A magazine-length, must-read story of hackers, leakers, democracy advocates, spies, cops, banks, lobbyists, WikiLeaks, the future of the Internet…and quite possibly of our democracy.
Operation Payback
In 2010, WikiLeaks began publishing a cache of hundreds of thousands of classified State Department memos. Rattled, the U.S. government went into damage-control mode. It launched a high-stakes media campaign aiming to set WikiLeaks apart from traditional media entities, like magazines and newspapers who published the same material, in order to criminalize its actions. U.S. lawmakers and government-friendly pundits accused the website and its founder, Julian Assange, of everything from “treason” (despite his not being an American citizen) to acting as a “high-tech terrorist.”
Senator Joe Lieberman (I-CT) used the power of his office to pressure PayPal to freeze WikiLeaks’s account, to persuade Amazon to boot the site off its servers, and to get Visa and MasterCard to stop processing donations. All this despite First Amendment free-speech protections, and though neither WikiLeaks nor anyone associated with the group had been charged with, much less convicted of, a crime.
In response, Anonymous began to organize Operation Payback. As with the campaign against the Church of Scientology, Anonymous employed what is called a Low Orbit Ion Cannon (LOIC). That’s a piece of installed software which connects your computer to a botnet—a network of computers that can be linked to obey instructions from one central authority.
Until Anonymous came along, botnets were generally assembled by bad guys, organizations like the Russian mafia, Chinese hackers. They build botnets on the sly, installing malware on computers that turns them into zombies without their owners’ knowledge. Each zombie can fire thousands of requests per second at a target website. So while you’re working on that cover sheet for your TPS report, your computer is part of a joint effort to overwhelm a company’s server and crash its website. That effort to crash a site is called a Distributed Denial of Service attack, or DDoS. The bad guys use DDoS attacks to extort money, but they can also use their botnets to send spam and steal people’s identities. In 2009, the antivirus software firm Symantec said it had detected nearly 7 million botnets on the internet.
Anonymous was the first group to build an operational voluntary botnet. By running the LOIC on your computer, you are, essentially, declaring your allegiance to Anonymous. You donate part of your computer’s processing power to the cause. That cause—or, if you prefer, the target—is determined by rough consensus among Anons.
Housh had become familiar with Brown earlier in February of 2010, after Brown published a piece on the Huffington Post defending the actions of Anonymous members against the government of Australia during so-called “Operation Titstorm.” The Australian government had been attempting to ban certain forms of Internet pornography and to institute a filtering regime with which all web-hosting and search services would have to comply. In addition to the banned material, a leaked version of the proposed blacklist showed sites that had no relation to adult content. Web titans like Yahoo! and Google were against the measure. And Anonymous saw it as threatening to free speech.
While clearly supportive of the work of Anonymous, Brown’s piece was the most accurate media account of the group’s structure, aims and methods at the time:
Ten years ago it would have been infeasible for tens of thousands of individuals with no physical connection or central leadership to conceive, announce, and implement a massive act of civil disobedience against a significant Western power, crippling a portion of its online infrastructure in the process – and to do all of this in a matter of days, and without anyone involved having to contend with the tear-gas-and-horseback response with which states have traditionally been in the habit of contending with mass action. But such a thing as this is happening today, and having been done once will almost certainly be done again – repeatedly, increasingly, and with potentially significant consequences for the nation-state and implications regarding that which will perhaps someday come to replace it.
Anonymous’ current campaign is the second of its kind; the first, in 2008, targeted the Church of Scientology with DDOS attacks, a series of in-the-flesh protests outside Scientology centers worldwide, the theft and dissemination of sensitive documents, and a variety of other steps – all coordinated, or not, in a decentralized fashion that provides for no names, ranks, or central direction.
Housh was impressed with Brown’s assessment of Anonymous and called him up. Before then, “[Brown] wasn’t on any of our IRC’s, he wasn’t hanging out with Anons, he wasn’t ‘one of us,’” Housh notes. But still, Barrett Brown got it. Brown was able to take the heat off Housh, and eventually assumed Housh’s position as a media “spokesman” for Anonymous.
“In some ways, I blame myself for [the current position of] Barrett,” Housh confesses.
The danger was greater still. As “namefags,” Housh and Brown began feeling the heat now from both sides. Some Anons resented the work they were doing. Housh claims that certain Anons even handed over fake chat logs to the FBI in an effort to “prove” that he in fact ran Anonymous.
Arab E-Spring
The Arab Spring uprisings of early 2011 gave many of the idealists in Anonymous an opportunity to assert control of the brand and usher in a whole new understanding of their work. Already “namefags,” Housh and Brown continued their rise in prominence as “moralfags.” Brown was reportedly on the frontlines of Anonymous’s work in North Africa and the Middle East: taking control of and defacing the websites of oppressive governments, as well as authoring manuals on street fighting and first aid.
“During that initial stuff in Tunisia, the one thing we figured out sitting there talking to Tunisians on the ground was that a lot of the people in the streets didn’t know what they were doing,” says Housh.
“We had the ability to do some quick research and figure out what you’re supposed to be doing…[such as] wearing thin cotton garments that would tear easily when grabbed by police, or make for quick first-aid material…they would put [the information] together in PDFs. Barrett was the driving force in making these.”
