The Battle For The Internet's Future

As the struggle intensifies between those who would limit access to information and those who believe the internet should remain entirely unregulated, the cyber war has gone offline: in bedrooms and boardrooms, in the streets, in court, even in prison, hackers, trolls and associated free speech activists are fighting against governments and corporations over the digital world’s greatest resource: data. Esquire went inside the Internet Underground – Anonymous, LulzSec and other groups of pranksters and protesters – to find that as the authorities harden their stance, the hackers are regrouping, wounded but defiant. And the battle has only just started.

On 10 July 2011, in a secret chat room in cyberspace, a 20-year-old hacker who calls himself Lolcat waits by his laptop for the stroke of midnight. He’s joined by 10 others, several of whom he’s hacked with before, though he only knows them by their tags – according to the group’s rules of operational security, they are not to meet, Skype, reveal real names or key biographical details. Some have voice-chatted and as a result, Lolcat reckons he can guess the age and hometown for four of them, and the country for two. But that’s about it. What he knows for certain, however, is that these hackers make headlines.

Advertisement - Continue Reading Below

Several members of Anonymous are here, as are some key members of LulzSec: the elite hacker group that had broken away from Anonymous earlier that year. And at this point, Anonymous and LulzSec could scarcely be more notorious. It’s as though WikiLeaks, which started in 2010, passed a baton to its anarchic cousins, and now no one’s safe.

Whether pulling pranks like hacking Google’s Hot Trends (the list of the US’s fastest-rising search terms) and placing a swastika at Number One, or stoking the Arab Spring revolutions by taking down Middle East government websites and releasing email addresses and passwords of government officials, Anonymous (tagline: “Expect us”) has managed to pique the powerful at a time when the spirit for protest is high, but the old methods, the chants and marches, feel stagnant.

More From Esquire

At this point, its targets included the Church of Scientology (for trying to force US gossip blog Gawker to take down some “crazy” footage of Tom Cruise); Visa, MasterCard and PayPal (for refusing to process donations to WikiLeaks); the CIA (just because); the governments of Tunisia, Egypt, Iran, Libya, Bahrain, Jordan, Morocco, Zimbabwe, Australia, Malaysia and Italy; and sundry other victims including the Arizona Police, the NHS and, more than once, Sony.

Tonight, they’re about to add Rupert Murdoch to the list, even though LulzSec officially retired the month before, on 26 June, after a blistering hacking spree, which it christened “50 Days of Lulz”. But then a vulnerability was discovered at News International and the temptation was too great.

It all started a week previously when one of their number – who may be as young as 17 – became enraged by the Milly Dowler scandal: the revelation that the News of the World [then published by News International], had been hacking into the voicemail of a 13-year-old Surrey girl who’d been abducted – and, it turned out, murdered – simply to break new stories about the case. He started looking for a way into sister paper The Sun.

“Just sailing around and poking at it,” is how Lolcat puts it.

“Then he found a Local File Inclusion bug,” he says, “but we had to wait till midnight for it to work. So I told [fellow LulzSec member] Topiary and we decided to pwn The Sun.” (Pwn, a tech and gaming term, means “perfectly own” or take complete control.)

A gang was assembled, 11 strong, and once the clock struck 12, the attack was on – a breach so easy that the 17-year-old performed it alone. Lolcat popped out for a cigarette and by the time he got back, they were in.

“First thing we did was build a ‘shell’,” he says. “That gives you basic control over a website and allows you to browse through files and execute commands via your web browser. Then we backdoored everything. It’s like if we went through the building rigging all the locks and leaving the windows open. So if one breach is found, at least there are 9,001 others.”

They couldn’t get root access – complete control of the site – because the passwords were too difficult to decrypt. So they tried a “local root exploit”: a piece of code that, from Lolcat’s description, is akin to using dynamite to blow a safe rather than cracking the combination.

“They sometimes work, but they can be dangerous, and often mess up,” he says. “In this case, it did. We crashed the whole server!”

So much for the stealthy operation – surely News International’s IT people cottoned on at this point?

“That’s what we thought. We were like, ‘Shit! It’s all over’. But it was hilarious – the admins just rebooted it and restored our shell. So our backdoors were still in effect!”

As they rummaged, they discussed what kind of mischief they could make. “I thought a fake story where the Queen’s corgis were kidnapped would be funny,” Lolcat says. “I also sketched up a deface [mocked-up page] for the News of the World a comic strip that explained how to hack voicemail. But Murdoch’s suicide was the winner. That was Topiary’s idea.”

Topiary is the group’s writer and publicist of sorts: the one who coined the name “LulzSec” and has since written all the press releases and built the Twitter page with over 340,000 followers. While others do the hacking, Topiary’s role is more “front office” – he creates the sensation and builds the brand. More than anyone, he gives the group its outlaw personality, that of a band of fuck-you pirates on the cyberseas, wreaking merry havoc as they go.

When the American public broadcasting giant PBS ran a critical story about Julian Assange, it was Topiary who wrote the article that appeared on the PBS site: “Tupac Alive and Well and Living in New Zealand”. It was Topiary who designed the group’s logo – crude, retro computer art of a pirate ship, The Lulz Boat, with a banner reading “Set Sail For Fail!” And when LulzSec hit an FBI-affiliated cybersecurity firm called Unveillance – following Nato’s claim that hacking could constitute an act of war – it was Topiary who named the release “Fuck FBI Friday”, ending it with the challenge: “We accept your threats, Nato. Game on, losers. Now we are all sons of bitches.”

More From Esquire
Advertisement - Continue Reading Below

He later explained the reference: “Someone said, ‘Now we are all sons of bitches’ to Robert Oppenheimer after the first atomic bomb went off. I was referencing our cyber atomic bomb as causing the end of the world.”

For Topiary, the enterprise was a piece of hacking art. “LulzSec, to me, was a character in a play,” he wrote. “It was a challenging acting role, a sea-savvy pirate theme. A way of expressing energy through the artful spreading of illicit cybermaterial.”

The Murdoch suicide story may be Topiary’s finest moment, for the timing alone. They broke into The Sun on 10 July, spent a week digging around the website undetected, and then planted the story two days before Murdoch faced a humbling parliamentary committee on Tuesday 19 July. So, first thing on Monday morning, visitors to thesun.co.uk were greeted with: “Media Mogul’s Body Discovered… [Rupert] Murdoch, aged 80, has [sic] said to have ingested a large quantity of palladium before stumbling into his famous topiary garden last night…” (Palladium is the hacker who inserted Topiary’s story.)

