This multi-part article is a follow-up to a one hour panel discussion at DEFCON 19 titled "'Whoever Fights Monsters...' Confronting Aaron Barr, Anonymous and Ourselves" moderated by Paul Roberts, discussed by Josh Corman, Brian Martin, and Scot Terban. The views of the authors are not meant to be a criticism of Anonymous, nor are they meant to be encouragement for future criminal activity. It is an inevitable fact that Anonymous, or similar groups, will become bigger, stronger, and more effective. Discussions on how to build a more potent digital hacktivism (illegal hacking to achieve a political goal) group have occurred for over a decade. This article will not attempt to introduce groundbreaking new ideas, but rather will summarize many existing ideas and subject them to analysis from two security practitioners on two sides of this issue. If anything, this will serve more as a 'Lessons Learned' with the aim of broadening the reader's understanding of the topic, while demonstrating that the "problem" is not going away; the "problem" is evolving and growing.
When we say "building a better Anonymous", we seek to explore the ideas of making such a group truly better. That means better for all parties involved; the group, end users, citizens and law enforcement. "Better" does not mean more criminal acts in the name of the greater good, it means a more efficient organization that can achieve the same results with less collateral damage. We envision a group with better defined goals, more accountability, a healthy dose of humor and the legendary resolve of the sabertooth squirrel. Of course, the chaotic nature of a group such as Anonymous means that any hopes of improvement will likely come in the form of small numbers of members guiding the rest toward these goals.
As we sit here to write this in October and November of 2011, we'd like to render a few things explicit. As objective observers, we've seen the rise of Anonymous and other chaotic actors as both intriguing and "of consequence". We've also seen very little in the way of what we'd call "insight" or "understanding" toward the evolution of the "group(s)". Those who are publicly speaking don't seem to "get it". Those who seem to have insight are frequently unwilling (and in many cases afraid) to speak.
So with natural curiosity, we have attempted to ask questions, engage in dialectic, apply logic and analysis, and see if other willing minds can't nudge the conversation forward in useful and non-confrontational ways for the benefit of all. As the group(s) continue to morph and evolve - and as our comprehension (hopefully) improves, this will clearly re-cast the content of what you will read throughout these articles. We will attempt to capture thought at this time - and when necessary, we may adjust/augment/update against this point-in-time content.
Operating parameters of this series:
Unstructured and nebulous, a group called Anonymous, born in the trenches of virtual trolling, has become a household name based on a reputation of civil disobedience and digital activism. They are a wildly diverse and unpredictable group, one that takes up arms to fight a varied collection of causes, while having no stated charter or organizational chart. Despite these seemingly limiting traits, Anonymous has flourished and become a force to be feared or respected, but not reasoned with.
Many people believe they know the history - but "which one?" The history of Anonymous is just as murky as trying to define them. The very brief history we present below could be thought of as a commonly accepted history. However, a similar history claims the background is more wrong than right. Gregg Housh, a former Anonymous member who now observes the group, has put together a considerably more thorough "chanology timeline" that attempts to chronicle all events related to Anonymous.
Formed in 2003, Anonymous was born out of a community / forum known as "4chan", with a subset message board called "/b/". Gawker wrote a concise summary of these boards and other 4chan affiliated projects, to better explain the origin of today's Anonymous. Widely perceived as putting their attention and power toward a greater good only in the last three years, Gawker notes that previous pranks may have begun to show their 'good' side much earlier. Based on the concept of an anonymous community that became a shared collective identity, the Anonymous name gained international attention in 2008 for Project Chanology, a coordinated fight against the Church of Scientology. Years before Project Chanology, between 2006 and 2007, Anonymous demonstrated that they were heading down a path of righteousness with several high profile activities. In subsequent years, the group continued activities that garnered mainstream media that demonstrated the concept of digital activism, sometimes based on illegal hacking activity.
Anonymous activities in 2011 have helped them become a household name, covered by all types of media and gaining increased attention from law enforcement and pundits. Security firm and government contractor HBGary Federal angered Anonymous after claims that they were working with the FBI to unmask key Anonymous members, resulting in more than 60,000 private e-mails of CEO Aaron Barr and other employees being published. In response to Sony suing Geohot (aka George Hotz), Anonymous launched a Distributed Denial of Service (DDoS) against the corporate giant, resulting in Sony blaming them for subsequent attacks they had no declared part in, which were numerous. Banking giant Bank of America dealt with Anonymous when they released internal mails that claimed to prove corruption and fraud. "Operation Anti-sec" was (re)born, with the Anonymous splinter group LulzSec teaming back up with their parent group to protest a list of government transgressions by breaking into numerous sites ranging from the Arizona Department of Public Safety to The Times to the Fox News Twitter Account. One of the most recent attacks after our DEFCON 19 panel was launched against the Bay Area Rapid Transit (BART) after the death of BART passenger Oscar Grant, leading to BART customer information being exposed and increased calls for protests. These activities, and more, have resulted in the group being perceived as more dangerous as well as more effective.
