As LulzSec’s targets got bigger, Kayla started drifting away a little from operations, more interested in taking revenge on enemies like Jester and Backtrace. She had always been a free spirit, loyal to her friends but never aligning herself too closely with any particular cause for too long. Sometimes, she just got bored. She also wasn’t as interested in reviving the Antisec movement as Sabu or Topiary. Instead, she started developing an elaborate plan to creep into the #Jester chat room as a spy, embed herself, then infect the computers of its members with a key-logger program so that she could monitor their key strokes, learn a few key passwords, and take them over. It was called a drive-by attack, and while in this case it was an elaborate operation, typically the attack was just a matter of enticing someone to visit a website and installing malware on their system as a result. It meant she was now spending just a couple of hours a day chatting with the crew before disappearing for a day or more.
In the meantime there was some surprising news coming from the United States. The Pentagon had announced that cyber attacks from another country could constitute an act of war and that the U.S. could respond with traditional military force. Almost at the same time, a draft report from NATO claimed that Anonymous was becoming “more and more sophisticated” and “could potentially hack into sensitive government, military and corporate files.” It went on to say that Anonymous had demonstrated its ability to do just that by hacking HBGary Federal. Ironically, it stated that the hackers had hit Barr’s company and hijacked his Twitter account “in response” to Bank of America hiring the security company to attack adversaries like WikiLeaks. Even NATO seemed to be inflating the abilities of Anonymous, seeing reason and connections where there were coincidences. The hackers hadn’t known about Barr’s plans with WikiLeaks until after they had attacked him. Even so, the news got everyone’s attention.
“Did you read the NATO doc about anonymous?” asked Trollpoll in the #pure-elite hub. Trollpoll did not sound like he was from the United States, though it was impossible to be sure of anyone there. “They will put tanks on our houses?”
“Obama will be like ‘Lol you just DDoS my server?’” said Kayla, “‘Nuke.’”
With the world’s attention now moving to LulzSec and the fighting words from the U.S. administration, it seemed as good a time as any to drop the FBI affiliate Atlanta Infragard. They’d had the site under their control for months and felt they now had enough on white hat Hijazi to expose him at the same time. This would bring more heat than ever on LulzSec, but the group was on a roll and felt safe.
LulzSec’s founding team members would carry out the final Infragard swoop. As they got ready to deface the site, Sabu entered the shell, the administrative page he had set up called xOOPSmaster, opened his terminal program so he could start playing with the source code, and, on a seeming whim, typed rm –rf /*. It was a short, simple-looking piece of code with a notorious reputation: anyone who typed it into his computer’s back end could effectively delete everything on the system. There was no window popping up to ask Are you sure? It just happened. Web trolls famously got their victims to type it in or to delete the crucial system 32 file in Windows.
“Oops,” Sabu told the others. “Just deleted everything. rm –rf /*.” Kayla made the face-palm gesture, and everyone moved on. On top of everything they had already done, deleting the Infragard website contents didn’t seem like a big deal. They then used the /xOOPS.php shell to upload a giant image and title onto the Infragard home page—their deface. It was no serious admonishment of the FBI but another prank aimed at Jester’s crew. The team had replaced the Atlanta Infragard home page with a YouTube video of an Eastern European TV reporter interviewing an impeccably drunk man at a disco. Someone had added subtitles spoofing him as a wannabe hacker from 2600 who didn’t understand what LulzSec was doing. Above the video was the title “LET IT FLOW YOU STUPID FBI BATTLESHIPS,” in a window captioned “NATO—National Agency of Tiny Origamis LOL.”
Topiary’s official statement was a little more serious—but not much. When everyone was ready, he hit publish.
“It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking,” Topiary had written in their official statement. “They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it.” Of course, LulzSec had not hacked Infragard in the past day or two or in response to the Pentagon’s announcement, but news outlets reported the attack as a “response.”
