to keep them off me.

The exchange went on for two hours, and in the end around 11:30 that evening Barr had even convinced de Vries to meet up with him in San Francisco when he came out to do his talk on the vulnerabilities by which he managed to determine so much about the group's members. The conversation having gone well, Barr and HBGary would now be safe from any serious retaliation on the part of Anonymous, whose leader didn't appear to consider his research much of a threat. Barr forwarded the conversation to Hoglund, who had earlier expressed some concern about potential retaliation. So I decided to privately poke at the leader :), he summarized.

The next day Superbowl Sunday, incidentally - Nokia's chief adviser on risk and security, Jussi Jaakonaho, received a message from Hoglund's HBGary e-mail account:
im in europe and need to ssh into the server. can you drop open up firewall and allow ssh through port 59022 or something vague? and is our root password still 88j4bb3rw0cky88 or did we change to 88Scr3am3r88 ? thanks
Jaakonaho - who helped to administer Hoglund's website rootkit.com, which sat on the same server used by both HBGary and HBGary Federal - helpfully reset the password and otherwise took steps to provide temporary access to Hoglund, who said he had to rush to a meeting. Later, though, Jaakonaho noticed an unusual degree of traffic coming from the server. Did you open something running on high port? he asked Hoglund in another e-mail at around 2:00 pm. But he received no response. Likely, he was as of yet unaware that HBGary's website had been replaced by a written message accompanied by a picture of man in a suit, standing in front of a globe, his head a question mark.

The message began, This domain has been seized by Anonymous under section #14 of the rules of the internet. At the bottom was a link to a downloadable file containing tens of thousands of e-mails that had just been stolen from the company's server.

Aaron Barr had not been speaking to the leader of Anonymous. And Jaakonaho had not been speaking to Greg Hoglund.

***

Three years earlier, a couple of friends and I hit upon a great idea for a troll.

A woman who had left the Church of Scientology movement had leaked a video clip in which Tom Cruise, the group's preeminent celebrity spokesman, gives one of the most bizarre and rambling addresses one could imagine. But every time she tried to put it up on YouTube so that others could see just how insane is the internal rhetoric of the international cult, the Church would file a Digital Millenium Copywrite Act notice to YouTube, the administrators of which would remove it. So we started posting the clip up ourselves. A DMCA is easy enough to send off, but it takes a bit of time and effort to locate the material one is attempting to censor. By continually reposting the clip, we could at least annoy the Church, if nothing more.

Finally, the video found a permanent home. Unlike YouTube, Gawker refused to bow down to Scientology's expansive legal department; in fact, they even posted the clip on their main page along with a message to the effect that they would never take it down. Better yet, the Church's attempts to censor the video via litigation had itself become a story, thereby bringing further attention to the matter. Internet censorship, along with its most notorious practitioner, had suffered a blow. But it wasn't enough of a blow, in our view. So we decided to bring in Anonymous.

At that point, what was called Anonymous existed mostly as an idea a sort of meta-joke drawing upon a subset of internet culture that had emerged from the popular image board 4chan.org. By tradition, few bothered to fill out the name tab when leaving messages; by default, the vast majority of messages one would see in the thread were designated as having been posted by Anonymous. The joke, then, was that a glance at such message threads might leave a casual observer with the impression that some prolific fellow named Anonymous was engaged in an eternal conversation with himself. And to the extent that such an observer lingered on 4chan's most popular board, /b/ - the random board which had come to incubate a rich, nihilistic internal culture with a language and symbology all its own that observer would find this Anonymous fellow rather frightening. He was, after all, the collective id of unknown thousands of internet users who had come to live at least a part of their lives amongst an undifferentiated and irreverent mob.

There was another major reason why Anonymous seemed perfect for the job theraids in which its participants would engage from time to time. Historically, such mass actions had targeted everything from forums to online games to random Myspace users. Some were clever and resulted in no particular harm for the targets other than inconvenience; others were extraordinarily cruel; many were a mix of both. But the interesting thing was how unprecedented it all was, and how much potential for good was waiting to be realized. Here was a mass of people who could be convinced to unleash an online onslaught at a moment's notice, one that drew upon the collective skills and resources of tens of thousands of people. It was the closest thing to an army that the internet had.

