IamA convicted Lulzsec/Anonymous hacker AMA!

What safety measures do you take for yourself when your just at home browsing the web?

Sorry for the long response. I was caught up responding to other comments and didn't realise this was at the top.

On my main machine I use QubeOS. I use Tor (via an old Dell machine) and a VPN. I set up the VPN myself and regularly set up new servers and switch them. I adopt different personas and never link anything back to my personal accounts. Just little habbits.

I have some things like my Soundcloud, Github etc that I'm not too concerned about. Stuff like that I don't mind if it's out in the open.

My machines use full disk encryption. If possible I will use public hotspots and randomly change my mac address so that no little clues are left on the router to confirm my machine connected to it.

I try to do as much as possible to keep certain things private and unlinked. I'm only human though.

I don't do anything illegal these days though, so I'm not as worried about having to hide certain bits of sensitive or incriminating data :)

I'll come back to this later if I have time. I need to answer some more comments.

What is the reason you did those hacks, just because you could or there was some reason behind it?

It was nice to feel a part of a community that recognized my skills, and to feel like a valuable member.

I have Aspergers, and to this day I still spend most of my time at the computer. I don't have any friends in real life so it was nice to be part of a community who were just like me. That was the main reason. But yes, also because I could.

I had no issues committing illegal activities at the time. I was mentally unstable, drinking heavily, smoking too much weed and getting very reckless.

How do you respond to the article that says you stole info on pregnant women because you're anti-choice?

Holy fuck, the amount of people triggered by my word choice is insane. I was half asleep when I posted the correction from pro-choice, no need to get sand in your cunts.

I regret my actions. I regret what I did. I sought media attention hiding behind an anonymous online persona that backfired. I never intended to release that data. My only intent was to cause alarm, and not harm.

This is unrelated, but how do you think smoking weed affects your Aspergers?

Previous to smoking weed I was on SSRI's and other medications to help deal with what was then undiagnosed Aspergers. They never really helped.

I started smoking weed and noticed I could think more clearly. My thoughts wasn't racing around my head 24/7. I was able to focus on what I was doing and relax. It almost feels like I'm normal and I can function somewhat normally to the rest of the world.

Without it I find it hard. They say weed causes anxiety and other mental health issues. It does the opposite for me so long as I smoke in moderation.

Not him (obviously) but I am also diagnosed with Asperger's and I used to be a heavy weed smoker. I would say that it generally helped me to be more sociable but also dulled that "intellectual" side of me that autistic people are known for. In short, I feel as if weed helped me to "grow out of" my condition to a large extent. Even though I don't smoke it anymore, nobody IRL ever guesses I have Asperger's unless I tell them.

Exactly how it makes me feel too.

Do you regret threatening to release stolen information on vulnerable women? While we know you've served jail time have you reflected on the harm your actions may have caused have you reflected on what the judge said? To quote the Judge in the article you linked.

'"You stole the records of approximately 10,000 women. Many of them were vulnerable women, vulnerable simply because they had had a termination or because of their youth or because their family did not know about their situation.

"You were proud about what you had done - you boasted about it on Twitter.'

Has this changed for you in anyway?

Although I took the data I never intended to release it. I made threats because I knew the topic was so controversial that it would end up causing a media shit storm.

My intent was to never cause harm, only alarm.

I'll be honest. At the time I didn't see why people were making such a big deal about it. In my mind I knew I wasn't going to release that data so to me all I was doing was making a threats. I hadn't stopped to consider the damage I caused.

Do I regret it today? Absolutely. I had 12 months to consider my actions and the shit I caused. I regret hacking BPAS. I don't regret anything else.

Do you effectively leverage your jail time in job interviews for the security consulting jobs?

No. The jail time has ruined any chance of me getting a full time job in security. I can't get security cleared. I was offered a job mid last year for a large well known company. The role required writing software to run security audits and lots of pen testing. But, it required the highest level of clearance. I can't gain employment because of jail time.

Is surviving jail harder for someone involved in a crime like this?

Jail wasn't difficult no. I never had any issues. People used to constantly ask me if I can help them hack a bank, hack their way out of prison or other ludicrous requests. I didn't mix with the drug addicts I mainly mixed with the white collar criminals as they seemed to be more intelligent.