Infragard’s web contents had been deleted, the site defaced, and details of 180 people in its user base had been published on the Web, along with their passwords in plaintext, their real names, and their e-mail addresses. Topiary had signed off the missive, declaring, “Now we are all sons of bitches.”
Since Topiary had been reminding the world for the past day on Twitter that an FBI hack was imminent, mainstream news agencies jumped into the story, leading a whole new stream of people to follow the group on Twitter. Their website had now received more than 1.5 million views. Despite the damage LulzSec had done to the 2600 network, the actual magazine 2600 sounded impressed. “Hacked websites, corporate infiltration/scandal, IRC wars, new hacker groups making global headlines,” its official Twitter feed stated, “the 1990s are back!”
Television news stations were racing to find security experts who could explain what was going on and offer some lucid opinions. “We are facing a very innovative crime, and innovation has to be the response,” said Gordon Snow, the assistant director of the FBI’s cyber division in an interview with Bloomberg right after the Infragard attack. “Given enough money, time and resources, an adversary will be able to access any system.”
Yet LulzSec’s hack into Infragard had not cost that much in terms of “money, time and resources.” All told, the operation had cost $0, had been carried out with the relatively simple method of SQL injection, and was made worse because an admin’s cracked password, “st33r!NG,” had been reused to get administrative access to the Infragard site itself. As for time, it had taken the team thirty minutes to crack the admin’s password and twenty-five minutes to download the database of users. Within two hours, the LulzSec team had complete administrative access to an FBI-affiliated site, and for several weeks no one from the FBI had had a clue.
Of course, along with the Infragard drop had been LulzSec’s condemnation of Hijazi. The team had kept some of their chat logs with the white hat and published them online as evidence that he was corrupt. And while the group members had told Hijazi that they wouldn’t release his e-mails, they published them too.
“We have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means,” Topiary announced, meaning by assess that Unveillance wanted to spy on Libyan Internet users.
“We leaked Karim because we had enough proof that he was willing to hire us as hitmen,” Topiary added on Twitter. “Not a very ethical thing to do, huh Mr. Whitehat?”
Hijazi also released a statement immediately after, explaining that he had “refused to pay off LulzSec” or supply them with his research on botnets. Topiary shot back with a second official statement saying that they had never intended to go through with the extortion, only to pressure Hijazi to the point where he would be willing to pay for the hackers’ silence and then expose him publicly. It was a war of words built on the gooey foundations of lies and social engineering.
Topiary still called on journalists and other writers to “delve through” Hijazi’s e-mails carefully, hoping for the same kind of enthusiasm there had been around Aaron Barr’s e-mail hoard. But there was none. For a start, Hijazi just didn’t have enough dirty laundry. More, the infamy of LulzSec was overshadowing any more sobering, sociopolitical points the group was dimly making with each attack—that it didn’t like Fox, or that WikiSecrets “sucked,” or that NATO was upping the stakes against hackers, or whatever Unveillance might have been doing in Libya. It was quite an array of targets; LulzSec seemed to be attacking anyone it could, because it could.
This was getting to some of the secondary-crew members. The hacker Recursion came into the #pure-elite room late on June 3 after watching the Infragard events unfold. He hadn’t taken part in the hack and was shocked when he read the news reports.
“Holy shit,” Recursion told the others. “What the fuck happened today?”
“A lot,” said Sabu, adding a smile. “Check Twitter.”
“LulzSec declared war on the U.S.?” Joepie offered sardonically.
“I caught the jist of it,” Recursion answered before seeming to trail off. He didn’t say anything more on the subject, but twenty minutes later, after presumably holding a private conversation with Sabu, he left the channel, for good.
Sabu was disappointed in anyone who bailed on him in battle. It felt disrespectful. But he moved on quickly to guide the remaining troops. Sabu came back to the room and addressed the handful of participants. “Well guys. Those of you that are still with us through this, maintain alert, make sure you’re behind VPNs no matter what. And don’t fear. We’re ok.”
