My name is Ryan Ackroyd and back in 2011 I was arrested for my part in the groups know as Lulz Security (LulzSec), Anonymous and Operation Anti Security (#AntiSec). I am LulzSec, AMA!

Are you proud of the sacrifices you made in your lifetime?

Yes I am, I never look back I just move forward in to the future hoping to find peace and happiness.

What was it like being raided?

GAME OVER PLEASE INSERT COINS

That is seriously the best answer you could have given. I like it.

Haha thanks.

Did you meet anyone interesting in prison?

There's some funny characters in prison I can tell you that, made friends for life. Most of the people in there were in there for fraud, drugs, gang stuff. I never met any famous prisoners if that's what you mean? Then again everyone's story in prison is interesting.

How did you get started 'hacking'?

What were your most common techniques for accessing website databases (I understand if you cant answer this one)?

What do you recommend for someone that's interested in hacking(in terms of learning it)?

How did the feds find out who you were?

I first started back in 1998 I mostly used to hack PC games, hex editing, binary reverse engineering stuff. Then I learned how to use C and assembly and it just went from there.

Hacking is the art of reverse engineering, before you can reverse engineer something you need to have an in depth knowledge of it.

Learn to build before you break, but do it legally!

[deleted]

I hacked Command and Conquer Red Alert 2 the most, instant, infinite cash etc... One single president IFV would take out all or most of the other guys base/army, good times.

I used to be an admin and release a few tutorials over at gamehacking.com (CES); I was also involved with gamethreat.com.

Did you have another alias that you used while you were in the game hacking scene that I may have heard? It's been well over 10 years since those days but figured I would ask anyway.

I can't remember the name I signed up with, something childish... The game was awesome most people made mod maps back in those days with slightly more gems and crates at their end of the map hahaha. Back then lots of people used to hack PC games, it was mostly hackers playing other hackers hahaha.

NEW CONSTRUCTION OPTIONS

I've been tempted to get it and install it, I bet people still play it.

Do you like sporks?

Yes, I do, do you?

Hey man we are asking YOU the questions here. Leave the interrogations to us the professionals.

Ok bro.

[deleted]

Basically it prevents me from using encryption that allows hidden volumes, virtual machines and I cannot delete my internet history. It lasts for 5 years and each breach of the order can be punishable up to 5 years.

It's not a case of them being fair or unfair.

I can't go too in to detail about it if I want to take it back to court, I just want to challenge it, plus I like to keep my cards close to my chest.

[deleted]

I don't think so, I'd have to check the src of firefox to determine if it deletes the history in private mode or if it simply does not record it in anyway. The order says "Not to delete".

I like the cut of your jib.

Thanks.

so if you just image a fresh install of your variety of os(debian?) everyday would that break your parole?

I could just boot live OS and not be in breach.

is that what you do?

I used to, remember slax?

What are your thoughts on mass surveillance? Any advice for the masses?

It's been going on longer than you or I have existed. Strong encryption is the key.

Ever considered a job with the NSA? GCHQ?

I don't think I would pass the security clearance now anyways. I am x military though so who knows.

Do you have any regrets about your involvement with those groups?

Snowden, hero or villain? Why?

There's no point regretting anything because you cannot undo the past. I heard about Snowden in prison, came on the news but I only know what the news has been telling me. I will look more in to it, he's got balls I can tell you that and I admire a good set of balls.

Really? Good set of balls? Are we not doing phrasing anymore?

Yes really.

[deleted]

You don't learn how to program, you learn how use a programming language, programming is what you do with that information. Read lots of examples of source code, see if you can work out whats going on. Don't just copy/paste the examples, write them word for word no matter how long they are. Not only will it help understand what it is doing better you may also learn a few tricks.

Excellent point. May I use your quote here^ with my engineering technology students?

Sure why not.

[deleted]

No problem.

So how were you ID'd for arrest?

I fucked up, I've already explained it on here, lurk moar.

Get caught less.

GOOD ONE BRO.

Just curious, do you think big brother is reading this ama real time or at all?

They will be on this like flies round shit.

Ex Army eh?
Signals? or Tech in REME?

I was in the Infantry.

1. Where does/did LulzSec congregate?

2. What is the education background of a typical member, or from where did you learn to do what you can do?

We had our own private IRCD and encrypted silc servers, also channels on public servers. I am completely self taught, I have been at it since 1998.

Any advice for aspiring hacktivists?

Trust no one.

how came you guys got the cia down?

