When HBGary Federal CEO Aaron Barr decided to out the leaders of Anonymous, the loose hacker collective, he spent months infiltrating the group under the name "Coganon." By the end of it he had identified three people who appeared to wield the most influence in the group. One of them was "Commander X," the 50-something hacktivist who jumped bail and fled to Canada to avoid federal hacking charges.
Barr's name has long been a punchline among the Anonymous crowd, synonymous with "getting it wrong." When several members of Anonymous broke into HBGary Federal computers in retaliation and stole Barr's e-mail spool, they released it to the world. They told anyone who would listen that Barr's project was so wrong as to be laughable rather than dangerous to them.
Take Commander X. Barr identified the man behind the mask as one Benjamin Spock de Vries of San Francisco, but de Vries quickly told any journalist who would listen that he had nothing to do with the Commander X persona (he sent me several e-mails as well, hoping to get the matter cleared up, as he said it was causing him a good deal of anxiety).
Barr was wrong, because Commander X was actual homeless hacktivist Christopher Doyon. But one odd sidelight of traveling to Canada to talk with Doyon was more information on how Barr worked—and on how he had, in fact, correctly IDed Doyon as "Commander X."
Top three!
Let's start with the top players in Anonymous, as seen by Barr. After seeing a copy of his documents, I wrote this back in early 2011:
In the end, Barr determined that three people were most important. A figure called Q was the "founder and runs the IRC. He is indeed in California, as are many of the senior leadership of the group." Another person called Owen is "almost a co-founder, lives in NY with family that are also active in the group, including slenaid and rabbit (nicks)." Finally, Commander X can "manage some significant firepower." Barr believed he had matched real names to each of these three individuals.
"They think I have nothing but a hierarchy based on IRC aliases!" Barr wrote in one of his e-mails. "As 1337 [leet] as these guys are suppsed [sic] to be they don't get it. I have pwned them! :)"
By the time the list became public, Anons were trashing it. "Please note that the names in that file belong to innocent random people on facebook. none of which are related to us at all," said one leading Anon in an IRC chat with an HBGary official.
When Anonymous defaced the HBGary Federal website, the hackers made the same point. "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous?" said their note. "You haven't. You think Anonymous has a founder and various co-founders? False…. We laughed. Most of the information you've 'extracted' is publicly available via our IRC networks. The personal details of Anonymous 'members' you think you've acquired are, quite simply, nonsense."
But Barr's method had not been nuts—especially with Commander X. Indeed, his technique here was ridiculously obvious. After seeing the Commander X persona talk repeatedly about being a Supreme Commander in the "People's Liberation Front" (PLF), Barr had simply run a WHOIS lookup on the PLF website.
He got two things as a result. First, a name—Christopher Doyon. Second, an address for a location on Haight Street in San Francisco. Soon after doing this, Barr's "Coganon" persona went to Commander X and told him that it wasn't smart of Doyon to use his real name on the PLF registration.
"I never knew that he was Aaron Barr until afterwards," Doyon told me, but he wasn't keen on being outed by anyone. Correctly assuming that his interlocutor was trying to verify this information, rather than truly knowing it, Doyon responded that he had used a bogus name for the registration—"Christopher Doyon" had been a joke.
"He had my real name and didn't fucking use it!" Doyon says now with obvious glee.
Barr apparently believed Doyon's denials, because the leaked document says clearly, "Commander X is Benjamin Spock de Vries." It's hard to be sure, though. The version of Barr's notes found in his e-mail spool was an early draft; as such, later versions kept on Barr's computer might have had more accurate information. Doyon believes that Barr instead followed up on the bogus address, which just happened to be linked to de Vries, and then convinced himself of a linkage that didn't exist in reality.
I've made a huge mistake
In any event, the takeaway is clear: no one involved in this little drama comes off as an undercover mastermind. Barr's story is now well-known, but what about Doyon, who claims to abide by security protocols so rigorous it takes him 20 minutes to start up his laptop each day? When we met, I asked him how he could possibly have put his own real name on the PLF domain name registration form when he was trying to stay hidden.
"I don't know," he said. "I was stupid."
reader comments
87