As 2010 became 2011 and Operation Avenge Assange waned, other operations on AnonOps waxed. It was not that AnonOps was splintering, but rather that it was flowering. This IRC network became the digital platform du jour for Anonymous activists of different stripes to organize their operations. By the end of January there were operations and dedicated IRC channels for Italy, Ireland, Venezuela, Brazil, Syria, Bahrain, Tunisia, Egypt, and Libya, along with non-place-based operations like Operation Leakspin, an effort to comb through the WikiLeaks diplomatic cables in search of newsworthy information. Many of these endeavors were small but nevertheless gave birth to vibrant regional nodes, the most prominent being Italy, Brazil, and the Hispano-Anons. (At the time of this writing, Anonymous Italy has leaked documents from the office of the governor of the Lombardy region, declaring the politician to be “one big corrupted son of a gun” and accusing him, among other things, of allowing criminals who distribute child porn to launder their funds through a Lombardy bank.1) These geographical pockets have thrived and grown into full-bodied communities. Although showing no signs of slowing down, very few regional nodes have been documented.2
Operation Tunisia seemed to erupt out of nowhere. It was only much later that I was informed about its precise conditions of its birth; even years later, its founder fumbled when pressed for a precise explanation: “I don’t really know why it worked,” he insisted during an interview. Two geeks, Slim and Adnon (not his real pseudonym), living in different regions of the world, acting independently but united in the belief that they could make the world better, set their sights on Tunisia. Slim Amamou, a Tunisian citizen in his thirties, was hoping Anonymous would get involved in publicizing the troubles roiling his country. A programmer and blogger, Amamou was fascinated by Anonymous; he had given talks about the power and draw of nonidentitarian politics. He described Anonymous as the number zero: the all-powerful number, the non-number. This was a fitting example for a young Arab man, given that it was Arab mathematicians who popularized zero. Embodying the idea of void and infinity, zero was long held in the West as a heretical concept, only entering usage in mathematics and philosophy during the intellectual, and political, ferment of the Enlightenment. Zero—the ultimate placeholder, refusing a concrete identity.
While Adnon, living on the other side of the Mediterranean Sea, chose to be Anonymous, living a privileged life in a quaint historic town in Europe without fear of government repression, Amamou was backed into the corner of anonymity. Tunisia was under a regime of heavy censorship: in 2010, this nation of just over ten million people scored 164 out of 178 in Reporters Without Borders’ Press Freedom Index (an annual rating that measures press freedoms based on a questionnaire filled out by non-governmental organizations, journalists, jurists, academics, and human rights workers in various countries). Like many Tunisians, Amamou used anti-censorship circumvention tools to read news and get the word out. The use of proxies and virtual private networks (VPNs) was “standard knowledge among the youth,” he said to me. In Tunisia, geekdom was often spurred by necessity and the will to survive.
Soon Anonymous would come to symbolize the general plight of Tunisians, said Amamou in an interview—an icon to be adopted by the young urban hacker and rural commoner alike because of the role Anonymous played in their country’s revolt. Many knew Anonymous had been the grain of sand that gave rise to the pearl of media attention absent at the start of their revolution. It was a modest and safe contribution to be sure, but still a vital one. On January 8, a week before Ben Ali fell, Tunisian schoolchildren sitting in a courtyard paid tribute to Anonymous by donning the mask.
Amamou, who was already active in the sphere of Internet politics, did not always act anonymously. On May 21, 2010, he was briefly detained by government henchmen for his role in organizing a demonstration against web censorship, set to take place the next day in front of the Information Ministry. He was re-arrested on January 6 during the height of the protests. He explained, “I was interrogated for five days by state security … It is a place where people get killed, you see, and I believe—I am sure actually, I don’t believe—that I was saved by Anonymous.” Anonymous participants from Tokyo to Europe heard about his plight (it was circulated on Anonymous channels), leading to a flood of calls to the Tunisian government.
So Anonymous had long appealed to Amamou. As his country inched closer to full-blown revolution, he wanted the faceless collective closer. So he “summoned” Anonymous to appear. He thought that if an operation took off, it would force the world’s media to stop ignoring Tunisia. Although he called for Anonymous, he was not naive: “Anonymous is not your personal army” is a refrain which he knew well. “You cannot control Anonymous,” he told me emphatically, castigating me after I asked him what he would change about Anonymous if he could. All you can do is hope they will arrive. Fortunately, they did.
And it was due in part to Adnon, who was fifteen years old when he first found Anonymous. Raised in Europe, his family was very well-off—though you would never know it by hanging out with him. He was one of the first individuals from AnonOps I met “afk” (“away from the keyboard,” in IRC parlance), a pleasure I have since enjoyed on multiple occasions. Out of the entire bunch, he was the most unassuming. Kind, calm, and contemplative, he first struck me as a “regular guy,” but within twenty minutes of meeting him, I could see why some of the older hackers were fondly protective of him.
Taking cover from the unyielding sun under the rustling leaves of a tree on a hot summer day, our conversation mostly involved Anonymous shoptalk. That meant roughly 30 percent gossip, 20 percent conspiracy, and 50 percent welcomed pedagogy about the innards of Anonymous. The transition from online chatting to in-person conversation was seamless. Just encountering someone from this realm, in the flesh, was a relief.
He would complain about his boring and menial day job (though wealthy, he was not spoiled) and would become more excited when he recounted one of his many outdoor adventures involving biking or canoeing. Sometimes bored at school and having spent a fair bit of time online, he joined AnonOps in the fall of 2010 during the first phase of Operation Payback. He recounted: “I got involved because I read some article somewhere and thought, ‘oh man, dem hax are cool!’ Then it was so much more than that.” Though far from being a talented hacker, he was still technically proficient, one might even say a quintessential geek.
As he sailed along in the Anonymous ship, he accrued new skills: security protocols, and database and webserver management. But “the biggest things I learned,” he said, “were not technical. Teamwork and organization are massive.” He was one—among four I met—of those organizers and brokers essential to making Anonymous’s clock tick, a device which resembled Dali’s gooey melting clocks more than a Swiss machine.
For much of the fall of 2010, Adnon was an avid spectator on IRC, only occasionally chipping in on organizational matters. But he chatted, especially with other channel operators such as joepie. Finally, late in December, Adnon pitched a proposal, aided by those he had talked to for long hours. The proposal forever altered the course of AnonOps.