It was hit with a 100,000 node botnet.

What are your political views?

I don't really have any political views, however I would like to see the rest of the world get a chance to sample democracy and be free from oppressive dictatorships (no naming names).

[deleted]

It was a big botnet but I am unsure of it's actual size it did not belong to me and no I did not have access to it. To have 800k bots on at one time means you'd have to infect more than a million computers, an 800k peak botnet would be big.

What is the best way to protect your digital identity, and secure your privacy?

Since you have experience exploiting these vulnerabilities, what do you suggest to prevent it?

Strong encryption, limit the amount of personal information you place on the internet, don't draw attention, only use a sandboxed browser and tunnel your HTTPS through SSH using the highest of encryption, PGP mail for every mail, don't store encryption keys on your computer, full disk encryption and/or hidden OS, use different emails for your banking, paypal etc, Mak3p4$5w0rdZ!nCr3d!b4LlYsTr0nG, uninstall flash use http://youtube.com/tv instead etc, etc...

Thanks for your answer. I am not worried about personal use, I am more worried about enterprise and or security systems. preventing people from hacking my companies website, and social media accounts. I have to keep in compliance with the financial standards, so we use PGP, and Erado, for archiving and encryption. It is just nice to get the perspective what is an easy target, what would you consider a difficult target not worth pursuing?

I could write a book to answer this...

Security isn't something you can just apply it's an on going process and in most cases you are relying on products sold to you on a trust basis. You're told that Antivirus software will stop you getting a virus but what you're not told is that Antivirus software only protects you against what is known, takes less than an hour to write a new piece of malware or backdoor that your AV will never detect.

People put too much faith in to security systems without understanding how they work, their capabilities or limitations.

There's no need to be "pentested" it's a right con, they only test you against old exploits, if you update regular then you're already safe.

Use 2 factor authentication and/or strong password policy, prevent users creating the own password (they will only make them simpler)

Just make your data worthless to a hacker by encrypting it.

Is Milhouse a meme?

Milhouse was the best meme!!

Are you still in touch with Jason? Saw he went to prison recently, I actually went to HS with him.

How long did he get?

Hey its Kayla!

Hahaha

Hey thanks for the advice in the thread . I'll definitely use that on my quest to getting my Computer science thread and furthering my programming language knowledge !

No problem.

Kayla, I just want to say thank you.

haha no problem.

...meanwhile, while you were in prison our gov't set up a fake twitter type service in Cuba with the intent of helping topple the Cuban gov't. -_-

I'd like to see how you have come to this conclusion? Or is it official and that is it's official purpose?

[deleted]

Wesley Bailey

No idea who that is..

[deleted]

Ahh Wesley = Laurelai, yes that is true. (Don't know about the firing though)(I know she got a visit from the FBI, what they discussed I have no idea but there might be some truth in this, why not just ask her?)

You should try this at /r/netsec

They would probably have a few more knowledgeable comments and questions.

Possibly, no way to link them over? I'll admit it, this is the first time I've ever used or been to reddit.

Yea, go to /r/netsec and create a new post, and make it a link (to the url of this thread). Make the title basically the same, but bring up the fact that it's an xpost.

Done, thanks.

Thanks, I'll do this after I've made a coffee!

Doesn't seem like any of them took the bait!

Advanced Persistent Threat Elite

Nice.

Thoughts on DDoS as an "attack" vs. our generation's "sit-in."

There's a difference between a group of people using their own machines to protest something by overloading a server with traffic and ddosing the admin of a server with a botnet while you root him.

But I do believe it should be a legitimate form of protest, no different to blocking doors or doing a sit in.

What's your opinion on the book by Parmy Olson? I think I recall she said she talked to you by chat, but how accurate was what eventually made it into the book?

I lost the book before I could read it all so I don't know...

Was there a time before you were caught that you were worried or thought the authorities might have a clue as to your real identity?

I knew I was going to get caught, I fucked up.

Can you elaborate on this?

I've copy/pasted this from ask.fm

How did you get caught

I was going to leave the internet (before LulzSec) so I decided to write a script to login to the ‎@lolspoon account and post random sentences. At the time it wasn't written to pass though a proxy, it was going on a hacked box so there was no need to proxy it. Windows decided to freeze so I did what everyone else does when the computer freezes CLICK FUCKING EVERYWHERE AND BASH THE KEYBOARD. Sadly I accidentally executed the script which logged in to the ‎@lolspoon account leaving my real IP in twatters logs.

