Arquivo da tag: Hackers

Conversation with Gabriella Coleman about her latest book “Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous” (Fruzsina Eördögh)

 Author: 

shelfie hibbard for twitter

Here is the unedited 30 minute conversation/interview with Coleman, three times the length as the one published on CSM’s Passcode

FE: I finally finished your book last night…. at 3 in the morning….  it’s a pretty long book… while I was reading it, it hit me that this book is really about everything that has to do with the modern Internet, so in that way it makes sense why it is so long… you have to provide context for all these different and new concepts that no one has really written about.

GC: that’s something that’s been interesting to see the reviews, a lot of them have been repetitive. It is about Anonymous, but it is about so much more….

FE: Like modern activism…

GC: yeah, and what it means for hackers… they’ve really coalesced into a major political force just in the last five or six years.

FE: I’m glad you brought the political activism angle, do you think there will ever be an Anonymous political party?

GC: I don’t think so, they’re going to continue in their guerrilla war fashion, but we will see more hackers in government, for sure. Anonymous has to be independent… there’s no way that they can overtly work with government…

FE: So, onto prepared questions… what does the media still get wrong about Anonymous?

GC: I am currently writing this article for this anthropology book about relationships with journalists, and how I came to see journalism differently over time, just as the same way Anonymous is not unanimous, the same can be said for journalism. There are much more local journalists, and some are fucked up, there are structural constraints, and it is the same for Anonymous.

GC:  But basically, I do think a lot of journalists get it, and initially there was three things that were really difficult.

First, so many people just wanted to say that they were all hackers and I think over time a great majority realized that sure hacking is very important, but what makes Anonymous interesting is precisely the fact that general geeks can join.

GC:  The second has to do with the leader issue and for that first year [of research], in 2011, so many people, even journalists that I respect, were still wanting to boil down leadership to sabu or topiary. While it is absolutely the case that the hacker groups command more power, for example, topiary and sabu were two of those charismatic public figures so they became really important brokers between the world of Anonymous and the public, these are not leaders… the chat logs show how organic everything arises.

GC: And that’s really tough to understand [for outsiders], and still continues a little bit, except for those people who have actually bothered to find out about Anonymous. Here’s a great story: a senior investigative reporter producer for one of the top networks contacted me soon after operation ISIS started, and they were like, well, you know, “can you get us in touch with the Julian Assange type figure in Anonymous?”  and I was like “oh my god, did you just not read a single article? Because had you read a single article” the journalism has gotten so good, I think, that he wouldn’t have asked such a stupid question.

FE: it’s an easier narrative to sell, it’s easier to understand, for them to do their job.

GC: it is, for sure,

FE: but on the other hand that’s a bit of laziness, because the simplest explanation is not always the correct explanation

GC: that’s right, and everyone else has accommodated, including much of mainstream journalism…

And one final bit, while looking over my notes from the first year, there was a lot of characterization of Anonymous as vigilantes, I actually don’t think there was a lot of vigilante operations that year!  A lot of that came later…

FE: or a lot of that was the lower case anons, on 4chan, when they were like, “OMG people abusing cats,” or “my gf dumped me, let’s harass her on Facebook.”

GC: that’s exactly it. And a lot of people in the public and some journalists still think they’re primarily vigilantes, while it is — I don’t have a number but it is probably a quarter or less of their operations, are vigilante operations.

FE: Speaking of vigilantism, about the “white knight ops”… do you think they were the best way Anonymous could have chosen to endear themselves to the general public and to feminists?

GC: I generally agree, although it’s fascinating because Steubenville is what put them on the map in that “white knight oping” I think overall– and this is one of the most heavily qualified statements– they did a service but they did it poorly. I do think the two subsequent ones were executed with a lot more precision and nuance, thankfully.

But I wish that had been the case with Steubenville as well. We have to take seriously that collateral damage but I also think it’s something journalists also fall prey to as well, they make these big big mistakes when they take action and they should do everything possible to call out folks who do that, like that Rolling Stone piece, but I am not going to damn the entire bit of Anonymous for making those mistakes, for one person, unless they keep on doing it time after time but they didn’t.

