Some basic features of the political culture emerging out of anonymity are neither new nor difficult to grasp. Consider the anonymous leak that revealed COINTELPRO, a systematic and illegal spying program leveled against the American population. One Pennsylvanian night in 1971, a group calling itself the “Citizens’ Commission to Investigate the FBI” forced its way into an FBI field office with a crowbar. As millions of Americans tuned into their radios to listen to Muhammad Ali square off with Joe Frazier in an epic fifteen-round boxing match, the activists emptied file cabinets of more than one thousand documents. Those on the subject of political surveillance were leaked to the media and published in the March 1972 issue of WIN Magazine, a journal of the War Resisters League, and COINTELPRO was revealed to the public for the first time. The program was initiated in 1956 by FBI director J. Edgar Hoover, and operated successfully until 1971.
COINTELPRO’s mandate was initially narrow: to disrupt the internal operations of the Communist Party USA, which Hoover believed to be under the direct influence of Russian infiltrators. Very quickly, its scope expanded to include the disruption of home-grown political activism of all varieties, including radical, conservative, and even moderate liberal efforts. One stated goal was to
prevent the rise of a “messiah” who could unify, and electrify, the militant black nationalist movement. Malcolm X might have been such a “messiah”; he is the martyr of the movement today. Martin Luther King, Stokely Carmichael, and Elijah Muhammed all aspire to this position … King could be a very real contender for this position should he abandon his supposed “obedience” to “white, liberal doctrines” (nonviolence) and embrace black nationalism.1
And, indeed, the documents provide clear evidence of the elaborate steps the FBI took to monitor King in particular. The illegal surveillance lasted for years, starting in the late ’50s when the program was first authorized by Hoover. When King delivered his “I Have a Dream” speech at the March on Washington on August 28, 1963, William Cornelius Sullivan, associate director of the FBI, wrote to Hoover, “We must mark [King] now, if we have not done so before, as the most dangerous Negro of the future in this Nation from the standpoint of Communism, the Negro and national security.” King was considered “an unprincipled man” who had a “weakness in his character.” Sullivan wrote, “We will at the proper time when it can be done without embarrassment to the Bureau, expose King as an immoral opportunist who is not a sincere person but is exploiting the racial situation for personal gain.” Soon after King was named “Man of the Year” by Time magazine, the FBI was illegally authorized to bug his hotel room; “trespass is involved,” they wrote. The resulting transcripts were presented to Hoover, who responded, “They will destroy the burrhead.” The bugs captured evidence of King’s marital infidelity, which excited Sullivan and Hoover, since the recordings could be used to destroy the “animal.”2 An excerpt from the FBI letter sent to blackmail King evinces the ugly historical truth that the US government terrorized one of the nation’s most revered and peaceful civil rights crusaders:
King, there is only one thing left for you to do. You know what it is. You have just 34 days in which to do it (this exact number has been selected for a specific reason, it has definite practical significance). You are done. There is but one way out for you. You better take it before your filthy, abnormal fraudulent self is bared to the nation.3
The government similarly targeted many other groups: Students for a Democratic Society, white supremacists, branches of the feminist movement, the radical Puerto Rican independence movement, and countless anti–Vietnam War associations. Their aggressive and multi-pronged methods included predatory infiltration strategies with the purpose of sabotage: sustained, planned, and organized disruption of political movements so as to stamp them out of existence. They seeded misinformation, blackmailed activists, took them to court over tax mishaps, and sometimes even resorted to direct physical violence. Government agents’ reckless mandates saw them feed the media false stories and forge correspondences in the name of targeted groups. Some of the most lasting damage came from agents planted in movements so deeply that their disruptions completely eroded the kernels of trust these groups were built upon. COINTELPRO agents fostered a climate of fear and demoralization, draining the vitality of what had been legitimate and deep reservoirs of political activity.
After the Citizens’ leaks hit the press, other interventions followed, including the release of COINTELPRO documents obtained through a Freedom of Information Act request; NBC reporter Carl Stern used these documents as the basis for his award-winning reportage on the subject. Once the full extent of 1973/1974 COINTELPRO’S tampering with legitimate, legal, and even quite ordinary political dissent became known, the public was outraged. In the chambers of the US government a small group of senators formed the Church Committee in 1975. After investigation, their conclusion was unambiguous and resolute in indicting the program: “Many of the techniques used would be intolerable in a democratic society even if all of the targets had been involved in violent activity, but COINTELPRO went far beyond that … The Bureau conducted a sophisticated vigilante operation” (emphasis my own).4 Numerous reforms followed, including limiting the FBI directorship to a single ten-year term.
Soon after acquiring the files, the Citizens’ Commission sent the leaks to the press along with a communiqué, which they wanted published in all news stories covering the FBI documents. The communiqué explained their motives and goals:
We wish to make these documents more widely available so that they can be used effectively by all who are working for a more peaceful, just, and open society. Our purpose is not just to correct the more gross violations of constitutional rights by the FBI within the framework of its present goals and organization. Nor is it to attack personally individual informers, agents, or administrators. It is instead to contribute to the movement for fundamental constructive change in our society, for as we said in our initial statement, “as long as great economic and political power remains concentrated in the hands of small cliques not subject to democratic control and scrutiny, then repression, intimidation, and entrapment are to be expected.”5
While their intentions were made public, the members themselves remained anonymous until January 2014, when a few individuals stepped forward.6 To expose toxic tactics, these activists broke the law and utilized anonymity to shield themselves from consequences. This dramatic exposé did not happen online; there were no Guy Fawkes masks, no boxes were popped, no mail spools Pastebinned, and WikiLeaks played no role. But the concept was the same: cloak identity for protection and to deflect attention away from the messengers, and get the incriminating word out. Had it not been for the Citizens’ Commission to Investigate the FBI stealing documents tucked away in file cabinets and desk drawers, COINTELPRO might have remained in operation, leaving an even more sickening trail of destruction in its wake.
