Next time you see a flock of teenage girls in the mall, note that one of them might be Kayla. As your average 16-year-old, she regularly hangs out with friends, works part time at a salon and hopes one day to be a teacher.
Behind the scenes though, she’s a big time supporter of Anonymous, the loosely knit global hacking group that brought down the Web sites of MasterCard and PayPal in defence of WikiLeaks. That’s what she claims at least. Kayla flits around the web with so covert an identity that I cannot fully verify her age or gender.
Still, the girl known on chat forums as ‘k, and who spoke to me by e-mail as “Kayla,” is no figment of the Internet’s imagination: she helped all but destroy a company. When Aaron Barr, the now-former CEO of software security firm HBGary Federal, claimed in a press report that he could identify members of the Anonymous collective through social media, she and four other hackers broke into his company’s servers in revenge, defacing his Web site, purging data and posting more than 50,000 of his emails online for the world to see, all within the space of 24 hours.
Kayla played a crucial role, posing as Barr to an IT administrator (who happened to be Nokia security specialist Jussi Jaakonaho) to gain access to the company’s servers. Read their email correspondence here and here. In the fallout, Barr’s emails revealed HBGary had proposed a dirty tricks campaign against WikiLeaks to a law firm representing Bank of America. Other security firms distanced themselves. Kayla and her buddies had opened a can of worms.
Today while HBGary picks up the pieces, Kayla still spends a few hours a night on Anonymous chat channels looking for her next target. Most recently it was the Libyan government, helping get information to Libyan citizens in the Internet blackout.
With just half a dozen close friends online, she has a strict regimen to remain invisible on the web. Each night she wipes every one of her web accounts and deletes every email in her inbox. She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.
So paranoid is Kayla of being caught or hacked by others, that despite several requests she would not speak to me on Skype to verify an adolescent-sounding voice. Our only evidence: others in Anonymous vouch for her age, her emails are punctuated with smiley faces and “lols” and she is relatively well-known on hacking forums. Still, rumors abound that Kayla is a mid-20s male from New Jersey named Corey Barnhill, who also goes by the pseudonym Xyrix.
When I put this to Kayla she countered that in 2008 (aged 14) she and a few other users of an early Anonymous IRC network called partyvan, hacked the account of fellow user Xyrix in defence of an online friend. Kayla used Xyrix’s (Corey’s) account to social engineer an IRC operator and got her target’s personal information. The operator thought Xyrix was Kayla, added her to Xyrix’s Encyclopedia Dramatica page, and the rest is history.
How did this mystery girl become a hacker? Kayla says that’s down to her dad, a software engineer who won custody over her after a divorce that deemed him the “more ’stable’ parent.” They moved to the countryside where others her age were few and far between. The house was meanwhile littered with programming books on Linux kernel, Intel manuals and networking books. “I just started reading them,” she says. By the time Kayla was 14 she could fully program C and x86 assembly.
“My dad encouraged it at first,” she says. “He thought it was awesome I was so in to what he did.” Dad allegedly showed her how to find bugs in C source code and exploit them. It was all harmless and Kayla had only been using the Internet to talk to friends on MSN. But she began looking into hacking, and learned scripting languages like Perl, Python and PHP, figuring out how to use databases like MySQL and how to attack them using SQL injection.
She registered at a few online hacking forums but was snubbed because of her age–apparent because in the early days she gave her personal details when registering. “Fair enough I was only 14 but it made me so angry,” she says. She took revenge by hacking into the forums themselves and disrupting things, impressing some of the users–though things got weird when one or two developed crushes.
Then an older male user that she hacked into hit back by digging up her e-mail address and phone number from old MSN information that was still on the web. He called her house and threatened to contact the police. Upon realising how he’d got her details–it was “like a slap in the face”–Kayla did everything she could to scrub the web clean of her identify.
In December 2008, she wrought havoc on one of the most famous forums of all, 4chan’s notorious /b/ channel, finding and exploited an SQL injection bug on its content management system, hacking in and causing mayhem on the forum for a few hours.
Meanwhile, Anonymous was emerging from that very online community to become the gateway to pseudo-political activism it is today. Earlier that year in January 2008, many of its users gathered on 4chan to hack the Church of Scientology after it tried to remove a controversial video of Tom Cruise on YouTube.
Kayla eventually found her way onto the Anonymous IRC, partyvan. “I just went along with everyone else and used Internet magic to generate lulz,” she says. Anonymous at first was causing trouble online for fun, hacking other hackers and trolls (folks who post spurious comments on forums) and posting their private messages online. “It was all good fun.”
While other people her age were browsing Facebook, Kayla was advancing her programming skills, memorizing Windows Opcodes and scouring source code for exploitable bugs, learning off information that was freely available on the Internet.
Eventually, she joined Anonymous’ Operation Payback and helped launch distributed denial of service (DDoS) attacks against an Indian company that was DDoS-ing bittorrent site Pirate Bay. “I never really cared for politics and such until I started hanging round the Payback IRC,” she says. “I started to see the world for the corrupt mess it really is. A world where politicians and corporations could bend the rules and laws to suit their own needs.”
These days Kayla’s dad is aware of her activities with Anonymous, and while he is concerned about the legal implications–she lives in a country where she could be tried as an adult–she says he finds the whole thing “hilarious.”
Meanwhile she refuses to be chained to her computer, limiting herself to a few hours a night online. She rarely visits online forums–they’re “boring”–and a few days a week takes a course in college to further her goal of being a teacher. She lives in an English-speaking country–not the U.K.–but won’t say more about it.
Kayla is understandably cagey. Spokespeople for Anonymous have been defending the group against accusations that its DDoS-ing and hacks are illegal, claiming such activities instead represent civil disobedience. But the hunt for its members is growing: on top of an ongoing FBI investigation, the Pentagon recently ordered its own probe after supporters of Anonymous disrupted the online activities of a military base in Virginia where Private Bradley Manning, the U.S. soldier accused of giving secret documents to WikiLeaks is being held.
Anonymous’ supporters like Kayla may now have a sense of political purpose, but they can’t seem to shake their youthful hunger for “lulz,” the fun that comes with causing trouble to others, merited or not. That means they’ll continue to be unpredictable, passionate, and quite possibly a flash in the pan, but you’ll be hard pressed to ever find out who they are.
Taken from : blogs.forbes.com