His suggestion was simple: use Anonymous resources to publicize the plight of the Tunisians revolting, at the time, against their president/dictator Ben Ali, who had been in power since 1987. In his own words: “We had this #anonnews channel and there was like three of us as moderators … One of the guys there who I think was Tunisian said something like ‘This kid burnt himself about this and there’s a few people doing some small protests. It would be cool to do something.’” The Tunisian government had by then already blocked the diplomatic cables released by WikiLeaks, which created an enticing and urgent bridge for a cohort of geeks.3
Some channel goers initially insisted it was “insane … to take on a government.” Adnon let it go. A week later, on New Year’s Eve, Adnon was on holiday with his family. With a blizzard roaring outside, he sneaked away and jumped online from his hotel room. He pushed back against the naysayers, bolstered by a sense of righteousness—and also a dose of misinformation and misunderstanding: “I, being oblivious to the actual size of the ‘moralfag’ anons, assumed there were thousands of active members and said, why not?” It is true there were thousands during Operation Avenge Assange, but the consistent number ran only in the hundreds, and those working specifically on propaganda and technical matters numbered even fewer, and were shrinking. But he kept pressing, and eventually enough were convinced:
<Adnon>: We just spammed the shit out of the link to the channel #optunisia everywhere
<Adnon>: people were bored
<Adnon>: it was a crazy idea
Many joiners were still skeptical. As Quinn Norton reported for Wired, many “didn’t think either the op or the revolution had a chance.”4 But it turned out to be one of the group’s most stellar operations, ushering in a transformation from Anonymous to Anonymous Everywhere. No longer was the group bound to Internet-y issues like censorship and file sharing.
A day or so after Adnon resurrected the proposal, he received a private message (PM) on IRC from someone on #internetfeds, offering their many services—web defacements, DDoSing, hacks. Maybe this would be easier than he thought. On January 2, 2011, at the dawn of a new year—always a sign of hope—Anonymous published the following press release inaugurating #OpTunisia, eventually translated into French, Arabic, Spanish, and Italian:
A time for truth has come. A time for people to express themselves freely and to be heard from anywhere in the world. The Tunisian government wants to control the present with falsehoods and misinformation in order to impose the future by keeping the truth hidden from its citizens. We will not remain silent while this happens. Anonymous has heard the claim for freedom of the Tunisian people. Anonymous is willing to help the Tunisian people in this fight against oppression. It will be done. It will be done.
This is a warning to the Tunisian government: attacks at the freedom of speech and information of its citizens will not be tolerated. Any organization involved in censorship will be targeted and will not be released until the Tunisian government hears the claim for freedom to its people. It’s on the hands of the Tunisian government to stop this situation. Free the net, and attacks will cease, keep on that attitude and this will just be the beginning.
But let’s back up to the onset of revolution itself. Mohamed Bouazizi, Nawaat WikiLeaks, and Chelsea Manning all deserve thanks for its inception. In 2010, living under the Ben Ali regime since 1989, scores of Tunisians were downtrodden, living in deplorable conditions, and fearful as human rights abuses—torture, censorship, and detentions—intensified in the country. The country had not been party to any large-scale protests for decades, and its many Western allies, including the United States, singled Tunisia out as a model of political and economic stability in an Arab region otherwise known for strife and uncertainty.
So when revolution hit—and when the mainstream media finally reported on it with substance—it came as a shock (for Westerners, at least). The demonstrations led to one of the quickest dictatorial downfalls in recent times, and spread as a chain reaction across the region, becoming what is now called the Arab and African Spring. Like so many revolutionary moments, hindsight reveals that there had been, in plain view, enough despair to fuel a fire of defiance for weeks. All that was missing was a match: in Tunisia, two presented themselves.
First, on November 28, when WikiLeaks released its first batch of 220 diplomatic cables, they made the shrewd decision to partner with local activist and media outfits around the globe. One was in Tunisia: Nawaat WikiLeaks provided them with Tunisia-specific cables. Three Nawaat members translated the cables into French and published them under the banner of TuniLeaks to coincide with WikiLeaks’ larger public release of documents. Nawaat also worked with foreign geeks and hackers to ensure that their website with the cables remained online in the face of vigorous attempts by the government to censor it.
The cables confirmed what was widely known but theretofore undocumented as fact: Ben Ali was rotten to the core, his regime was mired in corruption, and his family lived in opulence while the rest of the country struggled to meet its daily needs. “The widely available proof of government corruption and hypocrisy based on an unstoppable flow of leaks was significant in fanning the flames of anger and agitation among citizens throughout the region,” wrote Ibrahim Saleh, an expert on Tunisian politics.5
Many Tunisians read these cables, duly noting the exact number of chickens fed to a pet tiger, and the three types of juices served at dinner—one of which was kiwi, hard to procure in the country:
12. (S) The dinner included perhaps a dozen dishes, including fish, steak, turkey, octopus, fish couscous and much more. The quantity was sufficient for a very large number of guests. Before dinner a wide array of small dishes were served, along with three different juices (including Kiwi juice, not normally available here). After dinner, he served ice cream and frozen yoghurt he brought in by plane from Saint Tropez, along with blueberries and raspberries and fresh fruit and chocolate cake.
13. (S) El Materi [Ben Ali’s son-in-law] has a large tiger (“Pasha”) on his compound, living in a cage. He acquired it when it was a few weeks old. The tiger consumes four chickens a day. (Comment: The situation reminded the Ambassador of Uday Hussein’s lion cage in Baghdad.) El Materi had staff everywhere. There were at least a dozen people, including a butler from Bangladesh and a nanny from South Africa. (NB. This is extraordinarily rare in Tunisia, and very expensive.)
