Policy —

The hackers hacked: main Anonymous IRC servers invaded

They wanted "lulz" and drama, and now Anonymous has plenty of both. AnonOps, …

War rages between competing factions within the hacker collective Anonymous after this weekend's drama-filled takeover of the main Anonymous IRC server network. That network, used by Anons to plan and conduct attacks, was taken over by one of its own, an IRC moderator known as "Ryan."

His attack has sparked a debate over the "leadership" of Anonymous.

Hacking the hackers

The main Internet chat servers used by Anonymous have been run by a group called "AnonOps," which provides communications platforms for the group. Pointing IRC clients at anonops.ru or anonops.net would connect anyone to the servers, where they could then join channels like "#OpSony" and participate in various Anon activities.

Though Anonymous is often described as leaderless, factions like AnonOps by necessity have a loose structure; servers must be paid for, domain names must be registered, chat channels must have at least some moderation. Ryan was one of those IRC mods, and this weekend he proceeded with an attack that seized control of the AnonOps servers away from the small cabal of leaders who ran it.

Those leaders include people with handles like "shitstorm," "Nerdo," "blergh," "Power2All," and "Owen"—and if you're paying attention, you'll remember that HBGary Federal's Aaron Barr had fingered Owen as one of three "leaders" of all Anons.

The most popular channel on the old IRC servers now says simply, "anonops dead go home." Ryan also put up a set of chat logs showing Owen and others reacting to the weekend's massive denial of service attacks against AnonOps that culminated in the server takeover. (In the transcript below, "doom" is one of the AnonOps servers.)

Owen -> SmilingDevil: we lost a numbe rof servers last night
SmilingDevil -> owen: :P we need some more security.
Owen -> SmilingDevil: dude
Owen -> SmilingDevil: it forcved level3 to stop announing a /24
Owen -> SmilingDevil: it was in the gbps range
Owen -> SmilingDevil: doom alone got hit with 1 gb
SmilingDevil -> owen: gigabit or gigabyte?
Owen -> SmilingDevil: all leafs went down
Owen -> SmilingDevil: add it all up
Owen -> SmilingDevil: yeah huge
SmilingDevil -> owen: :P we need a hidden irc server for the admins.
SmilingDevil -> owen: that only they know about
Owen -> SmilingDevil: um thats called the hub
Owen -> SmilingDevil: :)
SmilingDevil -> owen: did they take that too?
Owen -> SmilingDevil: but anyhow
Owen -> SmilingDevil: we suffered alot of damage

The "old" leaders released a statement this morning explaining what happened over the weekend and why IRC remained down:

We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan". He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organized a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them.

Not everyone buys the explanation. One Anon pointed out that the Zalgo bot in question is controlled by a user named "E," not by Ryan.

Second, Zalgo can only see chan msgs and msgs to zalgo. The net staff is saying (pretty much) Ryan used Zalgo to steal server passwords (false, I know server protocol) which were tranfered in channels in plain text for the to see (true).

Third: Take everything AnonOps says with a grain of salt. They're putting out lies and not telling the whole story.

Others pointed out that E and Ryan are friends and that E was actually recommended as an op by Ryan.

However it happened, the end result was that Ryan redirected some of the AnonOps domain names he had control over, he led an attack on the IRC servers with denial of service data floods, and he grabbed (and then published) the non-obfuscated IP addresses of everyone connected to the IRC servers. Ryan apparently also gained root access to the Zalgo network services bot, which is presumably how he harvested the non-obfuscated IP addresses, though it's not clear exactly what Zalgo did or how much access it provided Ryan.

Clashing factions

Ryan is associated with 808chan, a 4chan splinter site and apparent home of the recent denial of service attacks on AnonOps. Ryan is "DDoSing everything that he doesn't own with his band of raiders from 808chan," says one Anon.

The 808 brigade apparently valued big botnets, and made users prove their abilities before letting them participate. AnonOps had a more democratic ethos; anyone could show up, configure the Low Orbit Ion Cannon attack tool, and start firing at Sony or others.

"It's an open network where everyone, mostly newfags can join and not have to prove they're able to wield a botnet and can just join a channel of their choosing, fire up LOIC and hit some organization for reasons they believe are right," said one Anon.

Ryan's control of AnonOps extends to some of the actual domain names, including AnonOps.ru. This wasn't a hack; he was actually given administrative control over the domains some time ago by AnonOps leaders.

One Anon explained the reason for this, saying: "As for the domains, they were transferred to Ryan after some of us got vanned so he can keep the network up. What he did certainly wasn't the plan." (Getting "vanned" refers to getting picked up by the police.)

