November 5, 1994—In one of the first known acts of hacktivism and cyber disobedience, a group called the Zippies launches a DDoS attack on U.K. government websites, taking them down for a week starting on Guy Fawkes Day.
1999—The Anti Security movement is spawned, as a post on the anti.security.is website calls to end the full disclosure of known website vulnerabilities and exploits.
September 29, 2003—Christopher “moot” Poole registers 4chan.net. (It is now 4chan.org.)
March 15, 2006—Jake Brahm, twenty years old, posts fake threats on 4chan about detonating bombs at NFL stadiums; two years later he is sentenced to six months in prison.
July 12, 2006—Users of 4chan’s /b/ raid Habbo Hotel, a virtual hangout for teens. They join the online game en masse and flood it with avatars of a black man in a gray suit and an Afro hairstyle, blocking the entrance to the virtual pool and forming swastikas. This spawns the “pool’s closed” meme.
January 2007—Controversial blogger and radio show host Hal Turner tries and fails to sue 4chan after users on /b/ launch a DDoS attack on his website.
June 7, 2007—Partyvan’s /i/nsurgency site is founded as an information hub on raids and, later, communications through the establishment of the Partyvan IRC network.
July 2007—A Fox News affiliate in Los Angeles describes Anonymous as “hackers on steroids” and an “Internet hate machine.”
January 15, 2008—Gawker posts a video of Tom Cruise that the Church of Scientology has been trying to suppress. The church issues a copyright violation claim against YouTube. In response, an original poster on /b/ calls on 4chan to “do something big” and take down the official Scientology website. Using a web tool called Gigaloader, /b/ users manage to take down Scientology.org, keeping it down sporadically until January 25, 2008.
January 21, 2008—A handful of Chanology participants publish a video on YouTube of a robotic voice declaring war on Scientology. The following day thousands more people join in the IRC channel where Chanology attacks are being discussed.
January 24, 2008—Anonymous launches a bigger assault on Scientology.org, taking the site offline.
February 10, 2008—Anonymous supporters don masks from the film V for Vendetta and hold protests outside Scientology centers in key cities around the world, such as New York, London, and Dallas, Texas.
Late 2008—Protests and cyber attacks against the Church of Scientology wind down as supporters lose interest in the cause.
January 25, 2010—Anonymous supporter and engineering student Brian Mettenbrink pleads guilty to downloading and using the Web tool LOIC to attack Scientology as part of Project Chanology and is sentenced to a year in prison.
September 17, 2010—Supporters of Anonymous launch a DDoS attack on Indian software company Aiplex after it admits to launching its own DDoS attacks on BitTorrent site The Pirate Bay. Anonymous launches several more attacks against copyright companies under the banner Operation Payback. Supporters collaborate on an array of IRC networks.
October 2010—The FBI starts looking into the Anonymous attacks on copyright companies ahead of what will become a full-blown international investigation.
November 3, 2010—Anonymous supporters with server resources set up AnonOps IRC, a more stable chat network to host discussions about Operation Payback and other Anonymous operations.
November 28, 2010—Five newspapers begin publishing U.S. diplomatic cables that have been fed to them exclusively by whistle-blower organization WikiLeaks. Over the next few days, a hacktivist known as The Jester launches a DDoS attack on WikiLeaks.org, taking it offline.
December 3, 2010—Online payment giant PayPal announces on its blog that it is cutting off funding services to WikiLeaks, which relies on donations. Shortly thereafter, a few organizers in the #command channel on AnonOps IRC coordinate a DDoS attack on the PayPal blog.
December 4, 2010—An announcement posted on Anonops.net states that Anonymous plans to attack “various targets related to censorship” and that Operation Payback has “come out in support of WikiLeaks.”
December 6, 2010—Organizers on AnonOps launch a DDoS attack on postFinance.ch, a Swiss e-payment company that has also blocked funding services to WikiLeaks. Roughly 900 people join in the #operationpayback chat room on AnonOps and around 500 join in the attack by using LOIC.
December 8, 2010—AnonOps launches a DDoS attack on PayPal.com, using 4,500 volunteers with LOIC but only becoming successful when one person using a botnet takes the site fully offline. Some 7,800 people have now joined the #operationpayback chat room. Later that day they hit MasterCard.com and Visa.com, which have also nixed funding services for WikiLeaks, taking both sites offline for about twelve hours.