19. (S) Most striking of all, however, was the opulence with which El Materi and Nesrine live. Their home in Hammamet was impressive, with the tiger adding to the impression of “over the top.” Even more extravagant is their home still under construction in Sidi Bou Said. That residence, from its outward appearance, will be closer to a palace. It dominates the Sidi Bou Said skyline from some vantage points and has been the occasion of many private, critical comments. The opulence with which El Materi and Nesrine live and their behavior make clear why they and other members of Ben Ali’s family are disliked and even hated by some Tunisians. The excesses of the Ben Ali family are growing.6
Second, on December 17, 2010, three weeks after Nawaat.org released the translated cables, an unrelated act of desperation ripped open the soul of the nation. Bouazizi—a young fruit and vegetable seller—was accosted by the police, who seized his unlicensed food cart and refused to return it even after Bouazizi offered to pay the fine. His first attempt at retrieving his cart was a frustrating failure. Low-level government officials refused to even talk to him. Doubly insulted and with a family of eight to feed, he set himself on fire. Powerless and voiceless in one moment, he became, in the next, impossible to ignore: but at the terrible cost of his life.
Protests began in Sidi Bouzid, the city where Bouazizi resided. Quickly they radiated out in every direction. Lives were lost at the hand of the police, causing more people to join in the protests. Takriz, an Internet-savvy group chartered as a mailing list in 1999, worked to connect the rough-and-tumble street youth to the Internet.7 Though Takriz had no direct connection with Anonymous, they were kindred spirits. A network of a few thousand, Takriz generally refuses to cooperate with journalists, bandies about obscenity as a shock tactic, and proudly embraces anonymity. Its current Twitter account reads: “Tunisian cyber think/fight tank & street resistance network since 1998. Free, True & Anonymous—Takrizo Ergo Sum—We make revolutions!”8
Bouazizi passed away from his burns on January 4, 2011, and the next day an estimated five thousand mourners attended his funeral, many of them chanting, “Farewell, Mohamed, we will avenge you. We weep for you today, we will make those who caused your death weep.”9 The next day, 75 percent of the nation’s lawyers went on strike, calling for an end to the crackdown.10 Tunisians from all walks of life—teachers, union members, students—joined the fray. Protests continued to spread and police violence escalated. By January 13, dozens of journalists, bloggers, and activists had been arrested and over sixty protesters had been killed. By the middle of the month, Ben Ali decreed a state of emergency, but it was impossible to contain the fury. However, reading the Western mainstream media at the time, one would have barely known.
The North American and European public first got word of the protests from the publication of a brief Associated Press story on the riots. The report was understandably lacking in detail, as the revolts had just broken out. With each passing day, even as the protests intensified, the reporting in the mainstream Western media outlets, with a few minor exceptions, remained tepid. On January 9, 2011 (with Anonymous already engaged in Tunisia, acting as digital courier pigeons to get word and videos out from the trenches to the public at large), the AP published another story, picked up by newspapers like the New York Times and the Globe and the Mail, parroting Ben Ali’s position. “People taking part in the spate of unrest say they are angry at a lack of jobs and investment, but officials say the rioting is the work of a minority of extremists intent on damaging the north African country.”11 Ben Ali would flee less than a week later, on January 15, 2011.
As part of its campaign, Anonymous wrote the following letter to journalists:
It has come to our attention that the ongoing riots in Tunisia have by and large escaped the notice of reliable Western news networks. It is the responsibility of the free and open press to report what the censored press cannot. The public demonstrations, as well as the actions Anonymous has taken in solidarity with the citizens of Tunisia, demand mainstream coverage.
The Tunisian government, led by President Ben Ali, has shown an outrageous level of censorship, not only blocking the websites of dissident bloggers, but also sites like Flickr and any website or news source mentioning WikiLeaks. In a show of blatant disregard for the guaranteed right of free speech, over the past 24 hours Tunisian government officials have hacked email and Facebook accounts of anyone who has taken actions labeled as “activism” (which may be as “dangerous” as planning a protest, or as innocent as commenting on a discussion board for a WikiLeaks related group). Entire Facebook accounts have been commandeered by the Tunisian government, who have even gone so far as to change profile pictures to a pirate ship in a mockery of those who stand for freedom of speech.
Anonymous, in turn, has launched DDoS attacks against the websites of the Tunisian prime minister and his corrupt government, the stock market, and the primary DNS server of Tunisia—thus successfully bringing down many of the websites ending in .tn. Additionally, we have taken steps to ensure that Tunisians can connect anonymously to the internet, and access information that their government does not want them to see.
There has been an almost complete absence of prominent coverage. We ask, why is a news source like AlJazeera one of the few covering these earth shaking riots while the rest remain quiet? The world is getting the impression that unless western economic interests are involved, our media does not care to report upon it.
Perhaps you didn’t know? Now that you do, you can help us spread the news. After all, you do not have to wear a mask to do it.
Sincerely,
Anonymous12
But Anonymous was doing more than pestering the mainstream media to do its job. By January 2, 2011, a technical team on #internetfeds forsook their holidays to work nonstop. Indeed, Adnon told me he barely slept for two weeks. In an interview, he explained that the operation took a different approach than Operation Payback and Avenge Assange:
<Adnon>: With Tunisia we had a plan
<Adnon>: We thought carefully about what to do and when in a small group
<Adnon>: presented a list of options in a poll
<Adnon>: then took the result of the poll
<Adnon>: It was much less a big group decision than other ops
OpTunisia marked, both internally and externally, a sea change. All throughout the fall, multiple secret cabals and channels had populated Anonymous. Even Chanology had to reckon with marblecake, a cabal of its very own. While those in secret channels wielded technical power, and in many respects called the shots, they were still beholden to those in the public channel if they wanted to get things done. The angry masses of the IRC body politic kept the cabals in check—a message made clear when, earlier in the fall, the masses rose up in a collective shitstorm at #command’s attempts to cease DDoSing in response to the Pirate Party.
The managing of OpTunisia was different: from the beginning, a handful of smaller teams composed of hackers, propaganda makers, and organizers led the operation and never let go. It was not that this team-based model displaced other mass modalities of organizing. There were other, simultaneous operations—some of which originated from the public channels with no cabal involvement. And a public IRC channel attached to OpTunisia existed, and played a valuable role.
On January 2, 2011, a hacker named “rubik” (not his real pseudonym), who had been working on two private channels, swooped in to announce that a Tunisian website had been defaced (all pseudonyms have been changed):
<rubik>: http://www.pm.gov.tn/pm/index.php—defaced
<OT>: way to go anons!!!!!
<OT>: wayy to fucking go!
<rubik>: Fucking A! Nice Job
<OT>: More to come biotches :P
<rubik>: http://www.marchespublics.gov.tn/ also.
