Since their inception in 2003 as an online anarchist collective, Anonymous has been grabbing headlines with their cyber attacks on government, corporate and various other targets. But who are they? High Times speaks to the greatest hacktivists of our generation.
For a country built on dissent, US law enforcement sure takes a dim view of Internet activism. As those merry pranksters from Anonymous have discovered, the FBI don’t truck no shit: Whether you’re a whistle-blowing leaker, a crusading IT wizard or a curious college kid, our post-9/11 government views you just like a shoe bomber and will descend on you with the full force of 100 Justice Department lawyers backed by SWAT teams in riot gear.
Ask Dmitriy Guzner. In the early- morning hours of July 2, 2008, six men in bulletproof vests with light-mounted M-16s pounded on the door of his parents’ two-bedroom second-floor apartment in Brooklyn. When the 19-year-old Guzner opened it and the men burst in, he thought it was an exceptionally well-armed and well-coordinated house burglary.
“I thought maybe they had the wrong address,” says Guzner, who recalls Joseph Gordon-Levitt circa Third Rock From the Sun down to the ponytail. “They seat me on a couch and they’re like, ‘Do you have any idea why we’re here?’ And I said, ‘No, I have no idea.’ They said, ‘Do you remember anything about the Church of Scientology?’ And I said, ‘Oh.’ They said, ‘Yeah, oh.’”
Five months earlier, on a break from his freshman year at Quinnipiac, Guzner committed an apparently grievous offense: Prompted by a story on Digg. com, he participated in a protest against the Church of Scientology organized by Anonymous. Three people showed up.
The next day, Guzner visited a webpage that made him part of a distributed denial-of-service attack on Scientology’s website. DDoS attacks essentially access a site over and over in order to temporarily shut it down. On its own, Guzner’s visit was harmless. But in concert with thousands of others, it helped crash the site -- something like a cross between a 1960s sit-in and flushing all the dorm toilets at once.
Guzner knew nothing about the mechanics; he just went to a website. He never thought about Anonymous or Scientology again until the cops banged on his door. He was one of two people charged in an attack that undoubtedly involved thousands. That’s because the FBI’s approach to cyber “crime” has everything to do with intimidation and very little to do with justice.
In the end, he served nine months of a year-and-a-day sentence and has to pay $37,500 in damages. “I’m moving on with my life,” says Guzner, who got married and went on his honeymoon at the conclusion of his two-year probation in May. “Other 18-year-olds will spray- paint buildings, do drugs or beat someone up. I beat up a website.”
The Nameless “Threat”
People talk about Anonymous as though it were some kind of organized faction, when it’s more like a room full of cats, equally defiant in their refusal to be led or leashed. Ideas rise or fall on their ability to garner supporters. Though Anonymous lacks a coherent structure, there is a consistent philosophical undercurrent.
“They rise up most forcefully when it comes to Internet freedoms and technology, particularly technology that is being abused in some way,” says filmmaker Brian Knappenberger, who last year released a documentary on the group, We Are Legion. “They’re sort of protectors of the Internet. This is their territory, and if it’s abused, they’re personally offended.”
Nobody can truly speak for Anonymous because there is no leader or structure. It’s like Kickstarter for a passionate mob, with all that that implies.
Anonymous began percolating well before the Scientology attack. White nationalist figure Hal Turner’s website was targeted in December 2006, ultimately exposing him as an FBI infor- mant. (That got them off on the right foot.)
The story begins with Gregg Housh. While hardly the only or even necessarily the main provocateur, since Housh was outed by Scientologists during the 2008 protests, he has become, by default, Anonymous’s de facto spokesman.
The Boston-area programmer was busted for copyright-oriented computer crime in the 1990s, describing himself as “a no-good criminal, only out for myself.” Prosecutors took seven years to try him, which the judge saw as an injustice, even shortening Housh’s eventual sentence to three months in prison. Yet his first 27 days were spent in solitary.
“They put me in a small little box as punishment for my light sentence,” Housh says. “Within a couple weeks, I was already starting to hallucinate. You have no idea what time of day it is, how much you’ve slept. Everything starts to get to you. It really radicalized me in certain ways.”
When Housh got out, he was “bored as hell.” When not programming, he wiled away the hours on 4chan, a bulletin board that is host to an eclectic mix of nerdy techies, confrontational smartasses and weirdo nonconformists.
They made jokey cat memes (e.g., “I Can Has Cheezburger?”), mislabeled links sending people to a video of Rick Astley singing “Never Gonna Give You Up” (known as “Rickrolling”), and behaved outrageously simply to get a rise out of people (a.k.a. “trolling”). Anything for LOLs or, in their parlance, “Lulz.”
The entire Scientology operation began with a recruitment video featuring Tom Cruise. The movie star explained how, as a Scientologist, “when you drive past an accident, it’s not like anyone else; as you drive past, you know you have to do something about it, because you know you’re the only one that can really help.”
