U.S.D epartmento f Justice FederaBl ureauo f Investi PsychologicaPl rofiles of AnonymousL eadership Law Enforcement Sensitive (LES) August 2011 BSU Quantico LES (Law Enforcement Sensitive) USDOJ I. OVERWEWF ORTHE FEDERAL BAREAA OF INWSTIGATION ............./. A. Introduction il. PSYCHOLOGICALP ROFILING APPROACH. .............1. III. ANONYMOUSC OLLECTIW BACKGROUND...... ......2 IV PROFTLE^S............ .......3 3 UNSUBT opiary(S tatucsa ptured)...... ...................5 ANNEX: A TwitterL ogs......... REDACTED SeeE nclosure B, BSU Quantico LES (Law Enforcement Sensitive) USDOJ I. OVERVIEW FOR THE FEDERAL BUREAU OF INVESTIGATION A. Introduction 'collective'has The Anonymous risen from an amorphousg roup of individuals on the intemet to the current stateo f a potential threat to national security. Due to the nature of anonymous,t hey believe that they are a leaderlessc ollective. However, it has been shown that there is a defined leadershipg roup. The goal of this report is to better understandt hat leadershipss tructurea nd its membersp sychological statesi n order to better assessw ho they really may be as well as define meanst o effectively track them down for arrest. By using the techniquesa nd resourceso f the BSU at Quantico,w e hope to enlighten the investigatorst o cues that could help in manipulating and apprehendingt he leadershipo f Anonymous. This will have a profound effect on the collective itself as the arresto f the core would demoralizet he whole. II. PSYCHOLOGICAL PROFILING APPROACH Due to the nature of Anonymous and the intemet, the leaderso f the collective have attemptedt o cloak their identities within screenn amesa nd technological obfuscationm ethods. Since the intemet has many ways to hide a person's true identity, the Behavioral SciencesU nit was contactedt o assessth e individual's online personaeth rougho nline dialogs. Working this casew as approachedi n the samem anner as any other UNSUB (Unknown Subject) that the BSU handles,h owever, the context from this particular caseh as been augmentedb y technical servicesb ranch members.T he upshot of this is that the network technical and forensics teamsp rovided not only the content from which we at the BSU would audit, but also context as to how the LINSUB's attemptedt o hide their identities. The marrying of all of the technical as well as the contextual data has resultedi n this report. A thorough assessmenot f eachU NSUB's online activities, speechp atterns,a nd generalw ritings was collectedb y the FBI. EachU NSUB was individually assessebdy memberso f the SBU and a psychologicalp rofile createdf rom thesed atasetsS. omeo f this dataw as also collectedf rom sourcess uch as CI's in the field. One such CI (Marotte) has been quite effective in engagingt he Anonymous leadershipa nd thus gatheringi ntelligence that was helpful to the SBU in gauging their psychological makeup under differing circumstances. The following report is to be used as a guide not only to perhapsl ocate the individuals by region, sex and age,b ut also to give insight to the agentsi n the field canying out operationst o capture thesea ctors.B y knowing the traits of thesel eaders,o ne can extrapolatet he larger motivations and perhapse ven anticipatea ctions on the part of Anonymous and its splinter cells. BSU Quantico LES Oaw Enforcement Sensitive) USDOJ III. ANONYMOUS COLLECTIVE BACKGROUND From Wikipedia: Anonymous (used as a massn oun) is a group initiating active civil disobediencea nd spread through the Internet while staying hidden, originating in 2003 on the imageboard4 chan, representingt he concept of many online community userss imultaneouslye xisting as an anarchic,d igitized global brain.[2] It is also generally consideredt o be a blanket term for memberso f certain Internet subcultures,a way to refer to the actionso f people in an environment where their actual identities are not known.[3] In its early form, the concepth as been adoptedb y a decentralizedo nline community acting anonymously in a coordinatedm anner,u sually toward a loosely self-agreedg oal, and primarily focused on entertainment.B eginning with 2008, the Anonymous collective has become increasingly associatedw ith collaborative,i nternational hacktivism, undertakingp rotestsa nd other actions, often with the goal of promoting internet freedom and freedom of speech.A ctions "Anonymous" credited to are undertakenb y unidentified individuals who apply the Anonymous label to themselvesa s attribution.[4] Although not necessarilyt ied to a single online entity, many websitesa re strongly associated with Anonymous. This includes notable imageboardss uch as 4chan,F utaba,t heir associated wikis, EncycloprediaD ramatica, and a number of forums.[5] After a serieso f controversial, widely-publicized protestsa nd distributed denial of service( DDoS) attacksb y Anonymous in 2008, incidentsl inked to its cadrem embersh avei ncreased.[6I]n considerationo f its capabilities, Anonymous has beenp osited by CNN to be one of the three major successorsto Wikileaks.