<K-rad>: http://www.pm.gov.tn and http://www.marchespublics.gov.tn/ DE-FUCKING-FACED!
<lafdie>: btw mad props on the lolcats: http://www.pm.gov.tn/pm/index.php
<vvom>: http://www.pm.gov.tn/pm/index.php
BOOYA MOTHERFUCKERS
A group of hackers had been hard at work, cooperating as a team, for some time. Yet the majority of journalists couldn’t resist the opportunity to pinpoint a “mastermind” or “leader,” the architect ostensibly maneuvering everyone else. Ironically, an Internet search for “Anonymous leader” will yield at least four different names. Eventually, most journalists identified Sabu and Topiary as the leaders, most likely because they erroneously conflated their robust public relations presence with organizational (or dictatorial) control.13
Although many articles single out a “ringleader” or a “mastermind,” the exact nature of what this entails is left largely unstated. The reader is left to use his or her own imagination—perhaps envisioning an elite villain sitting on a high-backed chair in some ice palace, stroking a cat on his lap as a deep echoing laugh reverberates slowly through the chambers. Adrian Chen surmised, based on leaked IRC logs, that “Sabu plays the role of a leader, enforcing unit discipline while the other members stand by.”14 And yet Chen himself belies this insight in the next breath by shifting attention to a related hack performed without Sabu’s input by another group of Anons. Analyzing a single log for evidence of a leader is about as effective as extrapolating the entire plot of a movie from a single still frame. Yet the Guardian’s Charles Arthur made the same error, writing, “For some time after the UK arrests, the only visibly active member of LulzSec remained its leader, known online as Sabu, who would simultaneously deny that he was its leader and then use phrases such as ‘my team.’”15 But broader context reveals that Sabu was simply referring to the #pure-elite channel he created long ago, and described by other LulzSec members as an IRC channel where friends of LulzSec” could hang out.
As it turns out, hacker undertakings, especially within Anonymous, tend to be dynamic and fluid, with multiple individuals or even groups working in concert. What holds true for one operation may not for the next. Sometimes a particularly obsessive hacker engenders, for a time, an organized collective workflow. At other times, it is chaos and miscommunication. Indeed, when I interviewed Jeremy Hammond in prison much later, he bemoaned, “I wish we were more like RedHack, more disciplined.” RedHack, a Turkey-based hacktivist group, has a clear hierarchy, a leader, and a spokesperson—products, each, of sixteen years of organizing and a shared devotion to Marxist-Leninist tactics.
Maybe Anonymous could have achieved more had it had a leader or a static hierarchy. Hackers tend to suffer from what I like to call Geek Distraction Disorder (GDD). Without oversight, a hacker could easily wind up in a field, surrounded by yaks, with a shaving razor in hand, wondering how he got there (if you understand this reference, you are at risk!). But it is equally probable that Anonymous achieved so much precisely because there was no boss pointing to a fixed destination. Whatever the case, the work unfurled organically: depending on who was on the channel, what each participant could contribute, and this willingness, in a certain moment, to learn something new—the crucial ingredient of most any successful hack.
OpTunisia illustrates this all so well. Imagine yourself on IRC, an Anon witnessing the operation’s beginning. It is January 2, 2011, and you are working directly with Tunisian activists and hackers who are feeding you unvarnished information about a historic revolt. You are at home, sitting largely still except for your fingers moving at the keyboard, but the information you receive enables responses that can make a direct difference in the event, just one step removed from the people on the ground throwing Molotov cocktails. Your contributions won’t necessarily be significant, but they can’t be overlooked. They are personally empowering, a mechanism of solidarity, and, in some cases, perhaps even a real boon that shields those on the ground from harm. All of this depends on shifting, messy modes of cooperation—and sets the stage for organizations to spring up around a particularly good idea, and to fall apart at even a hint of disagreement and alternate paths.
At this time there were two different and private IRC channels that were active simultaneously, #opdeface and #internetfeds. The latter is where the heavy technical lifting was done, the former where organizers congregated. A gopher shuttled news between them. Some hackers were in the know, while others were continually arriving (all pseudonyms have been changed):
<rubik>: K-rad, Any good with PostgreSQL? [PostgresSQL is a database]
<rubik>: http://www.pm.gov.tn/pm/banniere/redirectb.php?id=54&idb=3’2&
<K-rad>: rubik, i’ve never messed with PostgreSQL, it is even the first time i’ve ever seen it on a box tbh
<gibnut>: why are we hitting up tunisia?
<K-rad>: Because they’e just passed a law which says the media can’t say what they want
<K-rad>: and banned them from mentioning wikileaks
<gibnut>: time to own tunisia then ;)
On other channels, users suggested DDoS campaigns, but both in Anonymous and out, there we are those who prided themselves on being “real” hackers and dismissed DDoS as lame (or even detrimental to real hacks, as we will see in a moment). Real hackers find exploits. People who just run LOIC are considered beneath the “hacker” moniker, mere “script kiddies,” or “skiddies” for short. gibnut announces that he has an “zero-day,” which is much more powerful. A zero-day exploit, or “oh day” as people sometimes jokingly call it, is a previously unknown security vulnerability in a piece of software. It is called a zero-day because it is unknown by the public—or the software authors who could fix it—for zero days and counting. A zero day is gold; anyone who knows the zero day can exploit it over and over until it is patched. The most coveted zero days provide access to a computer or network, which is why they are sold for high profit in a thriving black market. Many, many governments participate in this ethically problematic market, including the US government, who, according to technology reporter Joseph Menn, “has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.”16 The US government largely purchases zero-days from private firms that “spend at least tens of millions of dollars a year just on exploits.”17 Suffice it to say, gibnuts’s news was received with excitement:
<gibnut>: lets see fuck loic, we’ll hurt them a different way
<p-ground>: oh yes please
<gibnut>: I have 0day local root exploit against openwebmail and Tunisia’s NIC servers run it
<gibnut>: https://risala.ati.tn/cgi-bin/openwebmail/openwebmail.pl
<gibnut>: if we can get into that server we can root tunisias .tn tld nameservers and control its entire internet space
<gibnut>: redirect it all to wikileaks ;)
<p-ground>: shit just got real due to gibnut
With this zero day, gibnut is suggesting that they can compromise the domain name registrar in Tunisia (the NIC) and control the entire Tunisian top-level domain (TLD) name space. An example of a TLD is .com or .org. Each country has its own TLD; Tunisia’s is “.tn.” If the Anons can compromise this Tunisian registrar, they can redirect everyone who tries to navigate to a website that ends in .tn to any server they wish. gibnut lulzily suggests WikiLeaks. Although this particular exploit did not yield access (for unknown reasons), it did succeed in spreading an anxious optimism throughout the sidelines:18
<gibnut>: let me see if I can get in… brb [be right back]
<p-ground>: Arm the nuclear warheads guys.
