WEBVTT - Notorious Hackers 0:00:04.480 --> 0:00:12.440 Welcome to Tech Stuff, a production from iHeartRadio. Hey thereon 0:00:12.600 --> 0:00:16.040 Welcome to Tech Stuff. I'm your host, Jonathan Strickland. I'm 0:00:16.040 --> 0:00:19.599 an executive producer with iHeart Podcasts and How the tech 0:00:19.640 --> 0:00:24.720 are You? So I thought I would talk about hackers today, 0:00:25.280 --> 0:00:28.760 and the word hacker these days is almost exclusively used 0:00:28.800 --> 0:00:33.159 to describe people who, through one means or some other means, 0:00:33.240 --> 0:00:36.440 find a way of infiltrating computer systems. But the term 0:00:36.520 --> 0:00:41.440 hacker has a more broad definition. It really describes anyone 0:00:41.440 --> 0:00:45.839 who's interested in taking stuff apart to learn how it works, 0:00:46.440 --> 0:00:50.000 and maybe even putting it back together again so that 0:00:50.240 --> 0:00:53.640 it does something it wasn't intended to do when it 0:00:53.720 --> 0:00:57.480 was built originally. Now that thing might be a computer 0:00:58.000 --> 0:01:01.800 or a mobile device, it might be a system. Hacking 0:01:02.200 --> 0:01:04.400 can mean lots of different stuff. I mean, that's where 0:01:04.400 --> 0:01:07.520 we get things like life hacks, which often end up 0:01:07.520 --> 0:01:10.040 not being hacks at all. There's some life hacks out 0:01:10.080 --> 0:01:13.440 there that I think we're just jokes that then were 0:01:13.520 --> 0:01:17.880 spread sincerely by other people, because y'all, it doesn't make 0:01:17.920 --> 0:01:21.080 any sense to just to take the top of a 0:01:21.080 --> 0:01:23.720 squirt bottle off and invert it to turn it into 0:01:23.760 --> 0:01:26.520 a funnel that that hole at the bottom is way 0:01:26.560 --> 0:01:28.920 too small for that anyway, you know what I mean. 0:01:29.200 --> 0:01:33.280 But sometimes people just want to figure out how something 0:01:33.319 --> 0:01:35.560 works and taking it apart is the best way to 0:01:35.560 --> 0:01:37.160 do it. Or maybe they want to figure out how 0:01:37.200 --> 0:01:40.920 to manipulate whatever it is in order to unlock its 0:01:40.959 --> 0:01:45.319 full potential. Like there are computers out there that have 0:01:45.560 --> 0:01:49.240 certain clock speeds that's essentially how fast the processor is 0:01:49.280 --> 0:01:54.080 able to complete operations per second, and often there are 0:01:54.280 --> 0:01:58.280 limiters placed on the clock speed, and if you figure 0:01:58.320 --> 0:02:00.880 out how to remove those limitters, you can make your 0:02:00.880 --> 0:02:05.480 computer operate a lot faster. This has trade offs. It 0:02:05.760 --> 0:02:09.560 usually means more power consumption and more heat generated and 0:02:09.600 --> 0:02:13.320 potentially can actually damage your machine. But that's one example, right, 0:02:13.360 --> 0:02:17.560 you can unlock the full potential of your computer something 0:02:17.560 --> 0:02:23.200 that was intentionally restricted from operating at full capacity. Or 0:02:23.360 --> 0:02:25.760 maybe you just want to figure out how to use 0:02:25.800 --> 0:02:29.440 a paid service for free. The phone freakers of the 0:02:29.520 --> 0:02:32.440 nineteen seventies fall into that category. These are folks who 0:02:32.440 --> 0:02:35.919 found ways to manipulate the plain old telephone system or pots, 0:02:36.400 --> 0:02:38.520 so that they could do stuff like make free long 0:02:38.560 --> 0:02:41.519 distance phone calls. They did it with all sorts of 0:02:41.520 --> 0:02:46.960 different ways, mostly by producing specific tones into a telephone 0:02:47.000 --> 0:02:49.839 and then being able to make free phone calls. Good 0:02:49.840 --> 0:02:53.040 old capt'n Crunch used to do that using a whistle 0:02:53.280 --> 0:02:56.640 from a capt'n crunch box. But over time, the world 0:02:56.720 --> 0:02:59.000 at large has started to use the word hacker to 0:02:59.080 --> 0:03:02.080 mean someone attempt to gain a legal access to a 0:03:02.160 --> 0:03:05.919 computer system, either in order to snoop around or create 0:03:05.960 --> 0:03:08.880 a means to infiltrate the system whenever they want by 0:03:08.880 --> 0:03:12.760 putting in a back door, or steal information from