MONTREAL - The elusive “hacktivist” collective, identified only by its logo
of a headless man in a suit or its Guy Fawkes masks, has hacked into the Syrian
defence ministry and Bank of America. It has eavesdropped on Scotland Yard and
the FBI. And it has outed alleged white supremacists across Canada, including a
couple in Quebec City.
With over 15 million page views on its main news website and more than
560,000 Twitter followers, it’s clear the world is paying attention to this
nascent form of politics – and for good cause.
According to a report by Verizon released last week, 2011 was a bumper year
for hacktivists. Their activities accounted for 58 per cent of all data theft
(or about 100 million files), beating out hackers for profit in their zeal to
steal state and corporate secrets, to promote their views or defend their
followers.
In 2012 they have kept up the pace. Anonymous has vowed to shut down the
Internet altogether on Saturday as a protest against new anti-piracy
legislation, Wall Street, “our irresponsible leaders and the beloved bankers who
are starving the world for their own selfish needs out of sheer sadistic fun.”
Then again, it might just be a pre-April Fool’s Day prank.
If and when they do create online Armageddon is almost irrelevant.
With about 2 billion people now connected to the Internet, the mere threat of global
action by Anonymous – online terrorists to some, heroes to others – is enough to
instill fear in corporations and governments alike.
Whether Anonymous can remain anonymous in the face of increased surveillance
remains to be seen, however. Over the last year the group has had its share of
setbacks, with arrests taking place around the world, in part thanks to traitors
in their midst.
Back in 2004, as university students were waking up to Facebook, a
very different type of Internet community, known as 4chan, was attracting
non-Facebook types – the kind who wanted to share ideas and images, but not
their snapshots, personal histories or even their names.
Contributors to 4chan did not need to register, they were not censored, and
they most often signed their postings “anonymous” as they discussed everything
from Japanese comics to hard-core pornography. (The Guardian once described the
community as “lunatic, juvenile ... brilliant, ridiculous and alarming.”)
Then in 2006, 4chan members stepped outside their own forum and took aim at
neo-Nazi Hal Turner, by launching a distributed denial of service attack – or
DDoS – and prank-calling his radio phone-in show. (In a DDoS attack, hundreds or
thousands of computers or mobile phones flood a website with requests for
information, to overload the server so it cannot respond to legitimate
requests.)
Later targets of 4chan included Sarah Palin, Justin Bieber and YouTube, which
got on 4chan’s bad side for deleting music files and blocking a user under the
age of 13.
By 2008, however, some of 4chan’s users had formed Anonymous and had zeroed
in on one target: the Church of Scientology. In order to shield themselves from
the litigious church, the protesters wore the now ubiquitous Guy Fawkes masks,
popularized by the comic-book series and 2006 film V for Vendetta.
“As it turns out, it was a seminal moment for the group, when they first
appeared in real life,” says filmmaker Brian Knappenberger, whose documentary on
Anonymous, We Are Legion: The Story of the Hacktivists, premiered at the South
by Southwest festival in Austin, Texas this month. “I was compelled to know what
was going on with this group that was on the streets, wearing these masks
created by a science fiction author, protesting a religion created by a science
fiction author. This was a weird scene. Somehow they materialized out of the
air, out of the Internet, and were called forth to the streets to protest what
they saw as a restriction on freedom of speech on the part of
Scientology.”
Knappenberger was surprised to see how the movement grew from there. Though
Scientology remains one of Anonymous’s targets, a new wave of DDoS attacks on
Visa, MasterCard and PayPal at the end of 2010 truly put the group on the map.
Operation Avenge Assange, which made PayPal unavailable to users, was in
retaliation for PayPal suspending its account with WikiLeaks, after the latter
published classified U.S. government documents. Without PayPal, supporters could
no longer donate online to WikiLeaks or its founder, Julian Assange.
“It was clear they were going somewhere, and I wanted to see where,”
Knappenberger said.
Freedom of speech and Internet freedom are the two causes the group has
consistently defended since 2008, including the freedom to share movies and
music online, sometimes in violation of copyright law. As a protest against the
Stop Online Piracy Act – which has since been shelved – and after law
enforcement agencies shut down Megaupload, a file-sharing site with 50 million
users, Anonymous launched its biggest attack ever in January. Within hours, it
overloaded the websites of the FBI, U.S. Department of Justice, Universal Music
Group, the Recording Industry Association of America, the Motion Picture
Association of America and Warner Music Group, among others.