More From Esquire

“Call it a heist, but we didn’t steal anything,” Lolcat says, laughing. “Apart from Murdoch’s dignity!”

The arrests began the next day. Murdoch’s embarrassment proved something of a watershed for Anonymous and its offshoots. To date, almost every member of LulzSec has been arrested and convicted, as have scores of Anons on both sides of the Atlantic. And the way in which it happened revealed not only the true nature of the movement, but also the determination of the authorities, who have asserted control to such a degree that, in the US at least, the freedom of the internet itself may be at stake.

The first sting was on 19 July 2011, a coordinated effort by the FBI and Scotland Yard – since both American and UK targets had been hit. In the US, 16 Anons were arrested, largely in connection with the hack of PayPal. And in south London, the first member of LulzSec was brought in – a quietly adept hacker named Tflow, who turned out to be 16-year-old student Mustafa Al-Bassam.

Jake Davis, aka Topiary, helped craft Lulzsec's rebel image on the internet. At the time, he was 18 and worked in a petrol station in the Shetland Isles

A week later, plain clothes police descended upon a small home in Lerwick, in the Shetland Isles, to arrest Topiary, aka Jake Davis, an 18-year-old with a lazy eye who lived alone. He was a revolutionary online, but by day he worked part-time at a petrol station, just about getting by.

Then on 6 March 2012, another devastating transatlantic sweep: this  time also involving Irish law enforcement, who were investigating Anonymous’ attack on the political party Fine Gael. Pwnsauce and Palladium were arrested – aka Darren Martyn (25), a student from Galway who ran a non-profit web security firm, and Donncha O’Cearrbhail (19), a student at Trinity College Dublin. LulzSec’s most skilled hacker, Kayla – arrested in South Yorkshire – turned out to be not a 16-year-old girl as his persona suggested, but a 25-year-old former soldier in the British army named Ryan Ackroyd. (His younger sister was called Kayleigh.)

Meanwhile, the day before, the FBI struck twice. In Chicago, agents arrested a hacker named Anarchaos, aka Jeremy Hammond, 26, an old-school anarchist with a police record, and in Dallas, the home of a journalist named Barrett Brown was raided.

Brown, 30, was arrested in September and currently awaits sentencing. Hammond, was recently sentenced to 10 years. The name that rang out that day, however, was “Sabu”.

A 27-year-old Puerto Rican programmer from New York’s Lower East Side – whose real name is Hector Xavier Monsegur – Sabu was widely considered LulzSec’s leader and yet the FBI revealed that he’d been working with them for almost a year. He’d been arrested on 7 June 2011, a month before The Sun hack. By the 28th, he was an informant.

***

Right now, there’s a war between the authorities and what one might call the Internet Underground. The former are the traditional forces of government and big business – the centres of power, the pillars of the status quo. The latter is an unruly sprawl of rebels and disruptors who have been unleashed by the possibilities of our online age.

Some of these rebels we know – public figures like Julian Assange, Edward Snowden and Chelsea (formerly Bradley) Manning, whose leaks have reshaped global politics. But they’re outliers: at one extreme of a spectrum. At the other end is the seedbed from which Snowden and his ilk sprang, the ferment of internet culture where the Underground is still very much underground.

Many are traditional hackers – that is, they break into systems and manipulate them to a new purpose. Others are dedicated trolls who manipulate people online and whip them up into a state. But distinctions in this world are seldom neat – many hackers are trolls, and vice versa, and so it goes for the others that swim along with them: the anarchists, punks, political firebrands and whistleblowers.

One thing they all share, however – perhaps the only thing – is a belief in free speech and the free exchange of information online. Any perceived encroachments upon these freedoms, and the Underground retaliates. And from 2009 to 2011, its activities went  more or less unanswered. Not anymore, though. The conflict has taken a sobering turn.

It’s fitting that The Sun hack was so pivotal in the Anonymous story. It captures the spirit of the hacktivist underground perfectly. It was both a hack and a troll, and a piece of political theatre all at once: a prank executed not for profit, but for the lulz – the laughs. And lulz is a core concept for internet culture, albeit a misunderstood one. While “lol” is benign, “lulz” is subversive and often cruel: it requires a victim. It’s the cackle of the troll who delights in the torment of others. Schadenfreude with bells on.

The academic and internet anthropologist Gabriella Coleman describes it as “a deviant, dark species of humour which embodies the pleasures of transgression”.

More From Esquire
Advertisement - Continue Reading Below

But Encyclopedia Dramatica, an online compendium of lulz, says it best: “Lulz is engaged in by internet users who have witnessed one major environmental/economic/political disaster too many, and who thus view a state of voluntary, gleeful sociopathy over the world’s current apocalyptic state, as superior to being continually emo.”

Anonymous was born of lulz. Though it has since evolved into a serious protest movement with brazenly populist aspirations – if it’s not exposing corporate and state corruption, it’s rallying to some hot-button public outrage like child porn or the Westboro Baptist Church, the Kansas church known for its anti-gay protests – the group emerged from the aggressively juvenile website 4chan, a series of image boards, on which anonymity is mandatory. The most famous board is known as “/b”, for “random” subjects – aficionados are known as b-tards.

More From Esquire

It’s where lolcats came from (photos of cats overlaid with faux-naïf, sans serif captions; most famously “I Can Has Cheezburger”) and rickrolling (the craze for tricking people into clicking on a seemingly pertinent link, one that actually sent them to the video for “Never Gonna Give You Up” by Rick Astley).

Anonymous is so steeped in lulz that back in the old days – all of two years ago now – worthy, political Anons were decried as “moralfags” specifically for their lack of lulz. This was partly why LulzSec was formed – to restore Anonymous’ troll spirit.

Since The Sun hack, however, the  moralfags are firmly in the ascendant. In these serious times, the lulz have largely left the building, just another casualty of war.

 

Sabu’s treachery not only hurt the group by putting Anons behind bars, it also wounded Anonymous’ idea of itself. And at its heart, this is what Anonymous is: an idea.

