The untold story of Mustafa Al-Bassam reveals the incredible journey of a teenage hacker who started his cyber exploits from his home in London. From breaching top government systems to pioneering blockchain security, Mustafa’s story is a thrilling adventure through the shadows of the internet. This gripping hacker story highlights key cyber attacks in London and beyond, showcasing the rise of a tech visionary in the heart of the digital revolution.
The Rise of Hacker Mustafa Al-Bassam and His Beginnings in the Internet World
Mustafa Al-Bassam, born in Baghdad in 1995, had his family immigrate to Britain, specifically London, in 2000 when he was five years old. Mustafa lived, grew up, and was raised there. He and his family also obtained British citizenship. Mustafa's entry into the world of computers began when he was seven years old. His father bought him a laptop, and Mustafa began to delve into this world, the world of the internet and games. In 2003, the internet was in its early stages, so it was exciting, like discovering a new world. From the first moment, Mustafa was fascinated by this world. He would enter online games or websites and be amazed by them; it was another world he could live in and explore. Although he was still around seven or eight years old, due to this fascination, he began to research programming. He wanted to know how these games were made and how these websites were designed and programmed, and he developed a passion for it. Gradually, over time, he began to develop his skills in this field, learning some programming languages and programs specializing in website design, such as Microsoft FrontPage, through which he could design and program his own website. Mustafa became completely drawn to this world, mesmerized, but he hadn't yet entered anything related to hacking or penetration.
Mustafa Al-Bassam's Entry into the Hacking World and His First Operation
His beginnings in the world of hacking were due to a school assignment, specifically a math assignment. As Mustafa was solving this assignment, he needed a calculator, but at that moment, there wasn't one nearby. His laptop was open in front of him, so instead of going to get a calculator, he searched on Google for a website that would provide him with an online calculator. He entered this website and started using the calculator on it. He noticed that if he typed certain programming codes into this calculator, he could hack the website, access its data, and delve deep into it. Meaning, this calculator had a vulnerability through which Mustafa could completely hack the website. This was his first experience and first hacking operation he ever did at only eight years old. From that moment, something changed in his mind, as if someone pressed a button and turned on a light bulb in his head. He felt he could possess a power that only a few people had, the ability to penetrate and hack. From that moment, he knew this would be his path in life. Mustafa began to test his skills for the first time in the real world when he decided to try and hack his school's computers and servers. The security on the school's servers was trivial and weak, in Mustafa's own words. So Mustafa hacked a private server belonging to the school and found teacher data and salaries on this server, and also student exam grades and many other data that no one but the administration was supposed to see.
Consequences of Mustafa Al-Bassam's First Hacking Operation
Although Mustafa was smart, he was still an eight-year-old boy, so he wasn't careful and began telling some of his friends in class that he had hacked the school's server and seen data he wasn't supposed to see. Since his tongue was a bit loose, the news reached the school administration, and Mustafa was summoned to the principal's office, where an investigation was opened with him. Mustafa confessed to what he had done and that he was able to hack the school's servers and see data he wasn't supposed to see. The principal and the supervisors with him didn't know exactly what to do, whether to be impressed or displeased with him. In the end, they gave him a disciplinary lesson and made it clear that what he did was wrong, and they also informed his father about the matter. That's all that happened, so this incident passed peacefully, but Mustafa, of course, was not going to stop after this incident; hacking was like a superpower, and if someone could acquire this power, especially a boy at such a young age, he wouldn't stop using it; on the contrary, he would be excited to use it more and discover the levels he could reach.
Mustafa Al-Bassam's Immersion in Hacker Communities
This is what happened, and Mustafa continued to delve deeper and deeper into this world. He began to delve into hacker communities available online. They had websites, forums, and chat rooms where these hackers from different countries around the world would gather and discuss everything related to the world of hacking. They would exchange their experiences, help each other, and even discuss their goals and orientations. So Mustafa immersed himself in these hacker communities, and years passed until he was 13 years old. And of course, his skills and abilities in the field reached a high level; he learned many things during this period and carried out dozens, perhaps even hundreds, of hacking operations.
