Crude, Inconsistent Threat: Understanding Anonymous Adrian Crenshaw (Hacking Illustrated Series InfoSec Tutorial Videos)
Crude, Inconsistent Threat: Understanding Anonymous
Central Ohio InfoSec Summit 2011
Text from slides:
Crude, Inconsistent Threat: Understanding Anonymous
Since I have a name, Im not Anonymous
I run Irongeek.com
I have an interest in InfoSec education
I dont know everything - Im just a geek with time on my hands
(ir)Regular on the ISDPodcast
This may not be the talk for you.
Im not the one that came up with the terms in use.
Some terms seen in Chan culture you may find offensive.
Still, they are useful terms to know when you read Anonymous items in
Intended to define Anonymous (roughly)
Not intended to condemn nor promote, but just to help folks understand
"cyber-lynch mobs" and perhaps their security ramifications
Mostly Im just tired of hearing the news get it wrong concerning the nature
of the organization
Confusion over what Anonymous is
News reporters have written a lot about a "group" referred to as Anonymous
The thing is, its more of a meme than a group
People in the news refer to:
Official press releases
Though there are what could be considered subgroups
The thing is, anyone can be Anonymous
What and who is Anonymous?
Not really a group, more of a shared label, or meme
This causes big league attribution problems
There are some sub-groups of a sort
Unifying principals (if any):
Do it for the lulz.
Internet censorship is bad.
Don't hurt cats.
Silly, but Ill explain more
What is a meme?
A meme is basically an idea that is easily transferable from one mind to
another. Think "catch-phrases". Memes are created when a large group of users
come to identify with a particular image or slogan. Their continued [mis]use
will bring about the destruction of the universe.
Over 9000, the game, LOLCats, etc.
Unclaimed posts on image boards are marked as Anonymous
Over time the meme developed that Anonymous was a real person/group
Change over time
Check out changes over time via archive.org
No real leader
Resource owners may have more influence however
May be able to say this subgroup organized via 4chan/Partyvan.info/Insurgen.cc/AnonOps
Popular causes may become larger
Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel
posts hey, this is wrong/messed up/has lulz potential. I think we should give
Those that agree follow suit with sometimes vague details given as to their
intentions and tactics.
Lulz ensue or they dont.
If Lulz ensue, go back to step two and see if more people join the action.
Lose interest because of attention deficit or the target seems thoroughly
Dropping someone's docs (doxing or other spellings)
This could also be family members
In Real Life (IRL) pranks using the information above
Unwanted pizza delivery
Defacing of websites or social network profile pages to embarrass and annoy
Denial of service attacks: Sometimes referred to as bandwidth raep depending
on how they are done. Some see DoS as equivalent to a sit-in
Going no where
Not all raids/ops get off the ground
Not your personal army/Lurk moar
Lack of interest
Ways of organizing
Raid boards /i/
Also done on /b/, but very ephemeral
AnonOps IRC Network
Edit pads and paste boards
Some blocking issues
Not necessarily 1337 h@c3r dud3$
Some have skills
Some just use DoS tools to feel like they are participating
Some just like to yell loud on social media
Primers for the noobs
Nothing too special
DoS tools (and Mail Bombers)
BWRaeper.NET, LOIC, PyRAEP, Longcat Flooder, Slow Loris
Collection of tools in a (zip/rar) jpg
Anonymous Care Package Light
Beware of trojaned tools if you do research
Some Darknet use
A few more notes on DDoS
LOIC In Hive Mind Mode = Self selecting botnet
Seen as a virtual sit in?
Title 18, U.S.C. Sections 1030(1)(5)(A)(i) and 1029(a)(3)
IP is obvious, hope that number mitigate risk
Cant really use proxies for it
Free speech issues
I support freedom of expression, no matter whose, so I oppose DDoS attacks
regardless of their target, he said. Theyre the poison gas of cyberspace. ~
John Perry Barlow
A few past raids
Do you see a connection?