The real question on everyone's mind: Vim or Emacs?

Vim all day long! I was hoping someone would ask this.

Have you ever actually wore a Guy Fawkes mask while hacking? Asking for a friend.

I haven't. The majority of the time I'm sat in my boxer shorts.

How do I hack my own computer until it explodes?

Push a screwdriver into the PSU whilst chanting "we are anonymous".

How are hackers perceived in prison?

People have a high view of hackers. To the average Joe they posses skill that interests and fascinates them. I didn't have any issues in prison.

[REDACTED]

Are you offering me a job Mr CIA :p

How has the whole experience affected you? I know I would he scarred by getting in that kind of trouble. Are you doing alright? Is prison like they show in the movies or better/worse?

It has affected me negatively. Some would agree I deserve everything that happens to me in life. And that's the problem.

It angers me that people involved in pedophile cases, rape cases, GBH and even some manslaughter cases are given less time than I got. They leave prison, return to life and are forgotten about. I can't even go to an interview without them Googling my name beforehand.

As a result I ended up suffering with depression very badly. Many cases having to claim Government benefits. When instead I could be earning a salary and contributing in taxes and putting my skills to good use.

It's tough. But as many say, I deserve that treatment for what I did. I have to live with my actions I guess.

Prison isn't like the movies. At least not in the UK. I watch a lot of prison documentaries from the USA and those prison seem brutal in comparison. You don't really have a gang heirachy in UK prisons. They exist, but they're not well known unless you're in the know. I stayed away from that stuff.

Thanks for a good question :)

How did you originally get involved with Anonymous/Lulzsec?

A friend was pestering me to idle on the Lulzsec IRC servers. I got chatting to a few people over time and it went from there.

First of all, thanks for making this AMA. Here's a few questions I could ask:

1.) At what age did you get in the hacking business?

2.) Where did you learn how to hack?

3.) What was the first hack you've ever performed successfully and its result?

4.) Would you hack anyone or any website just for fun? Have you?

1. I've always been hacking things from a young age. Either in electronics, computers, toys etc. It's just something I've done.

2. Books, HOWTO's, ezines, white papers, man pages etc. Just consuming as much information as I could and targeting the things that interested me.

3. I hacked my school network back when we had Acorn computers. We've all done that right? That was probably the first "illegal" thing I did.

4. I have in the past yes. Most times it's not about the target, but the challenge of getting into something. If I find a tiny issue on a website I'll pound it until I can exploit it, or leverage information that will help me gain access. These days I will report any vulnerabilities and I never cross that line into illegal territory.

Two part question:

1.) Without further incriminating yourself, what was the most difficult challenge you faced during your time with Lulsec/Anonymous?

2.) As an IT technician I'm starting to see an uptick in the number of my clients experiencing attempts to infiltrate their systems. What are some good resources that I could use to learn to mitigate these?

Thanks!

I didn't really face many challenges within the group. Technically I faced some challenges.

I was good at hacking web applications. I came from a web development background so I knew the ins and outs of how web applications were developed, how they worked, common pitfalls etc. I was able analyse source code for common open source platforms and find vulnerabilities that nobody else spotted. That was easy.

But some people were doing some crazy stuff. Reverse engineering, modifying firmware, malware development etc. That really interested me as I'd never really done any that in practice, only read about it. To this day I am still inspired by those guys and they're partly responsible for what I know today.

Regarding question 2, what's the responsibility of their systems? For example are they web servers and what operating system are they running? This will give me a better idea to answering the second question.

What is your stance on the new-ish privacy laws coming into effect/being thrown around in the US? Should we be real butthurt about this? Or were we damned from the get go?

They make me angry. The UK is going the same route by the looks of things. I write this if you want to give it a read.

People should be very concerned. Slowly but surely the Governments are pushing their bills through to remove privacy online. I wish more people would stand up and fight against this. They don't understand how serious it is.

RIP Aaron

Aaron Swartz in an inspiration. RIP

Is there a hierarchy in prison based on your conviction sentence? If so, where did you sit?

Sort of yes.

My crime meant I was a low risk offender. This places me in category D which means I can be placed in an open prison. An open prison means you get a key to your "dorm", you can work outside the prison, but you have to return at 7pm every night. Lots of perks.

