Inside LulzSec: How the Superstar Hackers Met Wikileaks
For 50 days during the summer of 2011, the members of Lulz Security were the most famous hackers on the planet. A splinter group of the hacktivist collective Anonymous, LulzSec tore up
Fox News Fox Broadcasting, crashed the CIA's website and leaked hundreds of thousands of Sony customers' passwords, boasting of each new hack on their entertaining Twitter account.
During the height of their exploits, journalist Parmy Olson had an inside track with LulzSec's key players, including Topiary, the group's quick-witted spokesman, and Sabu, the de facto LulzSec leader-turned FBI informant who helped bring the crew down. Olson's new book,We Are Anonymous, tells the fascinating story of LulzSec's rise and fall.
One of the more intriguing episodes in LulzSec's brief run was when Wikileaks founder Julian Assange apparently tried to enlist them to hack his enemies. The following excerpt from We Are Anonymous details a previously undisclosed online meeting that took place in July 2011 between LulzSec hackers and a Wikileaks representative* named "q." —Ed
For Assange, a simple DDoS attack on CIA.gov was some much needed comic relief. Since Anonymous had leaped to his defense in December, he had spent the last few months fighting the threat of extradition to the United States and accusations of treason over WikiLeaks's release of diplomatic cables. Swedish authorities had doubled his problems by charging him with attempted rape, which meant he was now fighting extradition to Sweden too. In the meantime, he was staying in the countryside manor of an English journalist, wearing an electronic tag and trying to keep up with developments in the world of cyber security. It had been hard not to notice LulzSec. On the one hand, the group looked like fearless comedians. On the other, it clearly had skilled hackers on the team.
Impressed and perhaps unable to help himself, Assange had opened the main WikiLeaks Twitter account and posted to its nearly one million followers: "WikiLeaks supporters, LulzSec, take down CIA . . . who has a task force into WikiLeaks," adding: "CIA finally learns the real meaning of WTF." Soon after a few news agencies and websites reported that WikiLeaks was supporting LulzSec, he deleted the first tweet. He didn't want to be publicly associated with what were clearly black hat hackers. Instead, he decided it was time to quietly reach out to the audacious new group that was grabbing the spotlight. On June 16, the day after Ryan set his botnet on CIA.gov, an associate of WikiLeaks contacted [LulzSec spokesman] Topiary.
"I've got a contact in WikiLeaks that wants to talk to you," the person said, then directed him to a new IRC server that could serve as neutral ground for a private discussion. The network was irc.shakebaby.net and the channel was #wikilulz. Topiary was immediately skeptical and believed the contact was trolling him.
When he finally spoke to a WikiLeaks staff member known as q, who was in the channel under the nickname Dancing_Balls, he asked for someone to post something from the WikiLeaks Twitter account. Assange, who allegedly had sole access, did so, putting out something about eBay, then deleting the post. Topiary did the same from the LulzSec Twitter feed. But he needed more proof, since the WikiLeaks feed could have been hacked. q said he could do that. Within five minutes, he pasted a link to YouTube into the IRC chat, and he said to look at it quickly.
Topiary opened it and saw video footage of a laptop screen and the same IRC chat they were having, with the text moving up in real time. The camera then panned up to show a snowy-haired Julian Assange sitting directly opposite and staring into a white laptop, chin resting thoughtfully in his hand. He wore a crisp white shirt and sunlight streamed through a window bordered with fancy curtains. q deleted the twenty-two-second video moments later. Also in the IRC channel with Topiary and q was [LulzSec leader] Sabu, now likely with very interested FBI agents monitoring the discussion.
"Tell Assange I said ‘hello,' " Sabu told q.
"He says ‘hi' back," q said.
At first Topiary was nervous. Here was Julian Assange himself, the founder of WikiLeaks, reaching out to his team. He couldn't think why he wanted to talk to them. Then he noticed what q and Assange were saying. They were praising LulzSec for its work, adding that they had laughed at the DDoS attack on the CIA.
With all the flattery, it almost felt like they were nervous. For a split second, LulzSec seemed to be much bigger than Topiary had ever thought.
By now a few others from the core team knew about what was happening and had come into the chat room. Sabu had given them a quick rundown of what was going on, then said it could mean hitting bigger targets.
"My crew seems up for taking out traditional government sites," he told Assange and q in the chat. "But seeing as that video was removed, some of them are skeptical."
"Yes I removed the video since it was only for you, but I can record a new one if you want :)," q said.
"If we need additional trust (mainly my crew) then ok," said Sabu. "But right now we seem good."
Then q went on to explain why he and Assange had contacted LulzSec: they wanted help infiltrating several Icelandic corporate and government sites. They had many reasons for wanting retribution.
