The story of a 16-year-old who hacked the CIA
A teenager who outwitted the US government. This story may seem like the beginning of a fictional superhero story. So, how did a 16-year-old boy hack the CIA?
New star in the world of hacking
While most kids his age were playing football, Mustafa al-Bassam was establishing his future as one of the most famous hackers in history. Who is this prodigy?
Mustafa was born in 1995 in Baghdad, Iraq. When he was 6 years old, he and his family immigrated to the UK and settled in south-east London. Mustafa says that he felt a craving for computers very early on. It started when he was 8 years old and his father came home one day with a computer. A very young young guy began spending hours and hours playing computer games, but his interest in them took a very unusual turn, especially for an 8-year-old child. Mustafa began to have thoughts that were a little broader than those of an ordinary teenager: “How do computers actually work?” And it was precisely because of his curiosity that at the age of 8 he began to study computer programming and discovered a lot about algorithms, digital coding and data analysis. He even began creating his own websites using Microsoft FrontPage, a program that allows users to write their own computer code and post it on the World Wide Web.
How an eight-year-old child could do all this is beyond comprehension. Then Mustafa’s interests switched from creating websites to manipulating other people’s web resources. He hacked websites and rewrote their codes.
The young genius made his first online hack when he was just 9 years old, and it all started with him sitting in his bedroom doing his math homework. At one point he realized that he did not have a calculator, and after searching the Internet, he found a site with online calculators, and then discovered that he could rewrite the entire code of the site. Armed with knowledge, Mustafa could not resist the temptation to hack a calculator, which was his first step into the world of cybercrime.
He spent every day at the computer, accessing various web resources. One of his first serious and daring acts was hacking into the web server of his own school, where he discovered confidential information, including teacher salaries and student grades. When the school learned of his actions, the reaction was far from favorable. They thought that Mustafa was trying to blackmail them. But in fact, his goal was not blackmail, he was committed to hacking in the same way that athletes are to sports, and it was for this reason that he managed to avoid serious consequences at school.
If you think that Mustafa's hacking journey ended here, you are mistaken. Hungry for new challenges, Mustafa plunged into searches for hacker groups and thematic forums on the Internet where he could hone his skills. However, the findings surprised even him. It turned out that Mustafa had knowledge and skills superior to most members of online communities, including those older than him.
Hackers Anonymous
At the age of 13, he came across an article about the hacker group Anonymous, one of the most famous hacker groups known for their actions against corporations and governments, preferring to operate from the shadows and often depicted in masks. The article talked about Anonymous's Operation Payback, a campaign to promote freedom of information on the Internet, but that only scratched the surface. In fact, Reckoning began as a response to attempts to destroy WikiLeaks, whose mission was to publish inconvenient truths that antagonized governments and corporations. WikiLeaks angered the US government by releasing information including from the Department of Defense, leading to its designation as a major national security enemy. Following this, large companies began an active fight against WikiLeaks, putting it on the brink of survival.
Mustafa was shocked by the real power of the hacker group Anonymous, and at that moment he realized that he had found his “family”. In December 2010, the Tunisian people started a revolution against their government. The revolution occurred in response to government corruption. At that time, Tunisia was ruled by President Ben Ali, but Ben Ali was not a president, he was a dictator. Ben Ali abused public funds and censored freedom of speech. The Tunisian people became more and more disillusioned with his oppressive government, so they decided to stage a public protest. The Tunisian Revolution was in line with what Anonymous believed in: overthrowing an oppressive government, fighting censorship, and most importantly, inciting chaos. For these reasons, Anonymous decided to join the revolution.
“The Tunisian government has decided that it wants to control the present through lies and disinformation, limit the freedom of its own people, all in order to impose on them its own self-serving vision of the future.”
The online vigilante group's goal was to support the Tunisian people against their government by carrying out cyberattacks on government websites and providing hacking software to Tunisians. Anonymous did not adhere to any restrictions. Their efforts resulted in government secrets becoming public information, and ultimately the Tunisian President, Ben Ali, fled to Syria. Operation Tunisia was a success.