Let’s fast forward to February 5, 2011, when Anonymous uncovered a corporate plot devised by Washington, DC–based security firm HBGary Federal to spy on and disrupt WikiLeaks. Given the digital nature of contemporary documents, there is no longer a need to leave the comfort of one’s home, much less break into some office space, to access secret documents. Working together on IRC, Anonymous hackers penetrated the HBGary computer system and downloaded seventy thousand company emails, along with other files that included a PowerPoint presentation entitled “The WikiLeaks Threat.” The tactics suggested therein are strikingly similar to those practiced and perfected during COINTELPRO. The presentation outlines a set of strategies the firm claimed could be “deployed tomorrow”:
| Palantir | Potential Proactive Tactics |
|
•Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error. •Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. •Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward. •Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates. •Search for leaks. Use social media to profile and identify risky behavior of employees. |
|
They also proposed to identify and intimidate WikiLeaks donors and smear the reputation of supporters and journalists like Glenn Greenwald. They explained that these people were “established professionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause, such is the mentality of most business professionals.”
Although Anonymous did illegally compromise the servers to steal these docs, it is likely that the actions proposed in the PowerPoint presentation, had they been carried out, would have seen the breaking of even more laws. As Glenn Greenwald explains: “Manufacturing and submitting fake documents with the intent they be published likely constitutes forgery and fraud. Threatening the careers of journalists and activists in order to force them to be silent is possibly extortion … Attacking WikiLeaks’ computer infrastructure in an attempt to compromise their sources undoubtedly violates numerous cyber laws.”7
While “The WikiLeaks Threat” presentation is similar in spirit to COINTELPRO, there are numerous important differences. HBGary is not a government intelligence agency—it is a corporate firm that had concocted a plan for corporate clients. HBGary Federal, working with two other security companies, Palantir Technologies and Berico Technologies, was pitching the WikiLeaks sabotage proposal to Bank of America through their legal representatives at the Hunton and Williams law firm. Palantir and Berico, working together under the name Team Themis (a reference to the ancient Greek Titaness of divine order and justice), were hoping such pitches would result in a lucrative contract. Assange had announced on November 29, 2010, that he held documents revealing an “ecosystem of corruption [that] could take down a bank or two,” and Bank of America had reason to believe that it was one of these banks. According to the New York Times, the bank set to work, “scouring thousands of documents in the event that they become public” and hiring outside security and law firms “to help manage the review.”8 Since Bank of America was not named directly by Assange, its reaction had the interesting effect of drawing attention to itself.
In the aftermath of the HBGary document leaks, Bank of America denied knowledge of the Team Themis proposal, describing it as “abhorrent,” even though it was certainly intended for the eyes of one of its legal teams (Hunton and Williams never commented on the matter).9 Ultimately, the Team Themis scheme was never carried out—as a result, perhaps, of the leak itself; such a scheme relied on illegal tactics and could only be carried out if there was plausible deniability to protect those involved from backlash.
Beyond any possible direct disruption, the content of the corporate emails themselves provided Anonymous and others interested in corporate security practices with a great deal of insight. Corporate espionage and sabotage leveled against workers, nonprofits, and activists is nothing new. Henry Ford relied on an internal security unit headed by Harry Bennett to intimidate workers attempting to unionize. A private security firm called the Pinkertons, established in 1850 and still in service today, gained notoriety for infiltrating unions and spying on workers for its corporate clients. In fact, this practice is so common that it has been given a name: “labor spying.” More recently, Walmart has come under fire after accusations of widespread surveillance against “shareholders, critics, suppliers, the board of directors, and employees.”10
Today the private surveillance industry is a more profitable, wide-ranging, and robust sector than ever before—boasting close ties to three-letter government agencies (indeed, many contractors employ government- and military-trained operatives). A 2013 report entitled Spooky Business, written by the Center for Corporate Policy, a nonprofit seeking to check corporate abuse, enumerates over a dozen examples of corporate-led spying and infiltration—many using standard COINTELPRO-style tactics—directed at antiwar, environmental, food safety, animal rights, and gun control groups, among others. To take one example, the environmental group Greenpeace has been subject to numerous illegal infiltrations—Électricité de France, for instance, employed a firm to hack Greenpeace France in 2006 and was fined 1.5 million euros when the action was revealed.11
The report conveys the disturbing crux of the contemporary problem of corporate infiltration as follows: “The corporate capacity for espionage has skyrocketed in recent years … These current and former government employees, and current government contractors, do their spying against nonprofits with little regulation or oversight, and apparently with near impunity.”12
HBGary’s specialized services, which offered “sophisticated” spy operations, was but a small player in a vast industry. However, a team of tech-savvy journalists at Ars Technica, after carefully sifting through the emails procured by Anonymous and writing a dozen in-depth accounts (later compiled into a book), ultimately concluded that the “WikiLeaks Threat attack capability wasn’t mere bluster.” HBGary was on the forefront of these types of services, having developed effective anti-malware software and custom trojans, rootkits, and spyware which facilitated unauthorized access into computer systems. HBGary had also stashed away a bundle of zero-day exploits—those vulnerabilities that have not been publicly disclosed—for future use, thus ensuring direct access to untold numbers of networks, computers, and emails. According to the leaked documents, HBGary provided a cache of these zero-days, code-named Juicy Fruit, to a subdivision of military contractor Northrop Grumman called Xetron.13
Public information about this market in zero-days was nearly nonexistent until a series of investigative reports filed between 2012 and 2014 revealed it as a thriving industry. According to the New York Times, these exploits can sell from $35,000 to $160,000 a piece. Governments pay the highest prices, ensuring significant control of the vulnerabilities. The US government, in particular, is considered a leading client.14 Exploits can be used defensively, but it is increasingly clear they are often “weaponized and deployed aggressively for everything from government spying and corporate espionage to flat-out fraud,” as technology journalist Ryan Gallagher has pointed out.15
While publicly available information about these practices is slowly growing, our understanding is still incomplete and fragmented. This work is mostly done or brokered by corporations with laxer mandates and fewer disclosure obligations than their government counterparts. The HBGary and HBGary Federal emails helped fill in the gaps, providing a reminder of “how much of this work is carried out privately and beyond the control of government agencies,” as Nate Anderson concluded.16
It is important to note that those who exhumed this information were not, unlike the Citizens’ Commission that uncovered COINTELPRO, looking for anything in particular. The accidental nature of these contemporary discoveries is not unique to Anonymous. According to Spooky Business, most of what we know about corporate spying has “been uncovered by accident, arising from brilliant strokes of luck.”17 However, we might suggest that it was not luck at all, but instead a welcome public good provided by the insatiable, boundless curiosity of hacking—albeit spurred by external circumstances. The HBGary emails, for instance, were procured through the handiwork of hackers hell-bent on simple revenge.
