Saturday, March 31, 2012

OMG online armageddon coming April 1?

Anonymous unmasked: The collective's disruptive influence

By Catherine Solyom
Saturday, March 31, 2012
A demonstrator wears a Guy Fawkes mask – one of the defining symbols of the Anonymous collective – during a protest against austerity measures last month in Athens, Greece. Fawkes was an Englishman who was involved in a failed plot to bomb the British Parliament in 1605. The masks in his image were popularized by the comic-book series and 2006 film V for Vendetta, in which a shadowy freedom fighter uses terrorist tactics to rebel against a totalitarian society. Members of Anonymous have worn the masks in public since their 2008 protests against the Church of Scientology. (Photograph by: Milos Bicanski , Getty Images)

Hack the planet – save the world.

That’s become the rallying cry of an army of keyboard warriors known as Anonymous, which in the last 18 months has targeted everyone from the Tunisian government to the Boston police, the Vatican to Sony, Public Safety Minister Vic Toews to PayPal, blocking their websites or retrieving embarrassing files and emails for the world to see.
MONTREAL - The elusive “hacktivist” collective, identified only by its logo of a headless man in a suit or its Guy Fawkes masks, has hacked into the Syrian defence ministry and Bank of America. It has eavesdropped on Scotland Yard and the FBI. And it has outed alleged white supremacists across Canada, including a couple in Quebec City.

With over 15 million page views on its main news website and more than 560,000 Twitter followers, it’s clear the world is paying attention to this nascent form of politics – and for good cause.

According to a report by Verizon released last week, 2011 was a bumper year for hacktivists. Their activities accounted for 58 per cent of all data theft (or about 100 million files), beating out hackers for profit in their zeal to steal state and corporate secrets, to promote their views or defend their followers.

In 2012 they have kept up the pace. Anonymous has vowed to shut down the Internet altogether on Saturday as a protest against new anti-piracy legislation, Wall Street, “our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun.”

Then again, it might just be a pre-April Fool’s Day prank.

If and when they do create online Armageddon is almost irrelevant.

With about 2 billion people now connected to the Internet, the mere threat of global action by Anonymous – online terrorists to some, heroes to others – is enough to instill fear in corporations and governments alike.

Whether Anonymous can remain anonymous in the face of increased surveillance remains to be seen, however. Over the last year the group has had its share of setbacks, with arrests taking place around the world, in part thanks to traitors in their midst.

Back in 2004, as university students were waking up to Facebook, a very different type of Internet community, known as 4chan, was attracting non-Facebook types – the kind who wanted to share ideas and images, but not their snapshots, personal histories or even their names.

Contributors to 4chan did not need to register, they were not censored, and they most often signed their postings “anonymous” as they discussed everything from Japanese comics to hard-core pornography. (The Guardian once described the community as “lunatic, juvenile ... brilliant, ridiculous and alarming.”)

Then in 2006, 4chan members stepped outside their own forum and took aim at neo-Nazi Hal Turner, by launching a distributed denial of service attack – or DDoS – and prank-calling his radio phone-in show. (In a DDoS attack, hundreds or thousands of computers or mobile phones flood a website with requests for information, to overload the server so it cannot respond to legitimate requests.)

Later targets of 4chan included Sarah Palin, Justin Bieber and YouTube, which got on 4chan’s bad side for deleting music files and blocking a user under the age of 13.

By 2008, however, some of 4chan’s users had formed Anonymous and had zeroed in on one target: the Church of Scientology. In order to shield themselves from the litigious church, the protesters wore the now ubiquitous Guy Fawkes masks, popularized by the comic-book series and 2006 film V for Vendetta.

“As it turns out, it was a seminal moment for the group, when they first appeared in real life,” says filmmaker Brian Knappenberger, whose documentary on Anonymous, We Are Legion: The Story of the Hacktivists, premiered at the South by Southwest festival in Austin, Texas this month. “I was compelled to know what was going on with this group that was on the streets, wearing these masks created by a science fiction author, protesting a religion created by a science fiction author. This was a weird scene. Somehow they materialized out of the air, out of the Internet, and were called forth to the streets to protest what they saw as a restriction on freedom of speech on the part of Scientology.”

Knappenberger was surprised to see how the movement grew from there. Though Scientology remains one of Anonymous’s targets, a new wave of DDoS attacks on Visa, MasterCard and PayPal at the end of 2010 truly put the group on the map. Operation Avenge Assange, which made PayPal unavailable to users, was in retaliation for PayPal suspending its account with WikiLeaks, after the latter published classified U.S. government documents. Without PayPal, supporters could no longer donate online to WikiLeaks or its founder, Julian Assange.

