News Advanced Threats
Anonymous Must Evolve Or Break Down, Say Researchers
The movement started as an Internet meme and grew into a complex and chaotic community. Security experts argue that the Anonymous brand is now in danger of imploding
SOURCE Boston -- Boston -- Anonymous is a complex and chaotic movement: It is the heroic free speech efforts that helped protesters in Tunisia and Egypt; it is the lulz -- oddball, and sometimes vicious, pranks -- pulled to prove a point; and it is the AntiSec movement that compromises companies and critics to show that no one is beyond reach.
But Anonymous is also a brand, and one that is in danger of being overwhelmed by its own chaotic nature, argued two security professionals in a keynote at the SOURCE Boston conference this week. Brian "Jericho" Martin, a former hacker and current security expert, and Josh Corman, director of security intelligence at Akamai Technologies, have studied Anonymous for the past year and believe that the movement could easily degenerate into chaos and cause a lot of collateral damage in the process.
More Security Insights
- Remote Data Replication: Combat Disasters And Optimize Business Operations
- Check Point 2013 Internet Security Report
- Strengthening Enterprise Defenses With Threat Intelligence
- Strategy: Advanced Persistent Threats: The New Reality
Instead, they are hoping -- and through an article series, offering to help -- the metagroup evolve into a better, and more focused, Anonymous.
"Anonymous as they are is a crude blunt weapon; they don't do a lot of good, and they make a lot of noise," Martin told conference attendees. "So why don't you want a better Anonymous that is more efficient, gets stuff done, and most importantly, creates less collateral damage."
Anonymous evolved from a meme on 4Chan, a bulletin board that allowed anyone to post images. Many of the board's anonymous members would band together to conduct one-off operations, including a series of pranks against conservative radio host Hal Turner, which escalated into denial-of-service attacks and eventually the leak of documents that identified Turner as an FBI informant.
Four years ago, the members began to identify themselves as Anonymous and began more sustained operations against copyright organizations and the Church of Scientology. Eventually, activist members conducted operations to help global free speech, while more anarchical members, such as LulzSec, focused on disruptive acts. (The history of Anonymous is featured in "We Are Legion," a solid documentary which had a pre-release screening at SOURCE Boston on Tuesday night.)
[The Anonymous hacking collective last year targeted multiple high-profile targets, including Sony, Fox, PBS, HBGary Federal, and multiple law enforcement agencies. See 'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide.]†
These days, most of the people that associate with Anonymous are "glorified" cheerleaders who have their own agendas, Martin says. The researchers estimated that less than 10 percent are real activists or active hackers. It's those active members that need to consider the future, they said.
The first problem for many Anonymous members is that the average person can't tell whether the movement is good or evil. Like a Rorschach inkblot, most see what their preconceptions lead them to see, Corman said.
"If you think they are freedom fighters, they are; if you think they are hacktivists, they are; and, if you think they are hoodlums, they are," Corman said. "And the truth is they are a lot of different structures and motivations, but we will never understand this group until we understand the biases we bring."
Yet, it's not just a question of good and evil, he says. Anonymous is a chaotic collection of groups with different ideas about what Anonymous represents. Some members of the group will do something that most people would consider good, and the next day, other members of the group commit an offensive act, such as leaking personal information on the Arizona police or hacking the website of the nonprofit Epilepsy Foundation.
"It's a brand and a franchise which is borrowed and often abused, by anyone," Corman said. "Anyone who claims to be Anonymous is Anonymous."
Taking a concept from the tabletop role-playing game, Dungeons & Dragons, Corman argues that Anonymous is a range of alignments but mostly chaotic in nature.
"It is a group of people with very different motives," he said. "They are chaotic good like Robin Hood, and there is chaotic evil as well ... There are some people that just want to see the world burn."
A side effect of the moral confusion is that attackers with other goals can conduct hacking activities under the guise of Anonymous, essentially running a "false flag" operation that can confuse the victims.
If Anonymous does evolve, corporate security teams and government agencies should worry. Even with all the problems that Anonymous has as a community and a brand, the movement has run into little resistance.
"Even with [Anonymous] consisting of the lowest common denominator, society and security are trying to keep up," Martin said. "If we can't deal with the worst they have to offer, quite simply, we are f**ked. And I use that word very carefully, because if that word offends you, then you need to get out of the industry. Anonymous is going to be a rude awakening."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.