Topiary was anxious and confused. He was sure someone was lying. First Kayla had reported rumors on a public IRC network that Sabu had been raided. Then someone else had said his two daughters were sick and in the hospital. Then another person whom Topiary knew as a real-life friend of Sabu’s also claimed he had been raided. Then he heard the hospital story from yet another source. There was a fifty-fifty split on what had happened. Topiary wanted to believe the hospital story. Typically, in paranoid hacker circles or Anonymous, if someone disappeared from a public IRC for a while and without reason, people assumed the worst (an FBI raid). But if Sabu had suddenly wanted to go back underground, he would have told a few trusted people to say different things.
Topiary started calling Sabu’s Google Voice number every hour but got no answer. It was unusual for him not to be online for more than half a day. Topiary waited and hoped Sabu wasn’t in a cell being questioned or, worse, snitching. On IRC, Sabu was still logged on. Once his nickname had been idle for twenty-four hours, the team killed it, just in case Feds were watching.
“I’m quite worried,” Topiary said that morning.
Sabu had given him instructions the week before that if he was ever caught, Topiary should access his Twitter feed and tweet as normal while the team should keep announcing hacks. If the Feds did have Sabu, this could be his ticket to avoiding some charges. Topiary’s heart sank when he looked at Sabu’s Twitter account and was reminded of how much the hacker had motivated him. The short bio read: “To all Anons: you all are part of something amazing and powerful. Do not succumb to fear tactics that are so obvious and archaic. Stay free.” Sabu may have been hot-tempered, but he could also be inspiring.
Kayla was just as concerned. “I’m gonna turn the Internet upside down if I find out Sabu’s been hit,” she told Topiary.
Still, the team was in a catch-22. If Sabu had been caught and forced to divulge information, then there was a large chance the Feds could monitor what they were doing. If they did nothing or fled, that would immediately implicate Sabu.
As evening fell, Topiary rang Sabu’s number again. Suddenly, someone picked up the phone. There was no voice. “Uh, who’s this?” Topiary asked.
“David Davidson.”
It was Sabu. Topiary let out a sigh of relief. Sabu sounded like he had a cold or had been crying. Sabu explained that his grandmother had died and that he had had to help with funeral arrangements. He then asked if the rest of the team was around and if Topiary could inform them that he was back. Topiary at first didn’t care that Sabu might have been lying—he was just glad to speak to him again. Not long after,
them that he was back. Topiary at first didn’t care that Sabu might have been lying—he was just glad to speak to him again. Not long after, Sabu changed his story and said that it had actually been the anniversary of his grandmother’s death. When they had first spoken, Sabu had probably changed his voice deliberately to make his story sound more genuine. By then, the FBI was logging everything that Sabu said online to LulzSec’s members, as well as everything he said on the phone to Topiary.
Sabu would end up being offline more than usual for the next few days as he began collaborating with the FBI, even working out of their office on a daily basis. Sabu occasionally kept his group abreast of other developments, but the still oblivious Topiary took more responsibility for the team.
As a precaution, Topiary deleted more files, then he redid all his passwords and encryptions to make them ultra-protected. He kept all passwords in a file on an encrypted SD card, with one character in each swapped around. Only he knew which characters were swapped. Still, he couldn’t help constantly looking outside his window and jumping whenever a van drove past. For the first time, he started seriously wondering if a couple of men in police uniforms would splinter his door at dawn the next morning.
A few days earlier when he had been out to buy some food, one of the local druggies had approached Topiary on his way home. “Hey,” the man had said, waving as Topiary took out his earbuds.
“There were some police knocking on your door the other day,” the man said in a thick Scottish accent. Topiary’s heart had started to pound.
“Really. What did they do?”
“They drove by in their car. Then a couple of them came out and knocked on your door, but there was no answer,” he said, shrugging. Topiary played it cool. The druggie might have been lying, but the police might also have stopped by while he was at his thinking spot, looking over the sea. And it was just as likely that they were doing a drug sweep of the area. Still, he resolved to wipe every shred of Topiary and Anonymous from his laptop, encrypt whatever he kept, and send it to all to himself in an e-mail via Hushmail. Eventually he would wipe his laptop completely.
If the police came to his door, they’d find a clean house with one rarely used desktop computer and his innocuous-looking Dell laptop, a couple of extra monitors for watching films, and one phone line going over his living room with clips. None of the empty pizza boxes associated with basement-dwelling hackers. Any documents the police might find about Anonymous on either of his computers could be passed off as research Topiary was doing for a book. They’d find some pirated music and a handful of databases holding a few hundred thousand names and passwords he had acquired from acquaintances or from his own scanning for LulzSec. Topiary called it his personal collection. Sometimes he used it for his own attempts at doxing people, but for the most part it was just nice to have.
