Is This The Girl That Hacked HBGary?
Next time you see a flock of teenage girls in the mall, note that one of them might be Kayla. As your average 16-year-old, she regularly hangs out with friends, works part time at a salon and hopes one day to be a teacher.
Behind the scenes though, she’s a big time supporter of Anonymous, the loosely knit global hacking group that brought down the Web sites of MasterCard and PayPal in defence of WikiLeaks. That’s what she claims at least. Kayla flits around the web with so covert an identity that I cannot fully verify her age or gender.
Still, the girl known on chat forums as ‘k, and who spoke to me by e-mail as “Kayla,” is no figment of the Internet’s imagination: she helped all but destroy a company. When Aaron Barr, the now-former CEO of software security firm HBGary Federal, claimed in a press report that he could identify members of the Anonymous collective through social media, she and four other hackers broke into his company’s servers in revenge, defacing his Web site, purging data and posting more than 50,000 of his emails online for the world to see, all within the space of 24 hours.
Kayla played a key role, at one point posing as HBGary CEO Greg Hoglund to an IT administrator to social engineer access to his website rootkit.com. Read their email correspondence here and here. In the fallout, Barr’s emails revealed HBGary had proposed a dirty tricks campaign against WikiLeaks to a law firm representing Bank of America. Other security firms distanced themselves. Kayla and her buddies had opened a can of worms.
Today while HBGary picks up the pieces, Kayla still spends a few hours a night on Anonymous chat channels looking for her next target. Most recently it was the Libyan government, helping get information to Libyan citizens in the Internet blackout.
With just half a dozen close friends online, she has a strict regimen to remain invisible on the web. Each night she wipes every one of her web accounts and deletes every email in her inbox. She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.
So paranoid is Kayla of being caught or hacked by others, that despite several requests she would not speak to me on Skype to verify an adolescent-sounding voice. Our only evidence: others in Anonymous vouch for her age, her emails are punctuated with smiley faces and “lols” and she is relatively well-known on hacking forums. Still, rumors abound that Kayla is a mid-20s male from New Jersey named Corey Barnhill, who also goes by the pseudonym Xyrix.
When I put this to Kayla she countered that in 2008 (aged 14) she and a few other users of an early Anonymous IRC network called partyvan, hacked the account of fellow user Xyrix in defence of an online friend. Kayla used Xyrix’s (Corey’s) account to social engineer an IRC operator and got her target’s personal information. The operator thought Xyrix was Kayla, added her to Xyrix’s Encyclopedia Dramatica page, and the rest is history.