A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Crude, Inconsistent Threat: Understanding Anonymous

 

 

Crude, Inconsistent Threat: Understanding Anonymous

Adrian Crenshaw

Dubious Disclaimer

Most of the time I cover technical topics. I regularly give classes and presentations on "how this protocol works" or "how do I hack X?", those sorts of things. This time, I want to delve into a little psychology/sociology. Normally I like to stick to technology because the answers are easier to test and less subjective. When people are being measured things become a lot more muddy and less definitive. When I think of the social sciences I think of the Ernest Rutherford quote:

“All science is either physics or stamp collecting.”

My general impression of the social sciences is that there is a lot of room for personal beliefs to skew the results via bad experiment design, faulty assumptions, confirmation bias and the like. I likely have biases of my own so take this paper with a boulder of sodium chloride. Also please note that to better immerse you into the Internet culture Anonymous comes from I will be linking off to many “not safe for work” (NSFW) sites. After reading enough excerpts from “chan” culture you will hopefully begin to get a better feel for the nature of Anonymous.

Abstract

A lot has been said and written about a "group" referred to as Anonymous. This paper will go into Anonymous' motivations, organization (or lack thereof) and how the term "group" is sort of a misnomer. Unfortunately, “group” is a misnomer I will use throughout the paper because I lack a better word. For those familiar with "chan" culture, this article may not be of much use, but for those that read about Anonymous and just don't get it, this paper may be of assistance. The paper is not intended to condemn nor promote, but just to help folks understand "cyber-lynch mobs" and perhaps their security ramifications. Mostly I’m just tired of hearing the news get it wrong concerning the nature of the “organization”.

What and who is Anonymous?

The first misconception I see about Anonymous is that it is a group in the organizational sense of the word. Anonymous is really not a cohesive group, if you can even call it a group. While looking in a Thesaurus for an alternative to the word group, it suggested “mess”, which might be more apropos. Adrian Sanabria suggested I use the word “label”, which is a more accurate term when it comes to Anonymous. From my perspective, Anonymous seems to have only three vaguely unifying principals:

1. Do it for the lulz.

2. Internet censorship is bad.

3. Don't hurt cats.

              For those not familiar with Internet culture and memes, what I just wrote won’t make a lot of sense. If I use an odd term or a strange spelling, it may be a meme or a bit of jargon worth looking up with Google or better yet in EncyclopediaDramatica (So NSFW), What Port 80 or Know Your Meme. The main point is that Anonymous needs to be seen not as an organization, but as a banner term for loosely organized actions using a shared meme as a somewhat common culture and brand. If you really want to follow the changes in the Anonymous meme over time, check out the older Anonymous entries at EncyclopediaDramatica via the Wayback Machine:

 

http://replay.waybackmachine.org/20070607170247/http://www.encyclopediadramatica.com/Anonymous

 

You can see the cause-oriented Anonymous start to creep in around late January 2008 with project Chanology, from there things begin to slowly snowball.

        A second misconception is that Anonymous is a highly skilled hacker collective. First off, the definition of hacker is too contentious for me to want to go into, but the media’s definition is often at odds with mine. My definition of a hacker would be along the lines of: “Someone who tries to bypass limitations in largely unexpected ways to achieve a goal, and seeks knowledge to do as such”. That said, some people who self-identify as being part of Anonymous are most likely “highly skilled hackers” (whatever metric you use to decide that), just not everyone. A better description to use instead of “hacker collective” is “somewhat motivated people who have time on their hands collective”, but that just doesn't have the same ring. Never underestimate the power of people with a little tech knowledge (and perhaps friends with a lot) that have time on their hands. For those interested in reading about someone who self-identifies with Anonymous and seems to have some skills, read the story about Kayla. A lot of details in the story set off people’s bullshit detectors, and there is not a lot that can really be confirmed about “Kayla”. Others who self-identify as being part of Anonymous may merely be people who know how to run someone else's script or app, or just cheer from the sidelines.

What is a meme?

        Rather than try to define it in my own words, I’ll Ligatt the definition from elsewhere:

‘Meme: a cultural unit (an idea or value or pattern of behavior) that is passed from one person to another by non-genetic means (as by imitation); "memes are the cultural counterpart of genes"’

Sauce: http://wordnetweb.princeton.edu/perl/webwn?s=meme

Or to put it another way:

‘A meme is basically an idea that is easily transferable from one mind to another. Think "catch-phrases". Memes are created when a large group of users come to identify with a particular image or slogan. Their continued [mis]use will bring about the destruction of the universe.’

