Skip to main content

Did a 16-year-old girl help take down HBGary?

Anonymiss-anonymousWhen you think of the hackers behind the mysterious group Anonymous, you might think of anything from James Bond-esque computer wizards to cyber-security professionals who lead secret double lives to over-weight college kids with too much time on their hands and a hankering for mischief. What many of you probably didn’t think of, however, was a teenage girl who works at a salon.

According to Forbes, one of the four hackers responsible for infiltrating software security company HBGary and its sister company HBGary Federal and releasing tens of thousands of reputation-killing emails, is a 16-year-old who goes by the name ‘k’ or Kayla. She has been part of the politically-minded hacktivist group Anonymous — famously responsible for disrupting the websites of Visa, Master Card, PayPal and the governments of Egypt, Yemen and Tunisia, among others — since 2008.

Here, a few of the most interesting tidbits about Kayla from her Forbes profile:

She played a “crucial role” in the HBGary hack:
Kayla played a crucial role, posing as HBGary CEO Greg Hoglund to an IT administrator (who happened to be Nokia security specialist Jussi Jaakonaho) to gain access to the company’s servers. Read their email correspondence here and here. In the fallout, Barr’s emails revealed HBGary had proposed a dirty tricks campaign against WikiLeaks to a law firm representing Bank of America.

She learned to be a hacker from her software engineer dad:
“My dad encouraged it at first,” she says. “He thought it was awesome I was so in to what he did.” Dad allegedly showed her how to find bugs in C source code and exploit them.

She is extremely secretive online:
With just half a dozen close friends online, she has a strict regimen to remain invisible on the web. Each night she wipes every one of her web accounts and deletes every email in her inbox.  She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.

She once hacked 4chan, the site from which Anonymous originated:
In December 2008, she wrought havoc on one of the most famous forums of all, 4chan’s notorious /b/ channel, finding and exploited an SQL injection bug on its content management system, hacking in and causing mayhem on the forum for a few hours.

Her dad has a good sense of humor:
These days Kayla’s dad is aware of her activities with Anonymous, and while he is concerned about the legal implications–she lives in a country where she could be tried as an adult–she says he finds the whole thing “hilarious.”

She doesn’t really spend much time online:

[Kayla] refuses to be chained to her computer, limiting herself to a few hours a night online. She rarely visits online forums–they’re “boring”–and a few days a week takes a course in college to further her goal of being a teacher. She lives in an English-speaking country–not the U.K.–but won’t say more about it.

Read the full article about Anonymous member Kayla here.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more