Prior to the arrests, I chatted with Anons in the IRC chatrooms where they hung out (Internet Relay Chat is a social networking protocol that allows for live group conferencing, all the messages appearing in a long streaming conversation). They would insist that this was a leaderless and populist movement, without a hierarchy, and yet we now know that a small cadre of hackers led by Sabu did most of the damage.

They’d also describe the classic Anonymous attack – the distributed denial of service attack or DDoS (“dee-doss”) – as the ultimate manifestation of the group’s hivemind nature. It made for a convincing story.

DDoSing involves tethering many computers together into a “botnet” and using them to send thousands of small packets of information to a server until it is overwhelmed, and shuts down. Anons would volunteer their computers for these attacks using a program called a Low Orbit Ion Cannon (LOIC), in the belief that they were joining the good fight (as opposed to just appearing on the FBI’s radar).

But we’ve since learned that the biggest DDoS attacks were largely the work of one or two individuals who had already built up illicit botnets of their own over the years by using viruses to harness computers without the owners’ knowledge. (Ryan Cleary, then 19, from Essex, was one such operator – his botnet comprised over 100,000 computers, and he’d rent it out to spam operators and phishing sites. He offered it to Anonymous as a way of gaining influence in the group.)

We also know that despite its lulzy roots, Anonymous wasn’t nearly as much fun on the inside. Chatting to me over Skype last September, Davis (Topiary) recalled feeling relieved on the day of his arrest.

“I  wasn’t having a very pleasant time online and it was nice to be thrown out of it for a while,” he said. He’d been half-expecting a visit from the law, anyway. Even though he used long, randomized passwords (over 50 characters, alphanumeric), he wasn’t as security-cautious as other members. “It’s not my world at all, this ‘cyber security’ or ‘policing’ system. I’m just some artsy, lefty nerd that’s been dragged through it all.”

On 14 May 2013, Davis was sentenced to 24 months. But he was credited for wearing an electronic tag prior to sentencing, so his jail time actually only amounted to 37 days.

Now he lives in north London and is working with a marketing company and writing a book based on his prison diary. He’s back on Twitter and appears to be enjoying the notoriety he acquired as Topiary. But he doesn’t speak fondly of the old days.

“There’s nothing stimulating about waking up to 500 emails claiming they’ve found your identity and would eat your children, 500 emails praising you for things that you weren’t too proud of, and 500 emails asking you to get involved with 500 more things you’d probably regret later,” he says. His cocksure persona was an act. In truth, he was an isolated kid on a bleak, windswept island where he found school so miserable he left at 13 – the other kids teased him for his lazy eye. The internet was a place where he could swagger. In fact, swaggering was compulsory.

“My persona was a prankster, on top of the world. But you can’t turn around while under that persona and say ‘this inconsistent pseudo-political mumbo-jumbo has deviated greatly from its original promise to simply defend one’s personal freedoms’. Because this is the internet. You have to be a badass on the internet at all times. Or at least that’s what people think and accept,” Davis says.

And yet he holds onto that badass persona today, just a bit. His Twitter account bubbles over with wit and sarcasm as he mocks David Cameron, GCHQ and the surveillance state. It’s as though he misses Topiary. But what about the others? Did Sabu’s betrayal hurt?

“I don’t particularly care either way, and I didn’t care on the day I learned about it,” he says. “I’ve never met him, and I don’t feel emotion towards text in a chatroom.”

More From Esquire
Advertisement - Continue Reading Below

It’s a strikingly cold response, but not unusual given the culture of Anonymous, a world of acute paranoia, rife with spats and squabbles – the perfect conditions to produce a snitch. In fact, with hindsight, it’s surprising that Sabu didn’t switch sides earlier. Three months earlier, to be precise. Because that was when he was publicly “doxed” (outed) by an ex-Anon from Michigan, Jennifer Emick (“Asherah”), a researcher who’d teamed up with another like-minded individual, Jin Soo Byun (“Hubris”), to form a partnership called Backtrace Security.

I met Emick in 2011 at DefCon, a hacker convention in Las Vegas. A mumsy figure in her late twenties, she had turned on the group following its first major operation in 2008, attacking the Church of Scientology. That day, she was giving a talk entitled “Anonymous Cyber War”, about how Anonymous is a mob of bullies and thieves who sell information and destroy innocent reputations. But the crowd wasn’t having it. A room full of men in black T-shirts and utility kilts were shouting down her allegations of boorish behaviour, oblivious to the irony. “Show us your tits!” they yelled.

More From Esquire

Emick told me why she turned. Apparently, she’d objected when “the leaders” instructed members to shun a certain person, so the group turned on her.

“They used my name on every forum on the internet to say ‘I hate niggers,’” she said. “They put my picture in all kinds of porn. You name it. And if anyone protested, they went after them, too. They impersonated one guy and went onto children’s cartoon forums and made sexual remarks to little girls. Then they called his wife and said, ‘Your husband is a paedophile, look at the comments he’s making’.”

Emick doesn’t explicitly say who “they” are, but a Twitter handle attributed to her, @fakegregghoush, offers a clue. Gregg Housh is an affable SEO specialist from Boston, who has been one of Anonymous’ key contacts for the media. Naturally, Housh denies her charges, calling her “utterly discredited”, and citing the time in March 2011 when she provided a list of more than 80 names of alleged Anons to journalists. Much of the information was wrong – she’d put many innocent people onto the FBI’s radar.

But at least one of those names was right. She even located Sabu on New York’s Lower East Side. The FBI didn’t cotton on, however, until Sabu himself slipped up, months later, on 7 June 2011 when he accidentally logged into an Anonymous chat forum without using the Tor system, which masks his data connections. Hours later, two FBI agents were in his apartment offering him a stark choice: either face a potential 124-year sentence or become a snitch.

Hector Xavier Monsegur, aka Sabu, was known as the leader of LulzSec. After being arrested in June 2011, he became an FBI informant

Sabu is a hated figure among Anons today. But consider his predicament at this point. His mother had deserted him as a boy and his father and aunt were heroin dealers, in and out of prison all through his youth. So his grandmother raised him, along with his two nieces, until she died in 2010, leaving Sabu to raise the girls himself.

He couldn’t support all three of them on his income, so he started selling weed and hacking for profit, even exploiting stolen credit card numbers. Life was already a matter of survival for Sabu by the time the FBI showed up. And since he couldn’t afford bail, the facts were simple – if he wanted to fight this case, he’d have to condemn his nieces to foster care.