Source: http://www.4chan.org/faq#meme

If you read any posts by Anonymous, or hear any interviews by someone calling in as being part of Anonymous, expect memes. Sometimes these memes are used as shared cultural references or as a short hand for some deeper (or just humorous) meaning. It’s sort of like that episode of Star Trek TNG named “Darmok” where the phrase "Darmok and Jalad at Tanagra" is used as a metaphor to indicate two warriors coming together and becoming friends after defeating a common enemy. By using that TNG reference I’m labeling myself under the meme of “Basement Dweller”. Some common catch phrases you will see in chan culture are: “Over 9000”, “marble cake”, “the game”, etc.

        

Why the Anonymous meme then?

What do I mean when I say Anonymous is more of a meme than a real group? In the case of Anonymous, the meme stems from the use of image boards (commonly labeled as chans) where unclaimed posts are labeled “Anonymous”. The conceit is that people started using the term Anonymous as if it’s a real identity as opposed to just a place holder. The group could just as easily have been called Incognito if there were more fans of Sid Meier games on the various chans. Someone may make a request on an image board, like “give me some Ernest Borgnine rule 34”, and when someone posts the requested content without signing their name to it, then it can be said that “Anonymous Delivers”.

Cohesiveness?

              The overarching theme of this paper is that organizations, especially news organizations, should stop viewing Anonymous as one cohesive group. For that matter, law enforcement should also not bother to think of Anonymous as an organization with a ring leader or a strict hierarchy. Certain subsets and factions might have “leaders” in the sense of main players, but Anonymous as a whole does not. People may want to look at Anonymous and try to come up with some hierarchy in their minds (hell, even some people in Anonymous may envision there being a hierarchy). While not all actions performed under the Anonymous banner may properly be considered “raids” or “operations”, this raid flowchart may best help you understand how decisions are made in the collective:

http://images.encyclopediadramatica.com/images/thumb/6/62/RaidChart.gif/300px-RaidChart.gif

In essence, the progression is something like the following:

1. Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel posts “hey, this is wrong/messed up/has lulz potential. I think we should give them grief!”

2. Those that agree follow suit with sometimes vague details given as to their intentions and tactics.

3. Lulz ensue or they don’t.

4. If Lulz ensue, go back to step two and see if more people join the action. Or...

5. Lose interest because of attention deficit or the target seems thoroughly beaten.

The nature of these attacks can be anything from:

  1. Dropping someones docs (doxing or other spellings): Revealing private information about the target, like address, phone number, wife’s name, etc. This information is often found via Open Source Intelligence (OSInt) sites and social networks.

  1. In Real Life (IRL) pranks using the information above: This could be anything from an unwanted pizza delivery to a spoofed threatening call to the police to get a SWAT team called out to the residence (referred to as “Swatting”).

  1. Defacing of websites or social network profile pages to embarrass and annoy.

  1. Denial of service attacks: Sometimes referred to as “bandwidth raep” depending on how they are done. Use of the Low Orbit Ion Cannon (LOIC) tool has been mentioned a lot recently, but there are many other more sophisticated methods that could be used.

Some may view the Denial of Service actions done under the name Anonymous as hypocritical. If Internet censorship is bad, isn’t DoSing someone’s site and making it so they can’t express their opinions also censorship? The thing that keeps this from necessarily being hypocritical is that "Anonymous" is not really one group. What one group of people do under the banner of “Anonymous “ may not be agreed with by others who use the banner “Anonymous”. For example, in response to the Westboro Baptist Church, one group under the banner of Anonymous said:

‘Additionally, as your "Press Release" failed to understand: When Anonymous says we support free speech, we mean it. We count Beatrice Hall among our Anonymous forebears: "I disapprove of what you say, but I will defend to the death your right to say it."’

Source: http://anonnews.org/?p=press&a=item&i=512

        At the same time websites like http://partyvan.info and http://insurgen.cc seem to advocate the use DoS attacks as part of their raids and in effect censor. Many of the sites affected may be businesses (like Scientology :)) and perhaps the use of these attacks is not viewed as being the same since it’s stifling commercial speech and not general private individual speech. Still, the view that “We count Beatrice Hall among our Anonymous forebears” does not seem to be a universally held tenet. Some anons may also think of DDoS using LOIC as little different than a sit-in and not something that should be illegal. I really can’t agree and think even sit-ins can be wrong if they interfere with others’ rights to engage in commerce with whom they wish. Public protest outside of the store front or on web sites however is AWWRIGHT.

