Greg Hoglund and his wife, Penny Leavy-Hoglund, say business at their HBGary security company has rebounded after the initial negative fallout from the widely publicized hacking episode in February. “In a weird sort of way, it has helped our business,” Leavy-Hoglund said.
Thank you, modbee.com
What follows is the incredible story of how, I believe, naive and unreliable Anonymous members were culled by the FBI and partner security firms through the creation and destruction of ‘LulzSec’. LulzSec was an Anonymous splinter group whose leader ‘Sabu’, real name Hector Xavier Monsegur, shopped his co-conspirators to the FBI allegedly after his arrest on June 7th 2011. I think Sabu’s FBI collaboration actually began a few weeks earlier.
This is important because, if I’m right, the ‘Sabu’ events suggest that elements in the FBI collaborated with influential private security companies to engineer the ‘LulzSec’ security threat and remake Anonymous in their own image.
Why would elements in the FBI and private securities firms want to control Anonymous? Anonymous is a loosely-organized hacker collective which has unclear goals. The only thing they reliably do is drum up business for security firms and provide political fodder for lawmakers itching to ‘crack down’ on the internet. If you make money from outsourcing security, Anonymous is good for you.
Our story begins when a handful of Anonymous members hacked HP Gary on Feb 7th 2011. The Anonymous hackers stole emails in retaliation for the actions of HP Gary partner and ex-Naval cryptographer Aaron Barr, who had contacted the Financial Times on Feb 5th claiming to know the real names of Anonymous members. The article was phrased as a shout-out to the FBI. Barr said he had uncovered the names using social media like Facebook and LinkedIn. Barr also said that he had infiltrated Anonymous by pretending to be somebody else.
Anonymous members were outraged and released Aaron Barr’s ‘liberated’ emails publicly, to the great embarrassment of security firm HP Gary. Barr’s emails included his poorly-conceived research which (Anon members said) accused hundreds of innocent people of being part of Anonymous, a group which has committed criminal acts. This was the same research which Barr had summarized for the Financial Times.
Even worse for HP Gary was that Anonymous also exposed gross security incompetence at the company, which was professionally devastating. HP Gary’s own security was so bad that Ars Technica featured a write-up of their “basic” mistakes. HP Gary’s ruling family, Greg Hogland and his wife Penny Leavy, were desperate to stop the rest of HP Gary’s email being released.
Penny Leavy was so desperate that she decided to contact Anonymous spokesman Barrett Brown and beg for the leakage to stop: she spoke with him on the phone first, then the conversation moved to an IRC online chat. (!?) Anonymous member ‘url’ copied the entire 5000 line chat for public viewing here. It’s a real-time recording of, reputedly, Anonymous trying to blackmail HP Gary into doing the ethical thing by the hundreds of people Barr falsely accused.
Penny Leavy, Greg Hoglund and Aaron Barr resisted doing the ethical thing at every turn, because admitting wrongdoing would poison their business relationship with the FBI. Aaron was scheduled to meet with the FBI the next morning (Feb 8th) *probably* to pitch HP Gary services based on the Anonymous data which he knew was grossly flawed.
Back to that long IRC blackmail chat… I’ve edited the 5000 chat lines down to the core conversation here. It’s about 1/3 of the original’s length. Greg Hogland, Penny Leavy, Aaron Barr take part, as well as a small band of Anonymous members including ‘Sabu’ and ‘Barrett Brown’. Most important of all, an unknown journalist called ‘Laurelai’ was also part of the blackmail chat.
‘Laurelai’ was part of the IRC chat from the very start, even though none of the Anonymous people seemed to know who ‘Laurelai’ was. ‘Laurelai’ claimed to work for the Anonymous/Wikileaks hybrid journalism project, Crowdleaks, though he/she was unfamiliar with how the Anonymous media machine works. Despite her ignorance of the situation, ‘Laurelai’ somehow knew to be at that particular IRC chat for HB Gary information. Was Laurelai’s presence a newbies’ astounding good luck, or something more sinister? Consider what happened next…
Four days after the blackmail chat, on Feb 11th, ‘Laurelai’ leaked information which identified ‘Sabu’ to Backtrace Security, according to the firm. Backtrace is “a small security consulting firm with operations in Michigan and Florida that specializes in social engineering”, says Threatpost.com. Backtrace identified Sabu as Hector Xavier Monsegur themselves, then alerted the FBI to Sabu’s real name in mid-March 2011 when they made their findings public.