A few days after the Tom Cruise video was first taken down by YouTube, my friends and I posted a message to 4chan, which at the time was the central node of the Anonymous culture. We also started a YouTube account called Church0fScientology, with which we released a short but well-produced little video entitled Message to Scientology, in which an electronic voice read a script we'd collaborated on. Noting the cult's suppression of internal dissent, its litigious nature, and its long history of attempted internet censorship, we quickly got to the point. Anonymous has therefore decided that your organization should be destroyed. For the good of your followers, for the good of mankind - for the laughs - we shall expel you from the Internet and systematically dismantle the Church of Scientology in its present form.

Happy with our work, we put up a couple more links on 4chan while also distributing instructions on joining an IRC server we'd set up for those who wished to join us in planning ways by which to get the truth out about how the Church operates. With luck, the video might receive several thousand views, and perhaps a few hundred Anons would assist in whatever actions we decided to take. We'd been thinking that a couple of protests could be managed, for instance.

The next day, I was running some errands when I got a call from my girlfriend, who had been keeping an eye on the server.

You need to come home, she told me.

I'll be back in a little while. I've got-

No. You need to come home now.

Our server had been overwhelmed by the tens of thousands of people logging on. The video, meanwhile, had gotten a hundred thousand hits in one day; in a few more it had received millions, as did a follow-up video we put out, Call To Arms, which provided more specific ideas on a method of attack. Within a few weeks, embarrassing Church documents were being stolen and distributed across the internet; Scientology websites were being brought down by distributed denial of service attacks; and protests were being held in front of Scientology centers in hundreds of cities across the world (three years later, in fact, Anonymous still holds such protests in major cities each and every week).

For Scientology, it was a devastating blow from which the Church has never recovered. For Anonymous, it was the beginning of a transition from a largely inert mass content to launch pointless pranks to a geopolitical force in the habit of striking at dictatorships, corporations, and intelligence agencies, even to such an extent that NATO felt compelled to put out a report citing the necessity of persecuting its members in the interests of the security of its member states.

To outsiders, it has long appeared a self-organizing force, amorphous and spontaneous a non-organization without leadership. Many who have self-identified as Anonymous for years and been active in some of its campaigns see it in the same way. But for three years, there have been accusations of hidden centers of control, known only to a few; shifting internal alliances among key members with varying agendas; and disinformation put out in such a way as to frustrate attempts at analysis by those who look too closely at those who pull the strings. Some of those accusations have involved me personally. And many of them are entirely true.

***

February 7^th, 2011, a day after the HBGary attack. The previous evening, various media outlets had been alerted to the fact that the security firm's servers had been overtaken. Another Anonymous press release had come out, asserting that Aaron's notes on Anonymous had been entirely flawed. That document, along with a portion of the 70,000 e-mails stolen from the firm the previous day, was now available to the public and the press.

Now, contact had been made with Greg Hoglund's wife, Penny, president of HBGary, during which she had been directed to log on to the same internet relay chat server, Anonops, that Barr had spent the last few months infiltrating. The entrepreneurial couple connected from their home.

heyguise: just type to say hi penny

heyguise: we are your friendly neighborhood legion, we dont bite.

Penny: HI it's me

Sabu: penny when you situate yourself we have some questions

Those of us who were assembled in the IRC commenced the grilling.

Sabu: penny. before we get started--know that we have all email communication between you and everyone in hbgary. so my first question would be why would you allow aaron to sell such garbage under your company name?

Penny: I did know he was doing research on social media and the problem associated with it, the ease of pretending to be one of you.

In fact, she had known a bit more and Greg, who was sitting next to her and would eventually take the keyboard, had known most everything. But this wasn't yet clear to the assembled Anons, only a few of whom had started reading through the e-mail correspondence. Of those e-mails, incidentally, those designated as belonging to HBGary Federal figures Ted Vera and Aaron Barr were already being seeded - made available for download. Penny and Greg were hoping to prevent those of the parent company, HBGary proper, from being released as well.

After nearly an hour, there came about a consensus as to how such a compromise might be reached.

Penny: You want me to fire Aaron and donate to bradley mannings fund?

Sabu: yes penny

heyguise: aaron should maybe donate some thing too

evilworks: kidneys

For his part, Aaron Barr was at that moment on the phone with the same Anonymous operative who had directed Penny to the IRC.

I never planned to sell the data to the FBI, Barr was asserting. The FBI called me. This wasn't exactly true; as the e-mails would reveal, Barr had been trying for an audience not only with the FBI but also the OSD for weeks and enlisted several of his contacts to help bring this about. The person on the other line didn't know this yet. So he let Barr explain how it was that his attempts to discover the identifies of Anonymous participants had been intended merely as background for the talk he was to give at a San Francisco event the following week.

