Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge

6/17/2020
03:15 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
100%
0%

What's Anonymous Up to Now?

The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.

In the midst of the Black Lives Matter protests, the familiar Anonymous caricature of Guy Fawkes has reappeared — multiple times, according to the hacktivist group. But is Anonymous back? And if so, how has it changed from its heyday a decade ago?

On May 28, Anonymous posted a video explaining that it would be targeting police departments across the United States. "We will be exposing your many crimes to the world," the computerized narrator said. 

Two high-profile incidents followed. The group claimed responsibility on May 30 for taking down the Minneapolis Police Department (MPD) website, breaching a police department database, and leaking 798 emails and passwords. Security researcher Troy Hunt, known for his HaveIBeenPwned service, which tracks and analyzes data breaches, says this data breach was highly unlikely to have come from the MPD.

Anonymous also claimed responsibility on June 3 for convincing Korean pop music fans to hijack pro-police and white supremacist Twitter hashtags in support of Black Lives Matter. K-pop superfans also took down a Dallas police department app for reporting allegedly illegal activity by flooding it with K-pop fan videos

Hijacking hashtags and going after local police apps and websites with distributed denial-of-service (DDoS) attacks are a far cry from the days when Anonymous' attacks had governments and corporations around the world concerned that their websites and databases would be its next targets.

A Europe-based organizer with Anonymous for more than a decade says Anonymous never went away. Speaking on condition of anonymity, the person wrote in a series of text messages that Anonymous is still made up of multiple groups, some with different and potentially even clashing agendas. But one defining characteristic of some of the earlier Anonymous actions was technical skill, and that's missing from current Anonymous groups.

"I have not seen anything indicating real hacking. If it happens, they are smart enough to not do it publicly," wrote the Anonymous organizer. "Currently the theme is to disrupt communication of the right wing scene, take over their hashtags, make social media unusable for them. You don't need hacking for that."

While the current Anonymous isn't the same as the older Anonymous, that's actually part of what Anonymous is: It's an umbrella brand made up of many groups, consistent in their adaptability, their desire to foment and encourage social action, and their use of the Guy Fawkes mask as depicted in the anarchist versus authoritarian comic book "V for Vendetta." These latest Anonymous actions are unsurprising given the state of turmoil the world is in; who is behind the mask often depends on what cause they're hacking for.

A few studies take an objective, analytical approach to verifying whether Anonymous' claims are verifiable, but keeping the Anonymous brand alive is as important as the actions its members take, says Gabriella Coleman, a cultural anthropologist specializing in hacker culture at McGill University, and author of "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous."

"It's a weird marriage of young people without a sense of the consequences and older people like Jeremy Hammond, an old-school hacker who wanted to tap into those people. The video makers and others exploiting the social media environment, that's obvious now but then was less so," she says. "One group, White Rabbit, seem to be trying to do something technical in the spirit of Anonymous. But currently, most of the activity is to support others through tweeting. There doesn't seem to be much backing up their hacking activism online."

Anonymous remains popular with hacktivists because it can complement "street" action such as the Black Lives Matter protests, says Josh Corman, who was the director of security intelligence at Akamai during Anonymous' peak and co-author of "Building a Better Anonymous." 

"Most of the core Anonymous members moved on to different tactics. They saw how prone they were to manipulation, and it was wildly unpleasant for them toward the end," he says. But he adds that despite being shunted into the shadows for most of the past five years, Anonymous is still the "most readily available face of protest." 

"I think we will have Anonymous around in some form forever," he says.

He and Coleman agree that just because there hasn't been a demonstration of sophisticated technical ability so far, such as jamming intra-law enforcement communications, doesn't mean that there couldn't be one in the near future. 

"While I'm not calling on anyone to hack anything today, you could get important information in the public interest," Coleman says. "The conditions are ripe for a resurgence, but it certainly hasn't happened yet."

Related Content:

 

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...