17 Funny Things We Found Out From The Lulz Security Court Documents (and related press)
Note: For the purpose of this article, I'm taking the court documents at face value. However, it's entirely possible that contradictory information will come out as the legal proceedings continue. All defendants should be presumed innocent until proven guilty.
Sabu was more leet than we ever knew
The bill of information against Sabu, in paragraph 24, alleges that he "did effect transactions . . . to receive payment and other things of value . . . the aggregate value of which was equal to and greater than $1,000 . . ." (Emphasis added.) Granted, it's been a long time since I took a math class, but isn't that impossible?
United as one, divided by zero indeed.
Remember when Anonymous listened in on that FBI conference call about Anonymous? The FBI may have expected them.
It certainly was lulzy, wasn't it? The FBI and their foreign counterparts had a sooper-seekrit conference call to discuss their ongoing investigations of Anonymous and Lulz Security. Unbeknownst to them, the very subjects of their call were listening in! What fun!
Well it gets even funnier, because the joke was on Anonymous. OK, the FBI hasn't said exactly what happened, but from what's publicly available, it seems reasonable to conclude that the FBI took Anonymous's "expect us" admonition to heart. The email setting up the conference call was on January 13th. (The original paste seems to have been deleted; this is a later one, but I think the content is the same.) On January 14th, Palladium (Donncha O'Cearrbhail of Ireland) and one or more other Anons discussed in a private IRC how to intercept the conference call -- and their chat was being recorded for the FBI with the consent of someone in the chatroom. Then the call took place on January 17th.
If law enforcement knew in advance that Anonymous would be listening in, that would explain a lot:
- The email about the call went to dozens of people. It's not clear how many actually called in, but only four people spoke.
- The inanity and silliness of the conversation. "Do you wanna talk about cheese?" Heck, they kept giggling like tween girls at a slumber party. They were quite amused about something.
- Apparently proper procedure for a secure conference call is to confirm the identity of each new participant as they connect. That didn't happen. Were the FBI agents just careless, or did they deliberately relax their procedures?
- Listen to this part again, knowing what we know now. UK agent: "We've been speaking with the Irish around Palladium and Pwnsauce, and looking to share some intelligence with them, and some information on that. I don't know if they're in on this call?" [Silence. I wonder what Palladium was thinking at this point.] American agent: "I don't . . . is anyone on from Ireland?" [Silence.] How the agents managed to keep from ROTFL, I have no idea.
The style guides of justice grind slowly.
I realize that it's not necessarily wrong to start "internet" with a capital I. Still, the capitalizer camp has been dwindling. Wired changed to a lowercase i in 2004.
The court documents spell Internet with a capital I. The law always lags behind technology; apparently so does the law's style guide.
There are people paid to learn internet slang. And internet slang sounds funny in court documents.
For example: "Based on my training, experience, and familiarity with this investigation, I know that 'v&' or 'vand' or 'vanned' is Internet slang for being arrested, as in to be taken away in a police van." (This is footnote 9 on page 7 of the amended complaint against Palladium.)
That certainly sounds more respectable than if I had to describe how I know what v& means, which would be more like "Based on my spending way too much time on the internet, and associating with disreputable characters who so frequently discuss getting arrested that they shortened it to two characters . . ."
Kayla is not, in fact, two people (and is male).
News articles from September 2011 indicated that "Kayla" was two men in their twenties. (For example, this from PC World.) This was quite a blow to Kayla's online associates, who had been under the impression that Kayla was a 16-year-old girl. Now we know that Kayla was just one person -- Ryan Ackroyd -- but disappointingly, still male. It's kind of a shame that he apparently chose a life of crime; his giggly persona would have fit right in on an FBI conference call.
The FBI were just as amused as everyone else by that bogus Tupac Shakur article.
The court papers mention multiple defacements, but don't give any details about them except what's directly relevant to the court cases. But there's one exception: paragraph 18.a. of the Sabu Information says that "MONSEGUR and others . . . defaced the website for the PBS news program The News Hour, including by inserting a bogus news article that the deceased rapper Tupac Shakur was alive and living in New Zealand." Why did they include detail on this defacement but not the others?
I'll have to go with "for the lulz."
LulzSec was originally called "Internet Feds."
Other than the group members themselves, did anyone call them Internet Feds? I don't remember seeing that name before. From an admittedly quick googling, I'm not finding any references to "Internet Feds" that predate the court documents. Well, at least it gives the hipsters something to be smug about.
Anonymous is still impossible to define.
For example, the indictment against Kayla, Topiary, Pwnsauce and Palladium says, "'Anonymous' has been a loose confederation of computer hackers and others sharing, among other things, common interests, common slogans, and common identifying symbols." Yeah, that's helpful. Is there any large cultural group to which this wouldn't apply? Here, let's try it:
- "College students" have been a loose confederation of computer hackers and others sharing, among other things, common interests, common slogans, and common identifying symbols.
- "Sports fans" have been a loose confederation of computer hackers and others sharing, among other things, common interests, common slogans, and common identifying symbols.
- "Americans" have been a loose confederation of computer hackers and others sharing, among other things, common interests, common slogans, and common identifying symbols.
So it's true after all: we are legion!
Some officers in the Garda (National Police Service of Ireland) really suck at email security.
Bad enough to forward work emails to your private Gmail. Worse is if you never look at this:
Some news articles said that there were 146 instances of unauthorized access to the Garda agents' Gmail accounts. That's not correct; the Palladium Amended Complaint says there were 146 instances of unauthorized access from someone using the VPN service Perfect Privacy, and several additional instances of unauthorized access from someone using Palladium's ISP. Oops! Remember kiddies: the VPN only works if you remember to use it!