FE: yeah that’s one of Anonymous’ strengths, that they adapt over time

GC: exactly, so you’ve really got to fully take that into account and the biggest mistake that came after Steubenville came over a year later, with Darren Wilson, rather, not correctly identifying Darren Wilson —

FE: oh but that The Anon Message account is just a whole other issue —

GC: exactly, crazy, he’s totally crazy, and you’re going to get that sometimes, you’re going to get the loose cannon and that is one of the weaknesses of Anonymous, that loose cannon person

FE: it’s weird though, that everyone in the community knows that TAM is a loose cannon, untrustworthy, but then media outlets still take what he says seriously

GC: yeah, and that’s maybe one of the weaknesses to raise, when you don’t have a spokesperson, to say “hey don’t listen to them” and I at one time took that role, and helped a lot of journalists, saying “he is credible, she is credible, he is not credible” but because I am not active any more I don’t play that role.

FE: it’s interesting that Anonymous hasn’t really decided to create like an IRC channel that is just for press,

GC: I would say in 2011, the AnonOps reporter channel was that way, but post when AnonOps was DDoSed, when Ryan Cleary dropped all the IP addresses, AnonOps became less of a central place…and that reporter channel couldn’t function in the way it once did. You’re right, there isn’t a single place you can go today for that type of verification…it’s much more fragmented today.

FE: Were you aware of the controversy around KYanonymous?

GC: he was one of the people I could have featured like I did with Barrett Brown, but I had less original material…

FE: KY is just so horribly hated, and I read a lot of posts and talked to a lot of people who are convinced everything they say about him online is true–

GC: yeah, it’s hard to dig in, because on the one hand the reality is he went on talk shows and he was pushing his rap music, but I think they demonized him a little bit too much, if that makes sense. Had he just been like, “yo, I’ve been arrested,” and he didn’t try to financially capitalize, I think [Anons] would have come and financially supported him. They ostracize those that try to convert their personal relationships inside Anonymous for personal gain, and they would have, I’M SURE, organized a financial campaign to help him… but it was too much, to sell his story to Rolling Stone, which got sold as movie rights, and the rap stuff, you know in some ways, [similar to] Barrett Brown

FE: What’s your take on the general Anon view of women? You mentioned it briefly in your book, when talking about AnonOps 2011

GC:  so the hackers are all male, and we could blame Anonymous for keeping them out, but they are not keeping black hat hackers out because they barely exist. Now that said, there is a culture where they embrace this very offensive language, including misogynistic language, and this is obviously going to be a barrier, not simply for women but certain quarters of the leftist community.

There are definitely women who participate, I put the number at about 25% so probably much higher than Open Source development and they play key roles with Twitter accounts, organizers, these sorts of things, but it is certainly the case that… my experience is that leftists tend to love Anonymous or hate Anonymous

GC: they love Anonymous because they’re bold, taking action, and some of whom are still uncomfortable with the language, like how Jeremy Hammond was, but still decided that it was worth it, others who kind of enjoy the transgressive language, and then among a kind of  a camp on the left, understandably, their language politics are too naive and they don’t buy into the importance of transgressing language and norms and that acts as a barrier for them. i won’t be able to solve this question right now I actually go back and forth myself on the language issue, and certainly, it can act as a barrier for women and some leftists in general. That is just a fact. whether or not you agree with the language politics, it can and will act as a barrier.

FE: I thought with the “white knight ops” that it would draw more women to Anonymous, but it didn’t really, probably because of the language and the culture.

GC: that’s right, feminists were very torn, some saw them as quite bold and I quoted someone in that position, I quoted another woman, Jackie, was the woman that could see the value, but there’s others who really are just like, “it’s incredibly regressive.”

FE: Did you find any challenges while researching and writing about Anonymous and their taboo relationship with “the online troll?”

GC: yeah, for sure, I mean, like, because of trolling or…?

FE: as in, do people take what you have to say less seriously because you are caught up in this trollish community, did you have to take extra time to prove your point because of the troll stigma…

GC:  I do not evny those folks who have to write purely on trolling, because you become polluted by the trolls. Many people can respect very much what you do but a lot of people, and I’ve seen this with some of my good friends that write about trolls, some people, you know they are not giving trolls a free pass whatsoever, they’re trying to go beyond, “it’s simply racism”… there’s other things going on, right. As a result, they become polluted by the trolls and certain academics are really critical of that type of scholarship. Which is very very problematic. I was certainly concerned because I addressed trolls to some degree but I was relieved that I didn’t address it deeply.