Mustafa Al-Bassam Joining Anonymous
Here we reach the stage of his entry into the Anonymous organization. The word Anonymous translates to "the unknowns," and they are considered a team of hackers spread around the world. But they are not actually a team in the literal sense of the word; they are closer to a union or we might call them a global movement, because they have no central headquarters or leadership, and any hacker can join them from anywhere in the world. But the most important thing is that their orientations are consistent with theirs. The orientations of the Anonymous organization or movement are to defend freedoms and just causes. So most of Anonymous's targets are usually governments or influential companies that are directly related to governments. How do they work together when they are in different parts of the world without having a central leadership? The answer is that the idea is the leader. For example, if a government, organization, or company does an act that is considered against freedoms, then some hackers who consider themselves under the banner of Anonymous might launch a cyberattack against them. The rest of the hackers around the world who also consider themselves under the banner of Anonymous see that their colleagues have launched an attack on a specific target, whether it's a government or a company or whatever. So it's up to them to decide whether they think this target truly deserves the attack or not, and they choose whether to participate and help their colleagues who started the attack or not. So the more Anonymous hackers around the world agree on a certain idea or target, the more this target receives attacks from different parts of the world. So the idea is the leader that guides the Anonymous movement; they have no central leadership. So Mustafa began working under the banner of Anonymous even though he was 13 or 14 years old at the time.
Mustafa Al-Bassam's Participation in the Anonymous Attack on MasterCard and Visa
One of the major attacks Mustafa participated in was an attack on MasterCard and Visa in 2010. Of course, we all know Visa and MasterCard, which are credit card and payment companies. The reason Anonymous hackers attacked MasterCard and Visa in 2010 was because they prevented donations from being made through their services to WikiLeaks. For those who don't know what WikiLeaks is, it's an organization specializing in leaking secret government documents. It's an organization fought by most governments in the world, especially the US government, because many of the documents WikiLeaks leaked concern the American government. So, naturally, given their pro-freedom and anti-government ideology, they launched a retaliatory attack on MasterCard and Visa in 2010 in support of WikiLeaks. And Mustafa was among the hackers who participated in this attack. The attack crippled MasterCard and Visa websites and caused them significant losses and problems.
Founding LulzSec and Shifting to Recreational Hacking
While working under the banner of Anonymous, Mustafa met other hackers and started forming friendships with them. You have to keep in mind that most of these hackers are young or even teenagers like Mustafa, so even if they have the idea of freedom and supporting just causes, they also have a tendency that we might call a "fun" tendency, meaning they use their hacking abilities for enjoyment only, they don't always have a noble goal. So Mustafa knew that these hacks they were doing for fun couldn't be done under the banner of Anonymous. From here, Mustafa and five of his hacker friends he met decided to found a group or team called LulzSec. LulzSec was a team in the literal sense of the word, with founders and members; it wasn't a movement like Anonymous where anyone could claim to be a part of it. LulzSec was a private team consisting of six members: Mustafa and his friends. This team would become one of the most famous hacking teams in 2011, at which point Mustafa was 16 years old. LulzSec's literal motto was "Laughing at your security," meaning their primary goal was hacking for fun and laughter.
LulzSec Operations and Their Confrontation with Sony
LulzSec would pull pranks like redirecting ordinary people's calls to the US Federal Bureau of Investigation (FBI). Imagine you're trying to call a company or a shop and suddenly find yourself talking to someone who works at the FBI. One of the things they also used to do was hack major news websites and publish strange news on them. For example, once they published that the rappers Tupac and B.I.G., who died in the nineties and were enemies, were still alive and living together in New Zealand. And once they hacked the website of the large media network Fox and were able to access the database of the X Factor show, a famous singing competition show on Fox, and leaked the data of over 73,000 people who had applied to participate in the show. So many of these hacking operations had no purpose, they were literally just for laughs. But sometimes they had a purpose. For example, one of the companies they attacked the most was Sony. The reason for their attack on it was because Sony in 2010 filed a lawsuit against a hacker named George Hotz, because George was able to hack the PlayStation 3 system and published the hacking method to the public, so anyone could hack the PlayStation 3 and download copied or pirated games on it. So Sony sued this hacker, and because of this lawsuit, many hackers began to consider Sony a legitimate target and launched countless attacks on it. The LulzSec group, Mustafa and his friends, alone hacked Sony seven times. They hacked many websites and services belonging to Sony and leaked the data of over a million users. So it was a painful blow to Sony.
LulzSec's Fame and Escalating Challenges
Hacking Sony made the LulzSec group gain very wide fame. News websites started writing about them, and they gained a significant presence in the world of social media. Mustafa says that for a period, they became more of a publishing group than a hacking group, meaning other hackers would find vulnerabilities and give them to LulzSec for them to publish in their name, because LulzSec had a large audience and a big name. And although the LulzSec team, as we said, was initially founded just for fun, with the fame they gained, they would enter new challenges. These challenges would put them in direct confrontation with the American government and its security agencies, led by the Federal Bureau of Investigation (FBI) and the US Central Intelligence Agency (CIA).