A week before his company was targeted by ruinous attacks, the founder and CEO of HBGary, Greg Hoglund, praised his team in a series of emails. After giving some instructions pertaining to the surveillance of a malware author, Hoglund ends with a final boast:
Team,
Good work. Check out this site http://www.freelancesecurity. com/ and find an investigator who can perform surveillance and a positive ID on this person. I spoke with Penny and she indicated she *might* be willing to support you guys hiring out boots on the ground to get eyes on target. I would expect some photos, place of work, home, maybe some associates. The site I mentioned is only one—there are a few others. If we can get that level of information then we really are the private CIA lol. 18
Though Hoglund envisioned his company as a sharper, meaner, and leaner replacement for law enforcement and intelligence agencies, in practice HBGary was mostly in the business of developing anti-malware software and rootkits—stealthy software tools that allow a user to access a computer system undetected. But Aaron Barr, CEO of the subsidiary HBGary Federal, which was created by HBGary to land lucrative government contracts, wanted to branch out into the field of intelligence gathering. This was evident in the cocky title of a talk slated for mid-February 2011 (but cancelled due to the events in question) at a popular security conference in San Francisco: “Who Needs NSA When We Have Social Media?”
Barr culled the data for his presentation by “infiltrating” Anonymous. His method? For much of January, using the handle CogAnon, he hung out on the AnonOps IRC channels and correlated activity between the IRC channels and social media. On IRC he would watch for someone posting a link, and then he would turn to Twitter to see if the same link or topic would appear at the same time, before deducing that the IRC alias and Twitter profile were attached to the same person. By the end of the month he had a list of nicknames, real names, Twitter accounts, and locations of individuals he claimed were the major Anonymous players. According to the leaked emails, Barr’s aim was to expose key operatives:
From: Aaron Barr
Subject: Focus of presentation
To: Mark Trynor, Ted Vera
Date: Wed, 19 Jan 2011 12:14:26 -0500
ok so I am giving a social media talk @ BSIDES SF next month. I am going to focus on outing the major players of the anonymous group I think. Afterall—no secrets right? :) We will see how far I get. I may focus on NSA a bit to just so I can give all those freespeech nutjobs something. I just called people advocating freespeech, nutjobs—I threw up in my mouth a little. Man I find myself in a weird position.
In another email he insists to a programmer colleague—who repeatedly questioned the reliability of Barr’s conclusions—that “I will sell it,” referring to his docket of identities.19 (Eventually the coder was so concerned about Barr that he wrote an email on February 5 with a prescient warning: “I feel his arrogance is catching up to him again and that has never ended well … for any of us.”)
Barr, on the other hand, thought his operation was going swimmingly. So how did Anonymous get wind of Barr’s infiltration in the first place? Unbelievably, Barr handed the information to them on a silver platter by going public with his project. HBGary’s PR department offered Joseph Menn of the Financial Times a story about Barr’s upcoming talk. As Menn explained to me, he “respected the work of the affiliated HBGary proper,” and “because Anonymous’s structure and traceability was a topic of serious interest,” he decided to move forward with immediate publication. On February 4, 2011, Anons woke up to these lines: “An international investigation into cyberactivists who attacked businesses hostile to WikiLeaks is likely to yield arrests of senior members of the group after they left clues to their real identities on Facebook and in other electronic communications, it is claimed.” The article also featured nicknames and conjectures as to where these participants resided, which turned out to be off the mark:
A senior US member of Anonymous, using the online nickname Owen and evidently living in New York, appears to be one of those targeted in recent legal investigations, according to online communications uncovered by a private security researcher … Mr Barr said Q and other key figures lived in California and that the hierarchy was fairly clear, with other senior members in the UK, Germany, Netherlands, Italy and Australia.20
While Owen and q (lowercase) were prominent figures, Owen lived in Toledo, Ohio, and q resided, more accurately, on the European continent.
A feature story in a respected publication is a precious commodity. If HBGary Federal was really badass enough to identify the movers and shakers behind Anonymous—before even the FBI—corporate executives would, with good reason, be falling over themselves to employ them. The firm’s finances were on the rocks; a lucrative contract with Hunton and Williams would mark a change of fortune.21 HBGary crowed about the seemingly guaranteed meal ticket in internal exchanges:
From: Aaron Barr
To: Karen Burke, Greg Hoglund, Penny Leavy, Ted Vera
Subject: Story is really taking shape
Date: 2011-02-05
http://www.ft.com/cms/s/0/87dc140e-3099-11e0-9de3-00144feabdc0.html
--------------------------------------
From: Greg Hoglund
To: Aaron Barr
Cc: Karen Burke, Penny Leavy, Ted Vera
Subject: Re: Story is really taking shape
We should post this on front page, throw out some tweets.
“HBGary Federal sets a new bar as private intelligence agency.”—the pun on bar is intended lol.
—G
They were getting all the attention they wanted—only the good kind, it seemed at first. The FBI contacted HBGary Federal the same day the story came out, requesting a meeting for the following Monday morning at 11 am. But as comedian Stephen Colbert memorably put it: “Anonymous is a hornet’s nest, and Barr said, ‘I’m going to stick my penis in that thing.’”