As fast as Scientology’s lawyers could have the video removed, Housh and his mates raced to re-upload it. The battle between quasi-religious control freaks and irreverent mischief makers raged for days: Scientology’s offices found them- selves swamped by black faxes, unordered pizzas and Dianetics prank calls.
After a week, media outlets started reporting on it. Someone suggested that Anonymous send out a press release. Instead, they recorded a YouTube video with ominous, computer-synthesized speech over a loop of dark storm clouds. With that, a movement was born. Even so, the group has no formal mission or declared allegiances -- only an amorphous, shifting membership, any one of whom could mount their own operation on a whim.
Housh helped create a framework before Anonymous rode off on its own. “We did our little leader-fagging in the background and didn’t tell anyone,” he recalls (the finer points of “fagging” will be discussed later), “and got it to the point where everyone believed that’s how Anonymous ran, the way you think it runs. Then our little cabal was outed and chased out of existence. And it’s run like that ever since.”
People leveraged what skills they could lend: hacking, organizing, video production. They settled on Guy Fawkes masks as a show of solidarity and to protect everyone’s identity. (It was the only candidate available worldwide, thanks to one very happy manufacturer.)
The Scientology protests attracted more than 7,000 people in at least 100 cities. One of the biggest protests was in Los Angeles, where Knappenberger’s interest was first piqued. “It was a very bizarre scene,” he recalls. “Here is a church created by a science-fiction author, being protested by people wear- ing masks created by a science-fiction author. It was just weird.”
It was also a transformative experience for its members. “We found our people,” Housh says. “And we got to meet them in real life. It was definitely weird to find our people were every race, color, age -- it was everyone.”
Though the campaign against Scientology continued, Anonymous largely receded from view for a couple years, other than a February 2010 campaign in Australia to stop an Internet censorship bill. It was the prelude to an even bigger censorship cause: WikiLeaks and Julian Assange.
In December 2010, prompted by turncoat Democratic Senator Joseph Lieberman, Amazon booted WikiLeaks from its servers, and Visa, MasterCard, and PayPal stopped processing donations to the group. Within days, the Anonymous chat channel swelled from 70 to 7,000, and DDoS attacks raged. Visa, Master- Card and PayPal’s websites (but not their payment processing) were taken down for several hours.
In July 2011, the FBI arrested 14 people in connection with the attacks on PayPal. Like Guzner, they were awakened by the muzzle of an M-16. “There was a kneejerk response [on the part of the Feds] rather than taking
a close look at and understanding what was going on. So, typically, like an 800-pound political gorilla in the china shop, off they went,” says Stanley Cohen, a lawyer for the PayPal 14. “They needed to send a political message -- and quick. So they kicked in doors, terrorized children over DDoS, and had no idea what they really had.”
The defendants face as much as 10 years in prison, and PayPal is demanding $5.6 million in restitution, despite the lack of demonstrable damages.
“If I get pissed at you and drive my car through the plate-glass window at your store, I get arrested for criminal mischief and I get a restitution bill,” Cohen says. “[PayPal] decided they want to replace the plate-glass window with a 70-story brick building. We’re saying, ‘We should bill you fuckers, because we showed you your shit doesn’t work. You should be hiring these kids, not prosecuting them.’”
Cohen doesn’t believe the government has a constitutional basis for the arrests because the Anonymous action falls under the category of protected political speech. He compares the protesters to those who tied up lunch counters at Woolworth’s during the civil-rights movement.
Then, on January 2, 2011, when the government of Tunisia blocked WikiLeaks, Anonymous sprang into action, starting a series of “FreedomOps” supporting Arab Spring protestors in Egypt, Syria and elsewhere.
“We didn’t wage a Twitter campaign to call our senator, or get Hillary Clinton to ask Obama to tell [then–Egyptian President Hosni] Mubarak to turn his Internet back on. Fuck that. We ran 500 modem lines. We sent fax spam with treatments for tear gas, because the only thing that was working was landlines,” says former Anonymous member Peter Fein. “Just being able to take direct action—that’s what’s so compelling.”
Here We COINTELPRO Again
Everything changed when, in early 2011, HBGary Federal CEO Aaron Burr claimed to have identified the leaders of Anonymous and promised to share this (ultimately dubious) information with the FBI. Pissed at Burr’s braggadocio and perhaps curious, Anonymous breached HBGary’s websites, crashed the servers and liberated over 70,000 emails.
HBGary Federal is part of the growing crypto-intelligence-industrial complex profiting from the country’s post-9/11 insecurities. One of its projects sought to create deeply convincing fake social-media identities that could be coordinated and automated to provide the appearance of support for government policies on foreign message boards. A sister company sold similar services to private industry.