LulzSec's Confrontation with HBGary
What happened was that there was a company called HBGary, a company specializing in cybersecurity and technical security. The Federal Bureau of Investigation had contracted directly with this company to provide them with electronic security services. The head of this company was a person named Aaron Barr. This man made a terrible mistake; he was confident in himself, so he came out at a technical conference once and declared that he and his company would expose and reveal the identities of the hackers working for Anonymous and LulzSec and hand them over. This would be the biggest mistake he would make in his life. The worst thing you can do is challenge young hackers who have the genius and intelligence to confront the strongest security systems of the most powerful governments and companies. What Aaron Barr did was make himself and his company a target for LulzSec. And indeed, LulzSec, Mustafa in particular, began their attack on HBGary in response to its president's statements. And although it is a company specializing in technical and cybersecurity, it turned out that they had major security vulnerabilities, and the biggest vulnerability was this president, Aaron Barr himself.
LulzSec's Hacking of Aaron Barr's Accounts and Leaking His Company's Data
Mustafa and his group were able to hack some of Aaron Barr's accounts on certain websites, and they discovered that he used the same password for all his accounts everywhere: social media accounts, PayPal, his company account, Apple account, everything. And this is one of the biggest mistakes a person can make in the digital world, especially if he is the head of a company specializing in cybersecurity. So literally after they discovered his password, they were able to access all his electronic life: emails, his social media accounts, his accounts with various services and companies. They were even able to access his Apple account and remotely deleted all the data on his iPad. And most importantly, they were able to access his account in his company, which is the technical security company HBGary. So they entered his work email and leaked more than 70,000 secret messages related to his company's work.
The HBGary Scandal and Its Repercussions on Aaron Barr
This hacking operation was a huge scandal. How could a company specializing in technical security be hacked by a group of hackers, and its president and accounts be hacked? On top of that, in the secret messages that LulzSec leaked from the president's account, there were more scandals about the dubious methods this company used to collect data and track hackers. After these scandals, Aaron Barr was forced to resign from his position and from working at the company. Not only that, he was even forced to move with his family to a new residence; they left their home because their address was leaked, and they even started receiving threat messages.
LulzSec Targeting InfraGard
After the great success LulzSec achieved in hacking HBGary, they became a bigger target for security authorities. Especially since at that time in 2011, the US government, led by Obama at the time, declared war on what they called cybercriminals or electronic criminals. Mustafa and his friends in LulzSec, being young, had a rebellious spirit. If you pressured them or tried to suppress them, they would resist more. So LulzSec, instead of trying to calm things down, intensified their attack. One of the organizations they targeted was an organization called InfraGard. This organization also specializes in the field of technical security and collaborates directly with the US government and the Federal Bureau of Investigation. LulzSec hacked InfraGard's website, defaced it, and wrote phrases on its homepage and posted a YouTube video indicating their penetration of the site. And of course, they hacked the site's databases and were able to obtain information on more than 180 people working under the umbrella of this organization. They accessed their accounts and leaked their emails and a lot of data about them.
LulzSec Hacking the Central Intelligence Agency (CIA)
After hacking this organization, Mustafa and LulzSec would carry out one of their boldest operations, which was the attack on the CIA website, the American intelligence agency. On June 16, 2011, LulzSec published this tweet on their Twitter account, which, by the way, had more than 300,000 followers. The tweet read: "Tango Down" meaning enemy down, and they included the official CIA website "cia.gov" and wrote "for the lulz" at the end of the tweet, their usual slogan of hacking for fun and laughs. And indeed, the official CIA website was hacked; the website was down and remained down for a period before they could recover it. This hack wasn't very damaging to the CIA, and no sensitive data was compromised, for example, but it remained a stain on them that a group of hackers could hack their official website, and they are supposedly the strongest intelligence agency in the world.
The End of LulzSec: The Traitor Revealed and Members Arrested
Unfortunately, shortly after, Mustafa's adventures with the LulzSec team would come to an end. LulzSec members would be arrested, even though they were very cautious and usually left no evidence or clues that could lead to them or their true identities and locations. Even among themselves, they didn't know each other's real names, appearances, or where they lived. All of them used pseudonyms to keep their identities unknown. So how did the security authorities manage to reach them? The shocking answer that Mustafa would discover later was that one of them, one of LulzSec's members and founders, turned into an FBI agent and became an informant embedded among them.