FE: it makes me think of Whitney Phillips’ book

GC: [00:20:15.00] OFF THE RECORD DISCUSSION [00:21:05.07]

You know one of the difficulties is weev, in a lot of ways, because, obviously I interacted with him a lot and I really did want to convey how frightening of a troll he was, but not necessarily, simply moralize it from the get-go but show the cultural logic. I think I succeeded. Some of his victims thanked me for not white-washing him. But also, I went beyond the kind of moral narrative of good and bad even though I think it was pretty clear.

GC: As I like to say [to] weev [who] likes to call himself puck, “no, you’re more like loki, because loki is really fucking frightening and is far more playful.”

FE: do you feel DDoS will ever be recognized as a form of protest?

GC: Yeah, it might, in certain places of the world, certainly not the United States.

FE: why not the United States?

GC:Because it falls under the Computer Fraud and Abuse Act, because the United States has zero tolerance for “computer crimes” right, it will put anything under, any attack under the CFAA and just the history has shown they are not going to budge on this. Granted, the paypal14 outcome was more favorable than I expected, and this goes to show [that if] there is a big movement behind a case [it] can make a difference. If people weren’t watching, if there wasn’t a Free Anonymous campaign, if they didn’t have great lawyers, it would be much worse.

FE: so in your book you wrote that Brazil, Italy and Hispanic-Mexican Anons were the largest contingent. Do you still think that is the case in 2015?

GC: yeah, Italy not so much because there have been a lot of arrests, but certainly lulzsec peru is still kicking strong, and even in September they had that famous hack against the Peruvian government, that linked to emails that exposed corruption.

I have to see about Asia, not too sure about today, but certainly for the Umbrella Revolution they were quite active with hacking but again, we’re not seeing that coverage, understandably, Anonymous is quite hard to study now because of the language barrier, but once you differentiate between no activity versus global off-shoring…

FE: A few people think German Anons have best hackers right now,

GC: What you can say is that they’ve gotten smarter, they’re being quieter, hiding their tracks, [CUT]

FE: there’s so many levels of irony, contradictions to various aspects of Anonymous, right, like how they forgo identity yet are incredibly publicity hungry, they are leaderless, but then they always have a handful of temporary leaders for short periods of time, they’re not anyone’s personal army and yet they are, for someone or for a cause…

GC: and in many of their operations people are like, “hey help us,” and sometimes they initiate it but others… like Ferguson comes to mind, where they said “hey, we need Anonymous”

FE: and Anonymous is like, “yeah, we’ll be your Batman!”

GC: exactly

FE: and the last one is how it is not entirely Anonymous, the collective has to be pseudo-anonymous to function, so… out of all these levels of contradictions, which one do you think is the hardest to explain, and get around?

GC: [CUT]

I think the hardest thing to convey is the changing structures of leadership, because people still are like, “but there must be leaders” when they say there is not a single spokesperson, and then I have to agree with them in that certain moments, certain teams or individuals are more important than others but, because of the fact that there are multiple ones, and it is highly dynamic and shifts, it means that it doesn’t resemble a certain organization where there really is a chosen spokesperson, or having an assigned roles, like with Red Hat Turkish group.

GC: I think some people have trouble understanding because they’ve never been on internet relay chat, and they don’t know what the exchange looks like, and that’s completely understandable that they can’t grasp the reality of those chats, and that was one of the reasons why I included so many chats in the book and why I also included the hackers working together and in a small team. And what’s interesting about Anonymous and this also goes back to the contradiction, it’s not simply that there is a shifting leadership, you have small teams that are very controlled at some level even if it is very much consensus-based and you have those big channels in the public that can determine what happens. This is why I included that example of the back channel DDoSing the Motion Picture Association of America and then when the group outed itself in the public channel and then the public channel engaged in mutiny,

FE: hanging out in IRC is quite a trip

BC: it really makes your ADHD worse…but that’s really hard because it is not simply the contradiction, if you have not experienced this interchanging spaces it is very understandably hard to wrap your head around it.