Upon reading the Financial Times article, hackers who had just completed the team-building exercise of “pwning” Middle Eastern governments were ready to rumble. The article contained given names for many Anons—and after the recent spate of Anonymous arrests in the UK and warrants in the US, the matter was perceived as urgent. Sabu was the first to suggest an attack, spurred in part by his deep-seated hostility for white hat hackers and a security industry he regarded as peddling snake oil: subpar security software. At first, some but not all were on board. tflow later recounted:
<tflow>: i wasn’t initially [behind his idea], i thought it was a waste of time and feeding the trolls
<tflow>: but then a few minutes later Sabu found a sqli vuln on the hbgaryfederal.com site
<biella>: and the rest is history
<tflow>: yea
With a vulnerability too good to resist, the crew was all on board, entering the HBGary systems right on the heels of the Financial Times article. They downloaded scores of HBGary and HBGary Federal emails, deleted untold numbers of files and their backups, and, it is purported, wiped the data on Barr’s iPhone and iPad. One of the first emails they came across featured a PDF containing the unfiltered data Barr had gathered on Anonymous. They quickly noticed innumerable mistakes. Many of the named individuals had done nothing illegal. Perhaps the most glaring problem was his ignorance of the key operatives behind this very hack—tflow, Topiary, Avunit, Kayla, and Sabu. Deep infiltration was unnecessary to ascertain the existence of many of these participants, like Topiary and tflow—publicly known and prominent members who spent time on open IRC channels, notably #reporter and #lounge.
Using security scanning software designed to look for known vulnerabilities, the hackers probed HBGary’s website and quickly found a vulnerability in the custom-made CMS (content management system). Peter Bright, a reporter from Ars Technica who conducted a thorough accounting of the technical details relating to the hack, wrote that “In fact, [the HBGary system] had what can only be described as a pretty gaping bug in it.”22 Once inside, they rummaged around and found encrypted passwords. The encryption was too strong to crack on their own, but by utilizing the brute force of a pool of GPUs (graphics processing units) they were able to crack the hashes in a number of hours.
One of the passwords, “kibafo33,” granted access to Barr’s Gmail-hosted email account. There the Anons saw the jubilant internal HBGary email exchanges. Naturally, the hackers tried the password on all of Barr’s social media accounts and found that he violated the first rule of informational security: never use the same password across platforms. The team could now commandeer all of Barr’s social media accounts for lulz and worse. Getting in was just the beginning.
It was Super Bowl Sunday, February 6, 2011. Millions of Americans were glued to the tube watching overgrown bulky men pounce on each other for the purpose of kicking a ball through two goal posts. Aaron Barr might well have been one of those Americans, but any such plans were overshadowed; he had been brutally hacked. His Twitter account, hijacked, spewed forth the most abject racist and degrading statements possible in 140 characters, along with his social security number and home address. Countless unflattering photo-shopped images of Barr were circulated. His emails, including personal ones replete with embarrassing details of marital troubles, were posted on the Pirate Bay.
In the midst of it all, he logged onto the AnonOps IRC server and was invited to a dedicated #ophbgary channel. Barr accepted:
CogAnon (~CogAnon@an-33E99D21.dc.dc.cox.net) has joined #ophbgary
<q>: Ohai CogAnon
<tflow>: Hello, Mr. Barr.
<Topiary>: Mr. Barr and his infiltration of Anonymous; “Now they’re threatening us directly”, amirite?
<tflow>: I apologize for what’s about to happen to you and your company.
<q>: Enjoying the Superbowl, I hope?
<CogAnon>: high one sec. please
<tflow>: I really do, Mr. Barr.
<tflow>: You have no idea what’s coming next.
<Topiary>: tflow, How are things going with that, anyway?
<Topiary>: CogAnon is clearly super 1337 with his PM psyops skills in the Washington area
<CogAnon>: ok…sure I figured something like this might happen.
<Topiary>: CogAnon, nah, you won’t like what’s coming next
<tflow>: CogAnon, can you guess what’s coming next?
<Topiary>: Ooh, a fun game - guess!
<CogAnon>: dude…you just don’t get it. it was research on social media vulnerabilities…I was never going to release the names…
<Sabu>: LIAR
This brief visit on Sunday, February 6, was the preamble to a more epic conversation that would take place later that same day. The chat that followed has become one of the most viewed IRC logs in history. IRC represents a zone of freedom and autonomy on an Internet dominated by private interests. When you gather dozens, sometimes hundreds, of people together and give them license to say whatever they want as whoever they claim to be, it is only natural that humor, wit, drama, and some chaos will follow. If the world’s a stage—and all the geeks, hackers, and sleazy InfoSec hacks are merely players—then what does that make the Internet? A play within a play, written in real time, with each player contributing line by line? They have their exits and their entrances but nothing is known in advance. The output even looks like a screenplay. The difference is that it is populist, participatory, and improvisational in character with real-world stakes and implications.
The play we are about to watch owes its existence in part to Barrett Brown. Late Sunday evening he bought good tidings in #ophbgary—a channel whose purpose was to discuss and celebrate the hack:
<Laurelai>: BarrettBrown, you here?
<BarrettBrown>: I’m on the phone with president of HBGary
<Sneux>: lol
Sabu pitched the following suggestion:
<Sabu>: BarrettBrown, ask PENNY to come here and speak.
At this point, it was public knowledge that Anonymous had been on a hacking spree against HBGary Federal and HBGary. Sabu’s suggestion seemed like a taunt, not a real request. After all that had unfolded, it didn’t seem plausible that Penny Leavy, the president of HBGary, would plunge into the epicenter of the rat’s nest currently at work clawing her company apart. But that is exactly what she did. Sabu initiated the exchange by reminding her of the uncomfortable facts:
<Sabu>: penny. before we get started—know that we have all [seen] email communication between you and everyone in hbgary. so my first question would be why would you allow aaron to sell such garbage under your company name?
<ComradeBush>: jesus cristo
<Sabu>: Penny, did you also know that aaron was peddling fake/ wrong/false information leading to the potential arrest of innocent people[?]
She rose to Aaron Barr’s defense:
<Penny>: I did know he was doing research on social media and the problem associated with it, the ease of pretending to be one of you
<Penny>: He was never planning on giving it to the gov’t. He was never going to release names, just talk about handles
<Sabu>: Penny, if what you are saying is tr[u]e then why is Aaron meeting with the FBI tomorrow morning at 11am? PLEASE KEEP IN MIND WE HAVE ALL YOUR EMAILS.