“Sabu, did we lose people?” asked Neuron.
“Yeah.”
“Who?”
“Recursion and Devurandom quit respectfully,” he answered, “saying they are not up for the heat. You realize we smacked the FBI today. This means everyone in here must remain extremely secure.” It was a grave reminder of the potential charges LulzSec was racking up if its team members were to get caught.
A few of the members started describing how they were strengthening their security. Storm was getting a new netbook and completely wiping his old computer. Neuron was doing the same. He used a virtual private network called HideMyAss. This was a company based in the United Kingdom that Topiary used and had recommended.
“Did you wipe the PBS [chat] logs?” Storm asked Sabu.
“Yes. All PBS logs are clean.”
“Then I’m game for some more,” said Storm. Sabu typed out a smiley face.
“We’re good,” he said. “We got a good team here.”
Not everyone was good though, and not all logs were clean. The aloof LulzSec secondary-crew member known as M_nerva, the one who had said “good night” to the others just a few days before and not said too much else afterward, had just gathered together six days’ worth of chat logs from the #pure-elite channel and repeated Laurelai’s frantic act in February. He leaked it. On June 6, the security website seclists.org released the full set of #pure-elite chat logs held on Sabu’s private IRC server. The leak revealed, embarrassingly, that not everyone in #pure-elite could be “100 percent trusted,” and that for all its bravado, LulzSec had weaknesses. The team jumped into action, knowing that they had to send a message that they did not accept snitches, even if M_nerva had allegedly been persuaded to leak the logs by another hacker, named Hann. They knew they could find out who M_nerva really was because among the other black hats supporting LulzSec was someone who had access to pretty much every AOL Instant Messenger account in existence. Since many people had set up an AIM account at one time or another, they only needed to cross-check the nickname and IP to come up with a real name and address. It turned out M_nerva was an eighteen-year-old from Hamilton, Ohio, named Marshall Webb. The crew decided to hold on to the information for now.
With Sabu’s trust betrayed, the older hacker was now more paranoid than before. Topiary felt vindicated. He had known that a leak could happen if Sabu kept inviting people into #pure-elite, and it did. But he didn’t push the point. When he brought it up with Sabu, the hacker brushed off the topic quickly. He had nothing to say about it. Instead, Sabu worked on making the wider group more secure by separating it into four different chat rooms. There was a core channel, which now had invited fifteen participants, and #pure-elite, then chat rooms called upper_deck, for the most trusted supporters, lower_deck, kitten_core, and family. Members could graduate up the tier system depending on how trustworthy they were. Neuron and Storm, for instance, eventually were invited into upper_deck, so that they could be phased into the main channel for LulzSec’s core six members: Sabu, Topiary, Kayla, Tflow, AVunit, and Pwnsauce.
The heat wasn’t coming only from the media attention; Topiary was seeing hackers with military IP addresses trying to compromise the LulzSec IRC network and users every day. Already, rumors were spreading that LulzSec had been founded by the same crew that had hit HBGary. Enemy hackers were posting documents filled with details they had dug up online about each member, much of it wrong but some of it hitting close to home. LulzSec’s members needed to switch their focus from finding targets to protecting themselves.
Kayla suggested a mass disinformation campaign. Her idea was to create a Pastebin document revealing that Adrian Lamo owned the domain LulzSec.com; then to add details of other Jesterfags and claim they were members of LulzSec; then to spam the document everywhere. It was a classic social-engineering tactic, and it sometimes worked.
“But saying more or less that LulzSec is CIA,” Trollpoll offered. It was outrageous, but some people would see sense in the idea that the CIA was using freelance hackers to hit Iran or Libya and would build their own conspiracy theories around it.