FE: I think that people are just confused that you can have leaders of a group of 10 people, and there will be 3 “leaders,” and they’ll only be “leaders” for a day or two, or a week,

GC: and some people like Commander X is really liked by some, and hated by some, so like the important movers and shakers he also gets a bad rap because he has talked to the media. But then he’s also put in a lot of work, and gets stuff done…

But you’re absolutely right, there’s a series of contradictions and that really defines who Anonymous is and it’s hard to convey some of them,

FE: it’s like in your book, when you mention you are breaking down the myth, but at the same time, that myth is what draws people to Anonymous so you also uphold it, it is a balancing act

GC: and that was like the central idea, I didn’t reveal it until the end, but yeah, my whole book is traveling this contradictory set of goals… there are too many misconceptions but I also wanted to make it exciting and enchanting and all sorts of things.

FE: so Barrett Brown, I know you said you didn’t want to talk about him, but…why do you think he was given more prison time?

GC: I think he was given… well, there are a couple things going on. Over the course of the history of transgressive hacking, or hacktivism, he’s not a hacker — so he took part in the hacktivism without the hacking — but whether it is Kevin Mitnick and the past, or now Barrett Brown, I think the state does want to create an example out of certain people, and he is the example of the non-hacker rabble-rouser who gets very close to the hackers,

FE: it’s very upsetting to me, because it’s like they are villianizing PR. PR is not a crime, and maybe that’s why he keeps denying he was a spokesperson… even if he wasn’t technically the official spokesperson, he still functioned like a PR rep,

GC: exactly, it’s true he was at times very close and involved in a lot of operations but you know, I was there for a lot of the Stratfor stuff, and Antisec was keeping him at bay. They didn’t even give him the emails! So it was really this unbelievable witch hunt against him, and it is true they capitalized off the fact that he was a central participant to kind of make their case, even though I think it was really ungrounded.

Anúncios

Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say (New York Times)

A prominent hacker set to be sentenced in federal court this week for breaking into numerous computer systems worldwide has provided a trove of information to the authorities, allowing them to disrupt at least 300 cyberattacks on targets that included the United States military, Congress, the federal courts, NASA and private companies, according to a newly filed government court document.

The hacker, Hector Xavier Monsegur, also helped the authorities dismantle a particularly aggressive cell of the hacking collective Anonymous, leading to the arrest of eight of its members in Europe and the United States, including Jeremy Hammond, who the Federal Bureau of Investigation said was its top “cybercriminal target,” the document said. Mr. Hammond is serving a 10-year prison term.

The court document was prepared by prosecutors who are asking a judge, Loretta A. Preska, for leniency for Mr. Monsegur because of his “extraordinary cooperation.” He is set to be sentenced on Tuesday in Federal District Court in Manhattan on hacking conspiracy and other charges that could result in a long prison term.

Hector Xavier Monsegur cooperated with the authorities.

 

It has been known since 2012 that Mr. Monsegur, who was arrested in 2011, was acting as a government mole in the shadowy world of computer hacking, but the memorandum submitted to Judge Preska late on Friday reveals for the first time the extent of his assistance and what the government perceives of its value. It also offers the government’s first explanation of Mr. Monsegur’s involvement in a series of coordinated attacks on foreign websites in early 2012, though his precise role is in dispute.

The whereabouts of Mr. Monsegur have been shrouded in mystery. Since his cooperation with the authorities became known, he has been vilified online by supporters of Anonymous, of which he was a member. The memo, meanwhile, said the government became so concerned about his safety that it relocated him and some members of his family.

“Monsegur repeatedly was approached on the street and threatened or menaced about his cooperation once it became publicly known,” said the memo, which was filed by the office of Preet Bharara, the United States attorney in Manhattan.

Born in 1983, Mr. Monsegur moved to the Jacob Riis housing project on the Lower East Side of Manhattan at a young age, where he lived with his grandmother after his father and aunt were arrested for selling heroin. He became involved with hacking groups in the late 1990s, drawn, he has indicated, to the groups’ anti-government philosophies.

Mr. Monsegur’s role emerged in March 2012 when the authorities announced charges against Mr. Hammond and others. A few months later, Mr. Monsegur’s bail was revoked after he made “unauthorized online postings,” the document said without elaboration. He was jailed for about seven months, then released on bail in December 2012, and has made no further postings, it said.