By April 2011, the FBI had worked out who Sabu was through their own independent methods. (‘Cause government employees can do it without private outsourcing! ;P)
I don’t believe that the FBI waited another two months to put pressure on Sabu. I believe that they wanted to look good with a fast win against Anonymous. I believe that FBI pressure on Sabu started sometime in April 2011.
But Sabu wasn’t arrested until June 7th! I don’t believe there’s anything magical about being arrested that suddenly makes it possible for the FBI to put pressure on somebody. The FBI is not known for gentlemanly– or even legal– tactics, and I refer you to CIA whistle-blower John Kiriakou’s open letter to Edward Snowden for proof. If you need more convincing, consider that even FBI fan-boy J. M. Berger admits the Bureau regularly breaks its own rules when targeting groups it doesn’t like.
I think that Sabu’s first mission for the FBI was to create LulzSec, an organization that was supposed to exist for 50 days, just long enough for everybody involved to do something illegal on record.
LulzSec’s ‘seal of office’.
If I’m correct about Sabu, the FBI and LulzSec, then ‘Laurelai’ is the key player who made the FBI’s plan possible, and knew when and where Penny Leavy was going to negotiate with her blackmailers. Penny didn’t start out on an IRC chat, she was on the phone with Barrett Brown when she then decided to continue the talk on IRC, enabling more Anonymous members to go ‘on record’. Penny said she had never used IRC before that chat. (IRC is a well-know way for Anonymous to communicate.) This IRC chat was NOT a spontaneous event; somebody told ‘Laurelai’ to be there and try to get info on Anonymous by posing as a journalist. ‘Cause everybody knows Anonymous are media whores! Just ask Palantir Technologies.
Laurelai would deliver the goods on Sabu in four days. ;)
Who is Laurelai?
Threatpost.com describes ‘Laurelai as ”
Wesley Laurelai Bailey, a Davenport, Iowa based Anonymous member”. This is because ‘Laurelai’ appears to be a male-to-female transexual and transgendered rights activist, according to what I could find on the *very partial* Encyclopedia Dramatica and The Trans Advocate. ‘Laurelai’ has angered somebody, because ED accuses ‘Laurelai’ of violence against women and other very serious things that make ‘Laurelai’ seem unstable, like a person who it would be easy for the FBI to lean on. (BTW, Laurelai claims to be the one who ‘proved’ Stuxnet was NSA too… )
According to my old buddy Adrian Chen, Laurelai (again, seems to be the same one) cooperated completely with the FBI during their ‘investigation’ into Lulzsec:
Bailey says Lulz Security [LulzSec] hackers hold a grudge against her for leaking logs from the secret chat room in which they planned the HBGary hack—which she says she did in retaliation for them harassing some of her friends. (We later published an article based on the logs.) When the interview was over, the agents carted off a couple of her hard drives, her camera and other computer equipment.
Who are these friends of Laurelai? Jennifer Emick of Backtrace Security! The firm that first outed Sabu to the FBI!
Soon, [Jennifer] Emick found herself and some online acquaintances engaged in a pitched online turf war with members of Anonymous, with each side accusing the other of offenses including “trolling” (or online harassment) and “doxing” (or publicly outing) each other.
“You had these warring groups and, in the end, you find out that a lot of what happened was manufactured by other people, and you don’t know the truth behind it,” said Gregg Housh, a self-described Internet activist and early member of Anonymous who Emick believed was behind many of the online attacks against her.
But Emick‘s early involvement with the group had given her contacts that would later prove useful. Among them, Wesley Lauelai Bailey, a Davenport, Iowa based Anonymous member who uses the handle “Laurelai.” It was Bailey who would ultimately provide Emick with the information that would lead to Sabu‘s arrest.