Topiary and Kayla wrote up a document titled “Criminals of LulzSec,” under the guise of a fictitious social engineer called Jux who claimed to have been invited into the group’s private channel, saying, “I believe they are being encouraged or hired by CIA.” In the document, Jux claimed Lamo was a key member of the group, along with a Pakistani hacker named Parr0t, a Frenchman named Stephen, and an unnamed hacker from the Netherlands. The document was viewed more than 40,000 times, retweeted by notorious hacker Kevin Mitnick, and mentioned in a few tech blogs as a rumor.
When Gawker’s Adrian Chen started reaching out to LulzSec via Twitter to try to investigate them, the crew, still bitter about his exposé on the #HQ log leak, decided to aim a separate misinformation campaign directly at him. They invited him into a neutral IRC channel, where Sabu posed as an ex–secondary-crew member of LulzSec who had run away and wanted to spill some secrets. The crew made their hoax on Chen especially elaborate, drawing up fake logs, fake web attacks on the fake persona’s school, and fake archives of data as proof for the journalist. Sabu then started feeding Chen a story that LulzSec was a tool of the Chinese government in a cyber war with the United States, that Kayla was working with Beijing, and that Topiary was funneling money from the Chinese government into the group.
“If he publishes, that old sack of crap is completely ruined,” Topiary said. They were planning to let the story do the rounds for five days, then deny it on Twitter, posting a link to all their logs with the journalist. But Chen never published anything. Like Hijazi, he had been playing along with LulzSec’s story in the hope of teasing out some truth, which he realized he wasn’t getting. The lack of a story was disappointing for LulzSec’s members, but they were managing to keep outsiders from getting too close; for now, at least.
By early June the members of LulzSec were working flat-out on several different misinformation campaigns and the odd operation and trying not to think about the potential damage caused by M_nerva. One light in the darkness was that they had racked up five hundred dollars in Bitcoin donations. Topiary controlled the Bitcoin account and was passing some of the money to Sabu to buy accounts with virtual private networks, like HideMyAss, to better hide their ring of supporters and also to get more server space. Turning that money into untraceable cash was a drawn-out task but relatively easy. The Bitcoins bought virtual prepaid cards from Visa, with the help of fake names, addresses, personal details, and occupations at fake companies, generated in seconds on the website fakenamegenerator.com. As long as the contact address matched the billing address, no online store would question its authenticity. The Visa account was used to get in the online virtual world Second Life and buy the in-game currency Lindens. Convert that money into U.S. dollars via a currency transfer site (recommended by Kayla) called VirWoX, then put those dollars into a Moneybookers account. Finally, transfer that money into a personal bank account. That was one method. Another more direct route, which Topiary often used, was to simply transfer money between a few different Bitcoin addresses:
Bitcoin address 1 → Bitcoin address 2 → Bitcoin address 3 → Liberty Reserve (a Costa Rican payment processor) account → Bitcoin address 4 → Bitcoin address 5 → second Liberty Reserve account → PayPal account → bank account.
If even the hint of a thought occurred to him that there weren’t enough transfers, he would add several more paths.
Then on Monday, June 6, Topiary checked the LulzSec Bitcoin account. Holy shit, he thought. He was looking at a single, anonymous donation of four hundred Bitcoins, worth approximately $7,800. It was more money than Topiary had ever had in his life. He went straight into the core group’s secure chat room.
“WHAT THE FUCK guys?!” he said, then pasted the Bitcoin details.
“NO WAY,” said AVunit. “LOL. Something has gone wrong.”
“Nope,” Topiary said. He pasted the details again.
Suddenly they all stopped what they were doing and talked about splitting the money: $1,000 each and the rest to invest in new servers. They started private messaging Topiary with their unique Bitcoin addresses so he could send them their shares. Topiary had no intention of keeping quiet about the money or cutting a bigger slice for himself. Everyone was funneling the money through various accounts to keep it from being traced. Who knew if the donation had come from the Feds or opportunistic military white hats?