Habbo Hotel Raids
Trolled the social network/game by showing up as an avatar that looks like
Jules from Pulp Fiction
Go after some pedos (Chris Forcand for example)
This was/is a protest agains Scientology for various censorship tactics and
the way they treat members of the Church
A few others
Epilepsy Foundation Raid
Defaced the website with flashing items
Protest over filter laws in Australia
Hal Turner raids
ACS Law (Related to OpPayback)
Wikileaks/Operation Avenge Assange/Operation Payback
Bollywood companies hired the firm Aiplex Software to DDoS websites involved
in what they saw as copyright infringement, and that ignored take-down notices.
In retaliation the idea was put forth to DDoS Aiplex, but someone beat them to
it . Instead, they attacked groups they saw as being in a similar vein, like the
MPAA & RIAA.
Eventually the operation moved to targeting firms that stopped doing business
HBGary Federal Hacks
Aaron Barr made some noise about exposing people in Anonymous and Anonymous
Find SQL injection flaw in homebrew CMS.
Dump passwords hashes and crack them.
See if many of the same passwords were used on mail system (they were).
Some local privilege escalation.
Send some Social Engineering emails to gain further access.
OpLibya, OpEgypt, OpTunisia
Helping establish communications amongst protesters via non government
controlled/less snoopable means
DoSing government sites
Way too many other Ops to even mention.
Some blocking issues
I have my stereotypes, but hard to know for sure
You cant poll a troll
My general thoughts/observations?
(based on time and humor)
Middle class to well off
(have and Internet connection)
Black and White thinking
Another word for those who are easily offended
Two things you may be able to generalize about Anonymous:
They hate to be told what they can and can not say/do/look at (political
correctness be damned)
They love to troll.
It takes more and more to offend people these days
but various slurs still do the trick
You will see plenty of examples of *tard and*fag type names
This is how people refer to themselves and others in the culture
Some folks have used this to label them a hate group, but thats really not
Categories of people who self-identify as Anonymous?
As with any label, there will be disagreement as to who is what
These are people who think that Anonymous should use its trolling power to
accomplish something they see as a social good or to counteract some injustice.
These people are also sometimes seen as corresponding to Newfags; changing the
meaning of what it means to be a part of Anonymous.
These are people who are seen as new to the whole Anonymous/Internet culture
Terms for categories of people who self-identify as Anonymous?
These are people who are seen, or see themselves, as having been in the culture
Hatefag is the banner term for those that think the Moralfags are ruining the
point of Anonymous: to boldly troll as no one has trolled before, not causes.
These people are also sometimes seen as corresponding to Oldfags and wanting to
go back to the older meaning of Anonymous as it relates to being The Internet
Those who choose to use a name/handle instead of truly being anonymous.
My point in this diversion?
Id like to paraphrase something Jason Scott said, but I doubt Ill do it
Terms like hacker and biker, and their true definitions, are often claimed
by different groups who, in the wild, would beat each other up.
Like religious denominations: When one faction says some other is not the real
Anonymous, who is to decide but ceiling cat?
Hey, we did not do it!/Hey, maybe one of us did!
Westboro Baptist Church
Are there any common criteria for an attack?
Moral issues may guide some, but its not as big of a draw for bringing in the
Unwarranted Self Importance (USI):
Some moral issue
Avoid troll's remorse even if they really dont care about the moral issue.
Self-justifications are wonderful things.
Other future possibilities
Infighting over USI?
Backtrace is dropping dox on AnonOps
AnonOps is dropping dox on Backtrace
Ryan/Owen and AnonOps.ru/net/in
Use as cover?
Can you really be a part of Anonymous if you are not anonymous?
Lots of handles/names seem to be used now.
Anonymous is not really a cohesive enough group to make definitive statements
Basically what Anonymous comes down to is this: Cyber-lynch mobs that are
organized via the Internet, who share the common meme of Anonymous, where a
few people say "hey let's do this", and those of like mind go do it
while the others sit it out and post lolcat pictures on 4chan.
Links and resources
Central Ohio Infosec Summit for having me
By buddies from Derbycon and the ISDPodcast
DerbyCon 2011, Louisville Ky
Sept 30 - Oct 2
Printable version of this article