someone, 0:03:12.960 --> 0:03:15.960 or inject malware into a system, or some combination of 0:03:16.000 --> 0:03:18.840 all of these things. So today I thought we'd chat 0:03:18.880 --> 0:03:23.440 about three notorious hackers. Actually that's not even true. Two 0:03:23.520 --> 0:03:27.880 notorious hackers and one hacker conglomerate. So I decided to 0:03:27.960 --> 0:03:30.600 raid a list that was created by Kasperski Labs. That's 0:03:30.639 --> 0:03:33.720 a Russian computer security company that's had a pretty rough 0:03:33.760 --> 0:03:36.440 go of it as of late due to being based 0:03:36.480 --> 0:03:39.520 in Russia. Here in the United States, essentially they've been 0:03:39.880 --> 0:03:44.200 banned from being used in various agencies and companies. But 0:03:44.480 --> 0:03:49.080 Kaspersky has a very long history with cybersecurity, and I'm 0:03:49.120 --> 0:03:53.760 going to start with number two on the Kaspersky list, 0:03:53.960 --> 0:03:56.440 because it's not so much as a person as it 0:03:56.480 --> 0:03:59.560 is a collective. This is that conglomeration I was talking 0:03:59.600 --> 0:04:03.160 about now. It is not unusual for hackers to form 0:04:03.440 --> 0:04:07.280 loose collectives. That happens a lot. Some hackers might belong 0:04:07.360 --> 0:04:12.040 to more than one collective, and they might share resources 0:04:12.080 --> 0:04:17.039 and motivations and goals. But one very very loose group, 0:04:17.480 --> 0:04:20.240 and it's not just hackers, but hackers make up a 0:04:20.279 --> 0:04:22.960 good number of them. It's a group that's caused headaches 0:04:23.000 --> 0:04:27.400 for numerous targets for more than twenty years. Now. Is Anonymous, 0:04:27.800 --> 0:04:31.840 as in that's what they're called big A Anonymous. I'm 0:04:31.880 --> 0:04:35.360 not sure if the association is as strong as it 0:04:35.640 --> 0:04:39.920 once was, like in the two thousand teens. But when 0:04:39.960 --> 0:04:42.200 I think of Anonymous, the image that always comes to 0:04:42.240 --> 0:04:46.520 my mind is a Guy Fawkes mask. That's really kind 0:04:46.560 --> 0:04:48.880 of emerged in around two thousand and eight. Really, several 0:04:48.920 --> 0:04:53.320 folks claiming to represent Anonymous have worn such masks, particularly 0:04:53.360 --> 0:04:55.360 in the early days, like that became kind of a 0:04:55.400 --> 0:04:58.599 symbol for the group. I don't know that it's as 0:04:58.800 --> 0:05:02.320 strongly associated with them these days, honestly, but they grew 0:05:02.520 --> 0:05:07.000 out of the online image based forum four Chan, which 0:05:07.560 --> 0:05:12.040 has spawned many things terrible and otherwise over the years, 0:05:12.200 --> 0:05:15.520 mostly terrible. If I'm being honest, A lot of terrible 0:05:15.520 --> 0:05:18.400 stuff came out of four Chan. The origins of anonymous 0:05:18.440 --> 0:05:22.039 were humble and juvenile. Some folks on four Chan would 0:05:22.120 --> 0:05:25.640 meet in various virtual spaces in order to coordinate efforts 0:05:25.760 --> 0:05:30.520 to torment various online communities through the age old practice 0:05:30.560 --> 0:05:35.200 of trolling. So they were essentially just creating conflict online 0:05:35.440 --> 0:05:37.800 for the lulls, and that was it, Like, that was 0:05:37.839 --> 0:05:42.400 their goal, get some amusement by making other people really mad, 0:05:42.880 --> 0:05:46.120 and they often like to aim at online communities that 0:05:46.160 --> 0:05:49.279 were catering to kids. You know, some folks just like 0:05:49.320 --> 0:05:53.000 to watch the world burn. Honestly, making people mad is 0:05:53.040 --> 0:05:56.760 not hard to do, right, It's a pretty easy thing. 0:05:56.880 --> 0:06:00.000 I guess the thrill was having, you know, this big 0:06:00.200 --> 0:06:04.080 impact on someone's mentality, and that that was the thrill. 