<p-ground>: Internetfeds is going in.
<K-rad>: gibnut, :D nice <3
<K-rad>: but first we need to find a bug on there
<jaggy91>: epic
<p-ground>: for some reason stuff in this channel always ends up being epic
<jaggy91>: lol
<rubik>: ah guess i’m going to have to use some postgresql injection cheat sheet or something
<gibnut>: rubik, or, download havij for windows
<K-rad>: http://www.marchespublics.gov.tn IS HIGHLY INJECTABLE :3 [there is at least one vulnerability that allows an attacker to modify the site’s database in ways other than intended]
<K-rad>: stand by for lulz <3
<rubik>: :o
<rubik>: looks like ministry of justice, i think, idk [I dont know]
<K-rad>: i don’t know but ALOT of the sites are vuln [vulnerable]!
Like many hackers, if they don’t know something, they go teach themselves:
<K-rad>: know tht postgres bug?
<rubik>: yeah
<K-rad>: i did some reading on posgres and lurned me some DB [database] so now i know how to inject it :D
<K-rad>: stand by for dump
K-rad went away for a while, clearly working hard, then came back with some results. K-rad accessed a database with sixteen hundred rows (and thus entries) and tried to crack the passwords. First apologizing—“sry guys jst taking time because i’ve never done postgres SQL and im trying to write it in to a script to make it faster as i do it”—he then realized that the ongoing DDoS was what was causing the slowdown of the password dump. He implored:
<K-rad>: Someone tell optunisia DO NOT DDOS 193.95.68.156 it’s fucking up my dump
As this was a team effort, other hackers were simultaneously trying to gain access through other potential security vulnerabilities. They realized that if they could get shell access, which enables a lower-level access to the system, they could potentially get the private emails of the prime minister of Tunisia, and then leak them. rubik managed to gain access but, unfortunately, found nothing but spam—but that didn’t stop the “owning” process. To “own,” “0wn,” or “pwn” a server basically means that you have gained the top level of privileged access and, from there on out, you have free rein to do whatever you like with it. You can read any file, write to any file, change running processes, inject your own processes/malicious code, or, if you are so inclined, delete everything. You are “root,” the full administrator of the machine, even though you are nowhere physically near the machine itself. Inevitably, of course, the Anons defaced the site, but first they attempted to score some emails:
<rubik>: I logged it but there’s nothing there
<K-rad>: brb guys im going to make a fresh tea :3
<gibnut>: http://www.marchespublics.gov.tn/onmp/upload/upload_fichier.php?Field=document&type=document
<gibnut>: ;]
<gibnut>: shall I own it now or later
<rubik>: nice
<K-rad>: be best now while the anti-tuni.gov steam is still rolling
<rubik>: we could upload a shell i suppose
<gibnut>: tre
<rubik>: which shells would you guys like ;]
<rubik>: i have like 40
<K-rad>: it will maximize effect and morale
<K-rad>: if we can root it, we need to go for email leak too!
<K-rad>: not just deface!
<K-rad>: :D
<K-rad>: full on email leak :D:D
<rubik>: found the shell
<gibnut>: www.marchespublics.gov.tn/onmp/upload/documents
<K-rad>: someone make a fancy payback deface page plz :3
As the team prepared to deface the page, K-rad excitedly declared that there was an old kernel installed. The kernel is the core component of an operating system—the contact point between the hardware and the software. An old kernel usually means that there are some known exploits, so this is almost always a good sign for someone wanting to compromise a machine:
<rubik>: here’s a deface page
<rubik>: http://pickhost.eu/images/0004/1986/anonymousdefacetunisia.jpg
<rubik>: if u like it
<K-rad>: OOOOOOOOOOOOOOOOOOOOOOOOOOOOOO OOOOOOOOOOOOOOOOOOOOOOOOOLD KERN FTW [For The Win]
<rubik>: root?
<duckie>: Not bad rubik
<duckie>: Any chance you could centre the text at the bottom though?
<rubik>: idk i didn’t make it
<rubik>: im running on tor
<rubik>: wish i hd a vpn
duckie had just logged in to help. He was eventually booted for lacking sufficient low-level hacking ability, but he was a skilled organizer and broker, so for the time being he was allowed into the channel. He had a rare knack for naming operations and a rare level of insight into the ongoing changes affecting AnonOps:
<duckie>: Anything I can do to help which doesn’t involve actually going into the server?
<duckie>: rubik, I’ve been in and out, this channel was presumed dead for a long time
<K-rad>: duckie make a deface page! :D?
While #internetfeds was in hot pursuit of the private emails of the Tunisian prime minister, there was another channel, #opdeface, also hard at work. But even in the elite channel that was #internetfeds, many were blind to the existence of #opdeface. Meanwhile, the search for emails came up empty. On #opdeface, rubik gave a technical rundown of the exploit they had found on #internetfeds.
Some Tunisian Anons realized an exploit could work on another target:
<OT>: I repeat: Main target is ati [Tunisian Internet Agency]
<OT>: Direct responsible for censorship
<mo>: i have found an XSS exploit on ati site
<a>: OT, lol, i just thought you said that in opchannel [a public channel]
<OT>: lol
<OT>: not that stoned yet
[…]
<rubik>: we found admin login passwords for publicmarches.gov.tn, which is on the same box as pm.gov.tn now
<vj>: i think we looked into ministry of communication as DDoS target
<vj>: if it was disqualified, i don’t remember why
<a>: just looking at it
rubik, thinking they might eventually score some juicy emails, asked them for some help:
<rubik>: btw
<rubik>: can anyone prepare a statement
<rubik>: for the torrent description
<rubik>: when we get pm.gov.tn emails
<rubik>: i.e. a message to pm.gov.tn about their leaked emails
<rubik>: but not yet
<rubik>: prepare a deface page
<rubik>: unless u like http://pickhost.eu/images/0004/1986/anonymousdefacetunisia.jpg
<rubik>: and prepare a torrent description or manifesto
Eventually, #opdeface delivered:
<vj>: Greetings from Anonymous.