A young WikiLeaks member had recently gone to Iceland and been arrested. WikiLeaks had also been bidding for access to a data center in an underground bunker but had lost out to another corporate bidder after the government denied them the space. Another journalist who supported WikiLeaks was being held by authorities. Assange and q appeared to want LulzSec to try and grab the e-mail service of government sites, then look for evidence of corruption or at least evidence that the government was unfairly targeting WikiLeaks. The picture they were trying to paint was of the Icelandic government trying to suppress WikiLeaks's freedom to spread information. If they could leak such evidence, they explained, it could help instigate an uprising of sorts in Iceland and beyond.
The following day, q and Assange wanted to talk to LulzSec again. Perhaps sensing that Topiary was still skeptical, q insisted on uploading another video. It again showed his laptop screen and the IRC chat they were having being updated in real time, then a close-up of Assange himself, head in hand again, but this time blinking and moving the track pad on his laptop, then him talking to a woman next to him. The camera was then walked around Assange before the video ended. The video had been filmed and uploaded in less than five minutes. Topiary, who was experienced with Photoshop and image manipulation, calculated that doctoring the IRC chat and Assange in the same video image within such a short space of time would have been incredibly difficult, and he veered toward believing this was all real.
But q was not asking LulzSec to be hit men out of the goodness of their hearts. There was potential for mutual gain. q was offering to give the group a spreadsheet of classified government data, a file called RSA 128, which was carefully encrypted and needed cracking. q didn't send it over, but he described the contents.
"That's pretty heavy stuff to crack," Sabu told q. "Have you guys tried simple bruteforce?" q explained they had had computers at MIT working on the file for two weeks with no success.
Topiary wanted to ask if Assange was going to give the team other things to leak, but he decided not to. Part of him didn't want to know the answer to that. It was already starting to look like LulzSec was on the road to becoming a black-hat version of WikiLeaks. If WikiLeaks was sitting on a pile of classified data that was simply too risky to leak, then it now had a darker, edgier cousin to leak it through.
Topiary decided to mention that LulzSec had been the same team behind the HBGary attack. Assange said he had been impressed with the HBGary fallout but added, "You could have done it better. You could have gone through all the e-mails first."
"We could have," Topiary conceded, "but we're not a leaks group. We just wanted to put it out as fast as possible."
"Yes but you could have released it in a more structured way," Assange said.
"We didn't want to go through 75,000 e-mails looking for corruption," Topiary countered again. He remembered how he had trawled through those e-mails looking not for scandal but for Penny Leavy's love letter to Greg Hoglund and for Barr's World of Warcraft character.
The team decided to invite Assange and q over to their IRC network on Sabu's server. Topiary created a channel for them all to talk in and called it #IceLulz. q said he wished WikiLeaks could help the group more with things like servers or even advice, but they didn't want to link the organization too obviously to LulzSec. In fact, when Topiary told q to go ahead and send the RSA 128 file over any time, q seemed to back off.
"Yeah, maybe in the future we'll see how this goes," q said. He never did send the file, at least not to Topiary.
Still, Sabu was "the most excited he had ever been," Topiary later remembered, over the moon that WikiLeaks was asking for his help. It is unclear if Sabu was in reality haunted by the fact that he was now also helping to implicate Assange. Six months prior, he had believed so passionately in the WikiLeaks cause that he was willing to risk bringing his hacker name out into the public for the first time in nine years. Another possibility: the FBI was encouraging Sabu to reach out to Assange to help gather evidence on one of the most notorious offenders of classified government data in recent times. It seems probable that if Sabu had helped, for instance, extradite Assange to the United States, it would have improved his settlement dramatically.
"It's our greatest moment," Sabu told the crew. He and q started talking in more depth about various websites, and then Sabu sent links to two government websites and a company to the rest of the team, tasking them with finding a way to get into their networks and grab e-mails. Over the next few days, Topiary passed the job of staying in contact with WikiLeaks to Sabu, and for the next few weeks, Assange visited LulzSec's chat network four or five more times.
Topiary left the #IceLulz IRC channel open on his laptop and kept it open. Pretty soon, though, it became just another one of the thirty other channels demanding his attention, another page of flashing red text.
*A caveat: This being the shadowy world of hackers, it's impossible to say with certainty who LulzSec spoke with at the time. In her book, Olson points out that q is a controversial figure; some claim he's a rogue agent impersonating a Wikileaks insider, while others assert he's a true member of Assange's inner circle. If Assange did try to solicit hacks from LulzSec it could prove legally damning, but authorities will have a hard time proving it.)
Parmy Olson is the London Bureau Chief for Forbes Magazine.
Excerpted from We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson. Copyright © 2012 Parmy Olson. Published by Little, Brown and Company. Available for purchase on June 5.