0:06:04.560 --> 0:06:06.240 But I would argue you should just raise the bar 0:06:06.320 --> 0:06:09.479 a little bit, like, yeah, you can make people angry, 0:06:09.520 --> 0:06:11.680 but that's not very hard to do for most folks, 0:06:11.920 --> 0:06:15.200 So why not set yourself a really challenging goal, like 0:06:15.279 --> 0:06:19.000 make people happy. That's a lot harder to do. Anyway, 0:06:19.279 --> 0:06:22.320 from about two thousand and three to two thousand and seven, 0:06:22.400 --> 0:06:24.880 Anonymous wasn't really much more than just a bunch of 0:06:24.920 --> 0:06:29.360 folks trying to get their kicks by ticking off other people. However, 0:06:29.800 --> 0:06:33.760 starting in two thousand and seven, the group began to evolve, 0:06:34.080 --> 0:06:38.480 partly due to a misapprehension the media had about the 0:06:38.680 --> 0:06:43.679 very loose association of trolls. So media reports were starting 0:06:43.720 --> 0:06:46.919 to suggest that Anonymous was far more organized than what 0:06:47.000 --> 0:06:51.080 it was, and far more motivated, and most importantly, way 0:06:51.080 --> 0:06:56.680 more capable of causing harm than the group actually was. 0:06:57.120 --> 0:07:00.720 This included footage that would have like stock images of 0:07:00.920 --> 0:07:04.920 cars exploding and stuff, implying that Anonymous was capable of 0:07:05.160 --> 0:07:08.960 real world violence. And this is kind of like if 0:07:09.640 --> 0:07:12.480 a reporter saw a bunch of kids playing cops and 0:07:12.560 --> 0:07:16.840 robbers and then did a feature about how this dangerous 0:07:16.960 --> 0:07:20.000 gang was taking over the city. It was a lot 0:07:20.000 --> 0:07:23.720 of exaggeration. The pranksters at Anonymous found this to be 0:07:23.840 --> 0:07:27.520 pretty darn amusing, and also it was stroking their egos right, Like, 0:07:27.800 --> 0:07:32.000 if you are mostly a low level troublemaker, but you're 0:07:32.040 --> 0:07:35.440 being portrayed as like some sort of mastermind, that's really 0:07:35.480 --> 0:07:39.040 gonna stroke your ego. In another case, the Canadian Security 0:07:39.080 --> 0:07:42.200 Intelligence Service reached out to one member of the group, 0:07:42.240 --> 0:07:45.240 a guy named Aubrey Cottle, and they thought Coddle could 0:07:45.240 --> 0:07:50.880 help disrupt online terrorist organizations, essentially infiltrate and then disrupt 0:07:51.160 --> 0:07:54.640 these terrorist cells online. And Cottle was like, I don't 0:07:54.640 --> 0:07:57.000 know where they got the idea that I could do this. 0:07:57.400 --> 0:08:02.360 I mean, I'm just stirring up, you know, mess. We'll 0:08:02.360 --> 0:08:05.160 say this is a family friendly show, after all, will 0:08:05.160 --> 0:08:08.680 stir stuff up online. I'm not really here to break 0:08:08.760 --> 0:08:12.040 up terrorist cells. But having folks think you're a much 0:08:12.080 --> 0:08:14.560 bigger deal than you are can be kind of fun. 0:08:14.840 --> 0:08:17.880 And it got some folks thinking about actually using their 0:08:17.960 --> 0:08:21.200 perceived power to do something more than just riling folks 0:08:21.280 --> 0:08:23.600 up on the Internet, so it kind of became a 0:08:23.640 --> 0:08:29.720 bit of a self fulfilling prophecy. This grew into Project Chenology, 0:08:30.280 --> 0:08:34.360 in which the group targeted the Church of Scientology. So 0:08:34.800 --> 0:08:38.160 Church of Scientology, that's a whole topic that is beyond 0:08:38.280 --> 0:08:41.800 the scope of tech stuff, but has a long history 0:08:42.000 --> 0:08:47.920 of some really manipulative and oppressive policies that pull people 0:08:47.960 --> 0:08:52.800 into the church, keep them there, and exploit them extensively. 0:08:53.400 --> 0:08:56.760 So this is the time when the Guy Fawkes masks 0:08:56.880 --> 0:08:59.679 started showing up. If you don't know who Guy Fawkes was, 0:09:00.400 --> 0:09:05.960 he was one of several terrorists really in the seventeenth 0:09:05.960 --> 0:09:10.880 century who planned to blow up Parliament and potentially assassinate 0:09:11.000 --> 0:09:15.680 the King of England. But their plot was uncovered and 0:09:16.200 --> 0:09:20.280 the members of the plot were put to death, including 0:09:20.520 --> 0:09:23.040 Guy Fawx himself, who was not the leader of the group, 0:09:23.120 --> 0:09:26.160 but was a member of it and has largely been 0:09:26.200 --> 0:09:30.839 associated with that and then was appropriated by Alan Moore 0:09:31.000 --> 0:09:34.400 in his v for Vendetta graphic novel, and so he's 0:09:34.400 --> 0:09:38.880 sort of become a symbol of anti authoritarian practices, like 0:09:38.960 --> 0:09:43.000 it's like a vigilante sort of thing. So members would 0:09:43.000 --> 0:09:46.040 be wearing Guy Fawkes masks and show up in videos 0:09:46.280 --> 0:09:48.640 and speak out against the church. Usually they would have 0:09:48.679 --> 0:09:52.040 their voice distorted in the video as well. Members also 0:09:52.080 --> 0:09:54.640 got access to web pages that belonged to the Church 0:09:54.640 --> 0:09:59.080 of Scientology. They were able to get administrator access to 0:09:59.120 --> 0:10:02.360 these pages and then defaced the web pages. They also 0:10:02.480 --> 0:10:05.840 launched d DOS attacks on the organization, and they organized 0:10:05.920 --> 0:10:10.760 in person protests outside of Scientology properties. Now in case 0:10:10.760 --> 0:10:13.720 you're not familiar with the term d DOS, that stands 0:10:13.720 --> 0:10:17.640 for distributed denial of service. Now, essentially a d DOS 0:10:17.679 --> 0:10:21.559 attack is all about overwhelming a target. So typically we're 0:10:21.559 --> 0:10:25.240 talking about a web server, so machines are programmed to 0:10:25.360 --> 0:10:29.400 follow specific routines. The way web servers work is that 0:10:29.720 --> 0:10:33.720 they receive requests from clients. A client is just someone 0:10:33.720 --> 0:10:37.960 else's computer tech technically computer browser, and the server responds 0:10:38.000 --> 0:10:40.960 by sending data to the client. So, if you want 0:10:40.960 --> 0:10:43.400 to visit a web page and you type the URL 0:10:43.400 --> 0:10:46.160 in your browser bar, your browser, which is the client 0:10:46.200 --> 0:10:49.040 in this case, sends a request out over the internet. 0:10:49.040 --> 0:10:52.720 This request eventually routes to the appropriate web server, which 0:10:52.760 --> 0:10:55.800 then responds to the request and sends back a web 0:10:55.840 --> 0:10:58.040 page so that you can view it in your browser. Well, 0:10:58.040 --> 0:10:59.880 in order for this to work, the server can't just 0:11:00.120 --> 0:11:03.720 ignore incoming requests. You know. Imagine you're on your browser 0:11:03.800 --> 0:11:06.080 but you type in a URL for a web page 0:11:06.120 --> 0:11:08.960 and nothing happens, or maybe you get an error message 0:11:09.000 --> 0:11:12.440 because the server has decided to deny your request for 0:11:12.520 --> 0:11:15.520 whatever reason. In most cases, the server is more or 0:11:15.600 --> 0:11:19.800 less compelled to answer every single request. Well, you can 0:11:19.840 --> 0:11:22.640 flip that and turn it into an attack because if 0:11:22.679 --> 0:11:26.040 you send countless waves or requests to a web server, 0:11:26.520 --> 0:11:29.400 then you can overwhelm that web server so it can't 0:11:29.400 --> 0:11:32.600 do anything useful. Like other people who are just legitimately 0:11:32.640 --> 0:11:35.600 trying to access the server get timed out or denied 0:11:35.880 --> 0:11:40.319 because it's too busy responding to all these ridiculous requests 0:11:40.360 --> 0:11:43.600 that are flooding in. That's a denial of service attack. Now, 0:11:43.760 --> 0:11:48.160 what makes a distributed denial service attack is when hackers 0:11:48.679 --> 0:11:53.120 compromise other machines. Some hackers might compromise machines in order 0:11:53.120 --> 0:11:56.000 to access data on the affected devices, but others are 0:11:56.000 --> 0:11:58.240 just happy to siphon away a little bit of computing 0:11:58.280 --> 0:12:02.679 power and some connectivity, and they turned these affected computers 0:12:02.720 --> 0:12:06.000 into bots. And then you get an army of these bots, 0:12:06.040 --> 0:12:09.400 and you direct the army to send countless messages to 0:12:09.760 --> 0:12:14.079 your target web server, and the hacker meanwhile remains shielded 0:12:14.160 --> 0:12:16.760 because they're not the ones sending the messages to the 0:12:16.800 --> 0:12:19.640 target server. Their army of bots is doing it. That 0:12:19.880 --> 0:12:23.040 is a distributed denial of service attack. So Anonymous made 0:12:23.240 --> 0:12:26.560 liberal use of that tactic, particularly in the early days, 0:12:26.559 --> 0:12:29.400 but then throughout its history they've held de dos attacks 0:12:29.440 --> 0:12:33.000 against different