December 9, 2010—Botnet controllers who had previously helped take down PayPal.com, MasterCard.com, and Visa.com turn on the operators of AnonOps and start attacking the IRC network, upsetting a planned attack on Amazon that day.
December 11, 2010—Dutch police arrest nineteen-year-old Martijn “Awinee” Gonlag for using LOIC to participate in an Anonymous DDoS attack, among the first of scores more arrests in Europe and the United States over the next year.
December 15, 2010—A member of PayPal’s cyber security team gives a USB thumb drive to the FBI that contains the IP addresses of 1,000 individuals who had used LOIC to attack PayPal.
Mid-December 2010—AnonOps administrators grapple with maintenance as their network is continually attacked, leaving them unable to oversee strategy. As a result, Operation Payback splinters into several side operations, such as Operation Leakspin, Operation OverLoad, and an attack on Sarah Palin’s official website.
Mid-December 2010—A few technically skilled supporters of AnonOps create a private IRC channel off the network called #InternetFeds, where about thirty black hat hackers—such as Sabu, Tflow, and Kayla, along with other interested Anons who have been offered invitations to the channel—can discuss future operations.
Early January 2011—The hackers in #InternetFeds discuss raids against websites of repressive Middle Eastern regimes like Tunisia, where popular democratic uprisings are currently taking place. The hacker Tflow writes a Web script that allows Tunisians to circumvent government Web snooping, while Sabu hacks and defaces the website of the Tunisian prime minister with a message from Anonymous.
Mid- to late January 2011—Members of #InternetFeds continue to collaborate on hacking and defacing the websites of other Middle Eastern governments, including Algeria and Egypt.
January 27, 2011—British police arrest five men in connection with the Operation Payback attacks on PayPal, MasterCard, and Visa, including AnonOps operators nicknamed Nerdo and Fennic.
February 4, 2011—A small group of hackers from #InternetFeds meets in another private IRC channel to discuss an attack on IT security firm HBGary Federal, after its CEO is quoted in the Financial Times that day as saying that he was investigating Anonymous and had uncovered the true identities of its core leaders.
February 6, 2011—News breaks that “Anonymous” has stolen tens of thousands of Aaron Barr’s corporate e-mails, as well as those of two executives at sister company HBGary Inc.; it also takes over his Twitter feed and DDoSes and defaces his site.
Early to mid-February—The same group from #InternetFeds publishes Aaron Barr’s private e-mails on an e-mail viewer. Journalists and supporters discover Barr had been proposing controversial cyber attacks on WikiLeaks and opponents of the U.S. Chamber of Commerce. Barr resigns.
February 24, 2011—Anonymous conducts a live hack and deface of a website belonging to the controversial Westboro Baptist Church, while Anonymous supporter Topiary confronts a Westboro representative on a radio program. The resultant YouTube video receives more than one million hits.
Mid- to late February 2011—Jennifer Emick, a former supporter of Chanology turned anti-Anonymous campaigner, decides to investigate the true identities of key Anonymous hackers and supporters and uncovers details about Sabu, aka Hector Monsegur.
Mid-March 2011—Emick and a handful of colleagues publish a list of seventy names, including Monsegur’s, under the guise of a cyber security company called Backtrace. Soon after, Emick is contacted by the FBI.
April 1, 2011—Supporters of Anonymous publish a digital flyer declaring war on Sony after the company sues a hacker named George “Geohotz” Hotz. They follow this up with a DDoS attack on Sony websites and the Sony PlayStation Network, greatly upsetting gamers.
April 7, 2011—Organizers with Anonymous call off the DDoS attacks on Sony, saying they do not wish to disrupt the PlayStation Network, but the network remains offline for the rest of the month.
April 2011—Topiary and Sabu discuss breaking away from Anonymous, then decide to get the team of attackers behind the HBGary assault back together to collaborate on more raids. The hackers Tflow and Kayla rejoin Topiary and Sabu, along with another Anonymous supporter named AVunit and, later, an Irish hacker nicknamed Pwnsauce. The group of six forms a hacker splinter group that is not constrained by even the loosest principles of Anonymous—such as not attacking media companies. They call the group LulzSec. They begin scouring high-profile websites for vulnerabilities that “rooters” like Sabu and Kayla can then exploit to steal and publish data.
May 2, 2011—Sony announces an intrusion to its network in mid-April, which has compromised the personal and financial details of more than 75 million PlayStation Network accounts. Though Anonymous has not taken responsibility, Sony later claims that the hackers left a file marked with the words “Anonymous” and “We Are Legion.”