Still, he took to his new role with alacrity. Sabu made a first-class grass. He had the clout to lure in other Anons, and the skills of what hackers call “social engineering” – the art of adopting a new online personality to manipulate others. It also suited his personality.

While Davis was more of a lulz guy, Sabu was always the loudest and angriest of Anons, inflaming the younger members to fight the power. For Sabu, power was part of the appeal of hacking. And now here he was, working for the FBI.

When LulzSec fell apart, Sabu formed AntiSec, a new group that served as a honeypot to lure hackers into informing him of leaks and vulnerabilities. According to Forbes journalist Parmy Olson’s 2013 book We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency, an assistant district attorney estimates that he helped to plug 150 holes in computer systems this way. It’s also believed that at one point, Sabu almost sold WikiLeaks some hacked emails that would have helped the government’s case against Julian Assange.

However, Sabu’s most notorious achievement involved the hack of a Texas-based private security firm called Strategic Forecasting (Stratfor): the crime Jeremy Hammond was convicted of and began a 10-year sentence for last November. But Hammond’s supporters believe – and they are many; the Free Jeremy campaign snowballed in the run-up to his sentencing – that Sabu was engaged in entrapment.

The California attorney Jay Leiderman, who has represented several Anons, explains it this way: “All the information that I’ve been privy to was that the FBI was creating and importuning criminality and suggesting targets. Via Sabu they were… getting people to do things that they weren’t otherwise willing or able to do.”

This isn’t conjecture. By the prosecution’s own account, Hammond knew nothing of Stratfor’s vulnerability until Sabu told him about it. Another hacker had approached Sabu to say that he’d gained initial access to the company’s servers, so Sabu invited him to share his information with more skilled hackers like Hammond. And when Hammond decided to continue the job, the FBI (through Sabu) merely looked on rather than prevent the crime, allowing him to acquire 60,000 credit card numbers, 5.2 million emails and several gigabytes of documents, all of which he stored on servers that Sabu provided.

Hammond defaced the Stratfor website with the announcement that he’d used the credit cards to donate $1 million to charity (the FBI confirmed $700,000 in charges). And all of the hacked documents were then leaked to WikiLeaks, making it the first time that Anonymous and WikiLeaks have collaborated.

More From Esquire
Advertisement - Continue Reading Below

At his sentencing, Hammond revealed that Stratfor was just the start – that Sabu kept feeding him with fresh vulnerabilities, always insisting that he upload whatever information he hacked onto the same FBI-monitored server. He claimed that the targets included “several foreign government websites… Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan and others.” The websites he recalled included that of the Governor of Puerto Rico, the Crown Prince of Kuwait, and the Internal Affairs Division of the Military Police of Brazil, among others.

The specific countries aren’t mentioned in the court record because the Judge, Loretta Preska, demanded that they be redacted. But the list was widely reported anyway, as was Preska’s own apparent conflict of interest — her husband, a lawyer, was a victim of the Stratfor hack (his email and password were exposed). The National Lawyers Guild filed a motion requesting she recuse herself, but she refused. Instead, she handed Hammond the maximum possible sentence and opined about a “need for adequate public deterrence”.

More From Esquire

There’s little doubt where the power lies between the hacktivists and the authorities at present. Given all the arrests and lengthy sentences, the concern is now that the state has gone too far – the phrase that’s often heard is “prosecutorial overreach”. But this is more of an American problem. In the UK, most of the convicted Anons are either free or well on their way.

Topiary is out; Kayla (Ryan Ackroyd) will likely only serve 15 months; Tflow (Mustafa Al-Bassam) was given a suspended sentence as a minor; and the two Irish hackers were spared prison, although they were fined €5,000 each.

Jeremy Hammond got 10 years for hacking security firm Stratfor

In the US, however, it’s a different story. Hammond’s sentence is longer than that received by the four English LulzSec members put together. And already this overreach has created a martyr in Aaron Swartz, a prodigy who co-created the enormously popular social entertainment website Reddit, the web feed technology RSS and Creative Commons, an organisation that allows for the free and legal sharing of creative content.

Swartz’s crime was to leak academic papers from the network at the Massachusetts Institute of Technology (MIT), known as JSTOR, in the belief that information should be free. Neither MIT nor JSTOR custodians wished to file charges, but the federal government prosecuted him anyway, threatening him with 35 years unless he pleaded guilty and accepted six months. Swartz committed suicide before trial, aged 26.

Now all eyes are on Barrett Brown, the new face of American judicial severity. One of hacktivism’s more eccentric figures, Brown is a heroin user from a wealthy district in Dallas, who works more as a reporter than a hacker.

Today, he is awaiting trial in jail, where he writes occasional articles for Vice magazine. And like Hammond, Brown’s crime also relates to the Stratfor hack – he posted a link to the uploaded documents in a chat room and encouraged others to read them. This is the most serious of the 17 counts with which he is charged, and yet, the proposed punishment if he’s found guilty, is extraordinary: Brown could face 105 years.

“Barrett’s crime is hard to discern,” says Hanni Fakhoury, an attorney at the Electronic Frontier Foundation, an advocacy group which campaigns for digital rights. “He didn’t hack or leak anything – he posted a link to documents that had already been hacked and leaked. And the Supreme Court has established there’s a first amendment protection to disclosing information that you obtained legally, even if the person you obtained it from obtained it illegally.”

So why are there so many outlandish sentences? “There’s a hacker scare,” Fakhoury says. “It’s like Reefer Madness. And these hacktivists are political. In the old days, hacking was a crime of profit. Now it’s ideas. Anonymous opened the floodgates by providing people with a model for disrupting and challenging political power. And I think there’s a real fear that the chaos of the internet, the vigilantism almost, could expose corporate and governmental wrongdoing.”

The fear is well-founded. Whistleblowers like Chelsea Manning and Edward Snowden have already exposed many of the sins of empire – war crimes, mass surveillance programmes and the seamless collusion between government and corporate power. And Anonymous poses a similar threat, as Barrett Brown well knows.

When Anonymous hacked the private security firm HBGary in 2011, it was Brown’s group Project PM that combed through the information. Among its discoveries was the CEO Aaron Barr’s offer to covertly discredit the pro-WikiLeaks journalist Glenn Greenwald on behalf of the Bank of America.