“Guys be safe with the Bitcoins please,” said AVunit. “Let it flow through a few gateways.…Use one bit to get out of financial trouble and then sit on the rest.”
“Okay, beginning the sends,” Topiary said. “All of you are now $1,000 richer.”
“Excuse me while I light up a victory cigar,” said Pwnsauce.
“I’m just going to stare at it,” said Kayla. “Let it grow as Bitcoin progresses.” So volatile and popular was the value of the Bitcoin crypto currency that by the following day one Bitcoin had risen to $26 in value, making their big donation worth $11,000. Three months prior it had been one to one with the dollar.
“I’m honestly sorry you guys aren’t here,” said AVunit, “because I’m going to open a bottle of great whiskey. One of the Highland Scottish.” Topiary barely noticed the reference to where he lived.
“Now let’s all have some sex,” Tflow said.
Everyone was beaming inside, forgetting the enemies and the heat. Sabu took the chance to congratulate his crew. “Thanks, team,” he said. “We all did great work. We deserved it.”
For Sabu, the celebrations would not last long. The next day, Hector “Sabu” Monsegur finally got a knock on the door from the FBI.
It was late in the evening on Tuesday, June 7, and two agents of the Federal Bureau of Investigation had entered the Jacob Riis apartment building and were heading for the sixth floor, where Hector Monsegur lived and often partied with his family and friends. The FBI had been trying to pin down Sabu for months, and a few weeks prior they had finally managed to corroborate Backtrace’s pronouncement: Sabu had inadvertently signed into an IRC channel without hiding his IP address. Just the one time was all they needed. To make sure he cooperated, the Feds needed evidence that Monsegur had broken the law. So they subpoenaed Facebook for details of his account and found stolen credit card numbers he’d been selling to other hackers. That alone carried a two-year prison sentence. Knowing that he had two daughters and a family, the FBI now had some leverage.
The FBI had watched and waited for the right moment. Then on Tuesday, the agents got the call to move in. Amid the growing number of small groups who were, like Backtrace, trying to dox LulzSec, one had published the name Hector Monsegur, along with his real address. Sabu had recklessly kept hacking till now, perhaps reasoning that he had come too far already and that arrest was inevitable. But the FBI didn’t want to take any chances. They needed him.
The agents knocked on Monsegur’s maroon-colored door, and it swung open to reveal a young Latino man, broad-shouldered and wearing a white t-shirt and jeans.
“I’m Hector,” he said. The agents, who were wearing bulletproof vests as a standard precaution, introduced themselves. Monsegur, apparently, balked. According to a later Fox News report that cited sources who had witnessed the interaction, he told the agents that he wasn’t Sabu. “You got the wrong guy,” he said. “I don’t have a computer.” Looking into the apartment, the agents saw an Ethernet cable and the green, blinking lights of a DSL modem.
They probed Monsegur further, launching into a traditional good cop/bad cop routine. They told him that they wanted him to work with them as a cooperating witness, to help them corroborate the identities of the other LulzSec hackers. Sabu refused at first. He wasn’t about to snitch on his own team.
Then they told him about the evidence they had from Facebook that showed that he had sold stolen credit cards and told him that this alone would put him in jail for two years. What would happen to his girls if he went to prison? The good cop told Monsegur he could get a lesser sentence if he cooperated; he had to think of his kids. Monsegur was still holding back. That’s when bad cop piped up.
“That’s it, no deal, it’s over,” the other agent said, storming out of the apartment. “We’re locking you up.” Sabu finally relented.
“It was because of his kids,” one of the agents later told Fox. “He’d do anything for his kids. He didn’t want to go away to prison and leave them. That’s how we got him.”
The following morning at ten, Monsegur appeared in the Southern District Court of New York with his new lawyer, Peggy Cross-Goldenberg, and agreed before a judge to let the FBI monitor his every movement—both online and in real life. It would take a few more months for prosecutors to formally charge him on a stream of other counts related to computer hacking, but his punishment would be agreed as part of a settlement. From Wednesday, June 8, on, Sabu was an FBI informant.