But, you still have to go through the prison system to get there.

When I was first placed into custody I was on remand. I resided in a category B prison. This is a high security prison, one down from max. My pad mate was in for murder. Believe it or not he was a cool dude.

I remained there for 3 months. I was sentenced to 32 months and they sent me back to the category B prison. From there I waited to be moved to a category C prison. It's still secure, but a little less secure then B. I remained there for about 4 months.

From there I went to the category D where I served the rest of my sentence until release.

My pad mate was in for murder. Believe it or not he was a cool dude.

This is something I wish more people understood. I spent 30 days in solitary confinement in Camp Pendleton Base Brig (very short story version: was in Marine Corps boot camp, decided I didn't want to be). Being a 19 year old who was the furthest thing from a hardened criminal, I got out of my cell to push the juice cart. The guy in the cell next to me shot his CO and XO. He was nice. Almost everybody is nice to people they don't have any beef with. Sometimes otherwise nice people do really horrible things. There aren't just a lot of cartoon villains running around in prisons.

So true.

How were you arrested?

I was arrested at my home at 1am. I was in bed with the laptop running an automated attack against a company. I heard a tonne of car doors closing outside my house. I assumed someone had a party and people were leaving.

The next moment I hear huge bangs as they bolstered my door down. I initially though my house was being broken into because I had some expensive music equipment in my house.

I left the laptop and dashed out of bed to grab something incase it was burglars. I totally forgot to pull the plug out of the laptop I was using. It had no battery and one pull of the plug would have erased all evidence on that machine (unless cold booted, unlikely). I didn't expect it to be police.

And from there I was held with tasers, handcuffed, and made to sit in the main room with police watching me whilst they went through my home with a fine tooth comb. From there I was arrested, remanded in custody and sent to jail.

I was never charged for the attacks I was running on the laptop. The never recovered any forensics from my machine to charge me with their other claims.

Why does unplugging it erase evidence?

Sorry I forgot to add I was booting from a live disk. The existing hard drive in the machine was encrypted and rarely used for anything. Evidence could still exist in the RAM for a short period of time.

What's the underground world of hackers like? What's interesting about it, what kind of people are they?

For me it's a lonely place. My lifestyle is dreadful. I rarely leave the house, I spend up to 18 days sat at the computer. I do exercise, because I know this lifestyle is dangerous for your health, so I do my best to stay healthy.

Being able to manipulate a machine is fascinating. When you actually achieve the end goal the reward feeling you get is better than sex, or drugs. I think most hackers who are serious about what they do get this feeling. I've heard people say it before. You're basically chasing that high. To get that reward.

Most hackers are dull people. They spend most of their time involved in activities that don't interest most folks. I haven't met many hackers in real life so I don't know how they live, but that's how it feels for me.

Why didn't Anon make Sabu? There wasn't anything to make you think that somebody you might trust could be gathering and waiting for the right plea deal and price range? Any type of warnings?

No warnings at all. We used to chat for at least an hour a day. The last conversation I had with him he was showing me some images of graffiti he was doing. He was working on a track with me that he wanted to use as some sort of anthem. He was giving me instructions on how he wanted it to sound and I'd send prototypes over to him.

I didn't trust him at first, but over time he gained my trust. Looking back it did feel a bit like "grooming" tbh.

This is from a wired article:

Monsegur (Sabu), for his part, claims he never identified any of his fellow Anonymous hackers to the FBI. His own defense attorney disagreed in his sentencing hearing, telling a judge his “assistance allowed the government to pierce the secrecy surrounding the group, to identify and locate its core members and, successfully, to prosecute them.” Monsegur calls that a political statement intended to lighten his sentence.

What's your comment on his statement? How or why did you give your real name and location to Sabu? When did you know he was an informant?

I dislike him. I felt hurt by what he did. It literally felt like a friend had backstabbed me. I found out on the way to the police station in the back of the car.

I thought I could trust him. We'd spoke for long enough. I knew his first name. I knew his location. I'd seen his graffiti (if it was actually his). We spoke about personal things. I had no reason to believe he was an informant. He acted the total opposite. In some cases even posting information that would be considered illegal.