Barr was forced to resign as a result, and for a while there were even calls for a congressional investigation (though that never transpired). And now the Stratfor hack is proving to be even more damaging – it has revealed that Dow Chemical monitors Bhopal activists, Coca-Cola monitors Peta, and, most damning of all, there was yet another plan by a private security firm to covertly target an individual member of the press.

The journalist Alexa O’Brien was involved with a movement called Days of Rage, which advocated for campaign finance reform during the Occupy Wall Street protests. Emails show that Stratfor actively tried to connect Days of Rage with al-Qaeda – specifically, “any Saudi or other fundamentalist Islamic movements” – presumably to subject the non-violent democratic movement to anti-terrorism statutes.

“The judiciary does nothing to respond to those crimes,” says Chris Hedges, a Pulitzer-prize-winning journalist, and the author of the 2003 book War is a Force That Gives Us Meaning. “And yet it delivers draconian sentences to Hammond, Manning and Brown. And it’s because the corporate state is frightened. It’s lashing out like a wounded animal. This is what totalitarian systems do when they lose credibility. They overreact.”

More From Esquire
Advertisement - Continue Reading Below

There is, however, a more prosaic reason for the heavy sentences: the legislation is simply out of date. In the US, the Computer Fraud and Abuse Act (CFAA), with its severe sentencing guidelines, was drafted in 1986, when the first hacker scare swept the nation, inspired in-part by the film WarGames starring Matthew Broderick.

If this law were updated, it would be something, a window of progress in an otherwise bleak picture. And on this front, at least, there may be hope, albeit from an unlikely source. I met that unlikely source in March last year – bragging on a chilly rooftop in Jersey City.

More From Esquire

***

“I’ve been in plenty of prisons already,” he says. “Like in Jalisco [Mexico], fucking Hyderabad, India, I’ve been in the Federal Transfer Center in Oklahoma, multiple county jails for various drunk and disorderlies. I told a cop to ‘Suck my dick!’”

Known as Weev online, Andrew Auernheimer, 27, is the internet’s most notorious troll. A short and stocky man with a black hoodie, red beard and glasses, he gives the impression of a Marxist agitator, or in his words, “a fucking prophet” – angry, loud and ferociously intelligent. In a day’s time, he’ll be jailed for 41 months. And so a handful of supporters have come to share his last day of freedom with him. But for Weev, it’s all about the appeal – whichever way it goes, it will be a legal milestone in the US. Because Weev’s case attacks the CFAA more robustly than ever before.

“In [the Federal Transfer Center in] Oklahoma, this US Marshal was accusing me of faking a limp, so I said, ‘Dude, why do you have to be such a prick about it? Is it because your wife gets a train run on her [is gang-raped] by niggers every time you leave town? And every prisoner in earshot starts uproariously laughing.” He’s laughing uproariously himself now, a cartoonish yucking laugh. “So he punches me, then I go down. Then he kicks me, and three other US Marshals join in. It was pretty funny!”

No one else is laughing. There are a few polite smiles, but this is a polite crowd, broadly liberal – there’s an Occupy Wall Street activist, a prankster who drives a fake WikiLeaks news truck, a couple of other “internet freedom” activists and a documentary crew from LA. Not people who use the word “nigger” quite so freely, or who sit in New York restaurants, as Auernheimer did last night, just a couple of blocks from Wall Street, railing angrily against the Jews for looting the economy and controlling the media.

But this is Weev’s thing – he offends people and torments polite society. At a time when lulz looks to be on its last legs, Weev is a reprieve. He’s known for trolling Amazon (where he got dozens of gay and lesbian books pulled after issuing complaints they were pornographic), for assailing users of the blogging platform LiveJournal, and now – the case that will properly land him in prison – for trolling the phone company AT&T.

Like many trolls, he loves the word “nigger” for its power to offend. He’s especially proud of his presidency of a trolling group called the Gay Niggers Association of America (GNAA) – his mission, he says, was to “spread faggotry and niggertude across the planet”. And today, he’s exacerbating the unease by defending the scientist James Watson, who posited that black people have lower IQs. “That’s just fact,” he says. “The IQ distribution of blacks is very fucking clear. I can show you the scatter plot of the data.”

It goes quiet, then someone mentions it really is a bit cold up here, so one by one we head downstairs into the loft apartment where, soon enough, Weev’s “going to jail” party will get underway. The plan is to stay up all night and march to the courthouse in the morning. The guests are just starting to arrive.

Weev, aka Andrew Auernheimer, was named by Gawker as a "reviled master troll." He is currently in prison for exposing a security flaw in US telephone giant AT&T

As you read this, Weev is in prison in Pennsylvania, spending much of his time in “administrative segregation” (a version of solitary confinement). But his days there may be numbered. He has a dream team for his appeal, all working pro-bono. Victory would make him the internet’s Larry Flynt, strengthening our online freedoms, just as Flynt strengthened freedom of speech.

Like Flynt, Weev is polarising, coarse and, frankly, hard to champion. He’s also defiantly working class, “from a trailer park in Arkansas”, as he keeps saying – the kind of guy who fights in bars and takes ketamine and likes to show off about it. But stretching the limits of a free society isn’t for everyone – it may take a certain type of character to endure the long haul of court battles and brickbats without buckling. A certain surliness might be useful as might a sense of destiny or mission, a fanatic’s willingness to lose it all for the cause. In any case, Weev seems ready and unafraid. For a dedicated troll and provocateur, this case is unquestionably the highlight of his career.

It all started in May 2010 when his small, independent computer security firm, Goatse Security – which grew out of the GNAA – discovered that AT&T had inadvertently left the email addresses of its iPad subscribers exposed on a website.

His colleague, Daniel Spitler, 28, found that by inserting the correct URL – containing the serial number of the SIM card on the iPad – the site would reveal the user’s email address. So he wrote some basic code, called an “account slurper”, to harvest roughly 120,000 of these addresses, including those of some of iPad’s high-powered early adopters like New York Mayor Michael Bloomberg and the US TV news anchorwoman Diane Sawyer. Auernheimer sent the addresses to the media website Gawker, which duly reported that Goatse Security had discovered AT&T’s leak.

