The InternetFeds: Inside hacker Sabu’s war room

March 7, 2012

Sabu, the man who until his arrest last year was one of the world’s most wanted hackers, did not destroy his computer’s hard drive. He didn’t even shut up. “I’m Hector,” he reportedly told the FBI agents who showed up on his doorstep.

Then, according to federal court documents released on Tuesday, he turned informant.

With Monsegur’s help, the FBI learned the identities of several other hackers in a group called Anonymous. It has accused those hackers of other computer crimes, including ones allegedly committed by other groups, including the infamous “LulzSec.”

Sabu’s fate — indicted and talking — is a long way from how he led me to believe he would act if he ever ended up face-to-face with the law. Here’s what Sabu, or someone claiming to be Sabu, told me when I gained access to a top-secret chat room that Sabu and other alleged hackers used between December 2010 and January 2011.

The InternetFeds was an IRC chat room where elite hackers assembled — the leaders of an organization that that calls itself faceless and democratic, even when it hews to a fairly top-down hierarchy. These are about 30 of the hackers who did the most damage under the names Anonymous, Gnosis, LulzSec and AntiSec.

The creator of a piece of software called the low orbit ion cannon, or LOIC, Anonymous’ weapon of choice in distributed denial of service attacks against websites such as Visa, MasterCard and Paypal, was part of the group. So were hackers who distributed data stolen from servers belonging to the Fox Broadcasting network, and HBGary and Stratfor companies that gather political and economic intelligence from around the world for paying customers.

Also part of the group was Sabu’s de facto deputy Kayla, identified by court documents as Ryan Ackroyd of London. Kayla is the hacker who bragged in the chatroom of stealing approximately 1.5 million usernames and passwords from Gawker.com after the website criticized Anonymous in one of its post. He then leaked them onto various torrent websites.

When Anonymous failed to bring down Amazon.com’s website in December 2010, Kayla broke into a server and stole dozens of Amazon employee usernames and passwords. And, just for the “lulz,” or “laughs” in hacker parlance, Kayla gained access to several video game software companies, including Rockstar Games, Lucas Arts and Sony’s PlayStation division.

About 30 of Anonymous’ best hackers were a part of the InternetFeds room. Sabu and another hacker known as Chronom picked them for doing jobs more destructive than the usual hacks. (Chronom, who also went by the name “tflow,” was reportedly arrested in the middle of last year.)

InternetFeds’ ideal target was anything weak, anything vulnerable and anything exploitative. If there was a political or economic reason behind their mayhem, so much the better. If not, they did it for kicks.

Things got less fun after they saw news reports that some people were being arrested in various European countries and charged with being members of Anonymous after using the LOIC software to attack Paypal, Visa and MasterCard. The attacks started after the credit card companies stopped letting people use their cards to donate money to the government and company whistleblower website Wikileaks.

Those hackers, who were “vanned,” or taken in by the authorities, were dumb, the InternetFeds members thought. They should have known how to hide themselves better. They were pawns. It didn’t matter. They could be easily replaced. What separated the InternetFeds from the rest of Anonymous — save their more than advanced technical expertise — boiled down to trust.

I think that Sabu might have trusted me at that time. In late December 2010, Sabu confided in me some personal details. He said he was a single, unemployed foster father of two children, and was living on government assistance,. He said he lived in the metropolitan area of New York (he was arrested at his apartment on east side of Manhattan, in fact) where he would take on technology gigs as they came. If none came for a while, he would hack into a vulnerable server used by an e-commerce website, obtain a few hundred — maybe a few thousand — names and credit card numbers, and sell them to other hackers. Before selling them, he’d make sure the credit cards were still valid by charging small donations to a variety of charities — the American Red Cross was a favorite among Sabu, Kayla and other hackers.

On December 20, 2010, a report by the PBS NewsHour exposed a document that contained dozens of government usernames and passwords. The document, which was published on the NewsHour website, was only known to InternetFeds. It became clear that someone among the ranks was a mole.

Paranoia swept through the room. There were discussions of who the mole might be. A hacker named Switch was a popular guess. Some people thought it was me. (I later said I gave the documents to NewsHour.)

Several other incidents took place that added to the paranoia. The website of New York’s Green Party, which InternetFeds planned to attack in an “epic owning,” was defaced without the approval of the room’s members. An article on the Los Angeles Times’ website was defaced by a hacker, again without collective approval.

In early January 2011, Sabu and Chronom decided to close the room and start over somewhere else. They would invite some members of InternetFeds to the new room if they passed a “test” — usually involving committing some sort of computer crime.

I was kicked out.

Sabu sent me a message on the evening I was cut from the room. I told him that I recorded the conversations that took place in the InternetFeds chat room — not as text logs, but as screen shots, just to refute any future claims that the text had been manipulated if they were discovered or published. Sabu was unhappy.

At the time InternetFeds started to unravel, nobody outside Anonymous knew the names “Sabu,” “Kayla,” or “Topiary.” Many within Anonymous didn’t know those names either. Sabu hadn’t become a hacking celebrity with over 20,000 Twitter followers. The InternetFeds leader was upset at the thought of being exposed, and perhaps being caught.

“I’m not a snitch,” he wrote to me in our final conversation in January 2011. “If I get raided right now, I will slam my laptop into the [floor] so hard the hard drive would not be recoverable. I’ll go in, and request a lawyer, and shut the fuck up.”

He said he would try to destroy the reputation of anyone who might expose him or ruin his reputation or that of Anonymous. He’d release personal information about any individual whom he considered his enemy or Anonymous’ enemy. He’d steal their credit card information and charge hundreds of dollars in charitable donations. He’d invent stories so as to discredit any whistleblower or hacker-turned-informant.

The FBI arrested him in June. Presumably, he started talking soon afterward.

Comments

This is interesting. I am curious about how these people could supposedly break into an Amazon server holding employee usernames and passwords. Passwords are not saved in their original form. Only a one-way encrypted version is saved. The password entered by a user is likewise one-way encrypted, then matched with the saved version to verify the user’s credentials.

These tales of hacking exploits can be like fish stories. The fish grows bigger with each telling.

Posted by Ralphooo | Report as abusive
 

Post Your Comment

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/