Cognitive Dissidents

Fact vs. Fiction? we see what we WANT to in Anonymous - (Artwork by Mar - sudux.com)

Part 2: Fact vs. Fiction

By Josh Corman & Brian Martin

2011

If you are new to this series, please begin with Part 0 and the index. You may also recognize the above ink blot from a short post in November (which has several comments worth reading).

NOTE: We will post each installment here for the security industry to garner feedback for about one week prior to posting to Forbes.com and a more mainstream and business readership. Please comment toward improving/clarifying the content.

The story of Anonymous is interesting. Some of the activities and exploits of the “group” are surely entertaining. As such, the media tends to run wild and loose with fact, injecting a healthy dose of fiction along the way. With as much truth as fiction in the news, it makes it difficult to understand and accurately portray such a group. It skews our perception of Anonymous’ activities and goals. Reporting with a lack of information or perspective is often just as big a disservice as reporting inaccurate information.

After our DEFCON 19 Panel “Whoever Fights Monsters…”, we had several intense discussions with many attendees and even some self-identifying members of Anonymous. While there were many take-aways, our biggest was that one of the reasons our collective narrative is so far off base is due to a bit of a Rorschach effect. We see in Anonymous, what we want to see. We project. Our narrative says more about us than it does about them. Just because we may want them to be “demonstrating insecurity in order to catalyze better security”, doesn’t mean that’s what is driving them. In fact, there isn’t even one singular, monolithic motivation or cause – and that is one of the next points.

With that, we examine some of the myths and fiction surrounding Anonymous. Anonymous is surrounded in contradictions and represents a paradox. Exploring the paradox is part of the dialogue, as contradictions are inherent in the subject matter.

Fact or Fiction: Leadership and a Defined Group

Anonymous is a loose collective with no membership roster, not a monolithic group. One could say it is an “idea”, but even that is incorrect, as it is a collective of ideas. Without structure, without a roster, without leadership, how can a collection of people even be called a group, let alone affect change? Despite that they call themselves a group, and by definition they are one. They assemble under the banner and ideal of Anonymous. What exactly that is, is hard to nail down. The idea of such a nebulous group that can usually work together to achieve a goal is a foreign concept to most people. For law enforcement, who is already struggling to break away from the mindset that digital criminal organizations are like the Mafia, Anonymous represents an entirely new paradigm.

To add even more confusion, Anonymous may have equally undefined sub-groups; people who associate with Anonymous, but only to participate in a specific cause or action. These pockets have different backgrounds, different motivations, and different levels of involvement. When people seem surprised that Anonymous did this or that – that it may be “out of character for them” – this is often due to the fact that they assign a singular, cohesive persona and timeline to one group – when reality is more of a morphing plurality of parties and interests. Commentary from the group mentions a hive mind, or collective consciousness in psychology. Using IRC and Twitter, the group gathers like-minded individuals for operations and they effectively become a cell of the group.

Take for example the recent attack on Stratfor by Anonymous. The initial news reports credited the attack to Anonymous, as the hack and defacement of the Stratfor web page was signed Anonymous. Shortly after, an “Emergency Christmas Anonymous Press Release” was released claiming the attack was not the work of Anonymous. A day after that, another release appeared once again taking credit as Anonymous. This back-and-forth credit game perfectly punctuates the problem with such a decentralized group.

Anonymous is less of a cohesive singular personality than it is a brand or a franchise – which can be borrowed by anyone – and it has been. “Anonymous is not Unanimous”. This introduces complications for the group, when anyone can claim involvement and then tarnish the brand. This can be used by a bored person or a more organized subversive group that seeks to undermine Anonymous.

Family Tree courtesy of Eric Limer - click for his full piece

More importantly, there has been at least one splinter group, LulzSec, that formed from Anonymous. A month after splintering, LulzSec and Anonymous announced that they “made up” so to speak, and fully support each other. With multiple groups operating and focusing on different goals, while still not having a defined roster, the question of membership becomes more important. This becomes evident when a journalist must qualify an interview in the headline: Our ‘Possible’ Interview with a Member of LulzSec. The first part of the article further articulates the confusion:

DataDoctors First question: How do we know that this is really a LulzSec account and not a wanna be fan?

Lulzsec: We do not represent the twitter voice of LulzSec. We are the original founders.

Further updates to the article indicate LulzSec denied this person is legit, while the interviewee insists they are part of a splinter group of LulzSec. Regardless, the one thing that is abundantly clear is that leadership appears to be in short supply. Despite that, there is some sense of leadership, as hundreds, if not thousands, of members can mobilize to achieve the same goal. Temporary thought leaders can emerge on designated IRC channels. Anyone can take up this title by being in channel and making an argument that people want to follow.