More From Esquire
Advertisement - Continue Reading Below

For Weev, this was pure lulz. He’d not only exposed AT&T’s lax security, but he’d got thousands of people to google the word “Goatse” – which comes from an internet meme of a man stretching his anus open with both hands. As he told The Huffington Post, “I made Goatse an inexorable part of AT&T’s corporate history by revealing a series of flaws in their infrastructure under the name Goatse Security – motto, of course: gaping holes exposed.”

Six months later, however, the FBI arrived, guns drawn. Spitler was arrested in Newark, and Auernheimer at his home in Fayetteville, Arkansas. Both were charged, but while Spitler pleaded guilty, Auernheimer resolved to fight.

More From Esquire

At his trial in November 2012, prosecutors produced chat logs that indicated his motivation was to humiliate AT&T and even profit by shorting the company’s stock. No stock was shorted and Auernheimer insists the logs were completely fabricated, but prosecutors won the day – they made so much of his toxic reputation as a troll, his presidency of the GNAA, and his unrepentant attitude, that, sure enough, the jury found him guilty.

“What Weev did was normal computer behaviour,” says Tor Ekeland, Weev’s Brooklyn-based defence attorney. “You’re talking about typing in a URL and accessing a publicly available server that’s not password protected – and that’s a fucking felony?”

No matter how offensive Auernheimer’s rhetoric may be, the fact is he didn’t hack anything, or profit from it. He didn’t publish the emails he found, or even keep them, he just sent them to Gawker as proof of the breach.

It’s arguable that he provided a public service – in fact, the consumer technology website TechCrunch awarded Goatse Security a special one-off Crunchie (the Crunchies being an annual awards hosted by a group of technology blogs) for exactly that. But at trial, AT&T argued that Auernheimer still took information that didn’t belong to him, even though it was unprotected. It claimed costs of over $73,000, incurred in informing its customers of the “breach”.

“The government’s argument was, ‘Just because the bank vault door is open doesn’t mean you can go in and steal all the gold bars’,” Ekeland says. “But these physical analogies are bullshit. That’s not how computers work. If anything it’s more like me reading the address off the side of your house when I’m walking down a public street. But the courts don’t see it because there’s a generation gap – a lot of judges don’t understand computers. They weren’t raised with them.”

If the government wins, the implications are grim. “It destroys the incentives for security on both sides,” Ekeland says. “Companies will be free to put out allegedly confidential information for everyone to find without being responsible for it. And who in their right mind would go and report a security flaw after that? Just typing in the wrong URL could land you in prison.”

An Auernheimer victory, on the other hand, would clarify what “unauthorised access” means and constrain the CFAA. It would also complete the ridicule of a major corporation by one of the internet’s cockiest mischief-makers. In the Sixties, Abbie Hoffman was the protest movement’s prankster-in-chief. He, too, mocked the powerful, whether throwing dollars on the floor of the Stock Exchange to watch the traders scramble for them, or securing an official permit to levitate the Pentagon using the psychic energy of a huge crowd of protesters (the permit allowed levitation by 3ft, but no more).

Weev isn’t nearly as artful or theatrical, but for those who are fighting for a free internet, he is similarly fearless. And this may be the greatest threat he poses.

“Weev showed you could mess with them, these giant corporations,” says Peter Ludlow, a philosophy professor from Northwestern University who writes regularly about cyberspace. “As the American empire becomes more concerned that it’s starting to unravel, it’s clamping down on anyone that pierces the veil of invulnerability. It’s about image. And the thing about Weev is, he doesn’t look afraid. Sometimes people need to see that.”

Certainly, for the entire weekend before his sentencing, Auernheimer seems full of confidence. Sitting on a sofa, waiting for the party to start, he grins and says, “Dude, just imagine if the CFAA gets flipped at the Supreme Court and I get to walk out and raise my fist and say, ‘Let’s hack everything!’ Because there’ll be no fucking law!”

It’s that laugh. Yuck yuck yuck.

***

Two days earlier, I’m at a restaurant with Auernheimer and his friend Jaime Cochrane, who is a softly spoken transgender troll from the group Rustle League, so-called because “that’s what trolling is, it’s rustling people’s jimmies”. They’re explaining to me their version of what trolls do.

“It’s not bullying,” says Cochrane. “It’s satirical performance art.” Cyberbullies who drive teenagers to suicide have crossed the line. However, trolling is the more high-minded business of what Cochrane calls “aggressive rhetoric”, a tradition that goes back to Socrates, Jesus and the trickster god Loki, from Norse mythology. Auernheimer likens himself to Shakespeare’s Puck. Cochrane aspires to Lenny Bruce and Andy Kaufman. They talk of culture jamming, the art of disrupting the status quo to make people think. They talk of Abbie Hoffman.

“I try to provoke people into revealing their true nature,” Cochrane says. “I went on an Australian TV show about cyberbullying, and just by appearing as a troll, I got people to react with so much vitriol that, in the comments section on the website, they became exactly what they said they hated.”

More From Esquire
Advertisement - Continue Reading Below

Auernheimer’s style is more abrasive and technical. He likes to hack things. So the highlights of his trolling career are mostly of interest to that limited demographic who can appreciate the beauty of, say, a parse tree differential attack. For instance, in the case of Amazon in 2009, he wrote the aforementioned script that isolated gay and lesbian titles and then persuaded thousands of strangers to click on a link that would register a complaint, so that the titles were ultimately removed.

The following year, as the president of the GNAA, he wrote a script that tricked members of an IRC chat room network called Freenode into banning themselves from their own network – which is hilarious, says Cochrane, because “Freenode is full of butthurt faggots”.

More From Esquire

It all sounds a bit marginal, a bit in-the-bubble. It seems the AT&T scandal was his first breakthrough hit, as it were. In fact, the GNAA became more relevant after Weev left in 2011. During Hurricane Sandy, it faked the Twitter story #SandyLootCrew: a series of twitpics of black people stealing TVs and even cats – the Daily Mail fell for that one. The Mail also fell for the GNAA’s #cutforbieber hoax, asking fans to show their love for Justin by cutting themselves. Weev’s pranks never made Mail headlines.

But Auernheimer doesn’t see himself as marginal – he believes he’s rescuing western civilisation. “Read up on Eris, the goddess of discord,” he instructs. “She brings ironic punishment to people who think they’re better than they are.” Wasn’t that Nemesis? “It’s always a tale of hubris. Read the Principia Discordia. What I do is bring discomfort to people’s comfort zones. And that’s what we need. Because western culture is sick. It’s diseased.” (Incidentally, the authors of Principia Discordia would have enjoyed the fact that “Hubris” was also one of the hackers who doxed his peers.)