How did you keep up your skillset while in prison? 32 months seems like a long time to be out of web development and security testing with how fast new techniques are released.

I served 12 months, and remained on license for the rest of the sentence. I was allowed to have books brought in from home. My personally library is huge so I had my partner send me some of my favourite books. They even let me have a huge malware analysis book ... which surprised me. I kept up to date, but it was frustrating not being able to practice what I was learning. I learnt how to dry run software on paper to help a little.

Did they let you use a computer in prison?

I wasn't meant to in prison, but nobody checked my records.

In the D Cat we got to wander the grounds all day. It's a low security prison. I used to walk to the library and spend my time there. There wasn't any internet so I just made JavaScript games in the browser to kill time. They had a copy of Flanigan's Javascript book in the library (a stroke of good luck!), so I used that to develop my JS knowledge.

I also alerted their IT department (I was on good terms with the guy that ran it) to many potential issues on their Intranet. He fixed them :)

What do you think of the TV shows 'Mr Robot'?

It's great entertainment. Black Mirror is cool too.

Good entertainment :) I love Black Mirror too.

Hi,

If you were to target me right now on a full blown Liam neeson assault (common user no special privacy measures taken) and all you had was this comment/username to start with;

A) how confident would you be of identifying me?

B) to what extent would you be able to 'find me'?

Edit: someone on a new account contacted me with my name and an address I have lived at after reading this comment :-)

I used to do this to trolls on YouTube all the time. There have been times when it's been possible. If you haven't left any clues in any of your comments, and you haven't used this username elsewhere, it can be next to impossible.

If you're an average user who doesn't take many privacy measures I'd feel confident I could identify you and possible get an address. A home town at least.

Depending on the bounty a hacker could discover vulnerabilities on sites you use to gain more information that would help.

1) What was your technically most sophisticated hack?

2) Did all the 0day you find in FOSS get patched or do you still have some laying around? ;)

3) Does it bother you that Sabu is working for a security consulting company and has no problems being back in the industry?

4) What do you do for work now?

1. Probably what I'm working on now. I've managed to reverse engineer and crack a piece of software called MaxMSP. It's expensive software, I'm just finishing up and I'll send them PoC so they can fix. To me it's an achievement because it cost me many hours and loss of sleep.

2. The dog ate them :p

3. It does. He was responsible for a lot and he got to walk away and rebuild his life whilst those working "under" him got made examples of. I guess being a snitch does have it's benefits.

4. At the moment nothing. I'm finding it hard to gain employment due to mental health issues, and the criminal record.

How can we secure our cellphones? Specially the cams and mics.

I can't comment. I do not own a smartphone. I use a Nokia 8310. I do not trust them.

How fast can you type?

Never counted, but judging by the number of comments I'm going to have to increase my pace a little :)

What's your go to linux distro?

I feel like I should say Arch. Or Gentoo. Or LSF. All great distros but my gotos are good old Debian and FreeBSD purely out of personal preference because I grew up on them. My main machine runs Qubes.

Have you talked to Sabu since he allegedly snitched on you?

No. I don't like what he's done.

What was the reasoning for the hacks?

For teh lulz

Mostly this.

What's the best way to learn "hacking" or programming? What's your opinion on cyber security ethics, regarding the openness between the government and private sectors or individuals? What's the best way to prevent someone hacking oneself? Thank you!

Hacking and programming are two different beasts when it comes to learning. I'm mostly self taught and started reading books, HOWTO's, magazines etc from an early age so the knowledge has been accumulated over the past 15 or so years.

Programming wise I'd recommend to start with learning C. It's useful because it teaches you computer architecture. Memory management, the stack/heap, etc are useful for learning memory corruption techniques. If you want to go down the software hacking route it's a long road, but start with C imo. Learning C will allow you to learn other language pretty easily and is very useful for hacking.

Hacking is a broad topic. There's lots of different specialist areas. Most people these days want to know how to hack websites (which is only the tip of the iceberg btw). If you want to learn that, grab yourself a copy of the Browser Hackers Handbook, and Kali. Note: I do not advocate the use of Kali if all you're doing is running scripts and not understanding what's actually going on under the hood, but it's a useful place to start.