<vj>: We have been watching your treatment of your own people, and we are both greatly saddened and enraged at your behavior. You have unilaterally declared war on free speech, democracy, and even your own people. Your people rally in the streets to demand accountability and their own rights, which you have wrongfully presumed it was in your purview to take from them.
<vj>: We will use this brief span of attention we’ve captured to deliver a clear and present message which we hope shall never be forgot. Remember, remember, that the tighter you squeeze the more your people shall rebel against your rule. Like a fistful of sand in the palm of your grip, the more you squeeze your people the more that they will flow right out of your hand. The more you censor your
<vj>: own people, the more they shall know about you and what you are doing.
<vj>: We are Anonymous.
<vj>: We are the angry avatar of free speech.
<vj>: We are the immune system of democracy.
<vj>: We do not forgive censorship.
<vj>: We do not forget free speech.
<vj>: Expect us - always.
<a>: good stuff. i’d do s/people/citizens/
<a>: sounds more … profound
<vj>: We will use this brief span of attention we’ve captured to deliver a clear and present message which we hope shall never be forgot. Remember, remember, that the tighter you squeeze the more your citizens shall rebel against your rule. Like a fistful of sand in the palm of your grip, the more you squeeze your citizens the more that they will flow right out of your hand. The more you censor
<vj>: your own citizens the more they shall know about you and what you are doing.
<vj>: In that spirit, we release to the citizens of Tunisia and to the world a cache of government documents. Hopefully this will shed some light on what the government so desperately wishes to hide.
rubik continued to act as gopher between the two channels. With work done for now, he gave props to one of the team members (not Sabu, by the way). Another Anon quickly berated this individual praise on ethical grounds, and K-rad himself played the accomplishment down—a clear example of the self-effacing values at work in Anonymous:
<rubik>: credit goes to K-rad for this one
<K-rad>: it was everyone in feds :D
<K-rad>: dont forget to rm -rf their admin login page :D [rm -rf being the command to delete a directory]
<K-rad>: and rm -rf everything else you can under those perms! :3
<Adnon>: You guys done
<a>: dont forget gibnut
<a>: and whoever else worked in the background (=
<OT>: no names lol just anonymous
<a>: well, ofc [of fucking course]
<a>: but in here .. ppl who are in here..
<nessy>: we in secret tho
<a>: is still ok. i guess (=
<OT>: dudes believe me the key of this is having 0 ego
<a>: we were just giving kudos
<a>: internally :)
<OT>: lol
<alex>: eh
<alex>: ofc
<gibnut>: no names please. my handle is hot :)
So there you have it: hackers at work. It is mundane, quintessential teamwork, but also awesome and hilarious, at least for those involved. I only quoted from two channels, but the work transpired across four different groups—maybe even more, and also likely on a collaborative writing pad where the press releases were written. And keep in mind that the public OpTunisia channels, #propaganda and #command, were doing something, whatever that might have been, at the same time. Many Anons were corodinating through private messaging as well.
In short, there were so many tentacles that the idea of a leader calling the shots is laughable: not a hive (as Anonymous sometimes calls itself), not a structureless mass, nor a structured hierarchy either—but some modality of all the above.
As we have seen clearly, individuals can stand out among the rest for their abilities in any particular situation. In OpTunisia, K-rad was one of these standouts. But over time, individual contributions bleed into each other, and the individual is submerged. However, keeping this in mind, we can nonetheless see the value of viewing Anonymous from the opposite perspective: singling out a participant, and his or her important hack, for the purposes of upending another persistent misconception. By showcasing tflow’s work on OpTunisia, and considering it alongside that of Adnon and Amamou, it will become apparent that the stereotype of the typical Anonymous participant—white, middle class, libertarian, and politically naive—is nowhere close to reality.
tflow (featured above under a different pseudonym) is a talented programmer who joined Anonymous in the fall of 2010 and founded #internetfeds as the secret hacking wing of AnonOps. For much of the autumn, tflow was #internetfeds’ keymaster, testing and vetting invited hackers with three technical questions. One of AnonOps’ more prolific technical contributors, tflow had the clever idea to write an anti-phishing script during OpTunisia. Phishing is essentially any method that is used to acquire personal and private details—usually login and password combinations or credit card information—by pretending to be something or someone trustworthy. A common technique is to send forged emails that appear to be coming from the targets’ email provider’s help desk, or from their bank, urgently asking you to reply with your username and password before your account is closed. A more sophisticated version contains a link which, when clicked, installs a keylogger or other type of malware. People fall for phishing attacks at an alarming rate—making it a particularly lucrative technique. One computer science study of the technique concluded: “Experiments show a success rate of over 70 percent for phishing attacks on social networks.”19 So it is unsurprising that the Ben Ali regime was using a phishing scam, involving a malicious script, to plunder the usernames and passwords to the social media accounts of Tunisian activists. tflow’s idea was to come up with an antidote, a “remove Tunisian government phishing script.”
tflow’s script is a quintessential example of an “artful hack”—given an elegant definition by Jude Milhon, better known by her handle, St. Jude, she once said: “Hacking is the clever circumvention of imposed limits, whether imposed by your government, your IP server, your own personality.”20 tflow’s hack was not technically sophisticated; he wrote the code in less than ten minutes and could have done so in thirty seconds had he been more familiar with the underlying technology. It was clever simply because it identified a need and it worked.
Before he could even whip up the short program, he first had to get his hands on the offending script. To do so, he had to find a Tunisian willing to give him remote computer access using a piece of software called TeamViewer. In early January, he reached out to a Tunisian activist (with the exception of tflow, everyone’s pseudonym has been changed):
<tflow>: anont
<anont>: tflow, yes
<tflow>: anont, are you in tunisia?
<anont>: tflow, yes
<tflow>: can you come on teamviewer so we can locate the ip address the phishing scripts are running on so we can hax them? :]
Of course, anontunisia asked the obvious question:
<anont>: tflow, how can I trust you ?
