eggshellanon
© ArsTechnica
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code.

In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project.

"They think I have nothing but a hierarchy based on IRC [Internet Relay Chat] aliases!" he wrote. "As 1337 as these guys are supp0sed to be they don't get it. I have pwned them! :)"

But had he?

aaronbarr
© ArsTechnicaAaron Barr
"We are kind of pissed at him right now"

Barr's "pwning" meant finding out the names and addresses of the top Anonymous leadership. While the group claimed to be headless, Barr believed this to be a lie; indeed, he told others that Anonymous was a tiny group.
"At any given time there are probably no more than 20-40 people active, accept during heightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls," he wrote in an internal e-mail. (All e-mails in this investigative report are provided verbatim, typos and all.) "Most of the people in the IRC channel are zombies to inflate the numbers."
The show was run by a couple of admins he identified as "Q," "Owen," and "CommanderX" - and Barr had used social media data and subterfuge to map those names to three real people, two in California and one in New York.

Near the end of January, Barr began publicizing his information, though without divulging the names of the Anonymous admins. When the Financial Times picked up the story and ran a piece on it on February 4, it wasn't long before Barr got what he wanted - contacts from the FBI, the Director of National Intelligence, and the US military. The FBI had been after Anonymous for some time, recently kicking in doors while executing 40 search warrants against group members.

Confident in his abilities, Barr told one of the programmers who helped him on the project, "You just need to program as good as I analyze."

But on February 5, one day after the Financial Times article and six days before Barr's sit-down with the FBI, Anonymous did some "pwning" of its own. "Ddos!!! Fckers," Barr sent from his iPhone as a distributed denial of service attack hit his corporate network. He then pledged to "take the gloves off."

When the liberal blog Daily Kos ran a story on Barr's work later that day, some Anonymous users commented on it. Barr sent out an e-mail to colleagues, and he was getting worked up: "They think all I know is their irc names!!!!! I know their real fing names. Karen [HBGary Federal's public relations head] I need u to help moderate me because I am getting angry. I am planning on releasing a few names of folks that were already arrested. This battle between us will help spur publicity anyway."

Indeed, publicity was the plan. Barr hoped his research would "start a verbal brawl between us and keep it going because that will bring more media and more attention to a very important topic."

But within a day, Anonymous had managed to infiltrate HBGary Federal's website and take it down, replacing it with a pro-Anonymous message ("now the Anonymous hand is bitch-slapping you in the face.") Anonymous got into HBGary Federal's e-mail server, for which Barr was the admin, and compromised it, extracting over 40,000 e-mails and putting them up on The Pirate Bay, all after watching his communications for 30 hours, undetected. In an after-action IRC chat, Anonymous members bragged about how they had gone even further, deleting 1TB of HBGary backup data.

They even claimed to have wiped Barr's iPad remotely.

The situation got so bad for the security company that HBGary, the company which partially owns HBGary Federal, sent its president Penny Leavy into the Anonymous IRC chat rooms to swim with the sharks - and to beg them to leave her company alone. (Read the bizarre chat log.) Instead, Anonymous suggested that, to avoid more problems, Leavy should fire Barr and "take your investment in aaron's company and donate it to BRADLEY MANNINGS DEFENCE FUND." Barr should cough off up a personal contribution, too; say, one month's salary?

As for Barr's "pwning," Leavy couldn't backtrack from it fast enough. "We have not seen the list [of Anonymous admins] and we are kind of pissed at him right now."

Were Barr's vaunted names even correct? Anonymous insisted repeatedly that they were not. As one admin put it in the IRC chat with Leavy, "Did you also know that aaron was peddling fake/wrong/false information leading to the potential arrest of innocent people?" The group then made that information public, claiming that it was all ridiculous.

Thanks to the leaked e-mails, we now have the full story of how Barr infiltrated Anonymous, used social media to compile his lists, and even resorted to attacks on the codebase of the Low Orbit Ion Cannon used in attacks - and how others at his own company warned him about the pitfalls of his own research.