Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge

6/17/2020
03:15 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
100%
0%

What's Anonymous Up to Now?

The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.

(Image Source: Boonchai via Adobe Stock)
(Image Source: Boonchai via Adobe Stock)

In the midst of the Black Lives Matter protests, the familiar Anonymous caricature of Guy Fawkes has reappeared — multiple times, according to the hacktivist group. But is Anonymous back? And if so, how has it changed from its heyday a decade ago?

On May 28, Anonymous posted a video explaining that it would be targeting police departments across the United States. "We will be exposing your many crimes to the world," the computerized narrator said. 

Two high-profile incidents followed. The group claimed responsibility on May 30 for taking down the Minneapolis Police Department (MPD) website, breaching a police department database, and leaking 798 emails and passwords. Security researcher Troy Hunt, known for his HaveIBeenPwned service, which tracks and analyzes data breaches, says this data breach was highly unlikely to have come from the MPD.

Anonymous also claimed responsibility on June 3 for convincing Korean pop music fans to hijack pro-police and white supremacist Twitter hashtags in support of Black Lives Matter. K-pop superfans also took down a Dallas police department app for reporting allegedly illegal activity by flooding it with K-pop fan videos

Hijacking hashtags and going after local police apps and websites with distributed denial-of-service (DDoS) attacks are a far cry from the days when Anonymous' attacks had governments and corporations around the world concerned that their websites and databases would be its next targets.

A Europe-based organizer with Anonymous for more than a decade says Anonymous never went away. Speaking on condition of anonymity, the person wrote in a series of text messages that Anonymous is still made up of multiple groups, some with different and potentially even clashing agendas. But one defining characteristic of some of the earlier Anonymous actions was technical skill, and that's missing from current Anonymous groups.

"I have not seen anything indicating real hacking. If it happens, they are smart enough to not do it publicly," wrote the Anonymous organizer. "Currently the theme is to disrupt communication of the right wing scene, take over their hashtags, make social media unusable for them. You don't need hacking for that."

While the current Anonymous isn't the same as the older Anonymous, that's actually part of what Anonymous is: It's an umbrella brand made up of many groups, consistent in their adaptability, their desire to foment and encourage social action, and their use of the Guy Fawkes mask as depicted in the anarchist versus authoritarian comic book "V for Vendetta." These latest Anonymous actions are unsurprising given the state of turmoil the world is in; who is behind the mask often depends on what cause they're hacking for.

A few studies take an objective, analytical approach to verifying whether Anonymous' claims are verifiable, but keeping the Anonymous brand alive is as important as the actions its members take, says Gabriella Coleman, a cultural anthropologist specializing in hacker culture at McGill University, and author of "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous."

"It's a weird marriage of young people without a sense of the consequences and older people like Jeremy Hammond, an old-school hacker who wanted to tap into those people. The video makers and others exploiting the social media environment, that's obvious now but then was less so," she says. "One group, White Rabbit, seem to be trying to do something technical in the spirit of Anonymous. But currently, most of the activity is to support others through tweeting. There doesn't seem to be much backing up their hacking activism online."

Anonymous remains popular with hacktivists because it can complement "street" action such as the Black Lives Matter protests, says Josh Corman, who was the director of security intelligence at Akamai during Anonymous' peak and co-author of "Building a Better Anonymous." 

"Most of the core Anonymous members moved on to different tactics. They saw how prone they were to manipulation, and it was wildly unpleasant for them toward the end," he says. But he adds that despite being shunted into the shadows for most of the past five years, Anonymous is still the "most readily available face of protest." 

"I think we will have Anonymous around in some form forever," he says.

He and Coleman agree that just because there hasn't been a demonstration of sophisticated technical ability so far, such as jamming intra-law enforcement communications, doesn't mean that there couldn't be one in the near future. 

"While I'm not calling on anyone to hack anything today, you could get important information in the public interest," Coleman says. "The conditions are ripe for a resurgence, but it certainly hasn't happened yet."

Related Content:

 

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32823
PUBLISHED: 2021-06-24
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with &lt...
CVE-2021-35041
PUBLISHED: 2021-06-24
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainabl...
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.