Since then, Anonymous has brought down the websites of the Boston police, in
response to its handling of Occupy protesters; New York Iron Works, which
supplies tactical clothing and equipment to police in and around New York; and
the Vatican, to protest child sexual abuse by priests, to name just a few. In
December, it stole 5 million emails and credit card information from Strategic
Forecasting (Stratfor), a global intelligence company, embarrassing the company
for its lax security and allegedly using the credit cards to donate to
charities. In February, WikiLeaks began publishing the emails, including one in
which the vice-president of Stratfor said Assange would “make a nice bride in
prison” and will “be eating cat food forever.”
Gabriella Coleman, an anthropologist who specializes in digital media,
hackers and the law, describes today’s Anonymous as an octopus with
tentacles in both regional and international politics.
“It was so interesting to see this phenomenon that was all about Internet
trolling and hellraising and pranking develop a political conscience. But it was
so contained,” said Coleman, who teaches at McGill. “Then in the last year and a
half, it has burst out of this niche and grown tentacles of all
sorts.”
One of the reasons why Anonymous gets so much attention is because it is
provocative, subversive and unpredictable, Coleman says.
Asked whether it uses politics as an excuse for hellraising, Coleman said,
“Yeah, sure, they are a little bit wild and crazy and some individuals who
participate don’t necessarily have justice or human good in mind. But a great
majority in the political network do. But everyone has a different definition or
sensibility, because there’s no universal mandate.”
In fact, anyone who wants to be Anonymous is – whatever their politics.
According to the FAQ at AnonNews (anonnews.org), “Anonymous does not have a
membership list, and you can’t really ‘join’ it either. If you identify with or
say you are Anonymous, you are Anonymous. No one has the authority to say
whether you are Anonymous or not, except for yourself.” And while some
operations, like DDoS, require thousands of participants working from their
computers or hand-held devices, other hacks can be the work of a single person.
Not surprisingly, there have been ideological and regional differences.
According to Knappenberger and Coleman, both of whom have communicated with
Anonymous members, there was a lot of disagreement about whether to attack media
sites, like Fox News, or PBS, when it aired a less-than-flattering portrait of
Assange.
And while some members erected digital picket lines around the Egyptian
government last year – forcing its websites off-line until Hosni Mubarak stepped
down as president – others targeted the Ku Klux Klan, godhatesfags.com (a
website run by the Westboro Baptist Church in Kansas) and Monsanto.com in
Hungary.
For both Knappenberger and Coleman, these “virtual sit-ins” stem from a
feeling of disenfranchisement by youths who don’t feel they can make themselves
heard through real-life protests. The Anonymous movement has picked up where the
Occupy protests left off, after protesters were driven from the streets in some
cities by pepper spray and rubber bullets.
“This is a group that has grown up on the Internet and sees promise and
potential on the Internet, and is deeply offended with acts of intrusion or
surveillance and restrictions,” said Knappenberger.
“Anonymous doesn’t pretend that because they exist, the financial crisis will
be over or health care will be given to everyone in the U.S.,” Coleman said.
“But they represent the desire for political change, and they get a certain
generation excited about the possibility.”
Among the posts to its forum last week was a plea from a Quebec student
protesting tuition hikes: “The government refuses to listen and refuses to even
talk with students or professors. ... I am begging you Anonymous, get the word
out, we are being oppressed and no one can help.”
Of course, one person’s freedom fighter is another’s terrorist, and while
Anonymous’s hacktivist attacks have garnered support in some quarters, the group
has also created many powerful enemies and propelled law enforcement into
action.
Gene McLean, a former RCMP officer and now managing director of the
cyber-security firm Digital Wyzdom, makes no distinction between those who hack
for profit and those who hack for a cause, whatever that cause may be.
“To me, they’ve broken the law. They may not have picked a lock to get in
your office, but they’ve accessed your files and broken your privacy. So whether
it’s for political posturing, airing someone’s dirty laundry to hurt them or
breaking in to steal information and manipulate it into cash, it’s illegal and
unethical.
There’s no way to sell it.”
Clearly that’s also the view of the FBI and Interpol, which have made
significant arrests. The PayPal 14, as they are known, were arrested and charged
in July with conspiracy and intentional damage to a protected computer for their
alleged participation in the DDoS attack on PayPal. The 12 men and two women,
aged 20 to 42, were arrested in eight states and the District of Columbia; each
faces 15 years in jail and a $500,000 fine. A judge this month ruled that while
awaiting trial they could re-access their Twitter accounts; their bail
conditions had included a ban on using the service.