targets, and from that point forward, Anonymous became 0:12:33.040 --> 0:12:37.120 more associated with hactivism than with trolling, though a lot 0:12:37.120 --> 0:12:40.720 of the activist activity borrowed liberally from the trolling days, 0:12:40.760 --> 0:12:43.000 and once in a while they would just engage in 0:12:43.000 --> 0:12:46.200 trolling as well. The group has targeted numerous individuals and 0:12:46.360 --> 0:12:51.080 organizations for lots of different reasons. Generally speaking, Anonymous tends 0:12:51.120 --> 0:12:56.120 to follow a slightly leftist approach with very strong libertarian principles. Now, 0:12:56.160 --> 0:12:59.800 not all of their targets have been large organized bastions 0:12:59.840 --> 0:13:04.840 of authoritarianism. For example, McKay hatch wasn't exactly an institution. 0:13:05.000 --> 0:13:07.080 McKay hatch was a kid who was running a website 0:13:07.120 --> 0:13:10.679 called The No Cussing Club, and members of Anonymous doxed 0:13:10.720 --> 0:13:13.320 him and launched a campaign of harassment. So I guess 0:13:13.320 --> 0:13:16.600 their love of cussing was just too damn strong. But 0:13:16.760 --> 0:13:21.640 other targets were definitely more high profile. Anonymous was generally 0:13:21.679 --> 0:13:24.400 speaking on the side of wiki leaks and carried out 0:13:24.440 --> 0:13:27.680 a few attacks on various government servers around the world 0:13:27.800 --> 0:13:31.880 in protest of the persecution of people like whistleblower Chelsea Manning, 0:13:31.960 --> 0:13:35.720 for example. Many members of Anonymous have supported social causes 0:13:35.840 --> 0:13:39.240 like Occupy Wall Street and Black Lives Matter movement, but 0:13:39.320 --> 0:13:43.280 the group is not formally organized, and generally anyone can 0:13:43.320 --> 0:13:46.040 take action in the name of Anonymous, but the rest 0:13:46.040 --> 0:13:49.240 of the group might distance themselves from those kinds of people. 0:13:49.440 --> 0:13:52.120 For example, in the early days of anonymous activism, a 0:13:52.160 --> 0:13:55.760 group claiming to be anonymous got access to the web 0:13:55.800 --> 0:14:01.319 page for the SOHH or Support Online Hip Hop news website. 0:14:01.400 --> 0:14:04.440 The hackers deface the website, and they included the use 0:14:04.480 --> 0:14:07.680 of stuff like racial slurs and stereotypes, which is pretty 0:14:07.760 --> 0:14:11.400 darn tacky. The attackers claim to be anonymous, though the 0:14:11.440 --> 0:14:13.480 group as a whole, as far as I can tell, 0:14:13.559 --> 0:14:16.920 made no such claim. And in other cases you might 0:14:17.000 --> 0:14:21.040 have a member who convinces a subset of Anonymous the 0:14:21.120 --> 0:14:24.480 anonymous community to work together towards some goal, and they 0:14:24.480 --> 0:14:27.360 can create a little splinter group or spinoff group. It's 0:14:27.440 --> 0:14:31.440 very loosey goosey. The hacking skills and anonymous also run 0:14:31.480 --> 0:14:35.680 the spectrum. There are undoubtedly some accomplished hackers among the group, 0:14:36.040 --> 0:14:38.920 while others fall more into the realm of script kitties. 0:14:38.960 --> 0:14:41.400 These are folks who have downloaded tools that do most 0:14:41.440 --> 0:14:44.120 of the work for them. But because membership is fluid 0:14:44.360 --> 0:14:48.520 and you know Anonymous, I can't really give more specifics 0:14:48.560 --> 0:14:51.760 than that. I can talk a bit more about Anonymous 0:14:51.760 --> 0:14:54.080 before we move on to our next hacker. But before 0:14:54.120 --> 0:14:56.400 we do that, let's take a quick break to thank 0:14:56.440 --> 0:15:07.920 our sponsors. So we're back. I've got a little bit 0:15:07.920 --> 0:15:10.360 more to say about Anonymous before we move on. Some 0:15:10.520 --> 0:15:13.880 high profile operations that are at least suspected to be 0:15:13.920 --> 0:15:16.880 the work of Anonymous, because again, the loose organization of 0:15:16.920 --> 0:15:19.680 the group means that some operations could be the work 0:15:19.760 --> 0:15:22.680 of a subset or a splinter group of the overall 0:15:22.720 --> 0:15:26.240 group and not reflective of the group as a whole. 