<Sabu>: well penny like I said 4 times we have all the emails. theres lots of emails from you promoting aaron’s research so … I’m curious
<heyguise>: im still seeding the emails
<Penny>: I think what he was doign was good, it was informative and it will shed lite on lots of issues associated with social media
According to the leaked emails, there were no plans to reach out to law enforcement, much less sell the data to them. However, recall that Anonymous read an email exchange where Barr had claimed point blank to his programmer, “I will sell.” Anonymous devised an on-the-fly-IRC financial plan of its own, a Robin Hood–esque blackmail proposal:
<Sabu>: penny. we will not target hbgary.com. its done. what you can do is motivate your investment from hbgaryfederal over to bradley mannings defense fund. and distance yourselves from aaron barnetts’ research
<Agamemnon>: Penny … we are under fire in ways you do not understand. Not just the feds … right wing ‘freedom’ fighters trying to take us down … infiltrators have hurt us … Aarons research contains personal information of ppl who never did anything but show up here … please try to understand our rage
Meanwhile, in Brown’s abode, the phone rang. On the other end of the line was none other than Barr. They proceeded to have a courteous eleven-minute exchange (Brown recorded the conversation and subsequently uploaded it online). There was some uncertainty regarding just what it was HBGary intended to do with the data. Barr, whose voice bore no trace of sourness, fear, or even anger, confidently introduced himself: “I am a federal contractor working mostly in the security space.” Anticipating a question about motives, Barr claimed point blank, “I never planned to sell the data to the FBI.” Again, the emails support Barr on this point—there is no evidence that he had contacted the FBI. But he was certainly seeking to profit in some manner by gathering these correlated names and “outing” Anons, as he put it—presumably any number of embattled organizations would be interested in ascertaining the identity of their assailants. Regardless of the eventual outcome, the mere existence of such a file was received as an ominous threat by the Anonymous community at large.
To Brown, Barr presented a very different rationale, claiming his overarching agenda was to demonstrate the weaknesses of social media and expose the hierarchy behind the hive. “There is definitely a structure,” he said. Brown assented to some degree—“I agree a few dozen people set the pace”—but he noted that many of the names were wrong. “I never purported it was 100 percent accurate,” Barr insisted, even in his conversation with the Financial Times. “The reporter writes what he wants to write.” Barr reminded Brown that he was still planning to meet with the FBI the following morning, noting that “It is going to be out of my hands.”
Leaked emails indicate that Barr and his colleagues had, indeed, given great thought—just that day—to the question of releasing the names to the FBI. Ted Vera, the president and COO of HBGary Federal, finished off the chain in favor of withholding:
You could end up accusing a wrong person. Or you could further enrage the group. Or you could be wrong, and it blows up in your face, and HBGary’s face, publicly. The hint of you having their true names is enough. No need to release names publicly. You meet with FBI tomorrow. I doubt they’ll share much, but they may informally or inadvertently vet some of your findings.
Anonymous, on the other hand, had no qualms and released the document listing all the names.
As he had done with Leavy, Brown tried to lure Barr online. “They would like you to come. I will try to keep things productive,” Brown told him. Barr, having already logged on earlier in the day, resisted, and so Brown, in his Texan drawl, switched strategies. “I understand you have had a rough day,” Brown said. “You have been picked on. Again, it was not my doing—though I can’t say I disapproved of it, because we are here to protect ourselves and our interests here.” By the end of the phone conversation, it remained unclear whether Barr was convinced to return for a second round.
Off the phone and back on IRC, Brown, an avid gamer, proclaimed that he was done with “this silliness” and announced his intention to “play some Fallout: New Vegas.” But first, as Anonymous made successive demands, Brown offered a characteristic gesture of empathy toward Leavy:
<Penny>: Thanks everyone it was very nice talking to you. How do I re-connect you?
<Sabu>: penny, can you have greg hop on your computer and talk to us for a few minutes /?
<BarrettBrown>: If it makes you feel any better, I’m an opiate addict and still on Suboxone maintanance
<BarrettBrown>: which I’m ending in a couple days
<Penny>: Hey Sabu thanks for being so nice rough day
<Sabu>: its all good. rough day for us too
As Penny exited the stage, Greg Hoglund entered, physically replacing her at the computer:
Penny is now known as greg
<evilworks>: success
<q>: epic success
<greg>: SOrry guys it was me it was my computer and greg went away
<greg>: he’s back
<Sabu>: ok
<Sabu>: GREG IS THAT YOU
<greg>: yea
Before Anons resumed their interrogation, they paused for a self-congratulatory moment:
<`k>: Greg have you ever heard of ssh keys? [ssh keys referring to encryption technology]
<Sabu>: first off, if you havent read already take a look at http://pastie.org/1535735
<Sabu>: thats how we owned rootkit.com
<evilworks>: oh wow Sabu
<q>: that’s a good one
<q>: :)
<q>: what a security company you are
<Sabu>: is there anything you can do to stop him from using your company name // hbgary ?
There was a noticeable pause as Greg looked at the paste site, where a log of the leak was detailed. He quickly apprehended the full seriousness of the situation:
<greg>: so you got my email spool too then
<Sabu>: yes greg.
<`k>: greg we got everything
<Agamemnon>: Greg, I’m curious to know if you understand what we are about? Do you understand why we do what we do?
“We got everything.” Had this play been staged, Hoglund would have, at this point, probably embarked on a soliloquy bemoaning his fate—or, at minimum, conveyed some degree of facial horror. Hoglund must have realized his options were limited. But if you can’t trick the tricksters, one can always appeal to reason … maybe?
<greg>: you realize that releasing my email spool will cause millions in damages to HBGary?
<c0s>: greg, I do beleive the people around here are very honest when they say they would be happy not to release it. But that they will be basing that decision on what happens with Aaron.
<c0s>: which is why I asked you to possibl[y] explain your ideas on what might be done there.
<c0s>: so they might have an idea of what you can do.
<Sabu>: greg, in essence we want you to distance yourself and company from aaron
<BarrettBrown>: Like I said, great time to donate to Tunisia
<evilworks>: or Bradley manning
<evilworks>: whichever
Would his honest appeal work? With the reappearance of another lead, we are ushered into the play’s final act.