        

To illustrate the varying goals of Anonymous, and the lack of there being anyone behind the wheel, lets look at a few past "Anonymous" actions (I’ve included videos where I can for the ADHD amongst us):

0. Habbo Hotel Raids
Basically they trolled the social network/game by showing up as an avatar that looks like Jules from Pulp Fiction, and tell people the
pool’s closed due to AIDS. Does that make sense? Probably not, but that’s ok because it was done for the lulz.

 

 

1. Go after some pedos (Chris Forcand for example)

 

2. Project Chanology
This was/is an attack on Scientology which all in all I've got to support in spirit, though I don’t condone all of the methods used. Anonymous went after Scientology, in part, because the cult engaged in censorship on the Internet regarding a Tom Cruise video about the “church”. Do a little research into Scientology and you will begin to see it is more of a business than a religion anyway.

 

 

3. Epilepsy Foundation Raid (Defaced the website with flashing items)

 

4. Operation Titstorm (protest over filter laws in Australia)

 

 

5. Hal Turner raids. While there are constant racist jokes on many chans, they still go after white supremacists as well. More on this in a bit. I could not find a good video for this raid, so here are some legal filings where Turner went after some of Anonymous’ hangouts:

http://dockets.justia.com/docket/new-jersey/njdce/2:2007cv00306/198438/

 

6. Wikileaks/Operation Avenge Assange/Operation Payback. At first ,Operation Payback started when some Bollywood companies hired the firm Aiplex Software to DDoS websites involved in what they saw as copyright infringement, and that ignored take-down notices. I’m not sure of what the laws are like in India, but this seems like a pretty questionable sort of business. In retaliation the idea was put forth to DDoS Aiplex, but someone beat them to it . Instead, they attacked groups they saw as being in a similar vein, like the MPAA. Eventually the operation moved to targeting firms that stopped doing business with Wikileaks. Before the next two videos, let me make a few notes on the Anonymous spokesman. I’ve heard the same voice in a few other “Anonymous” interviews; he speaks as if Anonymous is more cohesive than it really is and seems to think his Anonymous is THE Anonymous. The use of memes in his interviews works against his cause (yes, I’m being a hypocrite in this very paper, but I hope a funny hypocrite). The comments about not being likely to be caught are also kind of silly, though I suppose it is true that it would be a pain in the ass for a company to sue or sic the cops on everyone that uses LOIC on them. He also says DDoS is not malicious...huh? Derp.

 

 

There are two more slightly related videos I’d like you to see just to show that the group is not cohesive. In this video about Westboro Baptist Church, someone I believe to be the same spokesman as above seems to indicate unity in the group:

 

 

This guy, however, seems to get the Anon thing right and I would say he makes a far better spokesman for their goals:

 

7. HBGary Federal Hacks. Arstechnica has written a great explanation on how the intrusions happened so I won’t repeat those details. Aaron Barr made some noise about exposing people in Anonymous and Anonymous fired back. From the Aaron Barr leaks floating around the Internet, I really don’t think he was on the right track anyway, looking for a hierarchy that was not there. Yes, you can tell something about who associates with who via social network links, but let’s face it, adding a “Friend” on Facebook does not mean that much, especially if you are well known on the Internet.

 

 

8. OpLibya, OpEgypt, OpTunisia. These were/are operations to help protesters in Libya, Egypt, Tunisia and other places. Some of the techniques used have value, such as helping establish communications amongst protesters via non government controlled/less snoopable means and allowing unfetter access to the Internet that would otherwise be restricted. Other techniques seem rather pointless, like DDoSing government websites. For those that are helping people communicate without persecution and obtain unfettered access to the Internet, I salute your efforts. However in my opinion some people seem to over emphasize the role they play in freeing citizens in oppressive countries. To put it in my own Americancentric terms, you may be helping them obtain 1st amendment abilities, but without 2nd amendment abilities how successful can a revolution be?

 

 

 

At the time of this writing there were so many “Operations” going on that it was pretty hard to follow. If you want more details on these Ops, check out the Wikipedia entry on Anonymous or look them up on EncyclopediaDramatica. Just keep in mind, some series of events are pretty hard to follow when you are dealing with this sort of ad hoc organization, so be wary of coming to absolute conclusions. This goes for what I’ve said as well, I’ve just been trying to piece it together myself and could easily have details wrong.