Barrett Brown, a young reporter that Housh had roped into sharing his spokesman role, was the only one willing to pore through those emails. He and his cohorts uncovered a plot hatched by the Bank of America, the US Chamber of Commerce and private security/intelligence companies to undermine WikiLeaks with fraudulent submissions and to attack the reputations of its supporters, such as prominent Salon and Guardian journalist Glenn Greenwald.
Other emails proposed infiltrating unions and liberal groups for the Chamber, much like the bad old days of J. Edgar Hoover. From 1956 to ’71, the FBI targeted nonviolent political groups for surveillance, infiltration and disruption under a program known as COINTELPRO.
“HBGary was a big game-changer for Anonymous,” says Housh. “It was just sup- posed to get revenge on an idiot, but it turned into something else based on the material in those emails.”
High Price for a Few Lulz
Anonymous has long demonstrated a transgressive, goading, impertinent streak. This freewheeling rebellious spirit attracts many of the “lulz-fags.” (Everyone on the chat channel is derided as a “fag” of some sort -- old-fags, new-fags, journo-fags, leader-fags and, in the case of Housh, who talks to reporters, name-fag.)
Most of the lulz-fags were old-school members of 4chan who resented the influx of moral-fags, their term for these new activist types. “They were sick of all these new people,” Housh recalls. “They said we needed to stop ruining their bad name.”
The complainants inaugurated a splinter group, LulzSec. Beginning in April 2011 and initially going by the name Internet Feds, they hacked Fox.com, altering several employees’ LinkedIn profiles and dumping information on 73,000 X-Factor contestants.
They also hacked PBS, posting a story claiming that Biggie Smalls and Tupac Shakur were still alive and living in New Zealand. Other targets included Eve Online, the Irish political party Fine Gael and Sony Pictures. Unlike Anonymous, LulzSec didn’t like to play nice. Its spree of hacking and defacing web- sites suggested a reckless, drunken teenage joyride in a stolen vehicle.
“I wouldn’t use the term ‘joyride,’” says Raynaldo Rivera, the 21-year-old charged in the Sony Pictures hack. “I’d be lying if I said it wasn’t exciting. As a kid, if you’re with computers, you think it’d be really cool to be a super-cool hacker, and then you’re like, ‘Oh, fuck—this was a terrible idea.’ But there’s a point where you’re past the point of no return.”
Rivera grew up in San Antonio, TX, where he developed a love of video games and initially set out to become a programmer before becoming fascinated with network security. He grew up hearing that every “white hat” security expert began as a “black hat” hacker. He wanted to gain that knowledge for himself.
Then, while attending the University of Advancing Technology in Tempe, AZ, Rivera met Cody Kretsinger, who was a few years older. Kretsinger convinced Rivera to join in LulzSec’s antics, which were being directed by a hacker named Hector Xavier Monsegur, better known by the handle Sabu.
“I was 18, a young kid. I was naïve -- I fully admit that. He was older and knew a helluva lot more than I did,” Rivera says. “When your friend asks you to do something, saying he needs your help, and he offers, ‘You want to be as good as me? This is the way to do it,’ younger self is more than accepting of those terms. Younger stupid self is happy to oblige.” Rivera will have time to think about it when he starts his year-and-a-day sentence, serves over 1,000 hours of community service, and begins paying off $600,000 in restitution.
All for compromising a few thousand poorly protected names, email addresses and unencrypted passwords on SonyPictures.com with a rudimentary security ruse known as a SQL injection.
“Sony -- largely to appease people and look after their stock price -- got two top-of-the-line cyber-security firms to do a top-to-bottom on their network to the tune of $605,000,” says Rivera’s lawyer, Jay Leiderman. “Sometimes the damages are negotiable. In Rivera’s case, [the response] was, ‘We’re not doing anything on damages.’ You can argue that they’re not legit, but the way the law is written, the government is going to impose those damages -- which is kind of crazy.”
The FBI’s Hacker Hive
In June 2011, LulzSec morphed into AntiSec under the leadership of Monsegur/Sabu. Most suspect it was an FBI operation from the jump, as Monsegur’s arrest roughly coincided with AntiSec’s appearance. An unemployed 27-year-old foster father to his aunt’s two girls, Monsegur rolled over faster than the Pillsbury Doughboy.
At the FBI’s bidding, Monsegur incited his 175,000-plus Twitter followers to hack foreign government websites, private security firms and police departments. There weren’t many major revelations, just names and emails.
Then, in December, LulzSec hacked the global intelligence company Stratfor. (Some smell a setup.) Monsegur offered hacker Jeremy Hammond an FBI server on which to store the data. Within the data dump was information on 5,000 credit cards. Brown, seeking another scoop, copied the link onto a page for his crowdsourced investigative journalism site, Project PM.