CogAnon entered the room.
<Sabu>: its aaron
<Sabu>: coganon
<Sabu>: thats his SPY NICK
<c0s>: Good evening Aaron.
Hoglund took a moment to dissociate himself from Barr:
<greg>: aaron is CEO of his own company, that unfortunately, shares the HBGary name - I can’t do anything except yell at him on the phone
<`k>: hahaha they’re all here
<greg>: hbgary (my hbgary) has 15% ownership of hbgary federal, for the record
<greg>: yeah, and aaron just had to poke the wasp nest didnt he
<evilworks>: i’m downloading some emails
Thanks to the emails, we know Hoglund’s claims here are mostly hot air—Barr was a respected, central member of the HBGary management team:
From: Greg Hoglund
To: all@hbgary.com
Subject: Welcome Aaron Barr and Ted Vera to the HBGary management team!
Date: 2009-11-23
I am extremely excited to announce that Aaron Barr and Ted Vera have joined the HBGary team! Ted and Aaron will operate and lead HBGary Federal, a wholly owned subsidiary of HBGary, with a focus on contracting in the government space. They are very experienced and most recently built a $10 million/year business at Northrop Grumman. Both have won and lead multi-million dollar development projects and managed substantial teams. We have known Aaron and Ted for more than 5 years. These two are A+ players in the DoD contracting space and are able to “walk the halls” in customer spaces. Some very big players made offers to Ted and Aaron last week, and instead they chose HBGary. This reflects extremely well on our company. “A” players attract “A” players. Aaron will take position as CEO of HBGary Federal, and will be operating out of the DC area. Ted will take position as President and COO of HBGary Federal, and will be operating out of Colorado Springs. Welcome aboard!—Greg Hoglund
CEO, HBGary, Inc.
Hoglund then changed tack, appealing to Anonymous’s supposed sense of self-preservation:
<greg>: do you guys realize that attacking a US company and stealing private data is something you have never done before?
<greg>: no, I think you might have considered your public reputation - it doesn’t look good.
<Agamemnon>: Greg. Please answer: do you understand who we are and why we do what we do?
<CogAnon>: I was never going to sell u have it wrong.
<evilworks>: we don’t CARE about reputation
<Sabu>: greg, our reputation is not at stake here. yours is.
<greg>: i mean this was a real hack - and btw, i have to concede you really did hack us good
<evilworks>: we do what we think is right
<c0s>: Greg, and the people here dont care about reputation, at all
<evilworks>: there are numerous ways to make us look bad
<evilworks>: we dont care
[…]
<Baas>: Granted, you guys don’t do burn notices proper…But it’s the thought that counts. We want Aaron’s reputation nuked for this.
<evilworks>: jesus
Brown, taking a break from his game, issued a reminder:
BarrettBrown: he’s still meeting with FBI at 11 tomorrow, remember c0s: That is the thing that bothers me the most.
Sabu: he literally picked out random people from facebook and connected it to irc nicks
BarrettBrown: and will no doubt discuss me personally
As anger erupted around him, Barr still did not concede:
<evilworks>: why did you start working on this anyway?
<BarrettBrown>: As I told him, my family was fucked by Feds
<evilworks>: was it personal interest, for research?
<CogAnon>: do u want me to answer?
<CogAnon>: guys it doesn’t matter anyways … you have released my emails.
<evilworks>: i suspect its for monetary gain
<Sabu>: greg. please respond
<CogAnon>: I did this for research.
<CogAnon>: The fbi called me because of my research.
<CogAnon>: the email you are refering to about selling data was about a model built on this type of research.
<c0s>: you knew, or your a complete idiot, you KNEW that your methods were flawed.
<CogAnon>: The most data I was going to show was an org chart of IRCs with icons representing those nicks I thought I knew…
<evilworks>: theres still some emails we havent released
<Sabu>: aaron, you need to apologize to us, your investers at hbgary and set the record straight
<Sabu>: that you DID NOT identify anonymous leadership
<Sneux>: ^
<Sabu>: and that your research is purely academic and theoretical
With so much said, Barr had had enough:
<CogAnon>: ok guys I have to go to bed. I repeat this was only about research on social media vulnerabilities … u guys crossed the line …
<c0s>: this was an eye for an eye by pepole you wronged.
<Sabu>: you did by doxing innocent fucking people
<Sabu>: fuck you forreal
<evilworks>: Fuck you ok?
<Sabu>: look at the names on your doc
<Agamemnon>: fuck it
<Baas>: The problem is that he doesn’t even consider that he did something wrong.
<Sabu>: hes ok with doxing innocent people
<Sabu>: I MEAN HOLY SHIT
<Agamemnon>: Greg, make deal now … shut him up … all will be well
<greg>: deal? what kind of deal?
<Agamemnon>: Aaron shuts the fuck up … your email stays private
<owen>: guys
<owen>: control yourselves
<CogAnon>: this was about research.
One of the benefits of watching an Internet play is that no one knows what will happen next, and you can talk as much as you want without disturbing anyone. By now, it was well known that I was the resident anthropologist. An Anon sent me a private message asking me to reflect on the moment:
<PKE>: so, what’s it like sitting in on all this?
<biella>: hi PKE
<PKE>: enjoying the view?
<biella>: mostly
<biella>: i am a bit sick right now so i am struggling with all views
<PKE>: as an outsider, what’s your opinion thus far?
<biella>: of anonymous?