His rationale is that we’re too coddled and we need to toughen up. So trolls can help us develop callouses, the way hack attacks can strengthen security systems. But where are the lines drawn? Just as graffiti spans the spectrum from Banksy to a penis scrawled on a toilet stall wall, trolling, too, goes from Swiftian satire to plain abuse. It’s not clear whether anyone, much less Auernheimer, knows what separates the two.

I tell him his lofty rhetoric doesn’t jive with the common perception of trolls as people who say “you’re ugly” on a comment thread, just to sit back and laugh at the reaction. That example comes from a speech Auernheimer gave in 2006 with a hacker called Mischa Spiegelmock who explained how to send exactly this message to large numbers of random AOL instant messenger users.

“People have these long conversations [posting angry replies to being called ‘ugly’]: they go on for hours,” said Spiegelmock. “It’s really funny to read.”

Auernheimer sees nothing wrong with it. I tell him that it’s cowardly, this kind of behaviour, that it can only take place online because in person it would be unacceptable.

“No, it wouldn’t,” he says.

What, so if a stranger approached you and insulted you…

“That’s his fucking right as an American! It’s perfectly acceptable to walk up to someone and call them a faggot or a nigger or a kike. People should learn to be confronted with words they don’t like. We have a first fucking amendment in this country. We protect words that hurt. And if you don’t like it, get the fuck out of my country.”

What about civil society? I ask him.

“This is where civil society has got us – the collapse of the dollar and the transformation of America into a third-world country. Civil society is the end of civilisation. We have to do away with it,” Auernheimer says.

And off he goes on a rant, making the traditional apocalyptic plea of the far right: we’re all doomed unless we revert to the values that made the US great, a classical education and the Darwinian realities of the market. Abolish the nanny state. Teach the western canon in schools. “We’re literally trying to bring back The Enlightenment,” he says, forgetting what he said about hubris earlier.

“I call him the troll’s troll,” says Gabriella Coleman, the internet anthropologist. “He’s so extreme that even other trolls are disgusted by him, or they’re not sure if he’s being serious. In a world of extremity, Weev wants to be the most extreme of all. That’s why he’s so interesting.”

For instance, in 2007 he came to believe that Kathy Sierra, an author and  programmer, was using a piece of legislation called DMCA (the Digital Millennium Copyright Act) to take down the blogs of anyone negatively criticising her books.

To Auernheimer, this was a suppression of speech, pure and simple. And, as he reminds me, “If you suppress free speech, the internet has defence mechanisms to make sure you get punished. It’s entirely reasonable. In fact, it’s healthy.”

So he wrote an essay about her, calling her a prostitute, and memorably, a “cockholster chugged full of cum”, and then revealed her address and social security number. She’d already been getting threats (though none from Auernheimer). Now that her attackers knew where she lived, she signed off the web, left the tech industry and even fled her home. Auernheimer concluded his message with: “It has been an honour welcoming you to the internet, Kathy.”

This is the internet culture that spawned Auernheimer – not the playful b/ boards at 4chan so much as the darker, lulzy swamp of Encyclopedia Dramatica, where free speech fundamentalism reigns, and where offence is a fence to keep the sensitive out.

That’s partly what the racism is about, and the gross-out memes like Goatse, Funnelgirl, Tubgirl, and other images you can’t unsee, images that Auernheimer was yucking over on Saturday night, the day before his leaving party, at dinner no less. There’s a punk rock value to these antics, though, says Coleman. “Tricksters push the envelope of what’s morally acceptable and so revitalise culture,” she says.

More From Esquire
Advertisement - Continue Reading Below

But it’s an ugly world to inhabit, all that Goatse and racism. And it begs the question: at what point does the relentless use of racist language cease being satire and become actual racism?

“I’m not a bigot,” Auernheimer tells me, in a quieter moment. He says he uses the N-word to rattle those “who want the appearance of propriety but don’t care about actual discrimination.” And he’s not an anti-Semite because “I have Jewish friends. I’ve loved Jewish women.” He just attacks Jews because they’re the ones in charge. “They run everything! And they want to be a protected class that nobody can say anything about.”

More From Esquire

Which was why he showed up at Occupy Wall Street with a sign that read “Zionist Pigs Rob Us All”. It created an almighty ruckus. “Occupy were totally split – half were like, ‘Free Palestine’, and the other half were like, ‘No, he hates Jews, he’s terrible!’ The trolling was beautiful!” Yuck yuck yuck.

***

When I first called Auernheimer, it was a couple of weeks before his leaving party. He said he’d been taking ketamine and was “coming out of a K-hole” (he planned to see opera on acid soon). He talked about his recent conversion to Mormonism. It was hard to see how these things go together. But then, fact and fiction aren’t easily separated with Auernheimer.

He tells me that he’s working with a hacker group that owns a plane “for radio frequency work”; that he got high off cobra bites in Delhi; that a hot female FBI agent tried to seduce him into talking about Mao Zedong. But it’s all so unverifiable; he could well be trolling me.

What I can piece together is this: he grew up in Fayetteville, Arkansas, the son of two church-going parents, now estate agents in Virginia, whom he hasn’t spoken to since 2006. Prodigiously bright, he enrolled at university at 14, but dropped out a couple of years later. At 19, he moved to California where, according to a report in the The New York Times, he was part of a hacking group that made $10 million a year, and travelled by Rolls-Royce.

“That Times piece was bullshit,” he says, as we trudge back to the house he’s been sharing in Jersey City. Certainly, he’s not rolling in money anymore. The kitchen is fetid, the rooms are dark and grim and it’s sleeting outside – a tableau of misery. Standing in his bedroom doorway, throwing clothes in his bag, he says quietly that he wants to take a bath. “It’s my last chance before prison.”

Weev with a friend and supporter Clark Stoeckley (in fancy dress) at a party the night before he was sentenced to 41 months' jail, Marhch 2013

But the party’s not happening here. For someone whom Gawker called “a reviled master troll”, Weev is not without friends. Clark Stoeckley, a jovial art professor and prankster – the one with the fake WikiLeaks news truck – has offered up his huge loft downtown, overlooking the Hudson River. It’s big enough for a pool table, a ping-pong table, an indoor garden and well over 100 guests.