[7] BSU Quantico LES (Law Enforcement Sensitive) USDOJ IV. PROFILES UNSUB Sabu Approximate age: 29-35 Sex: Male Location: USA Probable Nationality: American Language Indicators: Slanga nd diction (American) Profile: Sabui s the overall leadero f the LulzSec group and since the arresto f Topiary, has taken over the spokespersonro le for Anonymous. Sabu's character strongesto f the namedg roup and is definitely in charge.S abui s technically competentw ithin the realm of computert echnologiesa nd is the elder of the group of AnonymousI INSUB's Sabuh as charactert raits of a professionala dult individual who puts on the guise of a "script kiddie" in language( netspeak)b ut functions within his normal day to day life within the businessc ommunity without casting any clues to his other online activities. It is likely that Sabuw orks in the information security sectora nd has been doing so since the early days of the internet and hacking activities. His use of net speaki s interspersedw ith proper American English diction and grammar that implies he is an American citizen and has been educated. Varying logs from online IRC (Internet Relay Chat) sessionsh ave borne out the "Sabu" possibility however,t hat the userI D is sometimesa lsou sedb y otherst o confuse authorities and others as to who the real personi s behind the keyboard. However, through an amalgamo f transcriptst he tell tale signs of a consistent individual can be clearly seena nd assessed. overall, a picture emergesf rom theses essionsth at can lend to a psychological "Sabu" assessmenotf the individual who calls himself The followins bulletized points are the key findings. PsychologicalM akeup and Personal Details: o Likely married and employed in the technology sector o Has amoralt endenciesa nd see'st he world from a nihilistic perspective . Spellingc orrectiono n chat logs showsc ompulsiveb ehaviors o Showsn arcissisticte ndencies o Likely to be living in North America (EastC oast)P erhapsN YC o Prideful and likely easily prone to reaction through manipulation . Ver) conformist in everyday life o Lives out rich fantasy life online (feeling important and empowered) o Perceivesh imself as a martyr for the cause( his own cause) BSU Quantico LES (Law EnforcementS ensitive) USDOJ 4 Assessment: Sabui s skilled and capablea ccordingt o the technical group, however, the tendenciest oward attention seekingp athologiesa nd his ego driven desiresw ill be the most likely way to attemptt o apprehendh im. It is recommendedt hat the investigation use CI's and operativeso nline to continuet o engageh im online in chats. Manipulation of languagea nd emotionst hrough thesec hatsw ill indeed lead to further information to be disclosedb y him or others. It is recommendedt hat the BSU insert a team member into the LulzSec/Anonymous investigation to interface online with the subject(s)a nd further the social and psychological investigationo f the group and its leadershipi n an attempt to flesh out further information. UNSUB Kayla Approximate age22-27 Sex:M ale Probable Location: USA (Middle America) Probable Nationality: American Profile: Kayla is the online personaf or this individual who ran the botnet's (compromisedz ombie computers)t o run attacksa gainsts ites and usersw ith DDOS (DistributedD enial of Service)a ttacks.K ayla claimst o be a girl but the intelligence gatheredp lacest he sex of the UNSUB as male. PsychologicalM akeup and Personal Details: Kayla is one of the more introverted memberso f the group and is a close lieutenantt o Sabu.K ayla is submissivea nd has a tendencyt o be aggressivet oward anyone who he feels has slighted him in any way. Chat logs show a penchantf or entendrea nd use of netspeakt hat denotesa younger person as well as perhapsa stuntede motional age that doesn ot connectw ith his real ase. o Possiblyb isexual o Likely abuseda s a child . Likely inferiority complex due to childhood trauma o Potentially violent behavior possible offline in real world activities o Amoral personality traits o Attention seekingp ersonality seekingf ather figure approval o Possiblep ersistendt rug use . Likely from a broken home AssessmentzK ayla aka Lolspoon (twitter) is a likely target for an attempt to correlate his online personaw ith othersi n the alternativel ifestyle intemet underground.S A's attempting to interface with Kayla should keep in mind that he is easily pushedt o anger and this can be used.I t is recommendedt hat the investigatorsp ush this individual as frequently as possiblet o make him react and thus potentially slip up in anger. BSU Quantico LES (Law EnforcementS ensitive) USDOJ UNSUB Topiary (Status captured) Age: 18 Sex: Male Location: ShetlandI slandsU K, Scotland Profile: Topiary aka JakeD avis has been apprehendeda nd as such this profile is only for backstoppingp urposes.A n ongoing evaluation of his personality and his life is being carried out by the Met and ScotlandY ard presently.T opiary was the de facto spokesmanf or Anonymous and LulzSec and is very outspoken. Toipiary/Davis, is a young individual with a defined ethoso f counter culture behaviors.A t the time of his arraignmentD avis carried a book on revolutionary scientistsa nd made suret hat the pressc ould seet his as a meanst o show his point of view and defianceo f the common laws. PsychologicalM akeup and Personal Details: Out of the group Topiary is the altruist who believesi n what he is doing on the outside of it. Internally, his sensei f right and wrong are skewedt oward self fulfilling outcomes.D avis it is believed has been used and co opted by the others within the anonymousl eadershipa s cannonf odder. o A true believer in his world view that society has failed o Youthfully idealistic o Ego driven in his convictions o