The Traitor's Identity and His Story with LulzSec
This founding member's pseudonym was Sabu, and he was actually the oldest of them in terms of age, he was 28 years old at the time, and his real name was Hector Monsegur. Hector grew up in a poor family and had a difficult life, especially since he grew up without a mother; his grandmother raised him, and his father was barely in his life, barely providing basic necessities. From here, Hector entered the world of hackers, and his goal at first was purely financial; he wanted to improve his and his family's situation and earn money. But later, when he delved deeper into this world of hacking, it turned into a passion for him, and he decided to use the skills he acquired for better purposes, and he began working under the banner of Anonymous and participating in their campaigns. From here, he met some hackers who were also working under the banner of Anonymous, including Mustafa. So Hector and Mustafa, along with four other hackers, founded the LulzSec group, as we said, and continued to work together and carry out the hacking operations we talked about, until we reached the time when they hacked the InfraGard organization, the organization that cooperates directly with the Federal Bureau of Investigation.
Revealing Hector Monsegur and His Collaborations with the FBI
After LulzSec hacked this organization, the FBI opened an investigation and somehow, in a way that has not been disclosed, they were able to reach Hector's identity. So they raided Hector's apartment and arrested him. After interrogating him, they gave him two options: either he would be tried and most likely imprisoned for a long time, or he would cooperate with them and help them reveal the identities of the rest of his team members. And not just his team, he had to continue cooperating with them for years to come. Hector found himself facing two options, each more difficult than the other, because he was not only responsible for himself but also for his family. His grandmother, who took care of him when he was young, passed away in 2010, and after that, he was forced to become the head of the household. And this family had two young girls; they were actually his brother's daughters, and he was taking care of them. I don't know why he was taking care of his brother's daughters; perhaps his brother died or perhaps his brother had problems or perhaps he even abandoned them; there is no clear reason. But the important thing is that Hector was the one taking care of his young nieces. So prison was an impossible option for him, and the FBI knew this. They even threatened him with the girls and told him that they would call social services and have them take the girls from the house.
Hector's Surveillance and Recording of LulzSec Conversations
Hector had no choice but to prioritize his and his family's interests, so he decided to cooperate with the FBI and turn on his friends. Hector's mission was to continue his work normally with the LulzSec group and not make them feel that anything was happening. But from that moment, all conversations and messages that took place between them in the chat rooms would be recorded for the FBI. They even installed a monitoring and recording program on Hector's laptop, and from that moment on, they started recording all conversations that took place between LulzSec members. This monitoring and espionage operation continued for about two months. Even the hacking of the CIA website carried out by LulzSec happened while they were under FBI surveillance, meaning the FBI knew about the operation and knew it was going to happen, and instructed Hector to continue with them and participate in the operation normally as if nothing was happening.
Revealing LulzSec Members' Identities and Hector's Indirect Role
Afterwards, somehow, the FBI was able to identify all LulzSec members, including Mustafa, except for one member whose identity remains unknown to this day. Hector, in his interviews, clarified that his task was only to record the conversations between them. He said that he did not directly participate in revealing his friends' identities, because he himself did not know their identities, nor did they know each other's identities. And we still don't know exactly how the FBI revealed their identities, but Hector's cooperation with them certainly helped them greatly. Mustafa says: "It's true that Hector may not have directly revealed our identities, but these conversations that took place between us were long conversations, lasting for hours, and no matter how much we tried to hide our identities and personal information, when we talked to each other, we felt as if we were talking to family members. So perhaps some information, even if it was simple, would accidentally slip out of him in these conversations, and the FBI might have used some of this information and collected it and were able to identify them through it." What Mustafa is saying is that even if Hector did not reveal their identities himself, what he did was still a betrayal, and they considered each other like family.
Mustafa Al-Bassam's Arrest and British Police Procedures
In any case, after the FBI was able to uncover their identities, Mustafa was the first to be arrested. Although he lived in London, there was, of course, direct communication between the FBI and the security authorities in Britain. So the police went to Mustafa's house and knocked on the door, and they had a search and arrest warrant. The person who opened the door for them was Mustafa's brother, and Mustafa at that moment was in his room sitting on his laptop. And Mustafa, due to his extreme caution, did not keep any dangerous items or evidence that could incriminate him on his laptop; he always covered his tracks. As soon as his brother opened the door to the police, he felt that something was wrong, so the first thing he did was close his laptop. It's true that he didn't keep any incriminating information or data on it, but it was better to close it. The police immediately entered the room and searched it completely, confiscated all electronic devices in it, arrested Mustafa, and took him to the station. Of course, his father and mother were shocked by what was happening; they knew their son loved computers and games, but they had no idea that he was a hacker and a wanted person.