Regarding ethics, the Government has no business prying its eyes in anyones business. The privacy issues that are going on in the UK and the USA make me angry.

The best way to prevent yourself from being hacked is to learn how attackers can gain access to your system and implement the necessary protections to stop them :)

1) did you finish your probation as well? Were there any other extra sanctions imposed on you as part of your conviction(preventing computer use while in the US?)

2) I heard some hackers plead guilty to their computer hacking crimes, and that helped them advance their career. Do you agree with that phenomena? If you agree/disagree, then why?

3) Did any of your perspectives in your values change before/after joining your group? What would you like to accomplish in your remaining years?

1. Yeah I did. At one point my officer let me skip meetings because he wasn't concerned I would reoffend. I got friendly with my PO. He helped me a lot when I was diagnosed with Testicle Cancer. He later moved across the other side of the world and I lost touch with him. He was a great guy.

2. I'm not sure how it is in the US, but over here if you get convicted of hacking they tend to see it as that person can't be trusted.

3. When my depression started to get bad I was losing sense of any values/morals/ethics. Just weeks before I was self harming pretty bad. I was in a bad place mentally. Having reflected on what happened my values have definitely changed. It makes me cringe looking back on what I did.

I feel like I'm on a journey. I don't know where it's ending, but I will continue to learn and perfect my craft. I'd like to become an ASM wizard and be able to quickly read ASM as I can the English language. I'd like to make a small game with my son in ASM. We're going to attempt it on the C64 once my Final Cartridge 3 arrives. I have strange goals. Once I achieve that I don't know what's next. I'd like to gain full time employment one day.

In the end of the article you wrote you said:

In my next article I will provide a complete tutorial on how the average Joe can secure their Internet connection and remain private from Government spying and data retention.

Are you still planing to do this?

I am yes. I got caught up with other things in life. I lost my Dad at the start of this year and another family member the start of this month. It's been tough. But you just reminded me, I need to get that finished. Thanks :)

What's your take on Edward Snowden?

He's a legend :)

Regardless of what the law says is right or wrong, did you ever reach a personal moral barrier where you weren't sure whether to cross?

At that point in time my moral barrier was very low. Most times I didn't even consider the consequences of my actions if caught. I got too complacent.

did you detect and write the exploits yourself, or did you use someone else's work?

I found them myself, but many times there was help from other members.

Was the post removed or just the description? Mods?

Lack of evidence. I'm submitting more now.

Whats your reaction whenever you see hacking scenes on the tv/movies?

The new stuff is mostly overrated imo. Hackers is a true story. I love that film. Wargames is a classic I enjoy too. I'm not really into the newer films. Maybe because I'm from BBC micro era.

How was it like working for/with Anonymous? Did you know/meet any of your fellow hackers in person or was it all shrouded in secrecy with a certain unknown contact sending you instructions and such? What convinced you of joining their cause in the first place? Do you ever feel like you have betrayed them by working with all of those companies??

It felt like a community. Many of whom shared similar interests to myself. I didn't meet any in real life. I never met anyone in real life (I met some of them after I left prison).

Before I joined I was already hacking, but I wasn't doing it with others. A friend convinced me to idle on the IRC servers, and I did that for a while. I got a feeling for the place and started talking to others and it went from there.

I remain white hat these days and report security vulnerabilities as opposed to exploiting them. It usually reaps a reward of some sort. It's hard to fight the urges, so I tend to stick to white hat which allows me to continue doing what I do without any legal side effects.

Is everything hackable?

My personal opinion is everything can be hacked given time.

Are you really strongly pro life or was that hacking of the abortion site more of a trolling of sorts?

I always figured anonymous would be pro choice. I would like you or anonymous more if the former was true.

Also Saba is a bitch and karma will catch him, I promise.

I was never strong pro life. I am pro choice but siding with pro life. I understand there's many situations where an abortion would be appropriate.

And I hope so. Sabu got off with free with a well paid job to boot.

Hi JamesTheHaxor, your post has been removed because:

You have not provided adequate proof within a reasonable amount of time. Please see the /r/IAmA sidebar for posting guidelines. Thank you!

Please contact the mods if you need further assistance

What more do you require? The Twitter handle I posted off was the Twitter account involved in the case that I was arrested and sentenced for.