According to another Anon, the current fight was precipitated when Ryan's IRC credential were revoked. "You morons don't realize Ryan IS LEGALLY THE OWNER OF DOMAINS," he wrote. "Nerdo and Owen removed Ryan's oper, Ryan took domains."

Smoky back rooms?

Among Anons arguing over what happened this weekend, the key debate involves the issue of leaders. Anonymous also said it was leaderless and memberless, but is it? The AnonOps statement above claims that Ryan was angry at the "leaderless" structure of the group and wanted to set himself up as king; again, though, not everyone is so sure.

Owen, for instance, helps to shape the conversation and planning in IRC. One Anon complained privately to me that Owen has booted him from the IRC servers—and thus from the place where all the real work against Sony was taking place several weeks ago. "Owen has not only told me that he doesn't really give a shit about freedom of speech, he's also moderately against the action that's being taken on Sony," this Anon said.

Owen and others conduct some of their work in private, invite-only channels, which leads some Anons to suspect that the really important operations and hack attempts are only discussed in a virtual back room. As one Anon put it yesterday:

"Have you ever been in one of their invite-only chats? This is no bullshit. EVERYTHING is decided on them, the eventual course of the operation, the hivemind's target, the channel's topic, everything. Why all this secrecy? These invite-only chats have NO reason to exist. You want to keep out trolls? Turn on mute, and give voice to a few. At least we can see what is being written."

Others were even angrier. A former AnonOps member wrote:

From the fucking beginning (during the hack at Aiplex which started Operation Payback) there has been an secret club, an aristocracy in AnonOps, deciding how operations will play out in invite-only channels.

It's obvious, for they control the topic, the hivemind, the guides, every single thing behind the scenes.

I don't know if the Owen's current bureaucracy is to be trusted, or Ryan's new delegation (from 808chan!) is.

What I do know is that AnonOps no longer has a good reason to exist. The insane amount of power the channel operators wield, and the reputations gained by their NAMES, causes them to become dictator-like, as "power corrupts".

Why did we leave the comforts of the womb of anonymous imageboards, and end up in name-fagging circlejerks controlled only by a few? Why?

Anonymous, this is bullshit. Neither side, neither Ryan's coalition of hackers nor Owen's bureaucracy can be trusted.

Others argued against this equivalence. "Ryan was the dictator, not the one who decided to solve the dictator problem," said one. Another responded, "Lol, how do you know? For all you know, Owen and Ryan are just the classic generals duking out to take over."

For his part, Ryan told the UK's Thinq today that he shared the concerns over private decision making. Owen and the other leaders "crossed the barrier, involving themselves in a leadership role," Ryan said. "There is a hierarchy. All the power, all the DDoS—it's in that [private] channel."

But among those who backed AnonOps, one thing was clear: Ryan needs to get got. Anons quickly embarked on a mission to find Ryan "dox," and quickly unearthed what they said was his full name, his home address (in Wickford, Essex, UK), his phone number, his Skype handle, and his age (17).

On Twitter, some Anons began spreading the word that Ryan had "betrayed" Anonymous, and that he had done so "to mess up all after having stolen PSN credit cards." No evidence for this last assertion was provided.

As the old AnonOps team attempted to get a handle on what had happened—and after they switched to an Indian domain name—they expressed irritation with early media mentions ("fail reporting") of the attack.

"Some 'mainstream' media is calling this the 'insider threat,'" they wrote, "which isn't really a fair representation, AnonOps doesn't have any corporate secrets, its run by the people for the people on a basis of mutual trust. Drama happens almost 24/7, occasionally drama overspills the network.

"Also we must remind the press AnonOps DOES NOT EQUAL Anonymous, saying they are one and/or the same thing in a blog/article just makes you look stupid. AnonOps is just a IRC network and a few other services that ANYONE can use, its not the only place Anonymous gather, and unlikely to be the *last* (see Streisand effect)."

But will the AnonOps leaders ever gather on a forum they don't control? Ryan took great delight in posting the following alleged comment from Owen to another AnonOps leader: "yo odnt honestly think we're goign to some other irc where we have no control do you?"

Of course, Anonymous has always been about drama and "the lulz," so the current confusion may not even bother them that much; this is just par for the course. But it's certainly amusing to others.

"Lmao. You fucking twits can't even keep your shit safe," wrote someone watching the debacle. "This literally made me laugh out loud. Not lol, but laugh. You all are so stupid."

Channel Ars Technica