William Stanley Pendergrass

Robert Joseph Skovira

Robert Morris University

IACIS 2013

Hacking group CabinCr3w was active from September 2011 to their arrests in March 2012

Began with Occupy Wall Street movement doxing financial CEOs then changed into a more destructive hacking organization, targeting government and law enforcement websites

How did CabinCr3w begin and end?

How did CabinCr3w operate?

What mistakes did CabinCr3w make which helped facilitate their end?

Case study is an empirical inquiry that investigates a contemporary phenomenon in depth and within its real-life context, especially when the boundaries between the phenomenon and context are not clearly evident. (Yin, Case Study Research, 2009)

Secondary data collection from documentation, archival records, observations and physical artifacts.

Create a descriptive framework for organizing data when a lot of data has been collected without having settled on an initial set of research questions or propositions.

In Middletown: A Study of Modern American Culture, Lynd & Lynd (1929) were able to frame their analysis by creating descriptive bins of similar data stories.

September 14, 2011 - @CabinCr3w Twitter account is established

September 17 – Occupy Wall Street begins

September – December – doxes of Wall Street CEOs, LAPD, EEOC, start of Operation Pig Roast

January 19, 2012 – Utah Chiefs of Police hack

January 31 – Salt Lack City Police Department hack

February 6 – West Virginia Chiefs of Police Association hack

February 9 – Alabama Department of Public Safety, National Crime Information Center, Texas Department of Safety, City of Mobile Police Department

February 16 – Wyoming State Troopers hack

February 20 – Houston County, AL website hack

February 21 – LA County Police Canine Association, LA County Sheriff's Department hacks

March 20 – 2 members of CabinCr3w arrested

@AnonW0rmer AKA Higinio Ochoa III charged March 15th with hacking into Texas Department of Public Safety, West Virginia Chiefs of Police Association, Alabama Department of Public Safety and Houston County, AL websites

@ItsKahuna AKA John Anthony Borell III charge March 16th with hacking into the Utah Chiefs of Police and Salt Lake City Police Department websites

Ochoa

@higochoa

@CabinCr3w

W0rmer

@AnonW0rmer

AUS Pictures

TX Dept of Safety Galveston IP

TX Dept of Safety

Facebook AUS Girlfriend

Twitter Screenshot

WV COP

2000 AKA

named

named

DL Photo Neighbor’s WiFi

Lead Admin

higochoa

April 2011 – LulzSec offshoot of Anonymous begins hacking run

June 7, 2011 – LulzSec leader Sabu is arrested by FBI and turned

January 29, 2012 – Pastebin conversation of Brazilian Satiagraha hack

February 15 – FBI begins investigation, finds 2 anonymous tips

February 17 – Twitter subpoenaed

March 2 – Twitter responds

March 6 – Sabu is revealed to be an FBI informant

March 20 – CabinCr3w arrests

Borell

BRZ Satiagraha

2 FBI Tips

Kahuna 2 FBI Tips

@ItsKahuna Neighbor’s Wifi

Friend’s house

Toledo Church

Twitter Subpoena

FBI Investigation

jborell3@gmail.com

2 FBI Tips

Facebook Jborell

Photos

2/15/12

2/6/12

Pastebin conversation

1/29/12

Higinio Ochoa III

March 15, 2012 – charged

March 20, 2012 - arrested

April 7, 2012 – married girlfriend Kylie Gardner

June, 2012 – plead guilty

August 27, 2012 – sentenced to 2 years in Federal Prison, pay $14,000 in restitution

John Anthony Borell III March 16, 2012 –

charged

March 20, 2012 - arrested

April 16, 2012 - Pled Not Guilty

April 16, 2013 - Pled Guilty under plea bargain

September 12, 2013 - sentenced to 3 years in Federal Prison, pay $226,736 in restitution

CabinCr3w transformed from an Occupy Wall Street CEO doxing focus to SQLi break-ins of government and law enforcement organizations

They were sloppy in hiding their identity; brought long-held usernames with them

They were arrogant in Twitter taunts

Likely maintained contact with Anonymous members