“It was clear they were going somewhere, and I wanted to see where,” Knappenberger said.

Freedom of speech and Internet freedom are the two causes the group has consistently defended since 2008, including the freedom to share movies and music online, sometimes in violation of copyright law. As a protest against the Stop Online Piracy Act – which has since been shelved – and after law enforcement agencies shut down Megaupload, a file-sharing site with 50 million users, Anonymous launched its biggest attack ever in January. Within hours, it overloaded the websites of the FBI, U.S. Department of Justice, Universal Music Group, the Recording Industry Association of America, the Motion Picture Association of America and Warner Music Group, among others.

Since then, Anonymous has brought down the websites of the Boston police, in response to its handling of Occupy protesters; New York Iron Works, which supplies tactical clothing and equipment to police in and around New York; and the Vatican, to protest child sexual abuse by priests, to name just a few. In December, it stole 5 million emails and credit card information from Strategic Forecasting (Stratfor), a global intelligence company, embarrassing the company for its lax security and allegedly using the credit cards to donate to charities. In February, WikiLeaks began publishing the emails, including one in which the vice-president of Stratfor said Assange would “make a nice bride in prison” and will “be eating cat food forever.”

Gabriella Coleman, an anthropologist who specializes in digital media, hackers and the law, describes today’s Anonymous as an octopus with tentacles in both regional and international politics.

“It was so interesting to see this phenomenon that was all about Internet trolling and hellraising and pranking develop a political conscience. But it was so contained,” said Coleman, who teaches at McGill. “Then in the last year and a half, it has burst out of this niche and grown tentacles of all sorts.”

One of the reasons why Anonymous gets so much attention is because it is provocative, subversive and unpredictable, Coleman says.

Asked whether it uses politics as an excuse for hellraising, Coleman said, “Yeah, sure, they are a little bit wild and crazy and some individuals who participate don’t necessarily have justice or human good in mind. But a great majority in the political network do. But everyone has a different definition or sensibility, because there’s no universal mandate.”

In fact, anyone who wants to be Anonymous is – whatever their politics. According to the FAQ at AnonNews (, “Anonymous does not have a membership list, and you can’t really ‘join’ it either. If you identify with or say you are Anonymous, you are Anonymous. No one has the authority to say whether you are Anonymous or not, except for yourself.” And while some operations, like DDoS, require thousands of participants working from their computers or hand-held devices, other hacks can be the work of a single person.

Not surprisingly, there have been ideological and regional differences. According to Knappenberger and Coleman, both of whom have communicated with Anonymous members, there was a lot of disagreement about whether to attack media sites, like Fox News, or PBS, when it aired a less-than-flattering portrait of Assange.

And while some members erected digital picket lines around the Egyptian government last year – forcing its websites off-line until Hosni Mubarak stepped down as president – others targeted the Ku Klux Klan, (a website run by the Westboro Baptist Church in Kansas) and in Hungary.

For both Knappenberger and Coleman, these “virtual sit-ins” stem from a feeling of disenfranchisement by youths who don’t feel they can make themselves heard through real-life protests. The Anonymous movement has picked up where the Occupy protests left off, after protesters were driven from the streets in some cities by pepper spray and rubber bullets.

“This is a group that has grown up on the Internet and sees promise and potential on the Internet, and is deeply offended with acts of intrusion or surveillance and restrictions,” said Knappenberger.

“Anonymous doesn’t pretend that because they exist, the financial crisis will be over or health care will be given to everyone in the U.S.,” Coleman said. “But they represent the desire for political change, and they get a certain generation excited about the possibility.”

Among the posts to its forum last week was a plea from a Quebec student protesting tuition hikes: “The government refuses to listen and refuses to even talk with students or professors. ... I am begging you Anonymous, get the word out, we are being oppressed and no one can help.”

Of course, one person’s freedom fighter is another’s terrorist, and while Anonymous’s hacktivist attacks have garnered support in some quarters, the group has also created many powerful enemies and propelled law enforcement into action.

Gene McLean, a former RCMP officer and now managing director of the cyber-security firm Digital Wyzdom, makes no distinction between those who hack for profit and those who hack for a cause, whatever that cause may be.

“To me, they’ve broken the law. They may not have picked a lock to get in your office, but they’ve accessed your files and broken your privacy. So whether it’s for political posturing, airing someone’s dirty laundry to hurt them or breaking in to steal information and manipulate it into cash, it’s illegal and unethical.

There’s no way to sell it.”

Clearly that’s also the view of the FBI and Interpol, which have made significant arrests. The PayPal 14, as they are known, were arrested and charged in July with conspiracy and intentional damage to a protected computer for their alleged participation in the DDoS attack on PayPal. The 12 men and two women, aged 20 to 42, were arrested in eight states and the District of Columbia; each faces 15 years in jail and a $500,000 fine. A judge this month ruled that while awaiting trial they could re-access their Twitter accounts; their bail conditions had included a ban on using the service.