0:15:26.400 --> 0:15:30.520 Because of its loose association, it's really hard to attribute 0:15:30.560 --> 0:15:33.880 anything to the overall group, Like even something that might 0:15:33.960 --> 0:15:36.960 have the support of most members of Anonymous might not 0:15:37.120 --> 0:15:41.880 have total support. So the nature of Anonymous itself makes 0:15:41.920 --> 0:15:48.040 it difficult to use any definitive phrases. But Operation Darknet 0:15:48.600 --> 0:15:52.640 was one that Anonymous engaged in. Anonymous went after sites 0:15:52.640 --> 0:15:56.280 that hosted child pornography. They infiltrated some of those sites. 0:15:56.320 --> 0:16:01.400 They skimmed user information and published user information online, essentially 0:16:01.440 --> 0:16:05.280 revealing people who were frequently going to these child pornography sites, 0:16:05.320 --> 0:16:07.840 and they called for law enforcement to take action against 0:16:07.880 --> 0:16:10.880 the pornographers. So that was one of those cases where 0:16:10.920 --> 0:16:15.000 Anonymous said it was taking up action to defend the 0:16:15.080 --> 0:16:19.600 defenseless and to call for justice against people who were 0:16:19.840 --> 0:16:25.600 committing really terrible acts against vulnerable folks, in this case children. 0:16:25.960 --> 0:16:30.600 In twenty twelve, Operation Russia targeted several high profile Russian 0:16:30.600 --> 0:16:33.640 officials and exposed a scheme in which these officials were 0:16:33.640 --> 0:16:37.400 apparently paying bloggers to promote pro Kremlin and more to 0:16:37.440 --> 0:16:43.120 the point, pro putin propaganda. Operation Bahrain was actually not 0:16:43.280 --> 0:16:48.200 targeting Bahrain directly, but Formula one. So why do that? Well, 0:16:48.280 --> 0:16:51.480 at the time, the Arab Spring was in full bloom. 0:16:51.640 --> 0:16:56.240 That was a series of protests and movements throughout the 0:16:56.280 --> 0:17:00.000 Arab world in which citizens were protesting against various authorities, 0:17:00.440 --> 0:17:05.199 government officials and regimes and agencies, and Formula one was 0:17:05.240 --> 0:17:09.440 preparing for the twenty twelve Bahrain Grand Prix in cooperation 0:17:09.640 --> 0:17:13.000 with the government, and Anonymous was siting with the anti 0:17:13.040 --> 0:17:17.560 government protesters and viewed Formula one as participating in sportswashing, 0:17:17.760 --> 0:17:21.600 that is, using a sporting event to spread government propaganda. 0:17:22.040 --> 0:17:25.600 During the operation, Anonymous carried out DIDOS attacks against Formula 0:17:25.640 --> 0:17:29.280 one and leaked information gathered during a data breach on 0:17:29.359 --> 0:17:33.399 Formula one systems. In more recent years, Anonymous members have 0:17:33.480 --> 0:17:38.320 participated in operations against Israel in protests for that country's 0:17:38.320 --> 0:17:42.879 ongoing conflict with Palestinians, as well as an operation targeting 0:17:42.960 --> 0:17:46.960 Russia for its ongoing war against Ukraine. And it's been 0:17:47.000 --> 0:17:50.640 more than twenty years since a group of Internet trolls 0:17:50.760 --> 0:17:54.120 started just causing grief online, and the group is still 0:17:54.160 --> 0:17:58.080 active today, possibly because it is so hard to define. 0:17:58.160 --> 0:18:00.560 I don't know that you could call it the same group. 0:18:00.640 --> 0:18:03.000 In fact, I don't know how many people who were 0:18:03.080 --> 0:18:06.320 part of Anonymous in the earliest days are still active 0:18:06.320 --> 0:18:09.520 in the community today. I do think if we're going 0:18:09.600 --> 0:18:12.800 to talk about Anonymous, one place to start is just 0:18:12.880 --> 0:18:17.960 the group's own slogan. We are Anonymous, we are legion. 