As it is, about 40 show up, at its peak, a motley sampling of the internet protest movement – hackers, artists, and other misfits. The booze is flowing and we’re all singing along to Queen’s “Don’t Stop Me Now”.

Then, come midnight, we’re gathered around the piano where a transgender Google engineer called Serene plays some plaintive Chopin. (That’s two transgender people at the party, including Cochrane. One of the paradoxes of the hacker scene is that it’s a tolerant community that happens to throw “faggot” and “nigger” around a lot.)

Weev is having a lovely time. He told me the day before that he wanted to hurry up and get on with his sentence. “I’ll have plenty of time to write in prison,” he said. “My best trolling is yet to come.” He has sought notoriety throughout his career, and here it is – martyrdom, a landmark court case and media attention.

Come the morning, he’s in higher spirits than anyone else outside the courthouse. He gives a manic sermon for the cameras, rambling about the decline of the US and how “we could have laptop batteries that last 100 fucking years but the NRC [National Research Council, a US government body advising on science, engineering and health issues] says no”. And his swagger continues in the courtroom where his supporters fill the gallery and the corridor.

When he attempts to send a tweet, the Marshals roughly haul him away, making his pretty Persian girlfriend Sara burst into tears. Meanwhile, out in the corridor, Cochrane is feeling the pressure. Every time the door opens, she yells out, “Dongs!” until she, too, is escorted out.

Weev’s final statement to the judge is typically unrepentant. He informs her that “the court should be making amends to me for the harm and the violence inflicted on my life.” This is the same judge he’d described to Gawker as “a mean bitch”. So it comes as no surprise when he’s given the maximum possible term. For Weev, this was always about performing to his fans, and then preparing for his appeal.

“Hail Eris!” he yells as they lead him away, saluting the goddess that he told me punishes hubris.

On the face of it, it looks as though the Internet Underground is losing the war against the authorities. The scores of arrests, the heavy sentences, the forced exile of the most pivotal figures like Snowden, Assange and the journalist Glen Greenwald – these cold facts have rattled some of the movement’s supporters.

“We can complain about Jeremy Hammond and Barrett Brown,” Electronic Frontier Foundation attorney Hanni Fakhoury says. “But they’re in jail and Aaron Swartz is dead. The government is winning.”

More From Esquire
Advertisement - Continue Reading Below

But the spirit of internet culture is far from broken. Weev remains as unbowed as ever. Somehow managing to send tweets from prison, he seems as at home there as he said he would be.

In September, he tweeted that “I gave a ‘Jews did WTC’ sermon to my fellow convicts on 9/11.” Later that month, he managed to post a letter on Pastebin, a text-storage site frequented by hackers, again assailing Kathy Sierra.

It opens with, “Firstly, Trayvon [Martin] got what he deserved.” Martin was the unarmed black teen who was shot during an altercation in Florida earlier in 2013, and whose killer walked free, sparking a wave of protests across the US. It’s classic Weev – still mean and racist, still making his supporters uncomfortable.

More From Esquire

Jeremy Hammond is also facing his time without apology. In his final statement to the judge, he made the case for civil disobedience and encouraged his supporters to “stay strong and keep struggling.”

And Anonymous appears to be rising once more from the wreckage of Sabu. Even as arrests continue for previous crimes (13 more indictments came last October, related to the attacks on Visa and MasterCard in 2010) new hacks keep coming to light.

An FBI memo in November revealed Anons had hacked the US Army, Nasa and the Missile Command Agency: only one of the hackers, an English man named Lauri Love, has been arrested.

Gabriella Coleman, who spent years infiltrating Anonymous, maintains the group was only ever just sleeping.

“Even in LulzSec, not every member was caught,” she says. “And the way Anonymous is set up, for sure it will rise again. It’s event-based, it requires skills that thousands of people have, and they can always turn to an idea that’s very powerful. Topiary’s last tweet before his arrest was ‘You cannot arrest an idea’. And I think he was right.”

There’s also the matter of what the authorities have lost in these battles. According to Chris Hedges, the panic shown by what he calls “the corporate state” – the sheer scale of its overkill – has been telling. “It hasn’t lost control, but it has lost a tremendous amount of democratic credibility.

The US is already well on its way to becoming a police state. The espionage act is being used to persecute whistleblowers, so no one in the national security apparatus will talk to journalists anymore. And when your traditional means of investigating centres of power are shut down, that’s when hacktivism comes in. It’s symptomatic of a failed system. And the state is terrified. The systems of power keep all their information electronically, and hackers have the skills to break down the walls. That’s why the state is working overtime to prosecute anybody who has the combination of those skills and a conscience.”

In the long run, the aggressive prosecutions may paradoxically have an upside for hacktivist culture itself – a variation on “that which doesn’t kill you.” The arc of Anonymous is one of maturity.

“At the beginning, Anonymous was about just lashing out at everything,” Peter Ludlow says. “Now, they’ve grown up, politically. They’re starting to understand the real priorities. It’s not about lulz and pranks anymore. And the infighting has stopped. All those who criticised Barrett Brown for representing Anonymous to the media, say, are standing behind him now.

“This is something Assange pointed out when he talked to the CEO of Google. There’s a process called ‘simulated annealing’, whereby you strengthen a metal by putting stress on it. To make a sword, you bang the metal, bend it, bang it some more, and the molecules all line up. The same thing’s happening with hacktivists,” Ludlow says. “They’re more unified, focused and ultimately stronger.”

Assange is famously a pessimist about the internet. He believes that in the end, it will provide an exceptionally effective form of control and monitoring – “the greatest spying machine the world has ever seen”. But the war’s not over yet.

“I’ve been in touch with individuals who were involved in a lot of the big hacks but were never caught,” Coleman says. “And they’re still active. They talk about doing what Edward Snowden did – inserting themselves in situations so that they can access information.”

At the time of going to press, Anonymous released a new video declaring war on the US Government for the collected crimes of the National Security Agency, the death of Aaron Swartz and the imprisonment of Jeremy Hammond.

The old promise may yet hold: Expect them.

***
MORE LONG READS:

What It Would Be Like To Live On Mars
The Wilderness Man
Why Comic Book Geeks Must Be Stopped
***

What do you think?