Monsegur, who had climbed to the pinnacle of the international hacker community thanks to his technical skills, charm, and political passion, was now feeding information about his friends to the FBI.
As Hector Monsegur was being arrested in his secret New York apartment, thousands of people were talking about his crew of audacious hackers. Twenty-five thousand more people had started following LulzSec’s Twitter feed after the Infragard hack, and it now had seventy-one thousand followers. The name was getting 1.2 million hits on Google. Topiary found that he would spend a few seconds thinking of something silly to tweet, then he would tweet it to find it immediately quoted in a news headline. When he tweeted a link to the group’s public IRC channel, irc.lulzco.org, one Sunday evening at six, more than 460 people quickly piled in for random chatter and a chance to rub virtual shoulders with the most famous hackers on the planet. “Join the party,” he had announced. “We’re enjoying a peaceful Sunday.”
“LulzSec, you guys rock!” said one visitor.
“I need someone to take down my school’s cheap ass website, for the lulz,” said another.
“Hey can anyone hack this douche for me?” asked someone else who then posted an IP address. Each time another group of twenty or thirty people joined the chat, someone would shout, “Here comes the flood!”
“You guys released my mom’s e-mail,” said another fan on Twitter. “I LOL’ed.”
Meanwhile journalists were struggling to keep up with the fast-paced developments. No sooner had LulzSec released Sony’s development codes than it uploaded the user database for porn site Pron.com, pointing out users who had .gov and .mil e-mail addresses with the note, “They are too busy fapping to defend their country.” One American fighter pilot had used the password mywife01 while the e-mail address flag@whitehouse.gov had used karlmarx.
Australian IT security expert and the blogger behind cyber security blog Risky.Biz, Patrick Gray, wrote up a blog post called “Why We Secretly Love LulzSec.” It got re-tweeted hundreds of times and said, “LulzSec is running around pummeling some of the world’s most powerful organizations into the ground…for laughs! For lulz! For shits and giggles! Surely that tells you what you need to know about computer security: there isn’t any.” His kicker at the end voiced what many in the cyber security industry were thinking: “So why do we like LulzSec? ‘I told you so.’ That’s why.”
LulzSec’s flagrant use of often simple SQL injection methods had brought home how vulnerable people’s private data was, and done it more compellingly than any IT security’s marketing campaign had. Cisco even capitalized on the interest, at one point sponsoring promotional tweets at the top of any search results for the group on Twitter.
Then a white hat security company did the same. The next morning Topiary woke up to see news reports of LulzSec’s supposed latest attack, defacing the home page of digital security company Black & Berg. Its home page had a large title saying “Cybersecurity For The 21st Century, Hacking Challenge: Change this website’s homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.” Directly after that was: “DONE, THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ.” Under the title was a photo of a U.S. federal building covered by the black-and-white image of LulzSec’s ritzy monocled man. The International Business Times quickly posted a story headlined “LulzSec Wins Hacking Competition, Refuses $10K Award,” then quoted Joe Black himself commenting, “What can I say? We’re good, they’re better.” When the Times asked Black how LulzSec had done it, he replied: “I’m going to go with reconnaissance, scanning, gain access, maintain access, and cover tracks.”
But when Topiary asked the team about the Black & Berg attack, nobody knew anything about it, and this deface message didn’t have any of the nutty creativity that marked their other attacks. Topiary didn’t know it at the time, but Black had most likely defaced his own site to get the white hat firm some much-needed clients. (A year later the business had shut down and its founder had aligned himself with Anonymous and Antisec.)