Brown’s copying of that link -- to stolen credit cards -- is the basis for much of the government’s case. He’s not accused of hacking anything or using the cards himself. Brown, who is facing a maximum of 105 years in prison, was the subject of a Rolling Stone profile in September 2013.
Soon thereafter, the courts slapped a gag order on him and his lawyers. The FBI doesn’t need popular sympathy undermining what already looks like a rickety case against a journalist supposedly protected by the First Amendment.
Meanwhile, Hammond pleaded guilty in May. He’s facing a 10-year sentence after being convicted in 2006 of hacking a group aggressively targeting anti–Iraq War activists. In a statement released from behind bars, Hammond accuses the FBI of duping hackers into doing what they legally couldn’t: “Why was the United States using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?”
Housh believes that Hammond is bearing the brunt of Monsegur’s failed attempt to entrap WikiLeaks’ Julian Assange with the Stratfor hack.
“Assange was actually thinking about paying for [the Stratfor data], but he was kind of confused about why Sabu wanted money,” Housh says. “When the other hackers who had actually done the hacks, like Jeremy, heard that Sabu had asked for money for this stuff, they said ‘What the hell?’ and just sent the dump over to Assange.”
In March 2012, less than a week after Assange posted the material on WikiLeaks, the FBI finally arrested Hammond and his mates. Just two weeks earlier, the NSA had claimed that within a few years, Anonymous would be capable of shutting down the power grid. Meanwhile, FBI director Robert Mueller was on Capitol Hill, asking for more money to combat the very hacker “threat” his agency had helped to create.
“People in this business are going to characterize hacktivists as a threat. If you don’t have a threat, you don’t get money,” says Northwestern University professor Peter Ludlow. “The only way they can get money
is if they can convince the government and private business that we are under threat. Otherwise, it all goes away.”
Never Say Die
In August 2013, Austin P. Berglas, assistant special agent in charge of the FBI’s cyber division, told the Huffington Post that Anonymous had been dismantled. “The movement is still there, and they’re still yakking on Twitter and posting things,” Berglas said. “But you don’t hear about these guys coming forward with those large breaches.”
To a limited extent, he’s right. A lot of security-busting skill was lost between those members who were captured and those that subsequently scattered. But hacking was just one of Anonymous’s skills, as illustrated by its Steubenville, OH, operation.
The case involved a 16-year-old girl raped at a drunken house party by two football play- ers from Steubenville High School. The victim had pictures taken of her while passed out and was ridiculed mercilessly on social media afterwards by the assailants’ friends.
In December, Michelle McKee, a 50-year- old activist from Washington State, brought the attack to the attention of Deric Lostutter, a self-taught Winchester, KY, computer enthusiast, rapper and child of domestic abuse. Though his mother hung with bikers, Lostutter says he grew up nerdy until he saw his mom’s boyfriend beating her.
I seen that shit, something inside of me snapped, and I turned into the per- son I am now,” he adds. “I haven’t been able to shake it off.”
Lostutter only joined Anonymous in September 2012, after seeing We Are Legion. He took part in Operation Westboro, which sought to discourage members of the infamous Westboro Baptist Church from picketing the Sandy Hook shooting funerals in Newtown, CT, then started his own group KnightSec, an answer to AntiSec.
“Everybody paints vigilantes as a bad thing, but that was a good thing back in the western days,” Lostutter asserts between sips of bourbon. “They were the guys who caught the people the police didn’t go after. Except everybody’s a vigilante, and they don’t realize it. It’s called doing the right fucking thing. If I see you punching your kid in the face in the parking lot at Walmart, I’m going to vigilante your ass up and down that parking lot.”
Lostutter was the Steubenville op’s point person, bringing attention to the case and disseminating leaked/hacked photos and Michael Nodianos’ damning voicemail in which he ridiculed the victim. For his efforts, Lostutter has had his computer and gaming equipment seized by the FBI during the
requisite visit from the SWAT team.
“They pulled me out and said, ‘We’re looking for anti-American propaganda,’” Lostutter recalls. “I was like, ‘You’re in Kentucky! I live on a farm and drink Bud Light!’”
Lostutter’s girlfriend kicked him out and when Amazon discovered who he was, he lost his new warehouse job. But he was ultimately vindicated. Not only were two Steubenville football players convicted of rape, but in the fall, an Ohio grand jury indicted six adults including Steubenville City Schools Superintendent Michael McVey on felony counts of obstruction of justice and tampering with evidence. Some of the charges are related to a previously unreported alleged rape and cover-up four months prior by the same group of friends partying at the foot- ball coach’s house while he was out of town.
Even so, Internet activists are only the latest political casualties in the government’s long-running spin-off of Who’s the Boss? “When you break the law, there should be some consequences,” says Gabriella Coleman, a McGill University professor and chief scholar on Anonymous. “But to really hammer the individuals for political action when the damage to these companies is nonexistent? It’s just a mockery of the democratic process and the right of people to protest.”