<PKE>: well, thats a broad brush
<PKE>: i meant of their relentless takedown of hbgary and co
It was a bit of a struggle to keep up. I was in the midst of a nasty flu and was worried it was the forerunner of full-blown rabies. I had just had my last inoculation shot four days prior, after an unfortunate run-in with a bat a month earlier. Through the haze, the fever, and the sore throat, I offered:
<biella>: i was surprised at how quick it happened
<biella>: at first
<biella>: and then the conversation on the channel has been quite in the spirit of the lulz
<biella>: which was perhaps submerged weeks before during the other ops
To which PKE, spared from both the flu and irrational postulates about the onset of rabies, replied with a more incisive commentary:
<PKE>: absolutely
<PKE>: i mean
<PKE>: great work was being accomplished
<PKE>: but there was a major deficit of lulz
<biella>: yep and now it has been restocked
<PKE>: i think this is more of a surplus
<biella>: haha true
<PKE>: i can’t think of a more ridiculous anonymous operation in recent memory
<biella>: the conversation on the channel has been unreal
<biella>: the twitter feed was outrageous
<biella>: yep
<biella>: true
<PKE>: man. i really never understood the appeal of the internet hate machine before this
<PKE>: boy, when you combine sociopaths with pissed off altruists, get the fuck out of the way
In the end, left unsatisfied by what the mere mortals had to offer, the Anonymous tricksters opted to release the additional HBGary emails they had been holding onto for leverage. While most of the company emails were being seeded for release during the course of the chat conversation, the following week Anonymous also released Greg Hoglund’s 27,606 emails on AnonLeaks.24
For days following this epic showdown, the lulz pulsed through the IRC chat channels, electrifying and recharging the collective mood. The press could not get its fill of the hack. Journalists sought out Barrett Brown for commentary, which appeared from the New York Times to the BBC. On February 8, 2011, Brown jubilantly declared on #ophbgary:
<BarrettBrown>: NPR asked me who did HBGary
<BarrettBrown>: I told them “a team of Anonymous ninjas.”
<FEAR_Anonymous>: NPR?
<DingDong>: HAHA
<DingDong>: yes!
<FEAR_Anonymous>: LOL
<HateIRC>: lol nice
<Sci>: lmfao
From the outside, it appeared as if Brown was a beloved Anonymous activist at the top of his game. But from the inside, with just a tiny bit of poking, it was easy to witness the grumblings about the role he adopted just a little too willingly. At the time, Anonymous was fond of penning collectively written documents. Most of them were about operations. One appeared later in the same month bearing the title “All About Barrett Brown. Add your comments guise.” This defacto performance review dissected his contributions—securing legal help, writing editorials, getting the press online—in relation to a moral evaluation of his public behavior. None of this was done behind his back. Indeed, before the critiques were issued he was solicited to write a statement, included here in its entirety, to appear near the top of the document:
Yes. Anyone who doesn’t know what I’ve done for Anon hasn’t been involved in OpTunisia and OpEgpyt to any real extent, and anyone who wasn’t working on that campaign every fucking day can go fuck themselves. What’s fucked up is how many more people are in this document than are in any of Anon’s actual important documents. There’s my “statement,” sweethearts. Also note that the person who started all this did not get his paragraph put in the press release and is upset aboutr it.—Barrett Brown
Understandably—given that he had just told everyone to go fuck themselves—most of the following seven pages of commentary hashing out his personality, motives, and contributions slanted toward the negative. The critiques, while dotted with occasional positive assessments, found consensus in opposition to his self-promotion:
—This is important. It’s about the basic principles of Anonymous ideology, anonymity and the equality of all.—You seem to imply that you are special and important such that the principles mentioned below, anonymity and equality of all, do not apply to you.
---------------------------------------------------------------------------
*Your dedication isn’t under discussion. You most certainly are one of Anons most important friends. I just want to say that I don’t want to see you as ‘leader of Anonymous’ nor spokesperson. I know that would be of no benefit to Anonymous.+1 wholeheartedly +1 undoubtedly +1 *@Barrett: Anonymous will support you, as long as you do not form a personal army and you abstain from leaderfagging. +1+1+1
The small team of hackers working behind the curtain were also far from pleased by all the journalistic attention Brown was receiving from the HBGary operation. Roughly a month later, Gawker’s Adrian Chen and John Cook published an article, “Inside Anonymous’s Secret War Room,” detailing the aftermath of the HBGary hack. Brown had spoken to the journalists at length:
Barrett Brown, who is generally regarded by Anonymous members as a spokesman for the group, said he has known about the “security breach” for some time: “We’re aware of the security breach as other logs from ‘HQ’ have been posted before (and I should note that HQ is not really HQ anyway—you will note that the actual coordination of performed hacks will not appear in those logs).”25
Upon reading the article, many of the hackers, already annoyed at Brown, became infuriated, lashing out at him on #anonleaks, the channel dedicated to discussing the HBGary leaks.
<tflow>: it’s ironic that you claim that you’re good at playing the media yet you fail at making them get their basic facts right
Brown, along with Gregg Housh (c0s), who also frequently spoke with the media, blamed the journalists for identifying a spokesperson, even when instructed otherwise.
<c0s>: I had two people call today, and both said at the end of the interviews
<c0s>: “can we call your official spokesperson”
<BarrettBrown>: here, listen to Housh
<c0s>: i have to fight hard each time to get the idiots to not do it
<c0s>: and some who agree not to
<c0s>: and completely understand
<c0s>: put it in right, then have editor fags “fix” it
<c0s>: and it says spokesperson, or something else stupid
<BarrettBrown>: there you go
<BarrettBrown>: argue with Housh
<c0s>: it fucking sucks dealing with these assholes
<c0s>: no
<c0s>: i dont argue heh
<tflow>: then go and get the editor fags to fix it
With that settled, they moved to other upsetting topics, notably how Brown claimed insider knowledge about #HQ, the HBGary breach, and the hacking, when he had not witnessed the operation, much less contributed to it. Even worse, he was simply wrong about #HQ; it was where the HBGary hack was coordinated:
<`k>: tbh there’s no need for you to even be talking to media in the first place you’ve done nothing yet you have an explanation for everything
<BarrettBrown>: k, I’ve done some things, sweetheart
<tflow>: it also pisses me off how you make a statement to gawker regarding #hq
<FriedSquid>: suggestion: being a journo is, to an extent, about getting your message out there, exposure of your work. About getting your name known.
<BarrettBrown>: can we stop talking about this?