This operation was Mustafa’s first acquaintance with the real results of cyber hacking. At 13, Mustafa was intoxicated with power.
LulzSec
LulzSec, short for “Laughing at Your Security”, was one of the Anonymous subgroups of which Mustafa was a member. LulzSec has stated its desire to separate from Anonymous, claiming that the latter is deviating from their true principles. However, in reality, it seemed that their activities were limited to hacking for fun. “We do it simply because it makes us happy. That’s the whole point,” they said. LulzSec had six founders, the most talented of whom was 16-year-old Mustafa al-Bassam.
These were all just Mustafa's first steps into the world of hacking, which began as fun, but then took a shocking turn, ending with the hacking of the Central Intelligence Agency (CIA).
War with the FBI
An event that stunned the CIA. It all started with LulzSec announcing the launch of Operation Anti-Security, also known as #AntiSec. This action was a series of cyber attacks on government agencies and organizations with the aim of disclosing classified information, and its scale grew with each new attack.
The first target of the operation was the FBI. LulzSec launched an attack on one of the FBI's security contractors, HB Gary. HB Gary is a company that creates security software that helps detect computer threats. In 2010, the FBI hired HB Gary to protect against online hackers. HB Gary and the FBI received information about LulzSec and the threat they posed to cybersecurity, and so one of HB Gary's executives decided to publicly go to war against LulzSec. The head of the computer security firm HB Gary provokes them, goes to a computer security conference and says, “I'm going to expose the main members of this group.”
The executive who threatened to expose LulzSec members was HB Gary CEO Aaron Barr. After this, LulzSec decided to eliminate HB Gary and Aaron Burr. They launched a cyber attack on HB Gary's servers in an attempt to find security holes. Mustafa discovered that the greatest threat to HB Gary's security was its own CEO, Aaron Burr. The CEO used the same password for his email, PayPal account, World of Warcraft account, and virtually every other account. Aaron played right into Mustafa's hands. It didn't take Mustafa long to wait: he logged into Aaron Barr's company email and leaked more than 70,000 confidential messages.
This online hack led to shocking consequences for Aaron Burr in the real world. He ended up losing his job, receiving death threats against him and his family, and having to move. The consequences for him were very serious. But this was only the beginning of the serious consequences of Operation Anti-Sec in the real world. Mustafa and LulzSec were ready to take on their next target – another branch of the FBI known as Infragard.
Infragard is an alliance of public and private sector volunteers committed to keeping the nation's infrastructure safe. Infragard is a non-profit organization that helps the FBI securely share information online with other governments and businesses, and was one of LulzSec's largest victims in the 2011 Anti-Sec operation. The war on Infragard began in response to President Barack Obama declaring war on hackers. Obama upped the ante on cybercriminals. LulzSec has been identified as one of the leaders among them. “As a result of recent hacks, the personal information of more than 100 million Americans has been compromised. This is a direct threat to the economic security of American families, and not just the economy as a whole, and the well-being of our children,” said the US President. LulzSec did not take this statement lightly and began to act again.
The guys from LulzSec launched an Autobot that, for example, called the FBI, pretending to be President Obama. But this is just a warm-up for larger attacks. LulzSec hacked the Infragard website and completely destroyed it, leaving the message: “Let it flow you stupid, stupid FBI battleships.” A little time passed, and LulzSec managed to obtain login data from Infragard users. They used this secret information against one specific user, Karim Hijazi. Hijazi was known as a “white hat” hacker, meaning companies allowed him to hack their websites to test their security. Hijazi used his hacking skills to legally collect data for both Infragard and the FBI, making him a valuable source of classified information.
When LulzSec discovered how many secrets they had in their hands, they decided to use this data. They threatened Hijazi, demanding a ransom, otherwise they would divulge all the information. So not only did they have a huge FBI database, but Hijazi had his back to the wall. But he didn't give up. Instead of giving in to their demands, Hijazi exposed them. He publicly stated: “Despite threats, I refused to pay LulzSec or give them access to sensitive botnet information. If we did this, LulzSec would be able to further increase the scale of their DDoS attacks and fraudulent activities.” However, even this revelation did not stop Mustafa and the LulzSec group. On the contrary, it only fueled their interest and directed them towards the most ambitious target of all time – the CIA.