In February, Interpol, working with local police forces, arrested 25 alleged
members of Anonymous in 15 European and South American cities for allegedly
hacking into Colombia’s Ministry of Defence and the president’s website, Chile’s
Endesa electricity company and its national library. In Operation Unmask,
officers seized computer equipment, mobile phones, payment cards and cash, as
part of an investigation into the hackers’ source of funding. Six new arrests
were made in the Dominican Republic as part of the same operation on Wednesday.
“This operation shows that crime in the virtual world does have real
consequences for those involved, and that the Internet cannot be seen as a safe
haven for criminal activity, no matter where it originates or where it is
targeted,” said Bernd Rossbach, acting Interpol executive director of police
services.
That said, investigating a group without a face, adept at not leaving a
digital footprint, is no easy task.
McLean, who in his RCMP days uncovered the Rizzuto crime family’s bank
accounts in Switzerland, says it’s always possible to find out how someone
hacked into a website or email account, but often impossible to pinpoint the
culprit.
“I don’t want to give them any more bragging rights,” McLean said. “But when
you’re called Anonymous and no one knows who’s on the team, including
yourselves, it’s tough. … The method without fail is discovered. But can you
identify them? Sometimes yes, sometimes no.”
And if you do identify them, the problem becomes how to prosecute them if
they are in another jurisdiction.
“It’s a moving target to get your hands on.”
McLean worries that despite the threat to individual corporations, for whom a
stolen secret can mean millions of dollars in lost revenue, hacking in general
is not taken seriously. It can still fall under the category of theft over
$5,000. As for hacktivism, he says, “if it doesn’t bleed” it’s not a priority
for law enforcement.
“Cops are too busy working on the latest stabbing or shooting, but for a lot
of cyber crime they don’t have the expertise or numbers of officers who are
highly skilled.”
RCMP Staff Sergeant. Marc Moreau, who has been working on cyber crime since 1994,
says the division’s staff has grown considerably, from 50 officers across Canada
in 2001 to 170 today. But given that they are called upon for their technical
expertise in investigations of all sorts – virtually every investigation today
involves some sort of digital device – they are busy, Moreau said. And they are
constantly trying to keep up with hackers and hacktivists who employ new
strategies and software every day.
Recent arrests may have sent a chill through Anonymous, but whatever
long-term effect they have on the collective will depend on the outcome of the
trials, particularly the fate of the PayPal 14, Gabriella Coleman says.
“If the punishment for participating in a campaign is stiff, it can make
people think twice about it.”
There is also the threat to Anonymous from within. This month it was revealed
that one of the more radical participants in the group, New York resident Hector
Xavier Monsegur, a.k.a. Sabu, had been arrested and turned informant with the
FBI at least seven months ago. Sabu’s collaboration led to the arrests of five
alleged hacktivists from LulzSec, a splinter group of Anonymous, who are
believed to be responsible for the attack on Stratfor, among other things. The
Stratfor emails were passed from Anonymous to WikiLeaks through an FBI-owned
computer.
Given how decentralized the collective is, members of Anonymous say the risk
of infiltrators being able to identify other hackers is minimal. If there are no
leaders, no leaders can be identified.
And as one Anon said in an email to The Gazette, if some are arrested, others
will take their place.
“Anonymous cannot be killed any more than communism or
pacifism. No matter how many you remove, there will always still be a few of us
left. ... Ideas are bulletproof.”
But the risk of losing focus as Anonymous continues to expand its reach may
be more significant.
It is already sometimes difficult to distinguish who is Anonymous from who is
merely anonymous. A Briton last month stole thousands of records from an
abortion provider’s website, and when arrested claimed to be part of Anonymous.
Last week a trademark video was posted threatening European nations who kept
their borders open, but was quickly disowned by Anonymous
Sweden.
And there have been threats to shut down Facebook and the entire electric
grid, often repeated to show Anonymous’s sinister side, even though Anonymous
has steadfastly denied having any such intentions.
For Coleman, Anonymous will have staying power as long as it remains
unpredictable and reacts to world events. The iconography of the headless man in
a suit, and the Guy Fawkes mask, has the potential to become this generation’s
peace symbols, she said.
But for McLean, the cyber-sleuth, Anonymous should be a wake-up call to all
governments and corporations to lock their online doors and windows, before
hackers for profit and hacktivists decide to join forces.
“I think we’ll see the political hacktivist and cyber-criminal thieves come
together and share information,” McLean said. “It’s a natural evolution. And if
that happens, then they will be propelled to another level – to a criminal
empire.”
csolyom@montrealgazette.com
Postscript
Hey! This is not funny who just turned off the lights?
0 Comments:
Post a Comment
<< Home