TechWeb

Who Is Anonymous: 10 Key Facts

Feb 07, 2012 (03:02 AM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=232600322


The Anonymous "hacktivist" collective, known as much for its self-branding as its anything-goes, anti-authoritarian sense of online comeuppance, first came to public attention in January 2008. The occasion was an internal Scientology video starring Tom Cruise, which had been leaked to YouTube. The church, saying that the video was copyrighted, requested that YouTube remove it. Members of Anonymous, however, took issue with that request, and as part of what it dubbed "Project Chanology," reportedly began launching distributed denial-of-service (DDoS) attacks against Scientology websites, blanketing church centers with prank phone calls and faxes, and "doxing" the church by releasing its sensitive documents into the public domain, for example via peer-to-peer networks.

On January 21, 2008, a YouTube post set the template for future Anonymous proclamations. The video, in this case criticizing the Church of Scientology, includes the now-common Anonymous sign-off: "Knowledge is free. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us." By the next month, Anonymous claimed that 7,000 people had staged protested outside of Scientology centers around the world, many of them sporting the now-famous, black-and-white Guy Fawkes mask, as worn by the protagonist of the film V for Vendetta to hide his identity. (Notably, in the film, the masses also wore it as they rose up to help overthrow the ruling dictatorship.)

By early 2008, Anonymous--which reportedly grew out of the anarchic 4chan imageboard website--was already pursuing online attacks as a form of nonviolent protest. By 2010, it was launching regular DDoS attacks against pro-copyright websites.

But the group really came to public prominence during its defense of WikiLeaks and its charismatic--if reportedly mercurial--leader, Julian Assange. WikiLeaks, of course, came under fire from the U.S. government after the site obtained video footage from a U.S. helicopter strike in Iraq that killed two Reuters employees, as well as two children. Next, Assange began to coordinate--together with major newspapers in multiple countries--the release of hundreds of thousands of secret U.S. government cables beginning in December 2010.

The government-orchestrated reaction was swift. PayPal and credit-card processors MasterCard and Visa blocked payments to WikiLeaks, which relied on donations to lease server space and pay staff. There's a short lifespan for a whistle-blowing website that can't remain online.

In response, Anonymous mobilized, unleashing its so-called Low Orbit Ion Cannon (LOIC) tool, with which anyone could participate in Anonymous DDoS attacks by lobbing packets at designated website. From there, meanwhile, Anonymous expanded its focus, and backed by what appear to be numerous international chapters, has tackled everything from cartels in Mexico and child pornography file-sharing sites, to takedowns of Israeli government servers and U.S. law enforcement agencies.

Keep reading for a closer look at the group, its offspring organizations, and its infamous hacks. Photo: Anonymous Hollywood Scientology protest, by Jason Scragz, Flickr. Used with permission via a Creative Commons license.




Operation Payback was an effort to back WikiLeaks. But was it effective? Anonymous isn't dedicated to knocking power grids offline, or crippling hardened military communications networks. Rather, it's online activism in the form of a PR campaign. Notably, the group launched DDoS attacks against the websites of MasterCard and Visa, highlighting their refusal to accept donations bound for WikiLeaks. But rather than disrupting those companies' payment networks, which would have hit their bottom lines, WikiLeaks' supporters merely knocked the companies' public-facing websites offline.

RECOMMENDED READING

Italian Police Arrest Alleged Anonymous Hackers

WikiLeaks Servers To Be Hosted By Pirate Party

Military Charges Intelligence Analyst For Wikileaks Video

Anonymous Boycotts PayPal, Arrest Fallout Continues

Military Charges Intelligence Analyst For Wikileaks Video

Kiss Off: Anonymous Hacker Took On Gene Simmons, Feds Say




One of the most fascinating chapters in Anonymous history concerned Aaron Barr, the CEO of HBGary Federal, who'd bragged about how he'd infiltrated Anonymous, and was set to reveal the identities of its key leaders. Anonymous responded by hacking into HBGary's email server less than 24 hours later, and claimed that a 16-year-old girl had socially engineered the social-media-friendly Barr. Anonymous (including future LulzSec leader Sabu, the rumor goes) then released a slew of emails claiming that HBGary had been retained by Bank of America--on the recommendation of the Department of Justice--to help it wage an anti-WikiLeaks campaign, after the whistle-blowing website claimed to have damning emails about the bank's practices. Other emails, meanwhile, detailed secret cyber-warfare tool-building programs, as well as legally questionable activities. Barr, meanwhile, cancelled his appearance on a DefCon July 2011 panel titled "Whoever Fights Monsters: Aaron Barr, Anonymous, and Ourselves."

Photo: Day 9 Occupy Wall Street September 25 2011 by David Shankbone, Flickr. Used with permission via a Creative Commons license.

RECOMMENDED READING

Black Hat Pwnies Nominate LulzSec, Anonymous

LulzSec Hackers Retire: Time To Rethink Risk

Cracking Bin Laden's Hard Drives

14 Enterprise Security Tips From Anonymous Hacker

Twitter Must Turn Over Records In Wikileaks Case




Arguably, the Anonymous hacktivist offshoot group known as LulzSec--lulz being slang for "laugh out loud," typically at the expense of others--out-lulz'd the Anonymous collective through the audacity of its public relations campaign, combined with near-constant doxing. The group became widely known not only for its witty proclamations--delivered via Pastebin and Twitter--and nicknames, but also for its aggressive use of ASCII art, as well as group members' erudite handles.

Authorities ultimately arrested a teenager, Jake Davis, in Scotland and charged him with being LulzSec's PR director, Topiary; the group's leader, Sabu, remains at large and active in with Anonymous-related operations.