It was that new guiding ethos of doing good, exemplified by Anonymous’s actions during the Arab Spring, that motivated Operation Payback. Anonymous saw financial companies that were willing to process payments to the Ku Klux Klan (KKK), America’s oldest domestic terrorist organization, but not to a group ostensibly publishing government material for the public good.
In the minds of participating Anons, the decision by Senator Lieberman’s office to extra-judicially pressure those companies (and for them to comply) was fundamentally unconstitutional, insofar as donating money to organizations of one’s choice is considered free speech—an interpretation that still holds in American jurisprudence. Following Operation Payback, in January 2011 the FBI issued more than 40 search warrants in a probe of the attacks that yielded no arrests.
But the drama was far from over. Anonymous’s stature was rising; it was increasingly seen as a group that, through its mastery of the Internet, could operate beyond the reach of government and Washington’s cybersecurity experts.
Stirring The Hornet’s Nest
It was at this point that the Financial Times published an article quoting Aaron Barr, CEO of a company called HBGary Federal and a “private security researcher,” in which he claimed to have identified three top members of Anonymous. When he announced plans to “out” them at an upcoming conference that month, it seemed that Anonymous had met its match.
However, Brown and Housh claimed that HBGary merely had pseudonyms, and that publicizing them would only result in people with similar names being wrongly targeted for FBI raids. Regardless, Anonymous sent out a press release (reportedly in conjunction with Brown) that acknowledged its “downfall.” The press release was clearly written with a sly grin befitting Guy Fawkes’s visage and a tongue firmly planted in the author’s cheek.
One day after the FT piece was published, the internal servers and websites of HBGary Federal and its parent company, HBGary, were hacked, defaced, and destroyed. Upwards of 75,000 emails were compromised and put up for public scrutiny. One terabyte of data (1,000 GB) from HBGary’s backup servers was wiped, as well as the contents of its CEO Aaron Barr’s iPad, while all of his personal information was put on the Internet. HBGary Federal’s website was replaced with a message from the hackers: “Now the Anonymous hand is bitch-slapping you in the face.” Later that month, Barr resigned.
Although this was an operation taken purely out of revenge against a smug opponent, important data emerged from the leaked emails, including evidence that a number of corporate actors, identified in the emails as “Team Themis,” were conspiring to commit a range of crimes.
The cabal involved three cyber security firms—HBGary Federal, Palantir Technologies, and Berico Technologies—all of whom are federal contractors for military and intelligence work.
The emails document a coordinated plan to pitch a “disinformation campaign” against critics of the U.S. Chamber of Commerce – a campaign with serious implications for the exercise of free speech.
The obvious news here was that federal contractors were concocting such unethical and possibly illegal plans to smear and discredit Americans. But more importantly, they had been solicited to do so by some of America’s most powerful entities engaged in an information war against their critics – and, by extension, the public.
The Chamber is the primary DC lobbying arm of America’s largest corporate interests, such as Goldman Sachs, Chevron and Texaco. It lobbies politicians for “pro-business” trade and industrial policy, and spends more money on a yearly basis than any other lobbying organization in the country.
***
HBGary’s chief Aaron Barr may have been vanquished, but since a cursory examination had yielded information as incriminating as the Team Themis conspiracy, who knew what else was in there? The HBGary hack made clear that Anonymous needed minds like Brown’s to parse the vast resulting trove. “We brought Barrett in after that,” Housh recollects. And, according to Housh, Brown then created ProjectPM. While ProjectPM had conceptually been around since 2009 as a method of “improving problems of information flow in various contexts,” it then became what it is now—a repository for studying the revealing communiques of HBGary and its associates.
The hackers and ProjectPM researchers soon hit additional paydirt. They discovered that the corporate security cowboys were also pitching a plan of disinformation and sabotage against WikiLeaks, which had publicly claimed it was in possession of a similar document cache from Bank of America (BoA). And these revelations hinted at more to come.
But because there was no formal mechanism for searching through the HBGary emails, most of the leaked documents remained unviewed and uncategorized. Brown saw this as the perfect opportunity to continue his work as a journalistic “moralfag”—digging deeper into the shadowy world of HBGary and the government’s legion of private contractors.
It’s worth noting that the seemingly reckless security firms weren’t just wild-eyed freelancers. They had in each case been recruited by a formidable middle-man. It was the classic cut-out: create deniability for the brand name corporations when the dirty work gets done.
In both cases, these three companies were recruited by the law firm and lobbying giant Hunton & Williams (H&W), which counts both the Chamber of Commerce and Bank of America among its clientele. H&W also legally represents entities such as Wells Fargo, Altria (formerly Philip Morris), Cingular, and weapons-maker General Dynamics. It lobbies on behalf of Koch Industries, Americans for Affordable Climate Policy (a coal industry front group), Gas Processors Association, Entergy (a nuclear power conglomerate), and U.S. Sugar Corp, among others.
So Anonymous and Brown were exposing the nefarious, if not clearly illegal, deeds of some of the world’s most powerful interests—outfits not known to turn the other cheek. It is this kind of challenge that may begin to explain why the full wrath of the federal government would be turned against the likes of Barrett Brown and his phalanx of idealistic researchers.