0:18:18.520 --> 0:18:24.880 We do not forgive, we do not forget, expect us. Okay, 0:18:25.040 --> 0:18:29.560 with that cheerful message, let's swap on over to a 0:18:29.600 --> 0:18:33.480 different hacker, someone who was very much identified, someone who 0:18:33.520 --> 0:18:37.320 was responsible both for committing several high profile, high impact 0:18:37.480 --> 0:18:40.520 acts of theft and wirefraud as well as a guy 0:18:40.640 --> 0:18:45.320 who helped take down other hackers. His name is Albert Gonzalez, 0:18:45.520 --> 0:18:49.000 and he sometimes went by handles that included soup Nazi 0:18:49.480 --> 0:18:54.000 as a Seinfeld reference or Kumba Johnny So. Gonzalez was 0:18:54.000 --> 0:18:57.040 born in nineteen eighty one in Cuba and brought up 0:18:57.080 --> 0:18:59.719 in the United States, and he was interested in computers 0:19:00.000 --> 0:19:03.160 at a young age. According to a piece written by 0:19:03.280 --> 0:19:06.240 James Verini in The New York Times magazine back in 0:19:06.400 --> 0:19:11.080 twenty ten, an early hint that the young Albert Gonzalez 0:19:11.240 --> 0:19:13.760 was a potential thorn in the side of the law 0:19:14.040 --> 0:19:16.840 came in the nineteen nineties when it was discovered that 0:19:16.920 --> 0:19:20.320 he had penetrated NASA's computer systems when he was just 0:19:20.600 --> 0:19:24.440 fourteen years old. The FBI paid him a little visit 0:19:24.480 --> 0:19:28.560 at school about that. Apparently he had developed a rather 0:19:28.800 --> 0:19:33.040 distinct disdain for authority, and meanwhile, he and some friends 0:19:33.040 --> 0:19:37.680 were fascinated with learning how various systems worked. Now he 0:19:37.760 --> 0:19:42.119 was more interested in systems than in programming. He liked 0:19:42.200 --> 0:19:46.320 learning how networks worked, and not just computer networks, but 0:19:46.400 --> 0:19:50.359 like networks of people. He would probe at these different systems, 0:19:50.480 --> 0:19:52.520 and often it didn't take very long for him to 0:19:52.560 --> 0:19:56.080 find a vulnerability. So back in the early days of 0:19:56.119 --> 0:19:59.679 the Internet, security protocols were very much a work in 0:19:59.760 --> 0:20:02.879 pro and not everyone was on the same page. A 0:20:02.960 --> 0:20:08.199 lot of people and companies had incredibly lacks security practices, 0:20:08.560 --> 0:20:11.200 and you could think of that as just being a 0:20:12.560 --> 0:20:16.240 common feature in the Internet, kind of like how the 0:20:16.240 --> 0:20:19.359 web pages at that time almost all had the obligatory 0:20:19.520 --> 0:20:24.280 under construction graphic posted somewhere on their web page. Now, Gonzales, 0:20:24.320 --> 0:20:27.480 like I said, he wasn't really a coder a programmer. 0:20:27.560 --> 0:20:32.240 He would rely on other hackers for building code instead. 0:20:32.480 --> 0:20:35.920 He was just really good at understanding how systems worked 0:20:35.920 --> 0:20:39.320 and then navigating through those systems and finding the valuable 0:20:39.359 --> 0:20:43.880 information stored within them. He was also really adept at 0:20:43.920 --> 0:20:47.200 social engineering. He was great at manipulating people to get 0:20:47.240 --> 0:20:50.400 what he needed, whether that was a login password or 0:20:50.560 --> 0:20:54.199 information about Wi Fi networks or whatever. He also was 0:20:54.280 --> 0:20:59.080 reportedly a pretty serious drug user. Typically he relied on 0:20:59.160 --> 0:21:02.960 stimulants like cocaine when he was pulling long hours while 0:21:02.960 --> 0:21:07.560 infiltrating systems, and that would become a pretty big issue 0:21:07.560 --> 0:21:11.200 for him. Among his go to activities would be sniffing 0:21:11.200 --> 0:21:15.360 out credit card numbers either by finding a database belonging 0:21:15.440 --> 0:21:18.560 to say, a business like a retailer, and then just 0:21:18.640 --> 0:21:21.359 siphoning off numbers that were stored in there, because not 0:21:21.480 --> 0:21:24.840 everyone stored their numbers and encrypted formats, which meant if 0:21:24.920 --> 0:21:27.480 you had access to the database, you had access to numbers. 0:21:27.720 --> 0:21:30.199 He also made friends with other hackers who specialized in 0:21:30.240 --> 0:21:34.720 building programs specifically to skim credit card numbers, one of 0:21:34.760 --> 0:21:38.400 those being Stephen Watt, who was sometimes known by handles 0:21:38.480 --> 0:21:42.920 like Jim Jones or sometimes the Unix Terrorist. And as 0:21:42.960 --> 0:21:46.040 a young adult, Gonzales joined a group of like minded 0:21:46.080 --> 0:21:50.960 hackers that would call themselves the Shadow Crew, and it 0:21:51.000 --> 0:21:53.480 was kind of like a forum for hackers, but not 0:21:53.720 --> 0:21:56.320 just that, it was