RECOMMENDED READING

Alleged LulzSec Spokesman: New Details As Bail Set

Scotland Yard Arrests LulzSec, Anonymous Suspects

LulzSec Suspect Learns Even HideMyAss.com Has Limits

LulzSec Leader Sabu Details Exploits

Alleged LulzSec Spokesman Arrested In Scotland

LulzSec's Top 3 Hacking Tools Deconstructed

LulzSec Members Apparently Outed

LulzSec Claims Credit For CIA Site Takedown

Scotland Yard Busts Alleged LulzSec Mastermind

FBI Busts Suspected LulzSec Hacker In Sony Breach




While LulzSec announced its retirement, or at least the retirement of its brand name, members of the group went on to commission--and likely, participate in--a co-branded effort with Anonymous dubbed Operation AntiSec. The new effort was ostensibly devoted to taking down established information security vendors, on account of their scaremongering techniques.

But practically speaking, many of the group's exploits have involved hacking into law enforcement agencies' websites and databases, defacing those websites, and releasing personal information on law enforcement personnel. Targets have included organizations as diverse as the Arizona Department of Public Safety and the Zimbabwean government.

RECOMMENDED READING

Anonymous Leaks Law Enforcement Forensic Secrets

Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador

Anonymous Cracks Cops Data Again

Did Anonymous Crash Israeli Government Websites?

AntiSec Hacks Booz Allen, Posts Confidential Military Email




How do you operate an online group of hacktivists that embrace anonymity and pursue a common purpose, while preventing anyone from labeling any type of attack or data dump as being Anonymous-led? That operational--if not existential--issue has bedeviled the group. Or, perhaps for a band devoted to online protests with heavy doses of anarchy and irony, it just enhances its profile. Notably, a Facebook porn spam attack, a file-sharing site (Anonyupload.com), and a plan to attack the New York Stock Exchange all turned out to be fake, or at least not the work of Anonymous. Ultimately, a handful of Twitter channels appear to broadcast accurate information on Anonymous operations. Anything else, however, remains more suspect.

Photo: The Corporatist State 2011", by David Shankbone, Flickr. Used with permission via a Creative Commons license.

RECOMMENDED READING

Anonymous Threatens New York Stock Exchange Attack

Anonymous Threats To Kill Facebook: Another Hoax?

Anonymous Calls Anonyupload A Scam

LulzSec, Anonymous: Feds Most Wanted

Fox News Twitter Account Hacked, Claims Obama Killed




Over the last few years, the anti-authority ethos espoused by Anonymous isn't an outlier. Together with WikiLeaks, the group has been operating at a time when global protests have toppled authoritarian regimes, notably through the Arab Spring. In a similar vein, Anonymous threw its weight behind Occupy Wall Street, a movement that coalesced in New York--to protest financial sector iniquities and excesses--and then quickly spread to other cities and countries.

Photo: 99% over 1%, by Todd Blaisdell, Flickr. Used with permission via a Creative Commons license.

RECOMMENDED READING

Anonymous Threatens New York Stock Exchange Attack

Occupy Wall Street A Threat To Outsourcing?

Foreigners Don't Take IT Jobs, They Create Them

Crisis On Wall Street

Citigroup Confirms Hackers Stole Customer Data




If the various operations orchestrated by Anonymous seem filled with machismo and bluster, some apparently step over the line, even for the group's apparently freewheeling figureheads. Notably, after the alleged disappearance of a pro-Anonymous activist in Mexico, Anonymous announced that he'd been kidnapped by the Zetas drug cartel, and Anonymous promised to publicize the name of every Zetas informer or collaborator that it could get its hands on.

But warnings from security experts that any such moves might put not only Anonymous members but also Mexicans caught in the middle at risk seemed to kill the so-called "OpCartel."

Photo: Roses Are Red...", by Wetsun, Flickr. Used with permission via a Creative Commons license.

RECOMMENDED READING

Anonymous Eyes Mexican Cartel Attack

Anonymous Attacks Child Pornography Websites

Can Anonymous Cripple Critical U.S. Infrastructure?

Anonymous Claims Hack On NATO Servers

3 Security Lessons From BART's Anonymous Breach




Is it ironic that the mask worn by Anonymous members comes from V for Vendetta, a 2005 film produced by Warner Brothers, which is part of the MPAA, which backs the type of pro-copyright interests that would seem to offend the beliefs of Anonymous. In fact, a portion of the proceeds from the sale of each mask actually works its way back to the studio. On the other hand, even if the mask sales put a little more money in the Hollywood coffers, having a globally recognizable brand is no doubt priceless for Anonymous.

RECOMMENDED READING

Facebook Porn Spam Appears Unrelated To Anonymous

Piracy Equals Market Failure

Apple, Hollywood Close To Streaming Movie Deal?

Facebook, Warner Bros. Ink Movie Rental Deal

Times Square Video Hack Social, Not Technical




When the FBI knocked file-sharing site Megaupload offline for allegedly infringing copyright laws and building a criminal enterprise that helped its eccentric founder, Kim Dotcom, book profits of $175 million, it didn't take Anonymous long to register its disproval. A statement from the Recording Industry Association of America (RIAA) lauding the takedown probably just fanned the flames, as Anonymous members joined together, allegedly knocking the websites of the Department of Justice, FBI, Motion Picture Association of America (MPAA), the RIAA, and Universal Music Group offline.

Photo: anonymous at No On 8, by qwrrty (Tim Pierce), Flickr. Used with permission via a Creative Commons license.

RECOMMENDED READING

Anonymous Retaliates For Megaupload Raids: 10 Key Facts

Megaupload Execs Had Thing For Bling, Indictment Shows

Megaupload Closure Forces Cloud Storage Questions

Megaupload Takedown Questioned By Users, Lawyers

Megaupload Hosting Provider Seeks Out Data Owners