Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:10 PM

Anonymous Hackers Are Hypocrites, Not Hacktivists

An amorphous group of hackers has proven its ability to breach, torment, and embarrass. But as its dance with BART shows, its larger ambitions ring hollow.

The hacker group Anonymous, which is less a coherent group of people working together toward a common cause than a random medley of hackers out to prank and disrupt the online world, has been busy these days. Multiple hacks on Bay Area Rapid Transit websites in response to BART's shutdown of the railway's underground cellular system have captured the attention of activists and technophiles alike. But even as the name Anonymous strikes fear into the hearts of many IT security workers, the group's political ambitions ring hollow.

Anonymous has a penchant for making grand--if sometimes dimly worded--proclamations about its motives. After the group initially hacked a BART website on August 14, it posted a message to the AnonOps blog that stated, "In the Bay Area, we’ve seen people gagged, and once more, Anonymous will attempt to show those engaging in the censorship what it feels like to be silenced." The group frequently issues demands in conjunction with its operations, and the BART hacks were no exception: "Anonymous demands that this activity revolving around censorship cease and desist and we know you are already planning to do this again."

Through its attacks against a variety of high-profile organizations, Anonymous has made itself difficult to ignore. But what's also hard to ignore is the hypocrisy and futility of the group's tactics. Even as the group proclaims its opposition to oppression, it resorts to little more than online bullying in pursuit of its aims. In purporting to advance the cause of freedom, the group brings its own brand of oppression to bear. Its message is pretty much always the same: Stop doing whatever it is we don't like, or we'll take down your website, steal your private data, and embarrass your workers and customers on the Internet.

In response to a decision by BART management to interrupt cell phone service in four underground stations in downtown San Francisco for a couple of hours on August 11, Anonymous hacked into a third-party BART website and released the personal information of thousands of BART riders, all of whom were innocent of BART's actions. The organization then proceeded to hack a BART police officer's association website and released the personal information of its users.

All told, within a week, this loose-knit group of hacktivists victimized a few thousand people who were in no way connected to the actions in question. As of Monday afternoon, the group is reportedly mounting a third protest, which we can only assume will be accompanied by further hacks targeting BART riders and workers. And amid all this chaos, thousands of Bay Area commuters have had their commutes disrupted, causing ripples of inconvenience and hardship throughout their lives.

Which part of Anonymous's ongoing assault against BART riders and employees is supposed to encourage change? Is there a specific policy that Anonymous would like BART to adopt? It's impossible to tell, because the group hasn't put nearly as much thought into advancing a substantial argument as it has into causing disruption. And this is where the intellectual bankruptcy of hacktivism reveals itself. It outlines no argument. It advances no coherent cause. It brings only vague threats and intimidation.

Ask yourself this: If Anonymous were to single out your organization for attack, what would you do? Would you search your soul for the source of whatever transgression might have elicited the group's animosity? Or would you spend a little extra on IT security and hunker down to weather the storm, while mobilizing your legal department to track down and prosecute the offenders? For anyone charged with running a business, the obvious answer is the practical one. Anonymous's tactics force an organization into IT defense mode, while doing little, if anything, to engage the organization's leadership in a meaningful dialog about the issues. It is, quite simply, online thuggery, with only the barest pretense of a political motive.

So for all the IT pros out there watching the Anonymous-BART drama unfold, there are certainly lessons to be learned. But those lessons have nothing to do with high-minded questions of liberty, equality, and human rights. Instead, they're just reminders to run your patches, secure your site's navigation layer, and enforce strict password policies on your users.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A, versions earlier than Emily-AL00A, versions earlier than NEO-AL00D NEO-AL00 have an improper validation vulnerability. The system does not perform...
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B,,,,,, have an insufficient verification vulnerability. The system does not verify certain par...
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.