also a trading place. At Shadow Crew, 0:21:56.359 --> 0:22:00.280 people could buy and sell information like stolen credit card 0:22:00.359 --> 0:22:04.680 or debit card numbers, and they also could find tutorials 0:22:04.720 --> 0:22:07.960 about how to carry out various criminal activities and how 0:22:07.960 --> 0:22:11.719 to do things like how to get blank cards and 0:22:11.760 --> 0:22:16.239 then emboss them and print magnetic strips on them and 0:22:16.320 --> 0:22:21.080 imprint the stolen card information you had onto card blanks 0:22:21.359 --> 0:22:24.239 so that you could then take those cards to like 0:22:24.320 --> 0:22:28.280 an ATM and potentially withdraw tons of cash in the process. 0:22:28.600 --> 0:22:31.760 In fact, that's actually what Gonzales was doing when he 0:22:31.880 --> 0:22:35.280 first got caught. Shadow crew had built up an enormous 0:22:35.400 --> 0:22:38.879 database of stolen card numbers, and Gonzales had made a 0:22:38.920 --> 0:22:41.440 bunch of fake cards, and he set out to hit 0:22:41.480 --> 0:22:45.520 some ATMs in North Manhattan in New York City. By chance, 0:22:45.960 --> 0:22:50.640 there was this plain clothes NYPD detective who just spotted 0:22:50.680 --> 0:22:55.440 Gonzales and thought Gonzales looked an awful lot shady. Gonzalez 0:22:55.560 --> 0:22:58.400 was wearing a woman's wig at the time and a 0:22:58.520 --> 0:23:01.800 fake nose ring, and the detective was actually on the 0:23:01.800 --> 0:23:04.560 lookout for a totally different kind of criminal because there 0:23:04.560 --> 0:23:06.960 had been some car thieves who had been hitting some 0:23:07.000 --> 0:23:11.480 neighborhoods in Upper Manhattan, and so this detective started following 0:23:11.520 --> 0:23:14.159 Gonzalez thinking that maybe he found one of the people 0:23:14.440 --> 0:23:17.040 who had been boosting cars in the area. But it 0:23:17.080 --> 0:23:21.760 wasn't cars that Gonzalez had boosted. It was card numbers, 0:23:21.880 --> 0:23:25.960 not cars. So the detective follows Gonzalez, sees Gonzalez go 0:23:26.040 --> 0:23:29.200 up to an ATM notices that Gonzalez is very likely 0:23:29.240 --> 0:23:31.760 in disguise, like he's wearing like a hoodie and everything, 0:23:31.800 --> 0:23:33.760 but also, like I said, a wig and a nose ring, 0:23:34.160 --> 0:23:38.320 and Gonzalez starts using cards to access an ATM and 0:23:38.359 --> 0:23:41.080 withdraw cash, and then just switch to a different card 0:23:41.160 --> 0:23:45.240 and withdraw more cash. So the detective figured that Gonzalez 0:23:45.320 --> 0:23:48.959 wasn't stealing automobiles, but he was definitely doing something that 0:23:49.000 --> 0:23:53.840 was questionable. And so Gonzales got picked up by the police, 0:23:54.200 --> 0:23:56.960 not because the cybersecurity team figured out who he was, 0:23:57.080 --> 0:23:59.320 but because someone in the real world spotted him and 0:23:59.359 --> 0:24:04.160 suspected that something was pinky. So Gonzalez ended up turning 0:24:04.320 --> 0:24:08.200 informant on the Shadow Crew. This was largely to protect 0:24:08.280 --> 0:24:10.600 himself so he wouldn't have to go to prison, and 0:24:10.880 --> 0:24:15.400 he thought, well, I can end up helping the law 0:24:15.440 --> 0:24:20.320 enforcement identify and catch other hackers. Now, Gonzales didn't necessarily 0:24:20.359 --> 0:24:22.560 know who everyone was in Shadow Crew. In fact, he 0:24:22.600 --> 0:24:24.600 didn't know who most of them were. The whole point 0:24:24.920 --> 0:24:28.400 of the hacker culture was to create these personas that 0:24:28.800 --> 0:24:31.520 while you know it was connected to you, you couldn't 0:24:31.600 --> 0:24:35.560 trace it back to a person easily. However, Gonzales had 0:24:35.560 --> 0:24:37.840 built up a lot of trust in the community, so 0:24:38.480 --> 0:24:42.200 he ended up helping the Secret Service identify various high 0:24:42.280 --> 0:24:45.000 level members of Shadow crew. But even while he was 0:24:45.080 --> 0:24:49.680 working with the authorities to put away his fellow hackers, 0:24:50.040 --> 0:24:53.439 he also kept up his own criminal activities. In fact, 0:24:53.960 --> 0:24:58.560 he really stepped it up. He targeted large retail organizations 0:24:58.960 --> 0:25:01.359