Jesus fuck, that's unlucky!

What did you do next, after you realized that you fuck up bad?

You knew they will be coming, have you prepared?

Did you have a backup plan?

Did you have a gun?

You could describe the whole LulzSec affair as a bunch of hackers going for bust.

There was no backup plan but I realized the mistake early and acted accordingly! No I do not own guns, they're a lot more restricted here in the UK.

Do you like Wheatus?

No, Wheatus sucks.

how do they ?

Well I just like to suck wheats thats all

did you have internet in jail?

No they do not allow internet in UK prisons.

Do you think access to the internet should be a human right? When will it be?

Yes it should be and I am sure it is already so!

At first welcome back. So here an total haxor/lulz/past unrelated question what kind of music do you like?

I like Hard Dance music, Hard Trance/Hard House.

Fuck yeah! Trance and House all the way.

I used to have a set of Technics 1210 Mk2 and mix like mad when I was younger, still got some of the vinyl haha.

Who is your favorite Trance artist? Ever been to any festivals?

Tidy boys, nothing but. Their events are awesome, youtube "Tidy weekender"

That looks awesome, hopefully one day I can check that out. Take a listen to "ASOT 650 utrecht by Dash Berlin" pretty good hr set.

Thanks!

[deleted]

Nothing is worth going to prison for. Yeah they are happy I am back and I am happy to see them again. It was ~100GBP for my parents to come and visit me in prison, I was a long way from home. I told them not to waste their money because the visit only lasts 2 hours.

I am x military I am used to being away from home for long periods of time. It also makes time fly faster when you're not constantly reminded about home. If you don't know what you are missing then you don't miss much.

what do you think about bitcoin? where will it be in 10 years?

I think it's great, scrypt coin too! I think they will get heavily regulated soon though. I had 78 bitcoins backed up on a SDHC before I was sent to prison. Back then they were worth ~$40 each. Come out of jail and I can't find that shit anywhere lol.

The only problem is even if I do find it, it's encrypted with keys that are on the computer the police confiscated and I can't get back.

I know right?

sue them

they stole you $ 78k

It's killing me!

If they've not destroyed your computer or had a seize order against it then you can get back things like that. Ask your lawyer.

They seized it in court, I can however apply "for a copy of evidence" under UK law and they would have to give me a copy of the HDD.

Do this. Those bitcoins won't last.

How long untill they are orphaned? It's been ~3 years already.

No idea. I meant they won't last as a concept (especially not at that value).

Wow, only just seen it but they peaked at ~$1000? Feels bad man.

Exactly - since then the Chinese and Russians have banned it, and you can only consider it's a downward spiral from there.

I wonder how long it will last here in the west, I'm surprised it hasn't already been regulated the tax man must be pissed!

I think there are also more constructive uses for mining, I mentioned this on twitter also. See there are a lot of cancer researchers and scientists that have HUGE amounts of data that needs to be mined to help cure diseases and solve the worlds problems.

The world hash rate for crypto coins is more powerful than most of the worlds super computers combined. Cancer researchers should give coins for mining cancer research data instead of wasting time generating meaningless hashes.

I look up to you on how you managed to convince everyone you're a girl, smart and funny thing at the same time. Really I look up to you like a celebrity, hah.

If you could go back in time, before the creation of Lulzsec, what would you do differently? Also, was Lulzsec's missions worth the prison time? Where did you learn social engineering, and hacking?

Maintaining a strong persona such as kayla and doing what I did wasn't easy. If I could go back in time I wouldn't change anything, I'd just keep going back in time to relive it over and over again. Nothing is worth prison time, it's a waste of life however I did manage to get some qualifications out of it. Not many people can say they left prison with a diploma for the thing they went in for.

I learned to do what I do from programming, it is simply reverse engineering.

[deleted]

I honestly believe they are state sponsored (possibly not from the beginning) but I do believe they are the people Assad is turning to. As for their methods I don't even know what methods they are using, I'll read in to it though, I'm fresh out of prison and most of what they have done was done while I had no internet access. I've been banned from the internet since 2011.

[deleted]

Humans are the easiest thing to exploit.

Was prison anything like you had expected it to be?

Better than I thought it would be, I had most prison movies flashing in my head on the way there from court but it's nothing like that.

Could you elaborate more on what it's like please?

How did you pass the time?

Did you personally encounter much violence in the prison? Or is it easy enough to stay away from it if you don't rock the boat or whatever?