It is not easy to claim understanding of a group so diverse as Anonymous. At best, one can attempt to understand some of the fundamental principles and ideas that motivate some, but not all, members. There are several articles that attempt to display this understanding, written from a variety of perspectives (and possibly involvement). For example, Adrian Crenshaw wrote "Crude, Inconsistent Threat: Understanding Anonymous", in which he discusses the motivation and organization of the group. Josh Corman, co-author of this article " has previously written about the topic". Cole Stryker has even authored a book on the topic, titled "Epic Win for Anonymous: How 4chan's Army Conquered the Web". One thing should remain clear; no one person will ever fully understand Anonymous beyond the broad influences.
Throughout their history, Anonymous has exposed weakness and vulnerabilities in a wide variety of social and technical systems. In doing so, the group has been demonized unfairly by a wide range of people including the media and law enforcement. One fundamental truth that seems to escape many observers is that the vulnerabilities were already there. Anonymous just brought them to the public's attention. In crying for the heads of Anonymous, we are effectively shooting the messenger bearing bad news. Gene Spafford, from the Center for Education and Research in Information Assurance and Security (CERIAS), summarized the underlying issue that is absolutely critical for everyone to understand:
"First, if a largely uncoordinated group could penetrate the systems and expose all this information, then so could a much more focused, well-financed, and malevolent group - and it would not likely result in postings picked up by the media. Attacks by narcotics cartels, organized crime, terrorists and intelligence agencies are obvious threats; we can only assume that some have already succeeded but not been recognized or publicized." -- Gene Spafford
For those who wish to avoid the laborious task of trying to define a chaotic and disparate group, there are several pop culture leanings that may help paint the group in a very broad stroke. These media references are based on Anonymous' actions and the authors' interpretation of their activity and writings.
Due to the adoption of the Guy Fawkes mask as a symbol of the group, perhaps the most popular pop culture reference would be Alan Moore's V for Vendetta. Toward the end of the movie, the protagonist V outfits thousands of citizens in a black cloaks and Fawkes masks to create an anonymous army of sympathizers fed up with the totalitarian government. This scene is perhaps the ultimate symbolism for the group as we know it; an army of oppressed citizens finally fed up with an abusive regime that has stripped them of privacy, civil liberty and ultimately power.
Chuck Palahniuk's Fight Club touches on broad leanings of Anonymous members. The idea of a near cult-like group engaging in diverse projects under the names 'Project Mischief' and 'Project Mayhem' certainly draws parallels to Anonymous. Members of the group determine their own level of involvement, a strong theme of Anonymous. Ultimately, tapping into the latent frustration of members, eloquently summarized by Tyler Durden (Brad Pitt) in the movie adaptation:
Man, I see in Fight Club the strongest and smartest men who have ever lived. I see all this potential, and I see it squandered. Goddammit, an entire generation pumping gas, waiting tables, slaves with white collars. Advertising has us chasing cars and clothes, working jobs we hate so we can buy shit we don't need. We're the middle children of history, man; no purpose or place. We have no Great War, no Great Depression. Our Great War is a spiritual war. Our Great Depression is our lives. We've all been raised by television to believe that one day we'd all be millionaires and movie gods and rock stars. But we won't; and we're slowly learning that fact. And we're very, very pissed off.
Another Alan Moore graphic novel, The Watchmen, highlights several aspects of the Anonymous collective; post-modern anti-heroes willing to do evil things to avoid a greater evil, a cast of characters confront and challenge both morality and alignment, redefining the popular concept of heroes embodying good. One of the running themes throughout the novel is the idea of "who watches the watchmen?"
The Dark Knight introduces people to a purely chaotic evil actor, The Joker, who the butler Alfred draws an allegory to. He tells Bruce Wayne of a bandit he helped chase in a forest who was throwing away the jewels he stole, saying "Some men aren't looking for anything logical ... [they] just want to see the world burn." Wayne asks how he was ultimately caught. Alfred replies, "We burned the forest down." A simple solution, but one that is easily argued as worse than the bandit's actions. Opposite of the chaotic evil Joker is Batman, a chaotic good hero that demonstrates a steady scale of escalation to fight evil, just as Anonymous appears to do often times. At the same time, Anonymous likely has a handful of chaotic evil actors involved, even if they don't realize it yet.
There are several other notable media that draws parallels to Anonymous to some degree or another. Ghost in The Shell - Stand Alone Complex is eerily prophetic about these concepts, with a villain named Laughing Man that is essentially a collective of infectiously contagious meme copycats of an original that may not even exist. SLC Punk showcases the fleeting catharsis, contradictions, inconvenience, and ultimate emptiness experienced by a few young anarchists.
With the group constantly changing and adapting, losing followers as often as they gain new interest from the disenfranchised, understanding will come in small waves and require reexamination every step of the way.
Copyright 2011-2012 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the
text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic
courtesy of Mar - sudux.com.
Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.