He tried not to think that his virtual private network provider, HideMyAss, would ever turn him in to the authorities. His logic was that if customers of HideMyAss ever found out the company had turned in one of its users, they’d leave in droves, and HideMyAss would go out of business. They would surely never give him up.
As Sabu remained offline on the pretext of dealing with family matters, a familiar face came back into the LulzSec fold: Ryan. It made little sense at first, considering Ryan’s temperamental behavior in the past and his cyber attacks on the LulzSec communication channels, but that was hacker life for you. Even the most explosive of disputes could be remedied when someone needed something. In this case Ryan needed some friends, and LulzSec could use Ryan’s mammoth botnet, which infected computers via a rogue Facebook app. Ryan was well connected in the underground hacker scene and served as an administrator of Pastebin, the text application tool that LulzSec used to publish all its leaks, and Encyclopedia Dramatica. Ryan was like the kid in school that people didn’t necessarily like but whom they were compelled to befriend because he had a brand-new Hummer and a house with a pool. Ryan wasn’t rich in real life, but online he seemed loaded; he had spent years building up an impressive array of assets, from servers to his botnet. His servers helped host Encyclopedia Dramatica, and after he had reconnected with a member of the LulzSec crew in the previous week, they also hosted LulzSec’s new IRC network, lulzco.org.
After Topiary first reconnected with Ryan on IRC, he wanted to hear what the new ally sounded like in voice to better suss him out, so the two became contacts on Skype. When Ryan’s voice came through, his English accent was so strong, he sounded almost Australian. Ryan spoke at a rapid-fire pace, openly bragging about his botnet, his hacking, and how he was making money on the underground; he littered his prose with swearwords then described at great length a farmhouse-bread ham sandwich his mother had once made him. Ryan seemed pretty unhinged and insecure, but Topiary’s opinion of him softened when he explained why he’d leaked hundreds of names from AnonOps months before. The network operators had been hassling him, and then someone else had gathered all the data and given it to him to leak. It was water under the bridge. Oh, he added, and that dox of his full name, address, and phone number that had been posted online? That was based on fake information he had created four years ago. Ryan assured Topiary that he had made the false documents and spread them everywhere so that his real information would remain hidden.
Topiary figured he could tell when someone was bullshitting, especially when it was in voice. Ryan, he believed, was genuine. In fact, Topiary started to feel sorry for the guy. People on AnonOps had accused Ryan of being a perpetually angry cretin who logged and attacked everything. But he wasn’t really angry; he was just passionate. Perhaps he came across as rude, but he worked hard and got into things, Topiary thought. With Sabu gone, Topiary missed having someone passionate and a little crazy to talk to, to counteract his laid back personality.
Ryan promised not to log any of the chats, and said he would give the LulzSec crew complete control over his logging ability. He also said the team could use his botnet any time they wanted. He had used it in the past to prank DDoS sites of the U.S. Air Force and then call them afterward to mock them. He could also make hundreds of dollars a day by subletting the botnet to others who wanted to use it for nefarious purposes like extortion and hacker skirmishes. But LulzSec could use it for free. This was like fresh meat to a ravenous dog: with Ryan’s botnet, LulzSec could bring down almost any website it wanted at the drop of a hat.
During one of Sabu’s occasional drop-ins on IRC, he mentioned to Topiary that he did not like having Ryan as a supporter. LulzSec was making too many contacts, he added. (It is unclear if this was the case, or why that might have concerned him now that he had started working as an FBI informant.) Topiary argued back that Sabu himself had been inviting his trusted associates into #pure-elite, including log leaker M_nerva. Topiary won the argument, and Ryan stayed. With Sabu mostly away now, Topiary was enjoying the funnier side of what LulzSec could do with its growing stable of Twitter followers. After he released the administrative passwords of fifty-five porn sites and twenty-six thousand porn passwords, he got replies from people on Twitter saying they had used the data dump to hack into other people’s e-
twenty-six thousand porn passwords, he got replies from people on Twitter saying they had used the data dump to hack into other people’s e- mails or, in one case, find out a guy was “cheating on his girlfriend.”
Topiary realized he could start making things more interactive. He could send a hundred thousand people to a YouTube video and grant the account holder a huge increase in views, or he could send the horde to crash a small website or IRC network. LulzSec’s attacks would become a lot more fun. He and Ryan started talking and doing some prank calls on Skype with some of Ryan’s friends as an audience. Then Ryan set them up with a joint Skype Unlimited account so they could call anywhere in the world, dropping eighty dollars in credit without blinking an eye.
Topiary had an idea. Instead of making prank calls, what if they got LulzSec’s Twitter followers to call them? Topiary suggested setting up a Google Voice number so that anyone in the world could call LulzSec (or at least himself). He wanted the number to spell out the group’s name, as in 1-800-LULZSEC, but he couldn’t find an area code where the number would work. Eager to prove himself, Ryan spent hours going through every possible U.S. number till he found that 614, the area code for Columbus, Ohio, was available with the corresponding digits. They now had a telephone hotline: 1-614-LULZSEC.
It was a free Google number that directed to their new Skype Unlimited-World-Extra number that in turn could bypass to two other potential numbers registered to fake IP addresses. The pair created two voice-mail messages, using voice alteration and over-the-top French accents for the fictional names Pierre Dubois and Francois Deluxe, saying they couldn’t come to the phone because “We are busy raping your Internets.”
Once Topiary announced the hotline on LulzSec’s public chat room, they got several calls a minute; they answered a few and joked with their callers. Without giving any hints, Topiary stated there would be a $1,000 prize for anyone who called in with the magic word —lemonade—but nobody guessed correctly, and around forty people thought it was please. At the end of the day they’d received 450 calls.
In between fielding calls, Topiary wrote up an announcement of the group’s latest drop: a directory listing of every single file on the U.S. Senate’s web server, which had come to them thanks to another black hat. This was a serious attack that could earn someone five to twenty years in prison, but Topiary was mostly eager to get back to his LulzSec hotline.
“This is a small, just-for-kicks release of some internal data from Senate.gov,” Topiary had written. “Is this an act of war, gentlemen? Problem?”
Along with that release was a dump of the source code and database passwords of the gaming company Bethesda—a topic totally unrelated to the Senate, just one of the leaks they were sitting on. They also had a database of two hundred thousand users stored on the servers of gaming company Brink, but they wouldn’t release that because “We actually like this company and would like for them to speed up the production of Skyrim. You’re welcome!” At the top of each release was now a short list of contact and donation details for LulzSec, including the telephone hotline and the IRC chat room.
“It is unclear why LulzSec decided to attempt to embarrass yet another video game company other than to show off,” said Naked Security journalist Chester Wisniewski. “It is difficult to explain random acts of sabotage and defacement, so I am not going to attempt to get into the heads of those behind these attacks.” Yet this was not a matter of motivation, but of circumstance. Back when Kayla had used her botnet to scan the Web for vulnerabilities, hooking it up to an IRC channel and using basic chat commands to run it, she had stumbled on a vulnerability in the network of Bethesda that had given her access to its servers. Since the company was so big, the team chose not to root around for databases right away, using Bethesda’s bandwidth to help search for other sites to hack into and using it as a safe location to hide bots. The gaming company had no idea it was effectively being used to hack other sites. When the servers outlived their usefulness, it was time to dump the data stored on them.
Now the hacks were about to get even more arbitrary. Knowing that Ryan’s botnet could take out anything, Topiary announced the LulzSec hotline on Twitter and told the public: “Pick a target and we’ll obliterate it.” The hotline was suddenly inundated with calls, and the three people that initially got through all requested gaming companies: Eve, Minecraft, and League of Legends.
Within minutes, Ryan’s botnet had hit all three, as well as a site called FinFisher.com, “because apparently they sell monitoring software to the government or some shit like that.” DDoSing sites like this was nothing new, and neither was one or two hours of downtime, but it was the first time anyone had boasted about it to a hundred fifty thousand Twitter followers or referred to it as a DDoS party called Titanic Takeover Tuesday.
“If you’re mad about Minecraft, we’d love to laugh at you over the phone,” Topiary announced. “Call 614-LULZSEC for your chance to reach Pierre Dubois!”
When Topiary started thinking about the Internet meme phrase “How do magnets work?” made famous by the hip-hop duo Insane Clown Posse, he called up the offices at Magnets.com. He asked the woman who answered that question and got a bemused response, hung up, then redirected the LulzSec hotline to the main switchboard of Magnets.com.
“Everyone call 614-LULZSEC for a fun surprise,” he tweeted. About three minutes later he called the number again and heard dozens of phones going off at the same time with answers of “This is Magnets.com…Uh…” He asked to speak to a manager. When a man’s voice came on, Topiary explained the reason for the flood of strange calls. To his credit, the manager took it in good humor.
“How did you do it?” he asked.
“We’re testing out our new Lulz Phone Cannon,” Topiary said. “How are you feeling?”
“I’m a little out of breath.” Magnets.com had been getting more than two hundred calls a minute to their customer support center. “Okay, I’ll get it to stop,” Topiary said.
“Good, because I feel like I’m about to pass out.”