The Hacker Known as Kayla and the HBGary Federal Breach

In early 2011, a hacker operating under the alias “Kayla” claimed to be a 16-year-old girl who split her time between ordinary teenage life and participating in operations with Anonymous, the decentralized hacking collective. While her true identity remained unverified, the damage she helped inflict on one particular company was entirely real.

The target was HBGary Federal, a cybersecurity firm whose CEO Aaron Barr publicly claimed he had identified key members of Anonymous through social media analysis. In retaliation, Kayla and approximately four other hackers breached HBGary Federal’s servers within 24 hours. They defaced the company website, wiped data, and published over 50,000 of Barr’s emails online for public scrutiny.

Social Engineering as the Primary Attack Vector

Kayla’s contribution to the operation highlighted the effectiveness of social engineering over brute-force technical exploits. She impersonated HBGary parent company CEO Greg Hoglund in email communications with an IT administrator, convincing them to grant access to the website rootkit.com. The deception was straightforward but devastatingly effective.

The leaked emails exposed far more than internal communications. They revealed that HBGary had proposed a coordinated campaign against WikiLeaks on behalf of a law firm representing Bank of America. The proposal included strategies for discrediting journalists and spreading disinformation. Other cybersecurity firms that had been part of the proposal quickly distanced themselves from HBGary once the emails became public. Barr resigned shortly after.

Operational Security and Identity Questions

Kayla maintained unusually rigorous operational security practices for someone claiming to be a teenager. She reportedly wiped all her web accounts and deleted every email nightly. Her computer had no physical hard drive — she booted from a microSD card that could be destroyed in seconds. She ran her operating system from a USB stick and conducted all operations through a virtual machine.

Despite repeated requests from journalists, she refused voice verification through Skype. The evidence supporting her claimed age and gender was circumstantial: other Anonymous members vouched for her, her communications were peppered with informal language, and she had a presence on hacking forums. However, persistent rumors in hacking circles suggested Kayla was actually a male in his mid-twenties from New Jersey named Corey Barnhill, who used the alias Xyrix.

A Disputed Identity With a Complicated History

When confronted with the Xyrix connection, Kayla offered an alternative explanation. She claimed that in 2008, she and other users of an early Anonymous IRC network called Partyvan had compromised Xyrix’s account during a dispute. According to her account, she used Xyrix’s credentials to social engineer an IRC operator, and the resulting confusion led to her identity being incorrectly linked to the Xyrix persona on public documentation sites.

Whether Kayla was genuinely a teenage girl or a carefully constructed persona, the HBGary breach demonstrated a fundamental vulnerability in cybersecurity: technical defenses mean little when human trust can be manipulated. The incident became one of the most prominent examples of how hacktivist groups could expose corporate and government activities through relatively simple infiltration techniques.