Obsessivep ersonalityt raits including possibleA spergerss yndrome o Socially inept and withdrawn UNSUB JoePie9l Approximate age2 l-26 Sex: Male Location: EU Profile: JoePiei s a technical individual who is third in command.H is skill are in the coding area and also has partakeni n the actual hacking carried out by LulzSec and Anonymous. Joepie's political views on performing hacking againstt argets only extendst o the point of actually breaking the law. JoePieh as alleged that his is a support role only, and as such,n ot breaking the law. PsychologicalM akeup and PersonalD etails: JoePiei s intelligent and well spoken.H e tendst o not use as much netspeaka s the others and makes relevant argumentsi n correct grammatical syntax. There are times when the syntax and grammar infer that JoePiei s not an American and may in fact be in the EU. It is recommendedt hat the approacht o be taken with JoePiei s to align the agent's commentaryt o JoePie's.U se common ideals stemming from commentary in the HB Gary and other IRC chatsc apturedt o gauget he approach. BSU Quantico LES (Law EnforcementS ensitive) USDOJ o Likely a college studentb ut may be just out of college o Technically capablea nd versed( mention of coding and technical measures) a More autonomousm ember of the group o Amoral charactert raits and personalb eliefs UNSUB Tflow Approximate age 22-26 Sex: Male Location: USA Profile: Tflow shows a more mercenarya pproacht o the LulzSec and Anonymous campaigns.H is motivations seemt o be monetarily baseda nd may in fact be a paid assetf or the group as a freelanceh acker. Tflow is a key player in the command and control of their domain registration and management.I n essenceT, flow is a key target for taking down the infrastructural underpinningso f the group. a Pseudo-intellectuatlh at lacks true educationalb acksround a Monetarily driven o Likely has a criminal history o Has cosnitive dissonanceo ver hacktivism and activism PsychologicalM akeup and PersonalD etails: The psychological makeup as glimpsed from the IRC chatsl eadst he investigatorst o believe that Tflow may be the linchpin to affack as he runs the technology side of their internet space.A s such he is intimately familiar with all of the players and may in fact know personald etails that would be helpful in prosecutiono f the other key members. It is also recommendedt hat Tflow may be easily turned againstt he group due to his cognitive dissonanceo ver hacktivism as well as he desiresf or monetary gain. This also flows into his likely attitudest hat he is not willing to go down for the group should his identity be compromised.B SU recommendst hat Tflow be a key target for agentsi n the field to approach. V. CONCLUSION In conclusion, the BSU recommendsm ore investigation be carried out online to investigatet hese usersb y inserting agentsi nto their chat rooms as well as gatherm ore CI's who can do the same. Becauseo f the nature of Anonymous and the internet, it is hardert o get areal idea of where usersa re if they know how to hide their tracks online. The use of the social aspects( what 'social hackersw ould call engineering')w ill be key to gaininga ccessto datat hat will eventually lead to capture. Thesep rofiles are solely basedo n intemet chatsa nd as such,m ay also be somewhati ncorrect as the usersk now that they are being monitored in certain areaso f the internet. However, as an aggregate,t he data presenteda nd assessedg ives the BSU somec onfidencei n the data presented here. It is the recommendationo f the BSU that this report be re-assesseda s more data comes from assetsi n the field and through interviews carried out with Topiary (Davis) by the Met and BSU Quantico LES (Law Enforcement Sensitive) USDOJ 7 the FBI field agentst askedt o the UK for interviews. Overall, the assessmenht ere is that we have a group of younger individuals being lead by an older, more experiencedo ne in an effort that seemst o have conflicted ideals.A dditionally, becauset here are many personalitiesi nvolved and Anonymousc laimst o be a larger'collective' groupw ithout leadersi,t is easiert o assumet hat there are other cells and other leaders.T hesel eadersa nd groupsm ay not be chatting in the open areaso f the IRC, but in fact have learnedf rom the experienceso f this group to be more discreet about their activities and planning. The overall assessmenfto r the movement however is the following: 1. The movement is out of control and there seemst o be no real coherentm otivation 2. The leadersh ave begun to hide themselvesa bit more due to arrestst hat have been made 3. Their reliance on technology will eventually be their downfall 4. Their interpersonalr elationshipsa re weak points, as sucht hey should be leveraged 5. Their increasinga ttackso n infrastructurew ill eventually lead to seriousr esults that could in fact lead to deaths It is after the first real attributabled eathst hat there may be a tapering off of their ranks as the members realize that by outing individuals, actualp hysical actionsc an occur that causeg reat damage.U ntil such time though, the movement will continue with the massesu sed as fodder and the command structureu rging them on to carry out their commands. BSU Quantico LES Gaw EnforcementS ensitive) USDOJ AI\INEX: A Twitter Logs REDACTED SeeE nclosureA AIINEX: B Chat Logs REDACTED SeeE nclosureB BSU Quantico LES (Law Enforcement Sensitive)