In another part of the world, the hard-core hacker community in Brazil was forming its own version of LulzSec, called LulzSec Brazil. Another hacker group calling itself LulzRaft briefly emerged. Other black hat hackers sent over more leads. Each day the LulzSec crew members were sent dozens of links to web pages that could infect them with viruses, but among them there were a few genuine security exploits, and plenty of data dumps left and right; 1,000 usernames and passwords here, another 500,000 there. Often they were from gaming companies, a paradoxically popular target for hackers, since so many of them were gamers too. They wanted to leak through LulzSec because they were often too scared to do it themselves and didn’t want the data or exploit they had found to go to waste. The team had to be choosy about what it leaked—Topiary had learned from his time with AnonOps not to say yes to every request.
Though Topiary was finding it hard to keep a steady hand on things with so much happening at once, LulzSec was about to ramp up the pace of announcing hacks. The team was sitting on a mound of unused data, mostly provided by other hackers, that needed to get out. The Pentagon had given them a reason to finally drop Infragard, but soon they wouldn’t be waiting for the right moment. It would just be a fire sale of attack after attack.
Feeling the strain that Wednesday night, June 8, Topiary sent a message to Sabu asking if he was around and wanted to talk. He was hoping for a simple chat about security or maybe life in general. But Sabu didn’t respond. Just a few hours earlier, Monsegur had been in court signing agreement papers with the FBI. With Sabu offline for several hours now, Topiary battled a strange sense of foreboding.
“I’m starting to get quite worried some arrests might actually happen,” he remarked that evening, U.K. time, in a rare expression of emotion. It wasn’t the enemy hackers, Jester, or even the Bitcoin donation that had come out of the blue. Backtrace had just published the document claiming to dox the team members of LulzSec, though again, he was sure that all the names of his colleagues were wrong. “I just have a weird feeling something bad is inbound for us, I don’t know why.”
He remembered how he had mentioned similar concerns a few days earlier to Sabu after the M_nerva leak, and how Sabu had suddenly seemed more worried too. (This had been before Sabu’s arrest.) Topiary had always been the calm one in their group, Sabu’s brain of reason. Once Topiary started to get nervous, it was perhaps another signal to Sabu that they were in too deep. As the two had continued talking, they both decided that in spite of all the heat they were inviting, they could not just stop now. Momentum was too strong, expectations too high. They would carry on and run on faith in their ability to stay hidden. A small part of each of them had also accepted that arrest would probably happen at some point.
Did Topiary now fully trust Sabu and Kayla? In answering that question Wednesday night, he said that he trusted them “more than anyone else” in the group, and Sabu in particular.
“I treat Sabu as more important to me than mostly anyone online,” he said. “If I get arrested, I’m not snitching on them.”
But the niggling feeling came in part from knowing that Sabu had been social-engineering people for more than a decade and the weird fact that Sabu trusted him so much despite having known him for only a few months. For instance, Sabu had told Topiary his first name, Hector, a month before, had trusted him with his Google Voice number, had told him the names of a few of his friends, and even mentioned that he lived in New York City. When Topiary had asked a few weeks prior what Sabu knew about him, wondering if he had the same amount of information, Sabu had replied: “A U.K. guy that does good accents, which makes me think you’re not really from the U.K.” Topiary, who had an unusual Scottish-Norwegian accent developed from playing online games with Scandinavian friends, had never told Sabu his real first name or confirmed that he lived on the British Isles or named any of his friends. It was almost as if Sabu didn’t really care anymore about hiding his own true identity.
Topiary considered himself to be less reckless in that regard than Sabu. Plus, living in such a remote part of the world had made him feel safe. He doubted the police would even bother traveling up to the Shetland Islands.
Topiary went to bed. Getting to sleep was difficult. He tossed and turned, then had a strange nightmare and woke up at 5:00 a.m., shouting. He hadn’t done that in years. It was still dark outside, but he got out of bed and went into his living room anyway. He sat in his gaming chair and signed in to #pure-elite. Suddenly, he was bombarded with messages.
“Sabu is gone,” one of the crew members said. The LulzSec team finally noticed that he had been missing for more than twenty-four hours.