<tflow>: when it doesn’t concern you in the least
<BarrettBrown>: they fucking asked me
[…]
<tflow>: then don’t open your mouth and tell them that it doesn’t concern you if it doesn’t concern you
<BarrettBrown>: no, fuck you zomg
<`k>: it’s easy to say “no” to reporters
<BarrettBrown>: I don’t take orders
<tflow>: if you don’t know what you’re talking about
As was the case with Snapple before him, Brown got momentarily kicked off the channel, in this case by `k. This was followed by final remarks, including a few about the quality of the spectacle—as if the arguments doubled as an impromptu version of a high school debating match:
<Earnest>: hate to be one sided but `k and tflow did a much better job than barret on this occasion
<tflow>: I would have kicked him
<tflow>: but I don’t like kicking people
<tflow>: from chats
<`k>: im just sick of these faggots whoreing attention in the media when they claim they have no part in things yet think they know everything
Just as Brown became embattled due to his promotional activities in relation to the hacks, HBGary itself faced another set of tough challenges and necessary decisions.
A day after chatting with Anonymous and a week before the premier North American security conference hosted by RSA Security Inc. was slated to begin, Greg Hoglund bemoaned his situation to a reporter: “They are causing me a great deal of pain right now … What they’re doing right now is not hacktivism, it’s terrorism. They’ve really crossed a line here.”26 The terrorism charge was new—never before appearing, either publicly or in emails, from Hogland or Barr. The reversal of terms was likely a carefully crafted PR tactic designed to paint these hackers as “terrorists” and thus as a grave danger to society; it was perhaps a calculated bid to convert the embarrassing reality of the gruesome hack—a potential (probable) disaster—into an advantage. Hoglund also made the decision to pull out of the RSA conference.
Though HBGary clearly hit a rough patch, the company came out the other side of this turmoil unscathed, or perhaps even stronger—aided by its rebranding of Anonymous as a “terrorist” element to which it was victim. A year later, HBGary was acquired by a defense contractor called ManTech International. Hoglund cooperated closely with law enforcement in its investigations of Anonymous, as duly noted in an FBI press release:
The broad case against six hackers, including [Hector Xavier] Monsegur, [aka “Sabu”], is the product of an extensive investigation … The attack on HBGary was carefully investigated by the FBI in Sacramento and the case was transferred to New York for Monsegur’s plea. Importantly, the Sacramento investigation greatly benefited from the assistance of HBGary itself.27
Aaron Barr and HBGary Federal fared less well. As CEO, Barr could not be fired, but he elected to step down by the end of February 2011, and the company subsequently folded. During an interview with Forbes’ Parmy Olson, he reflected on the events: “Do I regret [making those claims] now? Sure … I’m getting personal threats from people, and I have two kids. I have two four-year-old kids. Nothing is worth that.”28
The two other members of Team Themis, Berico and Palantir, which had schemed with HBGary Federal to discredit WikiLeaks, washed their hands of blood like Lady Macbeth, immediately severing all ties with HBGary Federal and disavowing full knowledge of the plan. But as Nate Anderson of Ars Technica put it: “both of the Team Themis leads at these companies knew exactly what was being proposed (such knowledge may not have run to the top). They saw Barr’s e-mails, and they used his work. His ideas on attacking WikiLeaks made it almost verbatim into a Palantir slide about ‘proactive tactics.’”29
In the aftermath, troubled by their new-found awareness of such proposed tactics, a group of Democratic congress members sought to investigate Team Themis. During an interview, the lead congressman for the committee, Hank Johnson, expressed why he supported the inquiry: American tax dollars were being used to fund tools and programs to spy on Americans and quell First Amendment rights.30 Other congressmen, notably Representative Lamar Smith, quietly dismantled and blocked this investigation. Regrettably, the mainstream press never followed up to write about the inquiry’s demise.
The growing dissatisfaction with Barrett Brown inside Anonymous did not slow him down. He remained active within Anonymous for a few more months. The intimate portal into a private security firm like HBGary Federal galvanized him and facilitated the establishment of his web-based think tank ProjectPM (PPM), “a crowd-sourced wiki focused on government intelligence contractors.” It was clear to him that HBGary Federal was not an anomaly amongst defense contractors. In an op-ed published in 2013, Brown expressed his aims for PPM: “we must look not just toward the three letter agencies that have routinely betrayed us in the past, but also to the untold number of private intelligence contracting firms that have sprung up lately in order to betray us in a more efficient and market-oriented manner.”31
The ballooning size of this market-driven industry has been thoughtfully assessed by Tim Shorrock, one of the few investigative journalists to extensively research the topic. Information is scarce, as he explains, but there are a few telling details to suggest the enormity of these operations:
Outsourcing has become so pervasive that the Director of National Intelligence decided to study the phenomenon last year. But when the report was finally completed in April 2007, the results were apparently so stunning that the DNI vetoed the idea of putting out a report and instead told reporters that disclosure of the figures would damage national security.32
It is estimated from current figures that 70 percent of America’s $80 billion intelligence budget goes toward private contractors.33 While the HBGary and HBGary Federal emails provided no hard numbers about the size of the overall industry, they did offer qualitative measures that point to the massive scale of the government intelligence contracting world. Brown, aided by volunteers who did the bulk of the research and writing, and all the technical work, hosted a central repository to catalog the brave new world of corporations that specialize in intelligence gathering, espionage, and infiltration for corporate and government clients. Where the leaked documents truly broke ground was in providing insight into the types of tactics employed by private firms in the era of digital and networked technologies; the firms were evidently willing to propose and engage in reckless acts. After all, Barr was on the path to providing actionable intelligence, for instance, doxing some Anons who had done nothing illegal—even offering nicknames and locations to a reporter. His firm had also laid out detailed plans to sabotage the career of a journalist. Since this type of work is now also spread across hundreds of different private firms, it is unlikely there will ever be a single massive document dump equivalent to the one which busted open COINTELPRO detailing the corporate face of spying; instead, the public will have to rely on the piecemeal datasets it receives through leaks and hacks such as the HBGary one.
Inspired by the success of the HBGary hack, other Anons would soon seek to direct similar techniques to other security and intelligence firms. But first, the hackers who had decimated HBGary Federal would break away from AnonOps and embark on a fifty-day tour as an experimental performance troupe by the name of LulzSec. It would receive rave reviews from Internet denizens. But corporations watched the play, with its seemingly endless string of encores, in horror.