Even if I get a portion of Anon folks right... it just proves the point that if I can get even partial right on Anon, social media is a problem. And that's what I'm talking about. It's not about prosecuting Anon. It's about am I, am I using the publicity that Anonymous is getting? Absolutely. Just like anybody does, just like Anon does and everyone else does you use the publicity that's out there in order to get your message heard.

Right. No, I understand that, said the person on the other line.

I'm running... I'm running a business. I'm not trying to, you know, attack Anon I'm not releasing and have not released publicly any names.

Let me ask you a question real quick, replied the voice. Sorry to interrupt you, let me ask you a question. Did you ever supply Anonymous with the research you had gathered, like before you started talking to the press about it, for instance?

Barr gave a slight pause. No.

Okay. So you didn't - were you planning on doing that at any point?

Who would I provide it to? Who would I provide it to?

Uh, the people in the IRC that you think are leaders. Like Q and Owen. That might have been a good start.

Barr was unable to come up with a response. And the conversation was being recorded. Within 24 hours, it would be in the hands of the press.

But this was the least of the early public relations advantages Anonymous held over HBGary. Hoglund's e-mail to the effect that the firm should leave the soft impression that Aaron is the one that got them had already been provided to a Bloomberg reporter who thereafter reached Karen Burke to ask her for comment. Burke told the reporter that she didn't know anything about it. Shortly afterwards, the same reporter was supplied by Anonymous with the e-mail heading and the rest of the exchange, which showed that not only had the e-mail been sent to Burke herself just a couple days prior, but she had even responded to it. Karen was really pissed yesterday when I called again about the email, the reporter noted the next day. She basically hung up on me. At some point over the next few days, HBGary hired a communication crisis specialist.

But by that time, several outlets had already revealed that HBGary Federal, along with the more established contracting firms Palantir and Berico, had sought to provide their combined information war capabilities to private clients, including Bank of America. The nature of those services including cyber attacks on Wikileaks and a clandestine campaign of harassment against one of that organization's most effective supporters, Glenn Greenwald were such that Rep. Hank Johnson called for a Congressional investigation. But Rep. Lamar Smith, a Republican from Texas, shot down any such inquiry, asserting that it is the role of the Justice Department to determine whether a criminal investigation is warranted. But as was also shown in the e-mails, it was the Justice Department itself that had originally made the introductions when Bank of America first sought out a firm cpable of executing a clandestine disruption of Wikileaks. Unsurprisingly, no official investigation ever occurred.

Thus it was that Anonymous decided to carry out its own investigation.

***

As well-suited as Anonymous turned out to be in launching a multi-fronted attack on the Church of Scientology, the Church itself was no slouch in unconventional civic warfare; this was, after all, the same organization that coined the term fair game to refer to its policy of dealing with critics by any means necessary, and which back in the '70s had managed to infiltrate 136 government agencies in an effort to better position itself against its enemies. Suffice to say that the practice of Church operatives photographing those who showed up at protests was among the less creepy responses (as well as the practical impetus for the donning of Guy Fawkes masks by participants, which in turn was adopted into our movement's symbology). Those who were successfully identified received threatening letters from the Church's attorneys. CoS officials meanwhile set about filing as many criminal charges as possible several of which were directed at me.

In the seven months or so since our campaign began, myself and several others had continued to organize protests and other measures things via a secret chat room with the unassuming name of marblecake, from which we could work together outside the scrutiny of internet-savvy Church operatives as well as those Anons who were unhappy with the activist direction in which the movement was suddenly being taken. Secrets and the internet don't mix, of course, and it wasn't long before the existence of this channel and even logs of the conversations held within were leaked. The Church was thus able to link my role in the ongoing onslaught with my real name, which was registered on at least one protest permit for the Boston area. The Church also had a video which they claimed proved that I had entered Church property during one event (and which turned out to show nothing of the sort). I was initially charged with disturbing an assembly of worship, disturbing the peace, and harassment; their lawyers made it known to me that they had the means to keep this in the courts for years even despite the DA dropped the harassment charge.

The Church was presumably well aware of my history. I'd spent a good portion of my '20s alluding an FBI cybercrime unit assigned to break up a warez ring in which I played an integral part, assisting in the acquirement and distribution of pirated software; I was known to authorities and software publishing legal teams by my hacker's moniker and little else. They never actually caught me, per se; instead I was turned in by a neighbor of mine after he got himself arrested while in possession of several kilos of coke and thus had plenty of reason to cooperate. In 2002 I was convicted on charges of copyright conspiracy and conspiracy. And although I only served three months in federal prison, the pen in question was the place that existing convicts are generally sent as punishment for stabbing someone to death with a broken toothbrush - or, in my case, when you manage to upset the career FBI agent who was supposed to have yielded a more satisfying conviction. Worse, I did the first month in solitary confinement an additional punishment of similarly toothbrush-stabbing caliber.