BackTrace Security founder Jennifer Emick used to be an Anonymous member back when Anonymous was attacking the Church of Scientology. Emick and Anonymous have a history of feuding and Backtrace has gone after Wikileaks in the past:
Brown [Barrett Brown, Anonymous spokesman] claims that BackTrace was a group that was affiliated with th3j3st3r, an online activist best known for launching a denial of service attack on Wikileaks for its publication of leaked U.S. diplomatic cables. Brown said the individuals behind BackTrace are also behind the Anonymousdown Web site and Twitter accounts like @faketopiary and @fakegregghoush that have been publishing links that claim to out, or “dox,” Anonymous members in recent days. Brown said the group was also compiling information on him and his former acquaintances, including an “ex-girlfriend’s 16-year-old daughter” as part of their research on Anonymous.
So not only does Jennifer Emick work alongside the FBI, she actively antagonizes Anonymous. Security theater!
The information Sabu gave to the FBI helped them arrest people associated with Lulzsec, a splinter group, not Anonymous proper. LulzSec was set up by Sabu in May 2011, well after the FBI knew who he was. This matters, because if LulzSec actions had been conducted under Anonymous proper, Anonymous might now be as dead as LulzSec.
It’s as though the FBI was protecting Anonymous by telling Sabu to draw away an undesirable element, which was later neutralized. (We now know that there were probably two other FBI informers involved in LulzSec too.) Since LulzSec’s destruction, Anonymous has gone on to drum-up business for security companies and provide political fodder for internet-freedom quashing lawmakers, but in a safer-feeling way, according to the FBI in August 2013.
Creation of LulzSec: The FBI got a win against famous hackers; HP Gary and friends got a more manageable way to scare up business.
Interestingly, ex-intelligence pro Quinn Norton was Anonymous’ WIRED contact for two years which, judging by WIRED’s archives of her work, spanned October 2011 through July 2012. This is what her website says:
I was Wired‘s correspondent on Anonymous and the Occupy movement in 2011 & 2012. While I wrote dozens of articles, witnessed six evictions and several major hacks/Anonymous protest actions, two pieces hold a special place in my coverage:
My Inside Anonymous for July/2012 Wired Magazine
“A Eulogy for Occupy,” Wired.com December/2012
Being involved with Anonymous in the 2011/2012 period specifically means something to the intelligence community. Consider that Sabu, a “Puerto Rican guy in the projects“, was ‘hacking’ for the Arab Spring in Tunisia circa December 2010… how ‘Global Village’!
But how much of a win was Lulzsec for the FBI? It was only a complete win for FBI brass who benefit from working with the private sector…
A Little Background
The creation of LulzSec came at the perfect time for companies like HP Gary, Palantir Technologies, Berico Technologies and their lawyer buddies Hunton & William. There was discontent in Congress about how private security firms were being used to gather dirt on critics of powerful institutions, like the US Chamber of Congress. Aaron Barr’s unethical behavior spurred a dozen congressmen to call for an inquiry a few weeks after the Anonymous email leaks on March 1st:
The plan, which called for drawing up detailed social networks of progressive critics and sought to launch malware hacks against progressive organizations, was ostensibly created by data security firm HBGary Federal.
It was revealed when protest group “Anonymous” compromised the company’s network and dumped tens of thousands of their emails onto the public Internet.
Amid the emails, details began to emerge about a shadowy world of defense contractors, where social media could be used to manipulate public opinion and bloggers are handled as mortal enemies.
HBGary Federal was just one group allegedly at work on projects related to these efforts. Together with Berico Technologies and Palantir Technologies, the entire group was called “Team Themis.” They were compiling the plans as something of a sales pitch for the Chamber’s law firm, Hunton & William.
‘Team Themis’ is what Hunton & William pitched to Bank of America, with special emphasis on pressuring Glenn Greenwald to drop his Wikileaks support. Attempting to pressure Glenn is what actually brought HP Gary down, I wrote about that in my post Deconfliction.
In a nutshell, ‘Team Themis’ were desperate to show that they’re the good guys, and LulzSec suddenly appeared to fill the void with a 50-day “reign of terror” (Thanks, Adrian!); an evil reign, during which hackers were “Laughing at your security since 2011!” and attacking the CIA, the US Senate and even an FBI affiliate… Note how the NSA and it’s legion of contractors are suspiciously absent.
Team Themis would probably have got away with it too, if it weren’t for that pesky kid from
the CIA Salon magazine. Which brings me to another point…
There’s one more worrisome issue that needs airing: in this post-Snowden world, we now know that the NSA/CIA/FBI work directly with companies like Facebook to map social networks, so its unlikely that Aaron Barr was going to give the Feds anything they didn’t have already. Was the whole HP Gary fiasco a fake conflict for fake stakes?