Speaking of which, some Anons really suck at anonymity.
Actually there are so many examples of this that I'm planning to put them into a separate list. I'll give just one example for now, from the Palladium amended complaint. On or about September 1, 2011, Palladium was arrested for his participation in the hack and defacement of the Fine Gael website. Officers showed him chat logs regarding the hack in which he used the name Palladium. Then on or about November 12, 2011, he again participated in a chat (I'm assuming Anonymous-related, although this isn't expressly stated) -- using the name "polonium." Now, this might have worked fine to throw law enforcement off the trail if they were robots programmed to look for specific character strings. But see, these are Garda officers, while these are robots. So the officers rather quickly saw through his cunning ruse and guessed that this might be the same person.
Just to be sure, a chat participant asked him "Who is this?" To which he replied, "This is palladium." In other chats he also helpfully confirmed his IP address and which VPN he uses. And used the login ID "Donncha" -- his real first name.
All the doxers were wasting their time, because the feds knew Sabu's dox in February.
It was comical to see the trolls and haters trying to dox Sabu, long after it was obvious to everyone paying attention that he must be an informant. They tried so dilligently, though, to find new information -- another email address, a phone number, an old blog, a friend's old MySpace page -- each tidbit announced with a triumphant air: surely this must be the missing piece that will finally put Sabu behind bars! It was sort of cute, really, and kept the trolls busy, which I suppose is a good thing.
Well, anyone who started this hobby after February 2011 must be crushed, because according to this New York Times article, "the Federal Bureau of Investigation learned in February of last year that Sabu was Mr. Monsegur."
I wouldn't be surprised if some poor soul spent months dumpster diving all of NYC's shoestores in the hopes of finding a record of Sabu's shoe size. To all you disappointed doxers: don't think your efforts have gone unrecognized! I tell you what -- how about you start in on some of the other well-known Anons? You should especially focus on those who worked closely with Sabu but somehow have thus far escaped capture, and those who focus on seeking information about current ops. I'm sure the FBI would really appreciate your help!
The FBI must have gotten really sick of reading nonsense.
The original Fox News article about Sabu's arrest says "The FBI has had an agent watching his online activity 24 hours a day." Which to me seems like not only a waste of tax dollars, but also agents' brain cells. All that friendly chit-chat, feeding of trolls, arguing with ProSec people and other security professionals, good-natured ribbing with other hackers and old acquaintances, technical discussion of computer technology, music recommendations, stirring exhortations to think for oneself and question authority, useful status updates about ordering pizza or watching a movie, random meme references -- the vast majority entirely legal, inconsequential, and monitored 24/7 in order to arrest a few people. Wow.
Of course, I'm not criticising the agents for monitoring online nonsense 24/7. I just think they should do it without getting paid, like the rest of us.
There's such a thing as "fraudulent tweets."
The indictment against Kayla, Topiary, Pwnsauce and Palladium says (in paragraph 15.c.) that Topiary "posted one or more fraudulent tweets." How much fraud can one put into 140 characters? Does it go entirely by the content of the tweet, or is a tweet automatically fraudulent if it's sent from an account you're not supposed to be using? I await the opinions of the court and legal scholars on this important question. Preferably provided in the form of a tweet.
Aaron Barr got totally pwned.
OK, I know we didn't just learn this. But somehow it never grows old. The indictment against Kayla, Topiary, Pwnsauce and Palladium spends four paragraphs (12.b through e.) discussing the attacks against HBGary and an unnamed "senior executive" or two. Rather than detail the accusations here, let's just watch this video again, shall we? "That's right, they ruined both his lives." ROTFLMFAO.
The FBI doesn't consider Anonymous press releases to be real press releases.
When the documents refer to Anonymous press releases, "press releases" is in scare quotes. I can't think of any good reason for this. To my knowledge, there's no official criteria for what constitutes a press release. If something is titled "Press Release" and is directed to the press and public to announce something newsworthy, why would it be any less a press release just because it's from Anonymous? I encourage any bored Anon to denounce this insult in a press release.
The more aliases you use, the more trees you kill if you get caught.
Apparently Jeremy Hammond was also known as Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat. And apparently courts require that almost every mention of an individual also list all of his known aliases, separated by "a/k/a's." So this phrase appears over a dozen times in the complaint: "JEREMY HAMMOND, a/k/a "Anarchaos," a/k/a "sup_g," a/k/a "burn," a/k/a "yohoho," a/k/a "POW," a/k/a "tylerknowsthis," a/k/a "crediblethreat," the defendant . . ."
So if you're a criminal, and think you might get caught, and have something against trees, make sure you use as many aliases as possible. With some careful planning, the complaint against you could run hundreds of pages before they even get to the allegations.
Would this be a bad time to mention that Sabu was also known as Xavier Kaotico? Because the FBI seems to have missed that one. Oops, I hope they don't have to retype everything now.
Better buy more popcorn -- there's more to come.
The documents mention multiple "co-conspirators not named as defendants herein," and "parties known and unknown." Who are these mysterious people, some known to the FBI but unnamed, and others they haven't yet identified? This ain't over, kids, and the FBI probably went out for a quick celebratory beer, then got right back to work. While you hardcore hackers frantically DBAN, and the FBI puts gas in the party van, I'll be firing up my popcorn maker.
[Edit Mar. 27, 2012: clarified that the CC license pertains only to text, and vague-ified the statement regarding total number of arrests.]
Text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.