Attack on the CIA
They started with a DDoS attack on the CIA website. DDoS is a technique in which a website is attacked by overloading its server with online traffic until the site stops functioning. Essentially, this means that the site is receiving so many requests, so many fake visitors from different directions, that it simply cannot handle the load and crashes. Mustafa and LulzSec attacked the CIA website, demonstrating their skills and determination to challenge even the most powerful opponents.
The servers continued to work until they were turned off. But not only the website was shut down, but also all internal CIA databases. At the age of 16, Mustafa infiltrated the government's most secure organization, and news spread quickly. This was a huge shame for the US government. After 4 hours of hacker chaos, LulzSec posted a tweet with the caption: “Good night Twitter. Maybe the CIA will emerge from the sea of data packets while we rest.”
Double agent
Imagine doing a lot of different activities with your close friends and then finding out that one of them is a double agent. The CIA hack was compromised from the start, and Hector Monsegur, aka Sabu, was involved. At one time, Monsegur took the name Sabu and joined a mysterious group of hackers that was about to gain momentum. This mysterious group was LulzSec, and Sabu was one of its founders. But Sabu's path to becoming a famous hacker was full of trials and tragedies.
Sabu was born in Puerto Rico at a turning point when circumstances were against him. His 16-year-old father took on the responsibility of caring for Sabu on his own after his mother left. Sabu and his family eventually immigrated from Puerto Rico to New York City, where he grew up under the tutelage of his father and grandmother. But in 2010, when her grandmother died, Sabu had to take care of two young nieces. Money was tight, and Saba was weighed down with responsibility.
He needed to provide for his family, but ordinary work did not bring the necessary income. Sabu decided to hack large banks and commit credit card fraud out of a need to provide for his loved ones. However, what started out as a necessity became an unexpected passion for him. He plunged into the world of hacktivism – a combination of computer hacking with political and social action.
Like Mustafa, he found his calling in Anonymous, one of the most famous online hacktivist groups. Here he met people who shared his passion for hacking. One of these was 16-year-old Mustafa. Together with Mustafa and four other members of Anonymous, they created the group LulzSec. Sabu played a key role in their hacking operations, including the Infragard hack. But Sabu did not know that he was being followed.
A few days after LulzSec hacked the FBI's Infragard branch, the FBI came knocking on Sabu's door. They eventually arrested Saba and gave him an ultimatum. He said: “We know who you are, we know what you do and we know you have two children in the house. Now you must make a decision.” Sabu was faced with a choice: he could refuse to give up information about LulzSec and go to prison, or he could help the FBI and avoid a prison sentence. Sabu decided to do what was best for his family and became an FBI informant. His main mission? Help the FBI destroy LulzSec. To accomplish this mission, Sabu continued to collaborate with LulzSec and participated in their CIA hack, which helped him appear less suspicious. In doing so, he also collected LulzSec secret data and chat logs. Mustafa and other members of LulzSec had no idea about this.
Arrest
Whether Sabu felt guilty for ratting out his LulzSec colleagues remains an open question. Below are his quotes from the interview:
“It wasn’t a situation where I anonized someone. I didn't point my finger at anyone. I… You rationalize it.”
– “No, this… My task was to conduct surveillance and provide intelligence.”
In reality, his decision led to the beginning of the downfall of his LulzSec colleague, Mustafa. While Mustafa was playing at the computer in his room, he heard a knock on the door – it was the British police. They burst into his room and searched every corner.
“I just sat in the room and watched them spend three hours looking for flash drives or laptops,” Mustafa said in an interview. He was then taken to the police station for questioning, where he was told that he was accused of 880 crimes – one for each hack committed with LulzSec. They had no idea that they were not dealing with an ordinary 16-year-old teenager. The fact is that the police interrogation lasted several hours, but the young hacker never revealed information about his colleagues from LulzSec or government hacks.