In February, Interpol, working with local police forces, arrested 25 alleged members of Anonymous in 15 European and South American cities for allegedly hacking into Colombia’s Ministry of Defence and the president’s website, Chile’s Endesa electricity company and its national library. In Operation Unmask, officers seized computer equipment, mobile phones, payment cards and cash, as part of an investigation into the hackers’ source of funding. Six new arrests were made in the Dominican Republic as part of the same operation on Wednesday.

“This operation shows that crime in the virtual world does have real consequences for those involved, and that the Internet cannot be seen as a safe haven for criminal activity, no matter where it originates or where it is targeted,” said Bernd Rossbach, acting Interpol executive director of police services.

That said, investigating a group without a face, adept at not leaving a digital footprint, is no easy task.

McLean, who in his RCMP days uncovered the Rizzuto crime family’s bank accounts in Switzerland, says it’s always possible to find out how someone hacked into a website or email account, but often impossible to pinpoint the culprit.

“I don’t want to give them any more bragging rights,” McLean said. “But when you’re called Anonymous and no one knows who’s on the team, including yourselves, it’s tough. … The method without fail is discovered. But can you identify them? Sometimes yes, sometimes no.”

And if you do identify them, the problem becomes how to prosecute them if they are in another jurisdiction.

“It’s a moving target to get your hands on.”

McLean worries that despite the threat to individual corporations, for whom a stolen secret can mean millions of dollars in lost revenue, hacking in general is not taken seriously. It can still fall under the category of theft over $5,000. As for hacktivism, he says, “if it doesn’t bleed” it’s not a priority for law enforcement.

“Cops are too busy working on the latest stabbing or shooting, but for a lot of cyber crime they don’t have the expertise or numbers of officers who are highly skilled.”

RCMP Staff Sergeant. Marc Moreau, who has been working on cyber crime since 1994, says the division’s staff has grown considerably, from 50 officers across Canada in 2001 to 170 today. But given that they are called upon for their technical expertise in investigations of all sorts – virtually every investigation today involves some sort of digital device – they are busy, Moreau said. And they are constantly trying to keep up with hackers and hacktivists who employ new strategies and software every day.

Recent arrests may have sent a chill through Anonymous, but whatever long-term effect they have on the collective will depend on the outcome of the trials, particularly the fate of the PayPal 14, Gabriella Coleman says.

“If the punishment for participating in a campaign is stiff, it can make people think twice about it.”

There is also the threat to Anonymous from within. This month it was revealed that one of the more radical participants in the group, New York resident Hector Xavier Monsegur, a.k.a. Sabu, had been arrested and turned informant with the FBI at least seven months ago. Sabu’s collaboration led to the arrests of five alleged hacktivists from LulzSec, a splinter group of Anonymous, who are believed to be responsible for the attack on Stratfor, among other things. The Stratfor emails were passed from Anonymous to WikiLeaks through an FBI-owned computer.

Given how decentralized the collective is, members of Anonymous say the risk of infiltrators being able to identify other hackers is minimal. If there are no leaders, no leaders can be identified.

And as one Anon said in an email to The Gazette, if some are arrested, others will take their place.

 “Anonymous cannot be killed any more than communism or pacifism. No matter how many you remove, there will always still be a few of us left. ... Ideas are bulletproof.”

But the risk of losing focus as Anonymous continues to expand its reach may be more significant.

It is already sometimes difficult to distinguish who is Anonymous from who is merely anonymous. A Briton last month stole thousands of records from an abortion provider’s website, and when arrested claimed to be part of Anonymous. Last week a trademark video was posted threatening European nations who kept their borders open, but was quickly disowned by Anonymous Sweden.

And there have been threats to shut down Facebook and the entire electric grid, often repeated to show Anonymous’s sinister side, even though Anonymous has steadfastly denied having any such intentions.

For Coleman, Anonymous will have staying power as long as it remains unpredictable and reacts to world events. The iconography of the headless man in a suit, and the Guy Fawkes mask, has the potential to become this generation’s peace symbols, she said.

But for McLean, the cyber-sleuth, Anonymous should be a wake-up call to all governments and corporations to lock their online doors and windows, before hackers for profit and hacktivists decide to join forces.

“I think we’ll see the political hacktivist and cyber-criminal thieves come together and share information,” McLean said. “It’s a natural evolution. And if that happens, then they will be propelled to another level – to a criminal empire.”

Hey! This is not funny who just turned off the lights?


Post a Comment

<< Home