The memo said that when Mr. Monsegur (who used the Internet alias Sabu) was first approached by F.B.I. agents in June 2011 and questioned about his online activities, he admitted to criminal conduct and immediately agreed to cooperate with law enforcement.

That night, he reviewed his computer files with the agents, and throughout the summer, he daily “provided, in real time, information” that allowed the government to disrupt attacks and identify “vulnerabilities in significant computer systems,” the memo said.

“Working sometimes literally around the clock,” it added, “at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts.”

His primary assistance was his cooperation against Anonymous and its splinter groups Internet Feds and LulzSec.

“He provided detailed historical information about the activities of Anonymous, contributing greatly to law enforcement’s understanding of how Anonymous operates,” the memo said.

Jeremy Hammond is serving a 10-year prison term. CreditCook County Sheriff’s Department, via Associated Press

 

Neither Mr. Bharara’s office nor a lawyer for Mr. Monsegur would comment about the memo.

Mr. Monsegur provided an extraordinary window on the activities of LulzSec, which he and five other members of Anonymous had created. The memo describes LulzSec as a “tightly knit group of hackers” who worked as a team with “complementary, specialized skills that enabled them to gain unauthorized access to computer systems, damage and exploit those systems, and publicize their hacking activities.”

The memo said that LulzSec had developed an “action plan to destroy evidence and disband if the group determined that any of its members had been arrested, or were out of touch,” and it credits Mr. Monsegur for agreeing so quickly to cooperate after being confronted by the bureau. Had he delayed his decision and remained offline for an extended period, the document said, “it is likely that much of the evidence regarding LulzSec’s activities would have been destroyed.”

After his arrest, Mr. Monsegur provided information that helped repair a hack of PBS’s website in which he had been a “direct participant,” and helped patch a vulnerability in the Senate’s website. He also provided information about “vulnerabilities in critical infrastructure, including at a water utility for an American city, and a foreign energy company,” the document said.

The coordinated attacks on foreign government websites in 2012 exploited a vulnerability in a popular web hosting software. The targets included Iran, Pakistan, Turkey and Brazil, according to court documents in Mr. Hammond’s case. The memo said that “at law enforcement direction,” Mr. Monsegur tried to obtain details about the software vulnerability but was unsuccessful.

“At the same time, Monsegur was able to learn of many hacks, including hacks of foreign government computer servers, committed by these targets and other hackers, enabling the government to notify the victims, wherever feasible,” the memo said.

The memo does not specify which of the foreign governments the United States alerted about the vulnerabilities.

But according to a recent prison interview with Mr. Hammond as well as logs of Internet chats between him and Mr. Monsegur, which were submitted to the court in Mr. Hammond’s case, Mr. Monsegur seemed to have played a more active role in directing some of the attacks. In the chat logs, Mr. Monsegur directed Mr. Hammond to hack numerous foreign websites, and closely monitored whether Mr. Hammond had success in gaining access to the sites.

Sarah Kunstler, a lawyer for Mr. Hammond, said on Saturday: “The government’s characterization of Sabu’s role is false. Far from protecting foreign governments, Sabu identified targets and actively facilitated the hacks of their computer systems.”

At his sentencing in November, Mr. Hammond was prohibited by Judge Preska from naming the foreign governments that Mr. Monsegur had asked him to hack. But, according to an uncensored version of a court statement by Mr. Hammond that appeared online that day, the target list included more than 2,000 Internet domains in numerous countries.

Mr. Hammond’s sentencing statement also said that Mr. Monsegur encouraged other hackers to give him data from Syrian government websites, including those of banks and ministries associated with the leadership of President Bashar al-Assad.

Language and China’s ‘Practical Creativity’ (N.Y.Times)

 

AUGUST 22, 2012

By DIDI KIRSTEN TATLOW

Every language presents challenges — English pronunciation can be idiosyncratic and Russian grammar is fairly complex, for example — but non-alphabetic writing systems like Chinese pose special challenges.

There is the well-known issue that Chinese characters don’t systematically map to sounds, making both learning and remembering difficult, a point I examine in my latest column. If you don’t know a character, you can’t even say it.