May 9, 2011—A former operator within AnonOps goes rogue, publishing a list of 653 usernames and IP addresses, which, if not protected with VPNs or other proxies, could identify the people behind them.
May 7, 2011—LulzSec announces on Twitter, via the new account @lulzsec, that it has hacked Fox.com and published a confidential database of potential contestants in the TV talent show The X Factor.
May 30, 2011—LulzSec hacks into the computer network of PBS after its PBS NewsHour program broadcasts a documentary on WikiLeaks that the group claims to dislike. LulzSec publishes a list of e-mail addresses and passwords for PBS employees, while Topiary writes a spoof news article about the murdered rapper Tupac Shakur being found alive, publishing it through the PBS NewsHour website. The group’s founders discuss forming a second-tier network of trusted supporters, many of them hacker friends of Sabu’s.
June 2, 2011—LulzSec announces its hack on SonyPictures.com and says that the group has compromised the personal information of more than one million of the site’s users.
June 3, 2011—LulzSec defaces the website of Atlanta InfraGard, an FBI affiliate, and publishes a list of e-mails and passwords for 180 users of the site, some of whom are FBI agents.
June 6, 2011—LulzSec receives a donation of 400 Bitcoins, worth approximately $7,800 at the time.
June 7, 2011—Two FBI agents visit Hector “Sabu” Monsegur at his home in New York and threaten to imprison him for two years for stealing credit card information if he does not cooperate. Monsegur agrees to become an informant while continuing to lead LulzSec.
June 8, 2011—The LulzSec hackers notice that Sabu has been offline for twenty-four hours and worry he has been “raided” by the FBI. Later that night, U.K. time, Topiary makes contact with Sabu, who claims that his grandmother has died and that he will not be active with LulzSec for the next few days.
June 15, 2011—LulzSec claims responsibility for launching a DDoS attack on the official website of the CIA. The attack has been carried out by former AnonOps operator Ryan, who wields a botnet and now supports LulzSec.
June 16, 2011—A representative of WikiLeaks contacts Topiary to say that core organizers want to talk to LulzSec. He and Sabu eventually hold an IRC discussion with a WikiLeaks representative and someone purporting to be Julian Assange. The representative “verifies” Assange’s presence by temporarily uploading a YouTube video that shows their IRC chat happening in real time on a computer screen, then panning to show Assange on his laptop. The group discusses ways in which they might collaborate.
June 19, 2011—LulzSec publishes a press release encouraging the revival of the Anti-Security (or Antisec) movement and advocating cyber attacks on the websites of governments and their agencies.
June 20, 2011—Galvanized by the surprisingly large response to the Antisec announcement, Ryan uses his botnet to DDoS several high-profile websites, including Britain’s Serious Organised Crime Agency. Later, at 10:30 p.m. that evening in the U.K., he is arrested in his home.
June 23, 2011—LulzSec publishes sensitive documents stolen from Arizona law enforcement, including the names and addresses of police officers. Feeling that they have gone one step too far, LulzSec members, including Topiary and Tflow, discuss ending the group.
June 24, 2011—Topiary and Tflow tell AVunit and Sabu that they want to end LulzSec; a heated argument ensues.
June 26, 2011—LulzSec announces it is disbanding after “50 Days of Lulz.”
July 18, 2011—LulzSec comes back for one more hack, uploading a spoof article about the death of News International owner Rupert Murdoch on the home page of his leading British tabloid, The Sun.
July 19, 2011—British police announce they have arrested a sixteen-year-old male who they claim is LulzSec hacker Tflow.
July 27, 2011—Police arrest Shetland Islands resident Jake Davis, whom they suspect of being LulzSec’s Topiary.
September 2, 2011—British police arrest twenty-four-year-old Ryan Ackroyd, whom they believe to be Kayla.
December 24, 2011—Anonymous announces that it has stolen thousands of e-mails and confidential data from the U.S. security intelligence firm Stratfor under the banner of “Lulz Christmas.” Sabu, who claims to be still at large while other LulzSec members have been arrested, keeps tabs on the operation from private chat channels and feeds information about the attack’s organizers to the FBI.
March 6, 2012—News breaks that Hector Monsegur has been acting as an informant for the FBI for the past eight months, helping them bring charges against Jeremy Hammond of Chicago and five people involved with LulzSec.