Anonymous Hackers Are Hypocrites, Not HacktivistsAn amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.
The hacker group Anonymous, which is less a coherent group of people working together toward a common cause than a random medley of hackers out to prank and disrupt the online world, has been busy these days. Multiple hacks on Bay Area Rapid Transit websites in response to BART's shutdown of the railway's underground cellular system have captured the attention of activists and technophiles alike. But even as the name Anonymous strikes fear into the hearts of many IT security workers, the group's political ambitions ring hollow.
Anonymous has a penchant for making grand--if sometimes dimly worded--proclamations about its motives. After the group initially hacked a BART website on August 14, it posted a message to the AnonOps blog that stated, "In the Bay Area, we’ve seen people gagged, and once more, Anonymous will attempt to show those engaging in the censorship what it feels like to be silenced." The group frequently issues demands in conjunction with its operations, and the BART hacks were no exception: "Anonymous demands that this activity revolving around censorship cease and desist and we know you are already planning to do this again."
Through its attacks against a variety of high-profile organizations, Anonymous has made itself difficult to ignore. But what's also hard to ignore is the hypocrisy and futility of the group's tactics. Even as the group proclaims its opposition to oppression, it resorts to little more than online bullying in pursuit of its aims. In purporting to advance the cause of freedom, the group brings its own brand of oppression to bear. Its message is pretty much always the same: Stop doing whatever it is we don't like, or we'll take down your website, steal your private data, and embarrass your workers and customers on the Internet.
In response to a decision by BART management to interrupt cell phone service in four underground stations in downtown San Francisco for a couple of hours on August 11, Anonymous hacked into a third-party BART website and released the personal information of thousands of BART riders, all of whom were innocent of BART's actions. The organization then proceeded to hack a BART police officer's association website and released the personal information of its users.
All told, within a week, this loose-knit group of hacktivists victimized a few thousand people who were in no way connected to the actions in question. As of Monday afternoon, the group is reportedly mounting a third protest, which we can only assume will be accompanied by further hacks targeting BART riders and workers. And amid all this chaos, thousands of Bay Area commuters have had their commutes disrupted, causing ripples of inconvenience and hardship throughout their lives.
Which part of Anonymous's ongoing assault against BART riders and employees is supposed to encourage change? Is there a specific policy that Anonymous would like BART to adopt? It's impossible to tell, because the group hasn't put nearly as much thought into advancing a substantial argument as it has into causing disruption. And this is where the intellectual bankruptcy of hacktivism reveals itself. It outlines no argument. It advances no coherent cause. It brings only vague threats and intimidation.
Ask yourself this: If Anonymous were to single out your organization for attack, what would you do? Would you search your soul for the source of whatever transgression might have elicited the group's animosity? Or would you spend a little extra on IT security and hunker down to weather the storm, while mobilizing your legal department to track down and prosecute the offenders? For anyone charged with running a business, the obvious answer is the practical one. Anonymous's tactics force an organization into IT defense mode, while doing little, if anything, to engage the organization's leadership in a meaningful dialog about the issues. It is, quite simply, online thuggery, with only the barest pretense of a political motive.
So for all the IT pros out there watching the Anonymous-BART drama unfold, there are certainly lessons to be learned. But those lessons have nothing to do with high-minded questions of liberty, equality, and human rights. Instead, they're just reminders to run your patches, secure your site's navigation layer, and enforce strict password policies on your users.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.