With all of these disparate events, with seemingly unrelated goals, the question becomes, who speaks for Anonymous? Press releases on sites like anonnews.org can be made by anyone. Anyone can get on 4chan/7chan/someintegerchan/IRC and propose a raid or operation. For someone working under the banner of Anonymous to say someone else’s post is not really a message from Anonymous seems rather silly. It's hard to say when it’s the same people pursuing these different causes or different subgroups entirely. I suppose you could say “this group organized at Anonops.net” or “that one from PartyVan.net”, but even those are pretty loose affiliations and it’s hard to say how many people on those sites truly agree on what issues are important.

Categories of people who self-identify as Anonymous?

If defining Anonymous is like nailing jello to the wall, so is categorizing the people in Anonymous. A sociologist or economist might try to poll them, but you can’t poll a troll and expect useful results. That said, I’d like to mention at least four subgroups. But before I do, a quick warning for those that are thin skinned. Two things you may be able to generalize about Anonymous is that they hate to be told what they can and can not say/do/look at (political correctness be damned) and they love to troll. As mentioned before, in chan culture you may see a lot of racial and sexually oriented slurs slung back and forth. I’ve even seen people siding with Scientology use this as support for calling Anonymous a “hate group”. While I’ll agree it does work against them with various causes, just because some folks who self-identify with the group Anonymous use a slur or say something offensive does not mean that all people who use the label Anonymous hold that view. Even the person that uses a slur, or says something offensive, may not really hold the belief. People in the chan culture like to troll, to get a reaction out of someone, and using a racial slur or other offensive language is one of the easiest ways to accomplish this in the modern era. You will see plenty of examples of *tard this and *fag that. Now, with yet another dubious disclaimer out of the way, here are four subgroups I’d like to mention:

Moralfags

These are people who think that Anonymous should use its trolling power to accomplish something they see as a social good or to counteract some injustice. These people are also sometimes seen as corresponding to Newfags; changing the meaning of what it means to be a part of Anonymous.

Newfags

        These are people who are seen as new to the whole Anonymous/Internet culture scene.

Oldfags

        These are people who are seen, or see themselves, as having been in the culture for awhile.

Hatefags

Hatefag is the banner term for those that think the Moralfags are ruining the point of Anonymous: to boldly troll as no one has trolled before. Not everyone who self identifies as being in Anonymous sees the moral or political agendas as being something Anonymous should be about; Hatefags believe in the purity of the lulz. These people are also sometimes seen as corresponding to Oldfags and wanting to go back to the older meaning of Anonymous as it relates to being The Internet Hate Machine (use the Archive.org Wayback Machine to look at the old entries for Anonymous on EncyclopediaDramatica to see what I mean).

        

Of course, there would be disagreement as to the exact definition of what makes a person fall into any of these categories and there is no reason for someone not to consider themselves to be in more than one of the categories or none at all.

My point in this diversion? You have different sorts of people wanting to claim the brand of Anonymous, and their ideas are not always compatible. I’d like to paraphrase something Jason Scott said, but I doubt I’ll do it justice: Terms like hacker and biker, and their “true” definitions, are often claimed by different groups who, in the wild, would beat each other up. By analogy it’s sort of like Christianity, where some denominations say other denominations are not “real Christians”, but they certainly self-identify as such so who makes the final judgment (God for the Christians, Ceiling Cat for Anonymous I guess)?

Are there any common criteria for an attack?

        

If Anonymous is such a diverse group, are there any commonalities amongst their targets? I can think of a few, and the more of these traits that a target exhibits, the more likely they are to incur a raid or “Operation” .

1. Lulz potential: If it’s not funny, then it’s not much fun as a target. Moral issues may guide some, but it’s not as big of a draw for bringing in the masses.

2. Unwarranted Self Importance (USI): USI is almost an extension of Lulz potential. Who does not enjoy seeing the haughty laid low? This may in part explain the targeting of Aaron Barr/HBGary Federal. Reading some of the leaked emails, Aaron seemed to have some serious USI going on.

3. Censorship: As net users, anything that threatens how they can use the Internet and what materials they can exchange will irritate them.

4. Some moral issue: I really don’t think this is the major motivator some make it out to be, but it can bring some people in and help them avoid troll's remorse even if they really don’t care about the moral issue. Self-justifications are wonderful things. While the quote below was targeted at governments, I think it may apply to anyone with a social cause or moral axe to grind:

"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis

Beyond those four motivations, it’s hard to say who might be targeted. If all this is the case, what is the best way to think of Anonymous? I like to think of it as a cyber-lynch mob where someone says “get a rope”, and if there is enough interest, a new raid/attack/operation begins.

A thought before the closing: Will there be infighting?

