Names
Most of the real names and online nicknames used in this book are real, but a few are not. All fabricated names in this book relate to William, a young man living in the UK whose nightly attempts to prank and harass people give us a peek into the world of 4chans most popular discussion board, /b/. His name and the names of his victims have been changed.
Sourcing
Most of the information and anecdotes in this book are sourced directly from interviews with those who played key roles in the story, such as Hector Sabu Monsegur and Jake Topiary Davis. However, hackers are known to occasionally share nicknames to help obfuscate their identities or even flat-out lie. As such I have attempted to corroborate peoples stories as much as time has allowed. When it comes to personal anecdotesSabus stop-and-search experience with the NYPD, for example I have indicated that this is the hackers own testimony. In my year of gathering research for this book, certain hackers have proved themselves more trustworthy than others, and I have also leaned toward the testimony of sources I deem most reliable. Notes on the sourcing of key pieces of information, media reports, and statistics are found at the back of this book.
Spelling
To help maintain story momentum, I have cleaned up spelling and some grammar for quotes that were sourced from chat logs and have been used for dialogue between characters. In cases where I have interviewed people on Internet Relay Chat, I have also cleaned up spelling; however, if a source skipped a word or two, I have framed brackets [ ] around the implied words.
People
A few of the people featured in this book are figureheads in Anonymous, but they are not representative of Anonymous as a whole. It is worth saying that again: they are not representative of Anonymous as a whole. Some key characters, like William or Sabu, have volatile personalities, and in hearing their extraordinary stories, you, the reader, will come to learn about social engineering, hacking, account cracking, and the rise of the online disruptor perhaps more engagingly than if you read about these techniques alone. There are many people in Anonymous who are not the subject of police investigations like the ones featured in this book, and they also seek to uphold genuine standards of legality and political activism. For other perspectives on Anonymous, keep an eye out for work by Gabriella Coleman, an academic who has been following Anonymous for several years, and a book on Anonymous by Gregg Housh and Barrett Brown, due out in 2012. The documentary We Are Legion by Brian Knappenberger also gives more focus to the political activism of Anonymous.
Across America on February 6, 2011, millions of people were settling into their couches, splitting open bags of nachos, and spilling beer into plastic cups in preparation for the years biggest sporting event. On that Super Bowl Sunday, during which the Green Bay Packers conquered the Pittsburgh Steelers, a digital security executive named Aaron Barr watched helplessly as seven people whom hed never met turned his world upside down. Super Bowl Sunday was the day he came face-to-face with Anonymous.
By the end of that weekend, the word Anonymous had new ownership. Augmenting the dictionary definition of being something with no identifiable name, it seemed to be a nebulous, sinister group of hackers hell-bent on attacking enemies of free information, including individuals like Barr, a husband and a father of twins who had made the mistake of trying to figure out who Anonymous really was.
The real turning point was lunchtime, with six hours to go until the Super Bowl kickoff. As Barr sat on the living room couch in his home in the suburbs of Washington, D.C., dressed comfortably for the day in a t-shirt and jeans, he noticed that his iPhone hadnt buzzed in his pocket for the last half hour. Normally it alerted him to an e-mail every fifteen minutes. When he fished the phone out of his pocket and pressed a button to refresh his mail, a dark blue window popped up. It showed three words that would change his life: Cannot Get Mail. The e-mail client then asked him to verify the right password for his e-mail. Barr went into the phones account settings and carefully typed it in: kibafo33. It didnt work. His e-mails werent coming through.
He looked down at the small screen blankly. Slowly, a tickling anxiety crawled up his back as he realized what this meant. Since chatting with a hacker from Anonymous called Topiary a few hours ago, he had thought he was in the clear. Now he knew that someone had hacked his HBGary Federal account, possibly accessing tens of thousands of internal e-mails, then locked him out. This meant that someone, somewhere, had seen nondisclosure agreements and sensitive documents that could implicate a multinational bank, a respected U.S. government agency, and his own company.
One by one, memories of specific classified documents and messages surfaced in his mind, each heralding a new wave of sickening dread. Barr dashed up the stairs to his home office and sat down in front of his laptop. He tried logging on to his Facebook account to speak to a hacker he knew, someone who might be able to help him. But that network, with his few hundred friends, was blocked. He tried his Twitter account, which had a few hundred followers. Nothing. Then Yahoo. The same. Hed been locked out of almost every one of his Web accounts, even the online role-playing game World of Warcraft. Barr silently kicked himself for using the same password on every account. He glanced over at his WiFi router and saw frantic flashing lights. Now people were trying to overload it with traffic, trying to jam their way further into his home network.
He reached over and unplugged it. The flashing lights went dead.
Aaron Barr was a military man. Broad shouldered, with jet-black hair and heavy eyebrows that suggested distant Mediterranean ancestors, he had signed up for the U.S. Navy after taking two semesters of college and realizing it wasnt for him. He soon became a SIGINT, or signals intelligence, officer, specializing in a rare assignment, analytics. Barr was sent abroad as needed: four years in Japan, three in Spain, and secondments all over Europe, from Ukraine to Portugal to Italy. He was stationed on amphibious warships and got shot at on land in Kosovo. The experience made him resent the way war desensitized soldiers to human life.
After twelve years in the navy he picked up a job at defense contractor Northrop Grumann and settled down to start a family, covering over his navy tattoos and becoming a company man. He got a break in November 2009 when a security consultant named Greg Hoglund asked Barr if he wanted to help him start a new company. Hoglund was already running a digital security company called HBGary Inc., and, knowing Barrs military background and expertise in cryptography, he wanted him to start a sister company that would specialize in selling services to the United States government. It would be called HBGary Federal, and HBGary Inc. would own 10 percent. Barr jumped at the chance to be his own boss and see more of his wife and two young children by working from home.
He relished the job at first. In December 2009, he couldnt sleep for three nights in a row because his mind was racing with ideas about new contracts. Hed get on his computer at 1:30 a.m. and e-mail Hoglund with some of his thoughts. Less than a year later, though, none of Barrs ideas was bringing in any money. Barr was desperate for contracts, and he was keeping the tiny company of three employees afloat by running social media training for executives, bringing in twenty-five thousand dollars at a time. These were not lessons in how to maintain friendships on Facebook but in how to use social networking sites like Facebook, LinkedIn, and Twitter to gather information on peopleas spying tools.