Nor does Chinese group individual characters into bigger “words,” even when a character is part of a compound, or multi-character, word. That makes meanings ambiguous, a rich source of humor for Chinese people.

Consider this example from Wu Wenchao, a former interpreter for the United Nations based in Hong Kong. On his blog he has a picture of mobile phones’ being held under a hand dryer. Huh?

The joke is that the Chinese word for hand dryer is composed of three characters, “hong shou ji” (I am using pinyin, a system of Romanization used in China, to “write” the characters in the English alphabet.)

Group them as “hongshou ji” and it means “hand dryer.” Group them as “hong shouji” and it means “dry the mobile phone.” (A shouji is a mobile phone.)

Good fodder for serious linguists and amateur language lovers alike. But does a character script also exert deeper effects on the mind?

William C. Hannas is one of the most provocative writers on this today. He believes character writing systems inhibit a type of deep creativity — but that its effects are not irreversible.

He is at pains to point out that his analysis is not race-based, that people raised in a character-based writing system have a different type of creativity, and that they may flourish when they enter a culture that supports deep creativity, like Western science laboratories.

Still, “The rote learning needed to master Chinese writing breeds a conformist attitude and a focus on means instead of ends. Process rules substance. You spend more time fidgeting with the script than thinking about content,” Mr. Hannas wrote to me in an e-mail.

But Mr. Hannas’s argument is indeed controversial — that learning Chinese lessens deep creativity by furthering practical, but not abstract, thinking, as he wrote in “The Writing on the Wall: How Asian Orthography Curbs Creativity,” published in 2003 and reviewed by The New York Times.

It’s a touchy topic that some academics reject outright and others acknowledge, but are reluctant to discuss, as Emily Eakin wrote in the review.

How does it work?

“Alphabets used in the West foster early skills in analysis and abstract thinking,” wrote Mr. Hannas, emphasizing the views were personal and not those of his employer, the U.S. government.

They do this by making readers do two things: breaking syllables into sound segments and clustering these segments into bigger, abstract, flexible sound units.

Chinese characters don’t do that. “The symbols map to syllables — natural concrete units. No analysis is needed and not much abstraction is involved,” Mr. Hannas wrote.

But radical, “type 2” creativity — deep creativity — depends on being able to match abstract patterns from one domain to another, essentially mapping the skills that alphabets nurture, he continued. “There is nothing comparable in the Sinitic tradition,” he wrote.

Will this inhibit China’s long-term development? Does it mean China won’t “take over the world,” as some are wondering? Not necessarily, Mr. Hannas said.

“You don’t need to be creative to succeed. Success goes to the early adapter and this is where China excels, for two reasons,” he wrote. First, Chinese are good at improving existing models, a different, more practical type of creativity, he wrote, adding that this practicality was noted by the British historian of Chinese science, Joseph Needham.

Yet there is a further step to this argument, and this is where Mr. Hannas’s ideas become explosive.

Partly as a result of these cultural constraints, China has built an “absolutely mind-boggling infrastructure” to get hold of cutting-edge foreign technology — by any means necessary, including large-scale, apparently government-backed, computer hacking, he wrote.

For more on that, see a hard-hitting Bloomberg report, “Hackers Linked to China’s Army seen from E.U to D.C.”

Non-Chinese R.&D. gets “outsourced” from its place of origin, “while China reaps the gain,” Mr. Hannas wrote, adding that many people believed this was “normal business practice.”

“In fact, it’s far from normal. The director of a U.S. intelligence agency has described China’s informal technology acquisition as ‘the greatest transfer of wealth in history,’ which I regard as a polite understatement,” he said.

Mr. Hannas has co-authored a book on this, to appear in the spring. It promises to shake things up. Watch this space.

Frankenstein Programmers Test a Cybersecurity Monster (Science Daily)

ScienceDaily (Aug. 27, 2012) — In order to catch a thief, you have to think like one.

UT Dallas computer scientists are trying to stay one step ahead of cyber attackers by creating their own monster. Their monster can cloak itself as it steals and reconfigures information in a computer program.

In part because of the potentially destructive nature of their technology, creators have named this software system Frankenstein, after the monster-creating scientist in author Mary Shelley’s novel,Frankenstein; or The Modern Prometheus.

