"Script kiddie"—no hacker worth his salt wants to hear the term used to describe him. Anyone with modest computer skills can cause modest havoc using other people's code fragments, scanners, and infiltration tools, but this is little more than knowing how to point a gun in the right direction and pull the trigger. It lacks art. True hacking requires a deep knowledge of computer and network security, an ability to navigate around obstacles, and the willingness to be careful enough to always hide one's tracks. The script kiddies, they might be easy targets for the feds, but the true hackers? Shadows are their home.
The Anon-affiliated hackers who broke into the private intelligence company Stratfor to release e-mails and steal credit cards certainly didn't think they were script kiddies. In an Internet Relay Chat (IRC) just after the December 2011 hack, one of the Statfor hackers (sup_g) spoke to an unidentified chatroom member (CC-3) about the accomplishment.
CC-3: but this stratfor shit was bigger shit than
CC-3: old shits
CC-3: at least it deserves no critics
@sup_g: oh yes
@sup_g: notice no one is throwing around script kiddie comments...
CC-3: this time was classy
CC-3: and thats perfect
CC-3: we produced a cool video
CC-3: we announced luzxmas
CC-3: we hacked big shit
CC-3: we donated by 1000000...
CC-3: and we destroyed a big serious intel corp
CC-3: actually just a lil bunch of ppl thinks shit on this
CC-3: like 3
CC-3: lol
@sup_g: they are just mad because of the sheer amount of
high profile people in this
The day after Christmas, sup_g had another online chat about the Stratfor hack and about some 30,000 credit card numbers that had been taken from the company. His interlocutor, CW-1, engaged in a bit of gallows humor about what might happen should they all get caught.
CW-1: hows the news looking? @sup_g: I been going hard all night CW-1: I heard we're all over the news papers CW-1: you mother fuckers are going to get me raied [raided] CW-1: HAHAHAAHA @sup_g: we put out 30k cards, the it.stratfor.com dump, and another statement @sup_g: dude it's big.. CW-1: if I get raided anarchaos your job is to cause havok in my honor CW-1: <3 CW-1: sup_g: @sup_g: it shall be so
But the raid had, in fact, already happened. CW-1 was "Sabu," a top Anon/LulzSec hacker who was in real life an unemployed 28-year old living in New York City public housing. His sixth-floor apartment had been visited by the FBI in June 2011, and Sabu had been arrested and "turned." For months, he had been an FBI informant, watched 24 hours a day by an agent and using a government issued laptop that logged everything he did.
The FBI controllers behind Sabu must have found it grimly humorous to tease sup_g with threats of arrest, but they were also using Sabu's chat for a more serious purpose—correlating the many names of sup_g.
In the log above, note how Sabu suddenly addresses sup_g by a new name, "anarchaos." It would turn out that sup_g went by many names, including "anarchaos," "burn," "yohoho," "POW," "tylerknowsthis," and "crediblethreat."
Normally, the attempt to link his various names would have raised the hacker's guard; as he confided to Sabu, someone else had once tried to link the names "yohoho" and "burn," but the hacker "never answered... I think he picked up some language similarities I've worked with [REDACTED] on other ops in the past." But this was Sabu, a sort of hacker demigod in the world of Anonymous. If you couldn't trust him, who could you trust? Sabu had even provided a server to store the stolen Statfor data, so he couldn't be a fed (in reality, he had done so at the FBI's direction).
A document distributed after the Stratfor hack totted up the hack's damage.
"The sheer amount of destruction we wreaked on Stratfor's servers is the digital equivalent of a nuclear bomb," it said. "We rooted box after box on their intranet: dumping their mysql databases, stealing their private ssh keys, and copying hundred[s] of employee e-mail spools... We laid waste to their web server, their mail server, their development server, their clearspace and srm intranet portal and backup archives."
The document also claimed that more than $500,000 had been charged to credit cards and given to "charities and revolutionary organizations."
Usernames and e-mail addresses were also released; people were exhorted to "use and abuse these password lists and credit card information to wreak unholy havoc upon the systems and personal e-mail accounts of these rich and powerful oppressors."
It was vicious, and Stratfor has not in fact fully recovered. Critics of the action, like The Atlantic, called Stratfor a "joke" organization not worth targeting, though the hackers seemed more than pleased with their work; they recently passed the company e-mails to WikiLeaks for distribution.
Whatever else it did, the hack certainly brought renewed attention to hackers like sup_g. But first, the FBI had to find them.
While sup_g may indeed have been a "credible threat," he was in the end no match for the overwhelming federal resources of the FBI agents hunting him down. Over the last month, federal agents staked out his home in Chicago constantly, dug up old police surveillance records, tapped his Internet connection, used directional wireless finders to locate and identify his wireless router, and relied on Sabu back in his New York City apartment to let them know when sup_g went on or offline.
Despite his many precautions taken, the FBI moved into Chicago's Bridgeport neighborhood last night and arrested a 27-year old dreadlocked white guy said to hate racism so much that he had once violently attacked a Holocaust denier. Here's how the feds found him.
Details, details...
To identify sup_g, the Bureau first turned to the voluminous chat logs stored on Sabu's computer. They went through every comment that could be plausibly linked to sup_g or one of his aliases. The goal was to see if the hacker had slipped up at any point and revealed some personal information.
He had. On August 29, 2011 at 8:37 AM, "burn" said in an IRC channel that "some comrades of mine were arrested in St. Louis a few weeks ago... for midwestrising tar sands work." If accurate, this might place "burn" in the Midwest. FBI Chicago agents were able to confirm that an event called Midwest Rising was attended by Chicago resident Jeremy Hammond's twin brother. (Hammond had a history with anarchism and violent protest.)
"Anarchaos" once let slip that he had been arrested in 2004 for protesting at the Republican National Convention in New York City. Much later, "yohoho" noted that he hadn't been to New York "since the RNC," nicely tying both online handles to the same person. The FBI went to New York City police and obtained a list of every individual detained at the 2004 convention; they learned that Jeremy Hammond had in fact been detained, though he had not been arrested. The pieces were starting to fit.
"Sup_g" and "burn" both indicated later that they had spent time in prison, with “burn” indicating that he had been at a federal penitentiary. A search of Hammond's criminal records revealed that he had been arrested in March 2005 by the Chicago FBI and had pled guilty to hacking into a “politically conservative website and stealing its computer database, including credit card information,” according to an FBI affidavit. Hammond was sentenced to two years in prison for the action.
Before this 2005 arrest, Hammond had allegedly told friends in Chicago that he intended to use the credit card information from the hack to “make donations to liberal organizations.” Though he did not do so at the time, the idea matched up with the "lulzxmas" plan to distribute gifts and cash using stolen cards from Stratfor.
In yet another chat, "Anarchaos" told Sabu that he had once spent a few weeks in a county jail for possession of marijuana. He also asked Sabu not to tell anybody, “cause it could compromise my identity," and he noted that he was on probation. Both matched Hammond, who was placed on probation in November 2010 after a violent protest against the Olympics coming to Chicago. When the FBI ran a criminal history check on Hammond, it also revealed two arrests for marijuana possession.
The FBI was so thorough that it even followed up on a "POW" comment saying "dumpster diving is all good i'm a freegan goddess." ("Freegans" scavenge unspoiled, wasted food from the trash of grocery stores and restaurants.) The FBI went to Chicago authorities, who had put Hammond under surveillance when they were investigating him back in 2005. As part of that earlier surveillance, “agents have seen Hammond going into dumpsters to get food.”
Now that they had a suspect, it was time to put him under surveillance.
reader comments
102