Former Lulzsec hacker Jake Davis on his motivations
- Published
Four men were sentenced on Thursday for computer hacking. In 2011 they were all linked to the Lulzsec hacking collective which targeted organisations including the FBI and Britain's Serious Organised Crime Agency (SOCA) in a 50-day campaign which wrought havoc across the internet.
Among those sentenced was Lulzsec's self-appointed PR man, Jake Davis, who in his first TV interview has spoken to BBC Newsnight's Susan Watts about what he did and why.
Jake Davis, who went by the online alias Topiary, says he now regrets "95% of the things I've ever typed on the internet".
"It was my world, but it was a very limited world. You can see and hear it, but you can't touch the internet. It's a world devoid of empathy - and that shows on Twitter, and the mob mentality against politicians and public figures. There is no empathy.
"So it was my world, and it was a very cynical world and I became a very cynical person."
In the summer of 2011 Davis was Lulzsec's de facto head of communications, running the group's Twitter feed.
At the time, he was a teenager living on the remote Shetland Islands. His stepfather had died a few years earlier and his mother and brother had moved to England. He was alone.
Davis had become a near recluse, rejecting the real world in favour of internet chat rooms.
"At the time I was 17 or 18-years-old, quite mentally unstable, and in a bad place," he says of that period.
"At times I could see through the haze of the internet and could see there would be consequences, but it was more a case of 'who cares if there are consequences?' I just want to live in the moment."
Online persona
Lulzsec emerged as a splinter group of the Anonymous, external hacking group in May 2011.
Its members employed techniques to flood websites with high traffic - known as DDoS attacks - in order to render them unusable.
There were many Lulzsec associates, but only half a dozen or so central characters.
Aside from Jake Davis, there was Ryan Ackroyd, aka Kayla, and Mustafa al Bassam, aka Tflow in the UK. In the US there was Hector Monsegur, aka Sabu, and Avunit, whose identity is unknown.
In the real world these individuals lived continents apart and never met. Online they adopted colourful characters as they crashed websites and published the data they hacked.
Like Anonymous, they wanted information on the internet to be free. But Lulzsec also wanted to have a laugh.
The group's name stood for Lulz Security - in which "Lulz" is derived from the popular internet term "lol", meaning to "laugh out loud".
Target choice
Their targets were an eclectic mix, only loosely political, often prankish in nature.
Members of the group have been indicted in the US for allegedly stealing and publishing a database containing details of 70,000 potential contestants for the reality TV singing contest The X Factor.
Here in the UK, some have pleaded guilty to hacking the website of The Sun newspaper, and replacing its front page with a false story declaring that Rupert Murdoch had been found dead in his topiary garden.
The group has been linked to attacks on Sony at a time when the games company was under fire from hackers across the internet angry about what they saw as the company's blasé approach to keeping people's data secure.
A number of law enforcement agencies were also amongst their targets. They crashed the CIA's home site, and sought to embarrass those whose job it is to investigate cybercrime in the UK, SOCA, by forcing their website offline.
On their Twitter feed Lulzsec also boasted about bringing down a website linked to the FBI.
Davis ran that Twitter account, under his alias Topiary - a witty and cock-sure character, which he says was a more self-assured version of himself:
"Aspects of myself went into him," he explains. "It was an exaggerated version of the things I couldn't be. I think Topiary is a lot more confident than I am certainly."
On 24 June 2011, Newsnight spoke to Topiary in an online chat room. He came across as his usual, confident, online self. In reality, he now says, he was in turmoil and describes that day as a turning point.
That was because earlier on that Friday, in the US, Lulzsec members had attacked the Arizona State Police, in protest against tough new laws on immigration. They released private intelligence material, names, addresses and phone numbers of officers, and the content of e-mails.
"I thought this hack has gone way too far - there's no point to this thing, it's just harming police officers… This doesn't entertain anybody or help anybody anywhere," Davis told Newsnight.
Founder turned informer
By then the group was falling apart, and unbeknownst to the world, the FBI had a new weapon. Just prior to the Arizona hack, one of Lulzsec's founders, Hector Monsegur, Sabu, had been arrested. Then, for some 10 months, he turned informer.
Davis was arrested on July 27 2011. His last tweet as Topiary read: "You cannot arrest an idea.", external
Prior to Thursday's sentencing, Davis had already pleaded guilty to a charge relating to SOCA. He says this was a charge based on a two-line exchange in a chat room:
"I typed tens of thousands of lines of computer text every day and these two little lines are worth a separate charge and are punishable by up to 10 years in prison," he says.
But he concedes that it is what the lines say, rather than how many there are that matters, and says that he now regrets getting involved with the SOCA attack.
"I regret 95% of the things I've ever typed on the internet… especially those two or three lines - 'sure let's go after these people, why not…. It can't hurt,' Obviously it did hurt - both SOCA and myself and others."
DSI Charlie McMurdie, head of the Metropolitan Police's central e-crime unit, said after sentencing that these Lulzsec members had been "running riot, causing significant harm to businesses and people".
She described them as a threat to the thousands of internet users whose logins and passwords they made public. She said the group's recklessness with confidential material could very well have threatened people's lives.
She described it as one of the most significant cases the unit has prosecuted and should serve as a warning to those who use the internet to commit cyber acts.
Most of the Lulzsec collective's key players have now been arrested. Monsegur is awaiting trial in the US, charged with crimes that, in theory, mean he could face 124 years behind bars.
Other key UK members - including Davis - have been indicted in the US, so far no request for extradition has been made.
Now, Davis has a simple message for young people who might consider his online activities worth copying:
"I would say if you have a passion and an outlet for creativity, try and do something beyond the front door. Because if you get sucked into that computer world, you get dependent on it, and if you're dependent on it, it's very hard to say no to things that you may later come to regret."
Watch Susan Watts' film in full on Newsnight on Thursday 16 May 2013 at 2230 on BBC Two and then afterwards on the BBC iPlayer and Newsnight website.
- Published24 April 2013
- Published9 April 2013
- Published29 August 2012
- Published25 June 2012
- Published8 March 2012
- Published23 September 2011
- Published31 July 2011
- Published15 June 2011