“Shelley’s story is an example of a horror that can result from science, and similarly, we intend our creation as a warning that we need better detections for these types of intrusions,” said Dr. Kevin Hamlen, associate professor of computer science at UT Dallas who created the software, along with his doctoral student Vishwath Mohan. “Criminals may already know how to create this kind of software, so we examined the science behind the danger this represents, in hopes of creating counter measures.”

Frankenstein is not a computer virus, which is a program that can multiply and take over other machines. But, it could be used in cyber warfare to provide cover for a virus or another type of malware, or malicious software.

In order to avoid antivirus software, malware typically mutates every time it copies itself onto another machine. Antivirus software figures out the pattern of change and continues to scan for sequences of code that are known to be suspicious.

Frankenstein evades this scanning mechanism. It takes code from programs already on a computer and repurposes it, stringing it together to accomplish the malware’s malicious task with new instructions.

“We wanted to build something that learns as it propagates,” Hamlen said. “Frankenstein takes from what is already there and reinvents itself.”

“Just as Shelley’s monster was stitched from body parts, our Frankenstein also stitches software from original program parts, so no red flags are raised,” he said. “It looks completely different, but its code is consistent with something normal.”

Hamlen said Frankenstein could be used to aid government counter terrorism efforts by providing cover for infiltration of terrorist computer networks. Hamlen is part of the Cyber Security Research and Education Center in the Erik Jonsson School of Engineering and Computer Science.

The UT Dallas research is the first published example describing this type of stealth technology, Hamlen said.

“As a proof-of-concept, we tested Frankenstein on some simple algorithms that are completely benign,” Hamlen said. “We did not create damage to anyone’s systems.”

The next step, Hamlen said, is to create more complex versions of the software.

Frankenstein was described in a paper published online (https://www.usenix.org/conference/woot12/frankenstein-stitching-malware-benign-binaries) in conjunction with a presentation at a recent USENIX Workshop on Offensive Technologies.

The research was supported by the National Science Foundation and Air Force Office of Scientific Research.

The Secret Lives of Dangerous Hackers (N.Y.Times)

‘We Are Anonymous’ by Parmy Olson

By , Published: May 31, 2012

In December 2010 the heat-seeking Internet pranksters known as Anonymous attacked PayPal, the online bill-paying business. PayPal had been a conduit for donations to WikiLeaks, the rogue whistle-blower site, until WikiLeaks released a huge cache of State Department internal messages. PayPal cut off donations to the WikiLeaks Web site. Then PayPal’s own site was shut down, as Anonymous did what it did best: exaggerate the weight of its own influence.

WE ARE ANONYMOUS – Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency, By Parmy Olson. 498 pages. Little, Brown & Company. $26.99.

But, according to “We Are Anonymous,” by Parmy Olson, the London bureau chief for Forbes magazine, it had taken a single hacker and his botnet to close PayPal. “He then signed off and went to have his breakfast,” she writes.

(The accuracy of this account is in dispute. PayPal says that its site was never fully down. But as Ms. Olson says, in “a note about lying to the press,” this is how she weighed information as a reporter: “Did supporters of Anonymous lie to me in some interviews?  Yes, though admittedly not always to start with. Over time, if I was not sure about a key point, I would seek to corroborate it with others.  Such is the case with statements presented as fact in this book.  My approach to Anons who were lying to me was simply to go along with their stories, acting as if I were impressed with what they were saying in the hope of teasing out more information that I could later confirm.  I have signposted certain anecdotes with the word “claimed” — e.g., a person “claimed” that story is true.  Not everyone in Anonymous and LulzSec lied all the time, however, and there were certain key sources who were most trustworthy than others and whose testimony I tended to more closely, chief among them being Jake Davis.”  Mr. Davis, known as Topiary, appears to be a principal source in describing how the PayPal attack unfolded.)

Valgas Moore. Parmy Olson

Even so, Anonymous made it seem like the work of its shadowy horde. “We lied a bit to the press to give it that sense of abundance,” says the figure named Topiary, one of the best sources in “We Are Anonymous,” a lively, startling book by Ms. Olson that reads as “The Social Network” for group hackers.

