Anonymous Hackers Track Saboteur, Find and Punish the Wrong Guy - UPDATED
By Ryan Singel January 29, 2008 | 7:59:26 PMCategories: Hacks And Cracks
Anti-Scientology agitators have repeatedly harassed and threatened violence against a 59-year-old PG&E worker and his wife, who were mistakenly flagged as pro-Scientology hackers.
John Lawson, who lives in Stockton, California with his wife Julia, began receiving threatening phone calls around 2 a.m. Saturday morning. He didn't know why until THREAT LEVEL explained that a hacking group calling itself the g00ns (goons spelled with zeros, not goons with the letter o) posted his home address, phone number and cell numbers, as well as Julia's Social Security number, online. The obscene and threatening calls have continued through Tuesday, according to Lawson.
SEE UPDATE AT BOTTOM FOR G00N's RESPONSE
The calls are just one small offshoot of an ongoing, larger attack on the Church of Scientology by a ragtag group of internet troublemakers who call themselves Anonymous. The group says it is targeting Scientology in part for its use of litigation to suppress unflattering documents on the internet.
Over the weekend, the g00ns thought they had caught a hacker who had busted into a server being used to help coordinate the online attacks and real world protests against Scientology. But Lawson says the callers have the wrong guy.
"I don't even really know how to use a computer," Lawson said.
His phone just keeps ringing, Lawson said, and when he answers, callers spout vulgarities and threats and then hang up. On Monday, he got a call that seemed to originate from the Virgin Islands. The caller threatened to kill him.
"They have got the wife really scared because they have my address," Lawson said. "I think I am going to buy me a gun today just in case."
The Stockton police came out on Sunday to take a report, and Lawson has put fraud protection alerts on his and his wife's credit reports.
Lawson wants his personal information off the internet but doesn't know who to talk to to get it down.
The address of the site with their personal information was shared in online chat rooms where members of a group called Anonymous congregate to plan attacks on the Church of Scientology. The site's URL was also submitted to Digg, where it made it to the front page.
Planning for those attacks was disrupted in the last four days by a counter-hack group calling itself the Regime. That group hacked and severely disrupted 711chan.org, one of the central planning facilities for the Anonymous attack.
According to an e-mail from the hacker to THREAT LEVEL, the Regime's "main objective was to obtain logs and various data including user names and passwords" and "to take down our targets in the best way possible to bring as much embarrassment/shame as we could to the offending organization."
The hacker said his group turned over the purloined data to the Church of Scientology.
Soon after, the g00ns claimed to have found out where the Regime was hacking from, and managed to obtain personal information about the Lawsons. John Lawson believes that information came from Comcast, his ISP.
A Digg commenter suggested that the g00ns tracked down an IP address used in the attack on 711chan and traced it to Lawson. If that's the case, the group overlooked the possibility that Lawson's computer or router had been compromised and was used by the real attacker as a proxy that would hide the attacker's real location.
For his part, Lawson doesn't care about the how or why, he just wants the calls to stop.
"I called three news places in Stockton just to get something out there to let them know they have the wrong guy," Lawson said.
This isn't the first time that the anti-Scientologists have hit the wrong target.
Last week, participants downloaded hacking software that accidentally targeted a school in the Netherlands, rather than a Scientology site. That misfire lasted only a few minutes, but its lesson seems not to have been learned by online vigilantes who think their righteous ends justify illegal means.
UPDATE: 10:50 PST Members of g00n tell THREAT LEVEL that they immediately took down the Lawsons' contact info after seeing this story, but emphasize that they had nothing to do with the harassing phone calls and that they have not been involved at all in the Anonymous attacks on Scientology.
They say their motivation for posting the info was to send a warning to the Regime hacker in order to help their friend at 711chan.org, whose website was repeatedly hacked by the Regime.
They also said that the IP address associated with the Lawsons' had been used in attacks on 711chan for four days, and then later was used to access and probe the site where the Lawsons' info was posted. They say they called the Lawsons before posting the info to verify it, and swear that the person they spoke with sounded much younger than a 59 year-old man.
They further contend that 711chan's server logs showed that the IP address was associated with a computer running the Debian flavor of Linux, which casts doubt on the theory that the attacker remotely taken over the Lawson's computer. If that were the case the OS would have been a flavor of Windows. Another possibility is that the Lawsons have a compromised wireless router.
The g00ns say its clear something isn't right in Stockton and vow to figure out who the Regime is, but blame him for leaving a trail that led to the Lawsons, rather than using some sort of proxy or anonymizing tool such as TOR.
They forwarded THREAT LEVEL a transcript of a chat between 711chan's operator and the Regime hacker, which showed the Regime hacker trying to blackmail the 711chan operator into turning over information about the g00ns, by implying that not doing so would make him turn over more information to the Church of Scientology. THREAT LEVEL has no way of verifying that transcript.