Well, most of the prison movies I have seen all show people stood at the bars, big guys growling "mmmm fresh meat" and everyone getting stabbed up every 2 minuets. When you've never been to prison before you can't help but think back to every movie you've seen about prison.

I was a bit scared at first, didn't know what to expect...

Once I got to prison I realized it's nothing like the movies. Because it was all over the news when I was sentenced everyone in the jail knew who I was and what I was in for. I've made some good friends out it, people I am going to meet again once they are free.

I used to pass the time playing chess with my cell mate or by watching all crazy people in there.

No one was ever violent towards me, you don't give any attitude you don't get any attitude. I did see some people get fucked up in there, mostly starts over something really silly, like a game of pool.

Do you ever think about trying to get hired for security for websites or for government computers or something along those lines?

Again it's probably a trust issue...

What do you think your job prospects are now with the conviction hanging over your head?

Not too good! I'm on my arse at the minuet, I'll do any job!

...Any job? ( ͡° ͜ʖ ͡°)

Allmost...

Good luck fella.

Thanks!

Write a book.

Is it really needed?

Not needed per se. But you can tell an autobiographical perspective that nobody else can. The story lulz & Anon supporters would want to hear. Obviously not a 'tell all' but a 'tell most'?

Yeah I get what you mean.

What sort of people did you meet in association with the hacking groups? What kind of people are hackers?

Out of everyone I have met there are only a small handful of people that I would put in to the "reverse engineer/hacker" bracket. Lots of people who know how to use exploits, not many who know how and why they work or are able to write their own, truly is a dieing art.

This is probably the longest I've ever seen someone take questions in an AMA. Thank you for dedicating so much time to answering people's questions.

I wish I had something more profound to ask you, but this is really all I've got for now:

How did it feel being able to get behind a computer for a first time in 2+ years? Did you build a rig to re-live the novelty or do anything particularly special? ^{Porn, me thinks}

No problem I enjoy answering questions and I will be here until the questions dry up.

I was able to use computers in prison. I was given a job as a class room assistant helping teach people about computers, basic things. I also managed to complete a number of computer related qualifications and gained a diploma.

Seeing the internet after 2+ years was kind of strange though. The internet looks a lot different now compared to how it did in 2011. To be honest I don't like it, it has that "iphone look" to it all, big buttons and lots of unneeded JS.

I also forgot how addictive the internet is!

I wish I could build a rig I just do not have the money to do so. Hopefully soon I will find a nice job and maybe then I will build one.

Not a question, but a story you might enjoy.

To set the stage, when Defcon 19 started, only Topiary was thought to have gotten popped. Someone had a brilliant idea and made invitations for an official Lulzsec party. The invitations were laser engraved tinted acrylic, probably about 1/16" thick. They looked very legit, and included a phone number to call Saturday night where you would supposedly be told where the party was. Opsec and all that.

Suffice it to say, there was no party. The number was forwarded to various places at different times. The invitations were specifically targeted at press. In fact, that was the whole point. To troll all of the journalists into chasing their own tails on Saturday night, rather than hitting the actual parties going on. Everyone who knew about it was also spreading the rumor (to journalists) that Sabu was actually at Defcon and would be at the Lulzsec party.

Having a random journalist mention the rumors to me and bragging about their invite made my day, and it wouldn't have been possible without you guys.

As much as I boycot Defcon and other Hacker cons I can dig a good troll.

Is human body very good build pc with very cheap soft?If it's so easy to exploit:(

No it's a design prone to failure.

Isn't the true "lulzy" part of this that you guys bugged some people and mocked their security and then ended up getting busted and going to prison while the companies you annoyed made their security better? That's pretty lulzy to me.

What I find lulzy is the fact they were all vulnerable to webapp vulnerabilites and don't use PGP.

When do you think the govt will evolve enough to have guys like you helping to grow our society? Right now it seeks to hunt you down....terrible waste of resources imo

It is, there's a lot of talent rotting away in the prison system.

Administrations that in one breath expresses the need for engineers of digital space and then issues the order to capture the very people with such talents.

Edit: its been many administrations haha :*(

And many more to come!

Its wishful thinking but i hope that the economic imperative will win out as we progress to what can be depicted best by the Type I civilization coined by popular theoretical physicist Michio Kaku

Things need to change, that's for sure.

What do you think - in Wrestlemania '98, did Mike Tyson get punched in the cock?

Never watched it back then, I hope so!