I sometimes wonder if people who self-identify as Anonymous will start attacking each other over USI, ideological differences, and for the lulz. I’ve mentioned the spokesman before that seems to think his Anonymous is THE Anonymous, but this news video is an even better example:

 

If you give your name (Barrett Brown), are you really part of “Anonymous”? Also he calls himself a senior strategist for Anonymous? Now that is some serious USI! Some seem to indicate that NBC overplayed his his claims of authority in Anonymous, and that Barrett did not make them himself, but still he comes off bad.

Now that I think about it, some parts of Anonymous have started attacking other’s who might self-dentify as Anonymous:

http://anti-vigilante.blogspot.com/2011/03/pax-paranoia-2011-2-to-anons-who-pwnd.html

Then again, Magnanimous may not self-identify as Anonymous so this is questionable. A better example may be Backtrace security. Hubris and A5h3r4 once self-identified as being part of Anonymous, but have since expressed interest in exposing other Anons. They even seem to be trying to form a business around it, which quite frankly seems opportunistic in riding the Anonymous hype machine. The Gawker article indicates that Backtrace says there is a leadership of sorts in Anonymous, but they seem to be referring to the AnonOps faction. The folks at Backtrace seem to miss the fun loving, non-cause oriented, slightly nihilistic Anonymous of old. Now it seems Backtrace is dropping dox on AnonOps, and AnonOps is dropping dox on Backtrace, but I have huge doubts about either set of names being accurate. It could all be one large troll.

In the past part of the point of being Anonymous was to truly be without a name, some in Anonymous even referred to those who signed posts with handles or tripcodes as namefags. Now with the attention of being in the news some who self-identify as Anonymous seem to want to have a name for ego gratification. With handles like Hubris, A5h3r4 and Metric on one side, and Sabu, Kayla, Laurelai, Avunit, Entropy, Topiary, Tflow, and Marduk on the other, no one seems to be Anonymous but instead are pseudonymous.

TL;DR Version

My point in a nutshell is: Anonymous is not really a cohesive enough group to make definitive statements about and unfortunately even that is a definitive statement. I have a hard time even calling Anonymous a "group", but I lack a better term that is not a sentence with many caveats. Basically what Anonymous comes down to is this: Cyber-lynch mobs that are organized via the Internet, who share the common meme of “Anonymous“, where a few people say "hey let's do this", and those of like mind go do it while the others sit it out and post lolcat pictures on 4chan.

Links for more information:

The Wikipedia article gives an OK run down on how to define the group:

http://en.wikipedia.org/wiki/Anonymous_%28group%29

But this one may be more accurate:

http://encyclopediadramatica.com/Anonymous

Want more information on “chan culture” or some term I used in this article? Here is the site for you (NSFW):

http://encyclopediadramatica.com/

Want to visit some raid boards?

http://partyvan.info

http://insurgen.cc

th3j35t3r is worth checking out also, though he is not Anonymous but pseudonymous :)

http://twitter.com/#!/th3j35t3r

And generally speaking, th3j35t3r doesn’t get along with Anonymous:

http://th3j35t3r.wordpress.com/2010/12/30/message-to-anonoops/

Interesting site for Anon related news, but always remember anyone can post as Anonymous:

http://anonnews.org/

Another possible subgroup with some rejection and infighting from the other parts of Anonymous:

http://twitter.com/#!/antivigilante

http://anti-vigilante.blogspot.com/

I have to do some more research, but some screenshots in news postings seem to come from collaborative writings hosted using sites running Etherpad. Unfortunately, the news sites have been cutting out the URLs, but I think I found some examples you can look at:

http://pad.bearstech.com/IRC-Intro

http://piratepad.net/operationPAYBACK

http://piratepad.net/xG3wXuXhYr http://piratenpad.de/opgreenthumb

http://piratepad.net/hbgaryinfo

The Anonymous Care Package is worth looking at, with some nice primers on staying  “Anonymous“ online while participating in an Operation:

http://www.mediafire.com/?sl6r8tj0raz6aj7

This is a good place to go if you want to understand Chanology and the Internet’s beef with Scientology:

http://www.whyweprotest.net/

Anonops seems to be the closest to an organized faction out there involved in non-Chanology related activities. I believe this is the subgroup Aaron Barr screwed the pooch with. Definitely check out their IRC network to see Operations in the making, but use a proxy or I2P (Tor exit points seem to be blocked) and register your nick to be able to see more of the channels:

http://anonops.net/

And of course, the hive of scum and villainy on the Internet... oh how I love it:

http://www.4chan.org/

Thanks to Geordy Rostad, Adrian Sanabria, Rick Hayes, RD and the ISDPodcast crew for proofreading and making suggestions.

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast