‘Anonymous’ Hacker Brags On Twitter And Gets Caught

We imagine that one of the hardest parts about being an ‘Anonymous’ hacker is remaining anonymous. We’re not talking about shielding your identity from authorities, as they seem to have that pretty wrapped up, we mean not bragging to folks that you’re one of the masterminds behind the mayhem. Seems a few hackers struggle with just that – like Anonymous hacker, John Anthony Borell III. He got sloppy on Twitter and now he’s in a world of trouble for it.

The Toledo Blade tells us that 21 year-old John Anthony Borell III, of Toledo, Ohio was arraigned Monday in federal court in Salt Lake City. He has been charged with hacking into the websites of the Utah Chiefs of Police Association and the Salt Lake City Police Department, then taking credit for the attacks on Twitter, according to a federal indictment.

The two counts of computer intrusion, prosecutors say, consisted of Borell intruding on the chiefs’ website server Jan. 19, and then breaking into the police department’s website Jan. 31. The administrator of the Utah chiefs’ website estimates the group spent $150,000 to mitigate the attack.

There’s a pastebin document circulating on Twitter, with the hashtag “#doingitrite: Tips on Staying Anonymous.” (Pastebin is where hackers typically share victims’ information publicly.)

Over the past month, we’ve witnessed a heap of Anons getting v&, most notably sup_g, Kahuna and W0rmer.

The only positive to come out of these arrests is that all Anons should learn not to be so easily socially engineered from now on. sup_g, Kahuna and W0rmer all contributed a lot to the cause and they will not be forgotten – but in spite of their talents, they left glaring clues to their identities all over the web. The feds didn’t catch them by using l33t whitehack skillz – the Anons effectively unmasked themselves.

Anyone who’s serious about remaining anonymous should learn from these indictments to avoid making the same mistakes. It doesn’t matter how good a hacker you are – if you’re DM’ing pictures of yourself to femanons, you might as well just hand yourself in to the feds now.

The piece goes on to highlight each user’s “fatal mistakes, as highlighted in their indictments.” Relevant to Kahuna, he allegedly did the following:

  • Used ‘anonJB’ as one of his IRC names – JB are his real-life initials
  • Continued to operate as ‘anonJB’ after being correctly doxed in September 2011: http://pastie.org/2477266
  • Hacked websites using his work IP
  • Had Facebook, Gmail, Twitter and YouTube accounts in his real name. These revealed his Anon sympathies IRL, including a link to an Anonymous educational video: http://www.youtube.com/user/jborell3
  • Retweeted Anon accounts from his own real-life Twitter (no crime, but hardly a smart move when you’re also an Anon)
  • Mentioned on IRC that his dad was a lawyer (the chat log was later leaked)
  • Accessed the @ItsKahuna Twitter account on occasions using his home IP
  • Tweeted news of his neighbors installing a new WEP router that he was accessing
  • Tweeted as @ItsKahuna to say he was fixing his friend’s computer. The IP address this tweet was posted from matched one of his Facebook friends IRL.
  • F***ed up and allowed details concerning his computer host to be revealed on air – he then DM’d KSL TV to ask for this incriminating evidence to be deleted from later broadcasts. DM’d pictures of his face to @anoncutie. All of Kahuna’s tweets, DMs and IP logs were later revealed when feds subpoenaed Twitter.

    In case you’re wondering, the other hacker listed above, W0rmer, was caught when he tweeted a taunt to his online victims along with a photo of his girlfriend’s chest. Turns out the tweet, posted from his iPhone, “contained GPS data pointing directly to his house.”

    The young man’s Twitter account, ItsKahuna, is still pretty active, as is the hashtag #FreeKahuna, with one individual (who is listed in the indictment) changing her displayed name to the #FreeKahuna hashtag. And if it IS the same young man tweeting from this account, we wonder if he’s learned much from this ordeal?


    What do you think? If you were a hacker would you be able to keep it to yourself? Or would you get caught bragging on Twitter like these guys did?

    (Man with mask photo from Shutterstock)

    @MaryCLong maryclong@digitalmediaghost.com Mary C. Long is Chief Ghost at Digital Media Ghost. She writes about everything online and is published widely, with a focus on privacy concerns, specifically social sabotage.