<shaka>: tflow is very trustworthy
<oggle>: tflow is a trusted member
<Aa>: anont, I think various people can vouch for tflow and I’ll be one of them.
Since trust is really often just a matter of faith, tflow offered the soundest advice (and one person resorted to a dumb and offensive “joke”):
<tflow>: anont, you can see everything i’m doing on your screen, if you don’t like it you can exit
<shaka>: tflow is old skool payback from the start
<k02>: trust tflow always after rape you he gives you candy!
anont responded:
<anont>: A, tflow, shaka, OK. pm me
tflow was now able to write the script. It, quite simply, changed the functions in the government script so that they did nothing. A day later, after the script had been written, thrown online, and was in the process of being downloaded by the thousands, tflow and anont convened again in private:
<tflow>: hey
<tflow>: still here?
<anont>: yes
<tflow>: come on teamviewer
<tflow>: i want to see if the script works
[…]
<anont>: good work! well done
<anont>: :)
[…]
<anont>: hey
<anont>: I have news
<tflow>: hey
<anont>: the aljazeera reporter will investigate phishing with fb, google & co
<tflow>: nice
<tflow>: there is also an article about it here http://www.thetech herald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-and-passwords explains it well
<anont>: yes
<anont>: i sent to several media last night
<tflow>: nice
<anont>: i’m a reporter myself :)
<tflow>: did you also send the anti-phishing script?
<tflow>: ah
<anont>: yes
<anont>: don’t worry
<anont>: i’m anonymous too :D
anont, a journalist, remains anonymous, but I had the fortune of eventually meeting tflow in London during July of 2013, two years after, nearly to the day, his arrest by the British Metropolitan Police. tflow pled guilty to one count of computer misuse, admitting to conspiring to hack numerous British and international organizations, including the Serious Organised Crime Agency, 20th Century Fox, and News International. Since he was a minor when caught, he got off with a light sentence of community service. It consisted, as he told me in an interview, of “tagging clothes that people donated with price tags, putting them out on the shopfloor, and redesigning the shop window displays.”
I had not spent a whole lot of time talking to tflow, certainly not privately. His name was a constant fixture on my screen and on occasion we chatted, usually as part of a group conversation. Usually engaged in a mix of technical or philosophical conversations, he was eloquent and sharp as a tack. He could be a smart-ass, but not in a cruel way, and it was often in the service of a broader insight. Take, for instance, the following conversation from March 2011, on an IRC channel for journalists called “#reporter.” A journalist had just logged in for the first time and asked:
<reporter799>: how does this work?
<reporter799>: I’m very new to this
<tflow>: magic
<tflow>: witchcraft
<reporter799>: haha
<reporter799>: so, when you give interviews, how exactly does that work?
<Token>: Ask a question, somebody will ans
<reporter799>: just, in general on this forum?
<tflow>: well, the laws of physics will perform chemical reactions in your brain to decide a question, then will move the muscles in your arms to push keys to represent your question. then upon pressing the enter key, it will be transmitted through the tubes
<tflow>: yeah.. you can just ask a question here
<Token>: lol tflow
<reporter799>: and just cite it as “Anonymous Group Member”?
<tflow>: most of us here have been involved in anonymous operations
<reporter799>: that’s encouraging
[…]
<tflow>: what publication/news do you work for?
<reporter799>: free lance
<reporter799>: I write for [X] and have my own blog
<reporter799>: I’ll send you a link
[she sends it]
<tflow>: alright
<reporter799>: So, I guess I can start asking now?
<tflow>: not sure how a dating blog is relevant to this subject though :P
Though he was often around, it was difficult to geographically place him. He was obviously a native English speaker, but that didn’t narrow things down much. It never crossed my mind that he, like Adnon, might be a teenager. When he was arrested on July 19, 2011, and revealed to be a sixteen-year-old, shock rippled through AnonOps. People were surprised because his fellow hackers considered him to be one of the smartest of the crew; teamwork does not preclude the assessment of capacities and skills.
Since tflow was a minor at the time of his arrest, authorities could not release his name, only his age. I am ashamed to admit that when I found out he was British and sixteen, a picture immediately popped into my mind. It was not as off as the “nihilists, anarchists, activists, LulzSec, Anonymous, twentysomethings who haven’t talked to the opposite sex in five or six years,” described by Michael Haydn, the ex-director of the CIA and NSA, in reference to those who would come to support Edward Snowden.21 What did come to mind was a pale waif whose wealthy parents thoughtlessly shipped him off to boarding school at a tender age.
As it turned out, once he was eighteen, tflow was revealed to be Mustafa Al-Bassam, and pictures confirmed that he was not pasty white. He moved to London from Iraq with his family when he was six years old, fleeing Saddam Hussein. His father is a doctor—a general practitioner—so they are financially middle class. But they live in a poor, immigrant-heavy neighborhood in South London, and have more of a working-class lifestyle; his parents, like many immigrant families, save instead of spend. When I prodded him about his background, he explained, somewhat uncomfortably: “We live in the bottom 1 percent areas in the UK, economically and socially.”
My first meeting with him, in London, was—unlike my first meeting with Adnon—tense and awkward, since we did not have hundreds of hours of chatting to connect us. The disconnect was likely magnified by the fact he had been out of the scene for a while—he had been banned from the Internet for two years. Thankfully, the sun streaming in through the skylight—the UK was undergoing a rare sunny spell—helped soften the mood.
We continued our conversation online. A recurring topic was the morality of the law, unsurprising given his personal experiences with the justice system. One day we discussed another young hacker, Aaron Swartz, ensnared by the American legal system. (Swartz was a cofounder of reddit, one of the most popular sites online.) Swartz, at the age of twenty-five, was facing decades in prison—thirty-five years—and up to $1 million in fines for downloading a cache of academic journal articles from JSTOR, the scholarly archive available to anybody on MIT’s network.
Had he been found guilty, it is unlikely he would have been jailed for that long. But the number of charges and the potential years in jail were used by prosecutors to leverage him into a plea bargain and accept a felony charge. What is even more remarkable is that he did not “hack” JSTOR’s website at all; nor was JSTOR even pursuing charges. Sure, MIT had to expend some resources over the affair, but it was not in any way seriously harmed. The main prosecutor, Stephen Heymann, nevertheless had the audacity to compare “the Internet pioneer to a rapist and suggested he had ‘systematically revictimized’ MIT by not taking a plea bargain,” as Ryan Reily of the Huffington Post put it.22
Perhaps he could have been found guilty of trespassing—he stashed a computer in a closet on campus and connected it directly to the MIT system. On a few occasions, the MIT network administrators had booted him from the network, certainly trying to prevent him from downloading more than a certain number of articles. But even if some of his actions were illegal or broke rules, from a moral standpoint one could say that the downloading of academic articles, many of them researched and written using tax dollars, was wholly undeserving of a thirty-five-year sentence and a felony charge—not to mention an expensive trial also paid for by taxpayers. Swartz, forlorn and overwhelmed by the prosecution, ended his life on January 6, 2013.
One day, while chatting to Al-Bassam about the case, I mentioned an article written by a professor, Hal Abelson, who had chaired a committee investigating MIT’s role in the affair. Abelson absolved MIT and described Swartz as “dangerously naive about the reality of exercising [his technical] power, to the extent that he destroyed himself.”23 Appalled, I responded on a popular techblog: “The true naivety here was Abelson’s. His failure to attribute any blame to the unfair, aggressive and excessive federal prosecution, instead characterizing it merely as ‘vigorous,’ was as appalling as using a descriptive word that one should reserve for a workout.”24 Al-Bassam replied: “‘Dangerously naive about the reality of exercising power, to the extent that he destroyed himself’ is a statement that should be applied to the prosecution, not Aaron Swartz.”
Al-Bassam—tflow—had experienced firsthand the force of the law knocking at his door, and did so after months of engagement in direct action for causes he believed in. It is not surprising that youthful sensibilities are the source of so much creative political energy. Such energy can be harder to sustain as one’s idealism bumps up against the horrific realities of the problems plaguing our world, coinciding with the saddling of more and more day-to-day responsibilities. But if youthful idealism makes someone proceed in attempts to tackle the enormity of our problems, then we need more, not less, youthful “naïveté.”
Adnon, tflow, and Slim are three Anonymous activists. Anonymous is not the white, middle-class, American boys’ club of everyone’s default imagination. Hard numbers are impossible to come by, but those Anons I have met and those unmasked by arrests are a motley bunch (incidentally, motley refers to trickster clothing, the court jester’s multicolored smock). If, in addition to these three men, we consider the cohort of hackers Al-Bassam worked with in #internefeds (and later, LulzSec) now known due to arrests, the heterogeneity becomes more pronounced. Among their ranks was a Puerto Rican living in towering public housing project of New York (he was also an occasional drug dealer and a foster father to his nieces); two Irish chemistry students, one whose radical political views were influenced by a father who was a member of the Irish Republican Army who had been jailed for six years; a Scotsman, who for much of his time in Anonymous lived on the remote Isle of Yell; and a twenty-five-year-old man, Kayla, who served in the British military in Iraq and performed a female gender online.
Something about the pseudonymous environment likely helped cultivate this cosmopolitanism. By cloaking markers of the self, like ethnicity, class, and age, all sorts of different possibilities are opened up. Studies confirm that we tend to seek those who are familiar (or similar to us)—and fellowship via shared identity is nothing to scoff at, nor eliminate.25 Nevertheless, it is also important to create and experiment with spaces that mute markers of class, age, and background to help form connections that might not otherwise be made. In a way, it could be that self-defined membership in Anonymous itself becomes enough of a shared identity to foster these connections.
While we can showcase surprising examples of diversity within Anonymous, this is not to say that heterogeneity is not notably lacking. Particularly when it comes to gender: Although Anonymous boasted key female participants and organizers (like darr, featured earlier in this book, and a feisty activist named Mercedes Haefer whose actions will soon be examined in depth), the only “femanon” hacker in LulzSec turned out to be a guy passing himself off as one—Kayla.
Anonymous mirrors the structural inequities prevalent across the computer science world. While most of the STEM (Science, Technology, Engineering, and Math) fields have narrowed the gender gap, computer science is not one of them. Indeed, peak equity in college enrollment occurred more than twenty years ago when 37 percent of undergraduate computer science degrees awarded in 1985 went to women. Today the number hovers around 20 percent.26 And while numbers are harder to harvest for the hacking scene (given the informal nature of many associations), all indicators point to even lower rates of inclusion.27 In certain sectors, such as free and open-source software, many projects have responded with initiatives to increase diversity.28 But among law-breaking hackers, the only females I have met or heard about are those who have switched genders, which is actually—and perhaps, for many, surprisingly—more common than one might imagine. (Conversely, it bears noting that—whatever the reason—females are more common among trolling communities.) Even though there are no formal studies on gender and the hacker underground, the low numbers are likely the combined result of structural forces, the legal riskiness of the activity, and the insular, braggodocious boys’ club mentality within the established community.29 Occasionally, hearing constant belittling of female contributions from certain Anons, I would find myself wondering, “Is this sexism or just trolling?” knowing full well that the distinction is rarely clear-cut.
Being specific about diversity and gender dynamics allows for more interesting questions to be posed: Why, for instance, are gender benders, queer hackers, and female trolls common and openly accepted categories, but female participation in technical circles remains low? Some identities become accepted while others continue to be viewed with skepticism.
Dismantling the stereotypes also allows a greater appreciation of the motivations held by many of these participants. We may disagree with the tactics—hacking, DDoSing, doxing—but we should distinguish these tools and their significance from the composition of Anonymous itself. Time and again I witnessed participants acting with political conviction, and it is likely some of them were political newcomers.
This becomes entirely lost if we understand Anonymous through the gross fetish of stereotypes. Many journalists who have interviewed me as an “expert academic” ask, in some form or another, about “the kind of person who seems to get into Anonymous.” Though it is not the answer anyone wants to hear, I often say that there is no kind—except, again, that many tend to be geeks and hackers. Those who identify as being part of the Internet are diverse in background, interests, and political sensibility. But behind the question, the asker likely has something in mind: socially alienated, white, angry, libertarian, American youth. And if we assume the default hacker and geek is generally male, middle-class, libertarian, and white, then it is much easier to treat a hacker’s political interventions as juvenile and suspect—arising from a baseline of teenage angst, instead of the desire for politically conscientious action.