As in that Facebook film the technological innovations created by a few people snowball wildly beyond expectation, until they have mass effect. But the human element — the mix of glee, malevolence, randomness, megalomania and just plain mischief that helped spawn these changes — is what Ms. Olson explores best.

“Here was a network of people borne out of a culture of messing with others,” she writes, “a paranoid world whose inhabitants never asked each other personal questions and habitually lied about their real lives to protect themselves.”

The story of Anonymous and its offshoots is worth telling because of the fast and unpredictable ways they have grown. Anonymous began attracting attention after it attacked the Church of Scientology in 2008; subsequent targets have included Sony’s PlayStation network, Fox television and ultimately the C.I.A.  The Homeland Security Department expressed its own worries last year.

Ms. Olson provides a clear timeline through Anonymous’s complicated, winding history. She concentrates particularly on how it spun off the smaller, jokier group LulzSec. “If Anonymous had been the 6 o’clock news, LulzSec was ‘The Daily Show,’ ” she writes.

The breeding ground for much of this was 4chan, the “Deep Web” destination “still mostly unknown to the mainstream but beloved by millions of regular users.” The realm of 4chan called /b/ is where some of this book’s most destructive characters spent their early Internet years, soaking up so much pornography, violence and in-joke humor that they became bored enough to move on. Ms. Olson, whose evenhanded appraisals steer far clear of sensationalism, describes 4chan as “a teeming pit of depraved images and nasty jokes, yet at the same time a source of extraordinary, unhindered creativity.” It thrived on sex and gore. But it popularized the idea of matching funny captions with cute cat photos too.

“We Are Anonymous” also captures the broad spectrum of reasons that Anonymous and LulzSec attracted followers. Some, like Topiary — who turned out to be Jake Davis, an outwardly polite 19-year-old from a sheep-farming community on the remote Shetland Island called Yell, who was arrested in 2011 — were in it for random pranks and taunting laughs. This book does not shy away from the raw language its principals used, as when Topiary told one victim: “Die in a fire. You’re done.” Other participants had political motivations. The New Yorker calling himself Sabu began as a self-styled revolutionary and was instrumental in getting Anonymous to invade the Web sites of top government officials in Tunisia.

A pivotal part of this book concerns the arrest of Sabu, the unveiling of his real identity as Hector Monsegur, and the F.B.I.’s subsequent use of him as an informant. Sabu’s dealings with Julian Assange of WikiLeaks are also described. Ms. Olson notes how Sabu “suddenly seemed very keen to talk to the WikiLeaks founder once his F.B.I. handlers were watching.”

Ms. Olson regards it as inevitable that neither Anonymous nor LulzSec could reconcile the divergent goals of its participants. Bullying jokesters and politically oriented hacktivists may share sophisticated knowledge of how to manipulate the Web and social media, but each faction became an embarrassment to the other. Topiary told Ms. Olson about his own long-distance contact with Mr. Assange, whom he describes as both intrigued by the saboteurs’ potential and critical of their silly side. (After sifting through 75,000 e-mails from a digital security firm, Topiary bashfully admits, one of the things that most interested him was an e-mail from the chief executive’s wife saying, “I love when you wear your fuzzy socks with your jammies.” )

The most startling conversation in “We Are Anonymous” was arranged by the author: an in-the-flesh meeting between Topiary and a person she calls William, since he remains unidentified.

William personifies the dehumanizing effects of cybercrime, and he knows it. One of his specialties is extorting pornographic pictures and then putting them to damaging use. “We split up several boyfriends and girlfriends and appalled many people’s mothers,” he recalls, about the Facebook tricks the book describes in detail. “I’d be lying if I said there was any great reason,” he adds. “I don’t feel guilty, it makes me laugh, and it wastes a night.”

Together they confirm the worst suspicions about the power of sophisticated but untethered Internet manipulation. “You could inspire some 15-year-old, or someone with a 15-year-old’s mind-set, to hate whoever you want them to hate,” William says.

Postscript: May 31, 2012

After this article was published, PayPal contacted The Times to take issue with the statements in the book that say the hackers shut down its Web site. Jennifer Hakes, a senior manager in corporate communications, said that as a result of the attacks in December 2010, “PayPal was never down.”