Was LulzSec’s ‘reign of terror’ just security theater, designed to justify outsourcing intelligence work to private companies, companies which are unpopular in Washington because they undermine *some* real spooks’ job security? How often over the past year have you heard full-time government spooks bitch about the problems with outsourcing? Hmm.
Was it full-salary spooks’ fear of being displaced by contractors that made Snowden’s leaks happen, I wonder? (That one’s for you, E. Oop. ;) )
Maybe this generation’s epic intelligence in-fight is between those who profit from government outsourcing and those who profit from keeping intelligence in-house… because if it’s all about money, that explains how Gawker.com can hate 1) Snowden AND 2) conservative intelligence pros AND 3) people who out David Horowitz’s CIA work.
Let’s Not Forget Penny and Greg
ON THE SUBJECT OF MONEY…
To understand why the USA is the way it is, you need to know something about a nasty subset of the population who make money as government contractors. Don’t get me wrong, there can be decent people who work for the Feds, but it’s a line of business that also attracts some really ugly characters.
Many of the ugly ones are two-bit millionaires who exploit connections with the military, or some other vast bureaucracy, to enrich themselves. These are the littler guys who make money off war, social crises and fear; they are modern-day carpetbaggers.
Penny Leavy and Greg Hoglund are two such carpetbaggers. Incompetent but well-connected, they’ve scraped together a small fortune from prostituted security clearances and those in Washington who are willing to outsource government functions.
From my experience, what unites these carpetbaggers is their lack of ethics or concern for how their actions affect fellow citizens. They’re mindlessly loyal to whichever bureaucracy happens to be paying them at the moment, consequences be damned. If pressed, they’re good at logical contortions in support of their greed: somehow they’re never the bad guys in their own mind. Don’t believe me? Read Penny’s IRC chat.
That IRC chat shows how Penny Leavy et alia try to wriggle out of an embarrassing situation.
The IRC chat also explains why Palantir Technologies’ sales pitch to Bank of America focused on Glenn Greenwald and other media pros. The IRC blackmail chat shows that Anonymous’s only plan was to drum-up media exposure; they can’t agree on what they actually want from HP Gary.
Anonymous participants relied on these journalists (amongst others): Glenn Greenwald, Andy Greenberg (Forbes’ contact with Julian Assange), Parmy Olson (Forbes’ contact with Anonymous). Anonymous also counted heavily on CNN for media exposure– they had five different contacts there! Given that Anonymous member ‘+cOs’ claims to have given over 50 interviews to news outlets like The Guardian, NYT, AOLNews, CBS, and that Anonymous member ‘Baas’ rolls with ‘Swedish media’, it’s easy to understand why CIA-private-partnership Palantir Technologies would create a set of slides on Glenn Greenwald like the ones I wrote about in my previous post.
Back in 2011, Anonymous pundits had an awful lot of media-establishment friends who were willing to give the ‘hackers’ what they wanted: an audience. HP Gary understood those media connections and thought they could ride people like Glenn Greenwald to lifetime employment. Peeing on Glenn’s shoes is what ultimately brought HP Gary down a few months later and *interrupted* the gravy-train for Penny and Greg– but they’re already back in the saddle! (Check out that link. If you put your cursor over the Hoglunds’ headshots the pictures swizzle. That’s carpetbagger for ‘classy’!)
Washington D.C. may be evil, but it’s also entertaining…
PS. To my buddy, Hubri5: Paul Roberts isn’t talking about you in this ThreatPost.com article, is he?
In an interview with Forbes.com, a spokesman for BackTrace, who used the name Hubris, said the group “aims to put an end to Anonymous ‘in its current form.’” According to the article, BackTrace’s members have become disenchanted with Anonymous’s more strident, political activism – a change from the group’s roots as an anarchic prank-oriented collective whose biggest target had been the Florida based Church of Scientology. “Anonymous has never been about revolutions. It’s not about the betterment of mankind. It’s the Internet hate machine, or that’s what it’s supposed to be,” Hubris is quoted as saying.
How did you get to be wound up with Backtrace Security and this mess?! ‘Cause, I gotta say, Backtrace smells really bad…