As I was in no particular hurry to repeat the experience or anything similar, I agreed to Scientology's proposal to have the judge issue a continuance, which in this case effectively meant that for the next year I would stay away from Scientology and Scientology would stay away from me. That year went by a lot quicker than did the three months in broken toothbrush land, and today I still manage to organize and attend several protests a month, as do countless others across the globe.

Ironically, Scientology's mini-campaign against myself and the consequent outing of my real name provided me with additional opportunities to work against the cult. Suddenly I was being contacted almost daily by a press corps through which I could now speak out to a different audience about the church's decades of misconduct. But as Anonymous began to flex its growing muscle in new ways, the questions understandably came to hinge more and more on our growing collective and what it all meant. For the next two years, I was pretty much the only one readily accessible to answer those questions.

At the same time, the now-common knowledge that I had been involved in organizing Chanology also brought me into contact with other moralfags, as we're known in the parlance of the meme culture those who participate in the never-ending effort to appropriate Anonymous from the trolls and transform it into an apparatus capable of championing liberty and transparency in ways that would have been impossible just a few years before.

In early 2010, for instance, I was approached by an individual named Tux who hoped to organize an Anonymous operation by which to protest the Australian government's ongoing movement towards internet censorship; the hook was proposed laws that would outlaw certain forms of pornography, including those depicting small-breasted women. Sex being second only to drugs in the traditional state excuses for wearing roller skates to the slippery slope of censorship, Tux asked me how to go about launching an information-age campaign against a brick-and-mortar opponent. I told him everything I could about the peculiarities of online organizing, media interfacing, delegation of responsibility, day-to-day infrastructure, and everything else I'd learned thus far since that day when we first had to figure out what to do with the 7,000 people who had joined a single IRC channel to plan a cyberwar. I also told him to let me know if he needed anything else. It turned out he didn't. Operation Titstorm was launched a few days later; among other things, participants DDOSed several government websites, bringing them down in a successful effort to bring attention to their demands. It was the first time Anonymous went up against a government.

Of course, it wouldn't be the last. Tunisia, Egypt, Iran, Syria, Yemen, Algeria, and others were all hit over the course of two months, As of this writing, several hackers affiliated with the group just yesterday infiltrated servers belonging to NATO and are now presumably going through the haul to decide what they'll be releasing. Another

Dramatis personae

Lulzsec Often described as an Anonymous splinter-group for lack of a better term. Lulzsec consisted largely of the same few Anons who had previously carried out the HBGary hack. Over the course of an initial 50-day hacking spree, Lulzsec stole over a thousand e-mails from the CEO of intelligence contractor Unveillance; brought down CIA.org for several hours; acquired and leaked data from senate.gov, the Sony Corporation, and the private-public FBI affiliate Infraguard; and infiltrated PBS.org and put up a front-page story to the effect that Tupak Shakur had been found alive and well in New Zealand, among dozens of other things, taunting their victims via Twitter and prompting a perpetual press frenzy along the way.

Sabu Widely regarded as the foremost hacker within the movement, Sabu

Topiary A young European hacker who first came to prominence with his participation in the HBGary raid, during which he seized control of various social networking accounts held by HBGary Federal executives and used them to broadcast assorted items of crude hilarity. On the occasion of the brief conflict between Anonymous and the Westboro Baptist Church (of God Hates Fags fame), Topiary appeared on a live radio show via Skype along with a WBC spokesperson and, in the midst of the debate, announced that the church's website had just been hacked. His unexplained disappearance in late March prompted rumors that he had been imprisoned or perhaps even kidnapped; upon reappearing a few weeks later, he was publicly silent as to his unexplained absence while privately telling others he had been raided but merely charged with having perpetrated a DDOS attack. Thereafter he served as a key participant and de facto spokesperson for Lulzsec.

Backtrace Security A s

th3j35t3r A self-proclaimed hacker for good with a background in military intelligence and a penchant for expressing himself in the ham-fisted manner of a b-movie action star. Th3j35t3r first came into conflict with Anonymous after attacking Wikileaks servers with his custom-made DOS gear, prompting an ongoing effort to

--
Regards,

Barrett Brown
512-560-2302