Who is Anonymous' Commander X? Not This Guy

Benjamin Spock de Vries would like the world to know he is not a cyber terrorist.

But if you read some of the 40,000+ emails that were stolen from HBGary Federal by Anonymous and posted on Pirate Bay, you might think otherwise.

It seems Aaron Barr -- the CEO of HBGary Federal who thought he'd make a big splash by outing the leadership of Anonymous and instead ended up getting ridden hard and put away wet by the very hackers he sought to expose -- decided de Vries is in fact the mysterious Commander X, alleged puppetmaster of the Anonymous collective. So he said as much in some of the thousands of private email conversations the Anons just shared with the world.

[ See also: That new Facebook friend might just be a spy ]

This did not make de Vries happy.

"I am not Anonymous," de Vries told me during an agitated phone conversation last night. "I have never logged onto any Anonymous sites. I don't use IRC. I couldn't hack my way out of a paper bag."

In fact, de Vries says he hadn't even heard of the whole HBGary-Anonymous mishegas until Barr contacted him on February 5 via his Facebook alter ego, Julian Goodspeak (yes, really), and begged de Vries to please call off the DDOS attack on HBGary's servers.

What attack? de Vries asked.

What followed was a weirdly elliptical conversation in which Barr chatted with the person he thought was Commander X while de Vries thought they were talking about something else entirely.

The reason Barr thought De Vries was the elusive X? Because de Vries is the founder and admin of a Facebook Group called Global Strike 2011, which appears to be popular with the Anons. That, or many of its members are just particularly enamored of Guy Fawkes masks and wicked cool handles like Anarcho Femmina and Anonomous AnonopsEsp (then again, who isn't?).

Barr thought he had cracked the Anons by taking information from Facebook, Linked In, and Twitter and "correlating" it with activity inside IRC chats conducted by actual members of Anonymous. So he made what appears to be wildly inaccurate assumptions based on the facts that a) de Vries was the admin for Global Strike 2011, ii) fans of Anonymous frequented the site, and z) activity on that site occurred at more or less the same time as statements made inside IRC.

Ipso facto, de Vries is Commander X. Also, Justin Bieber is Lady Gaga's love child. Pass it on.

I attempted to contact Mr. Barr for comment via email. I'm still awaiting his response.

Granted, de Vries is not your average Joe. He's a Certified Permaculture Designer, which means he designs sustainable agricultural systems, as well as a bit of an anarchist. He says he wants to change the world not by computer hacking, but by "economic action of passive resistance, mainly by gardening." He fears for his physical safety and claims he has holed up in a "crack hotel" to avoid unwelcome visits from HBGary henchmen.

This is a bizarre story that gets stranger with each passing day. Among the other tidbits gleaned from the purloined emails: HBGary Federal cooked up plans to topple WikiLeaks and target CNN journalist Glenn Greenwald. They had managed to obtain the code for the Stuxnet malware that bollixed Iran's nuclear program (which, by the way, is now apparently in the hands of Anonymous - take a moment to ponder that). So the idea of them hiring hitmen to do away with a troublesome pest, while highly unlikely, is not entirely from Mars.

Ben de Vries would like to clear his name. He does not want the federales knocking down his door and charging him with felony trespass and unauthorized access of computer systems. And it's pretty clear he'd like to cause Mr. Barr pain of both an emotional and economic nature.

On the hand, de Vries admits he has had no contact with law enforcement of any kind over his alleged involvement. Barr told the Financial Times he would not necessarily share his findings with the FBI, in part because of how he collected the information (ie, illegally). If the Feds really thought de Vries was Commander X, they'd have arrested him along with the 40 or so others they rounded up who are suspected of taking part in those DDOS attacks on the alleged enemies of WikiLeaks in December.

Is de Vries paranoid? Probably. Excitable? Most definitely. But the mastermind behind the many-headed hacktivist hydra that is Anonymous? That hardly seems possible.

The problem here is bigger than De Vries, Barr, HBGary, Anonymous or even WikiLeaks. It's about what happens when you mine data from different sources, employ dubious assumptions, and leap to erroneous conclusions. It's too easy to get the wrong guy. And if you think this doesn't happen, ask Khaled Masri, a German citizen who was ‘rendered' to Afghanistan by the CIA in 2003 and tortured for five months, based on a case of mistaken identity. Or Oregon attorney Brandon Mayfield, who was wrongly arrested for bombing a train in Madrid in 2004 and only got sprung because the Spanish police did their homework and found the actual bomber.

If you believe the NSA isn't mining data to locate terrorist threats before they strike, you just haven't been paying attention. If you fit the wrong profile or hit the wrong data points, you could be an innocent victim, like Masri, Mayfield, or de Vries. Let's just hope they're better at data mining than Aaron Barr is.

ITworld TY4NS blogger Dan Tynan is also not Commander X (in case you were wondering). Experience his juvenile sense of humor at eSarcasm (Geek Humor Gone Wild) or follow him on Twitter:@tynan_on_tech.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld

Subscribe to the Security Watch Newsletter

Comments