Mustafa Al-Bassam's Interrogation at the Police Station
At the police station, officers sat Mustafa in a room for interrogation. Mustafa immediately requested a lawyer. The police hoped that Mustafa would cooperate with them easily, being 16 years old and young, but Mustafa was smart and immediately requested a lawyer. He noticed that the officers were displeased by this from the start. The police gave Mustafa papers listing 84 charges he was accused of. They made every hacking operation he did a separate charge, so 84 charges accumulated against him. The lawyer assigned to Mustafa advised him not to answer any questions and to respond with "no comment" to every question they asked. And indeed, whenever they asked him a question, he would tell them "no comment." The police were incredibly annoyed by this. They began trying to persuade him, telling him that if he spoke with them and cooperated, he might receive a reduced sentence. At the same time, they also threatened him, saying, "The authorities might hand you over to America, and you'll go to the FBI." But Mustafa managed to keep his composure; he was smart and knew that he was a minor and that they wouldn't be able to apply any heavy sentence to him in the end, he was 16 years old, and the law protects minors to a great extent. The issue of extradition to America was impossible.
Mustafa Al-Bassam's Release and the End of LulzSec
In the end, after 24 hours, Mustafa was released on bail, on the condition that he would be tried later. During that period, three of his friends in LulzSec were also arrested. And so, the LulzSec group ended: one became an agent, four were arrested, and the sixth is the only one whose identity remains unknown to this day. The surprise was also that three of the group members, Mustafa and two others, were living in Britain. This was purely by coincidence, because, as we said, they didn't know which country each of them was from. And the first time Mustafa and these friends met was in court. It was the first time they saw each other in real life and saw their real faces, even though they considered each other like family. The surprise was also that one of the group members claimed to be a 16-year-old girl, but when his true identity was revealed, he turned out to be a 26-year-old former soldier. Of course, his justification for this was that he wanted to protect his true identity even more; he added an extra layer of protection, so he lied about everything, but even with all these lies, in the end, he was exposed and caught.
Judicial Rulings against Mustafa Al-Bassam and His New Path
At the end of the trial, all group members were sentenced to two to two and a half years in prison, except for Mustafa, because Mustafa was the only minor among them. Mustafa was sentenced to two years in prison, but it was a suspended sentence. A suspended sentence means that this sentence will not be carried out unless he commits another crime in the future. He was also sentenced to 320 hours of community service, meaning he would work unpaid in one of the community organizations; they made him work in a non-profit store that sells clothes for the deaf and mute. Another part of Mustafa's sentence was a ban from using the internet for two years, meaning he was completely prohibited from using the internet, forbidden from using any device that connects to the internet. But of course, they couldn't fully enforce this sentence, because if he was at home and accessed the internet, how would they know. Another part of his sentence was that he had to notify the police if he bought any new laptop or computer, or if he got rid of or sold an old computer, he had to notify the police immediately. And he was prohibited from using any kind of encryption, and he was also prohibited from deleting his Browse history in his browser. And he had to continue to abide by all these rulings for five years. That period passed, and years passed, and all these rulings ended. Mustafa turned this past page behind him and left the field of hacking. Today, he works in other technical fields such as blockchain.
Sources:
-
Wikipedia – Mustafa Al-Bassam
A comprehensive overview of his early hacking days, involvement in LulzSec, and later transition into cybersecurity and blockchain research Mustafa Al-Bassam - Wikipedia -
Forbes – How LulzSec Hacker Became a Blockchain Researcher
This article covers how Mustafa shifted from cybercrime to becoming a respected researcher.
Forbes Article on Mustafa Al-Bassam -
Vice – The Teenager Behind LulzSec
Vice explores how a young Londoner got involved with Anonymous and co-founded the infamous hacking group LulzSec.
Vice Article on LulzSec and Mustafa -
The Guardian – LulzSec Hackers Sentenced in UK
Coverage of the UK trial and sentencing of LulzSec members including Mustafa (a.k.a. Tflow).
The Guardian - LulzSec Hackers Jailed