“They hoped that I would tell them about my actions or betray other members of the group. But I didn't. He simply answered all questions “without comment,” Mustafa said in an interview.
After keeping him in custody for 24 hours, the police were forced to release him. But this was only the beginning of his struggle with the law for the cybercrimes he committed. The dramatic trial that followed was worthy of a Hollywood film.
In May 2013, Mustafa came face to face with three members of LulzSec in a real court for the first time in his life. In one of the most shocking twists, one of the LulzSec members had been lying about his identity the whole time. A 16-year-old girl named Kayla was actually a 26-year-old military veteran named Ryan Ackroyd. This is just one of many facts that became known during the trial.
Mustafa eventually pleaded guilty to misuse of a computer. One might immediately think that this should have been an easy case for the lawyers because he admitted his guilt. The prosecuting party was limited in what it could reveal at trial. This was because they could not reveal how the police tracked down Mustafa. If they revealed how they caught him, it would become a matter of national security, since they would reveal their spying methods.
This limited the amount of evidence police could provide. As a result, Mustafa was only charged with two counts of cyber hacking. After this, it was time for sentencing. After the verdict, the judge had harsh words for Mustafa and other members of LulzSec.
“You disregarded the privacy of other people, but at the same time you did everything to maintain your anonymity.”
Mustafa Al-Bassam, the youngest of the hackers, was sentenced to 20 months in prison suspended for 2 years, plus 300 hours of community service.
He ended up completing his 320 hours of community service by working at a nonprofit clothing store that sold clothing for the deaf and blind. But the most severe sanction was a felony warning order. This meant that he had to report it to the police every time he bought or threw away a computer. He also couldn't delete his browser history.
But the golden child of hacking found a loophole.
“I was never told that I couldn’t use private browsing mode, so it was easy to get around,” Mustafa said.
After the trial, one big question remained: Was this the end of LulzSec? Whether LulzSec still exists remains a mystery. Following the members' arrest, LulzSec announced its disbandment in a statement posted on its Twitter page. It said: “Our team of six wishes everyone a Happy 2011.” With these words, it is time to say goodbye.
However, it is believed that separate branches of LulzSec continue to exist in China and Latin America. Mustafa is no longer associated with LulzSec, but where is he now – the golden boy of hacking?
Life now
From villain to hero, Mustafa's life today looks nothing like what one would expect from a convicted criminal. After his arrest, Mustafa obtained a PhD in cryptocurrency scaling and blockchain technology from University College London. And in 2021, he founded Celestial Labs, a company that uses blockchain technology to provide Web 3.0 security. He even made it to Forbes' list of the top 30 tech entrepreneurs under 30. But there is one very ironic detail in this story. Mustafa currently advises companies and governments on how to strengthen cybersecurity.
Yes, the 16-year-old who hacked the CIA is now helping defend against hackers. Today, companies that suffer from ransomware are those that do not update their software. Therefore, it is extremely important to regularly update your software to neutralize possible vulnerabilities in the system.
Today, Mustafa is considered a technology tycoon, with an estimated net worth of between $5 million and $10 million. Despite his success, some people still criticize Mustafa, claiming that he got off too lightly for his cybercrimes against the FBI and CIA.
But it all comes down to this: Should Mustafa be considered a villain whose actions threaten national security, or is he a cyber-Robin Hood, taking money from greedy governments and giving it to the public? Everyone decides for themselves whether Mustafa al-Bassam was a villain or a hero?
A little advertising
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends,
cloud VPS for developers from $4.99
,
a unique analogue of entry-level servers that we invented for you:The whole truth about VPS (KVM) E5-2697 v3 (6 Cores) 10GB DDR4 480GB SSD 1Gbps from $19 or how to properly share a server?
(options available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd is 2 times cheaper in the Maincubes Tier IV data center in Amsterdam? Only here 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV from $199 in the Netherlands! Dell R420 – 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB – from $99! Read about How to build a corporate infrastructure. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for pennies?