Fact or Fiction: Hacktivism is New

Digital or Internet activism is the use of technology to facilitate a group of people to more effectively communicate over large distance in order to effect some form of change. When one of the methods used to this end is hacking (generally accepted as committing some form of computer crime), the term “hacktivism” is used. Anonymous has used hacking as a vehicle to expose private information they felt should be public.

Hacktivism predates Anonymous by a decade a more. Perhaps the first documented instance comes from 1989, when a malicious worm called “WANK” was used to protest nuclear weapons. According to Wikipedia’s timeline of hacktivism, the first incident of hacktivism not involving self-replicating software was the “Intervasion of the UK orchestrated by a group called the Zippies on Guy Fawkes Day”. While unrelated to the group Anonymous, the coincidence of it occurring on Guy Fawkes Day is certainly interesting.

Not all hacktivism involves illegal activity. The legitimate use of technology to gain access to information from diverse sources and piecing it together can often appear to be the result of hacking. Using open-source intelligence (OSINT) to piece together details, it is possible expose a wide range of information that may not have been thought of as public, despite being available to anyone that looked for it. This activity historically took the form of “doxing” (document dropping), an old practice of exposing detailed personal information about an individual such as name, phone number, address, or relative names. Primarily used as a threat or indirect attack, exposing a person conducting illegal hacking in such a way can assist law enforcement in apprehending the person. However, by publishing information on people in sensitive positions (e.g., law enforcement that may be undercover) or persons wishing to stay out of the spotlight (e.g., political donors), “doxing” can be used by activists in a similar manner.

Fact or Fiction: A Force for Good

A fundamental trait of many original Anonymous is their desire to do good. The group’s actions are born out of a sense of righting wrongs and combatting injustice. There is an ethical delimna when achieving goals in pursuit of good require breaking the law, but it is one the group sees as a necessary evil. Despite good intentions, some of the group’s activities are certainly questionable, while others are clearly misguided and do more harm than good.

In early December, 2011, Anonymous drew criticism for “OpRobinHood”, an operation intended to steal from the rich and give to the poor. This idea was great in theory, but many suspected it would end up hurting the common people, not banks or big corporations. This was put to the test when credit cards pilfered from the Stratfor hack were used to donate to several charities. Instead of helping charities, the fraudulent transactions are being returned. Not only did the money not end up helping the charities, the misguided attempt to help ended up causing them administrative overhead in trying to make things right. Worse, at least one charity said they are charged $35 for each fraudulent transaction and pleaded with Anonymous not to make any more donations. The full story and operation have yet to play out, but early signs show that things are more complex and more cleanly ‘good’ in practice, than in theory.

Ultimately, in attempting to help the poor and needy, Anonymous has hurt both charities and common people. The credit cards taken from Stratfor were not corporate cards tied to faceless businesses. They were mostly personal credit cards of average citizens, including some that had to close their accounts and did not have the money donated. The banks will likely not absorb the cost of the fraudulent transactions. Rather, they will pass the costs around to merchants in the form of additional fees. This may in turn lead to an increased cost of service as merchants pass the costs down. In the end, Anonymous may have robbed from the poor, not the rich.

Fact or Fiction: Anonymous and LulzSec Make you Vulnerable

The classic phrase, “don’t shoot the messenger” must be remembered. While it takes a criminal to break into your system and cause some form of mischief, that person did not make your system vulnerable. They merely exploited the vulnerabilities that were already present. Either through manufacturer defect or misconfiguration, the system has weaknesses before the hacker attackers. The private information that is being exposed by groups such as Anonymous and LulzSec was being stored on systems with inadequate protection.

Members of LulzSec have claimed their activity was based on showing that the emperor has no clothes. Subsequently, LulzSec believes they have revived the Antisec Movement, focusing on general insecurity, where the original movement was based primarily on exposing problems with security companies and professionals. Others following in the footsteps of LulzSec fomented the Antisec Movement by attacking not only security companies, but any other company they found to be vulnerable.

Fact or Fiction: Anonymous and LulzSec are a Terrorist Organization

Until recently, most media outlets and victims of Anonymous’ actions have labeled them a nuisance or criminals. With the publishing of the Arizona Department of Public Safety confidential documents, Jimmy Chavez, president of the Arizona Highway Patrol Association, went one step farther by labeling them a terrorist organization:

“They don’t need any additional pressure on them from a — let’s just call it what it is — a terrorist organization.” — Jimmy Chavez

Noted privacy researcher and advocate Dissent once commented, “It was a Class C misdemeanor when an AZ state employee revealed PII that endangered others, but when @LulzSec did it, it’s ‘terrorism?’” Chavez’ labeling either group a “terrorist organization” is disingenuous and self-serving at best, as Anonymous / LulzSec’s activity certainly don’t fit the definition of terrorism. Increasingly aggressive acts against policy makers and law enforcement will certainly invite the term ‘terrorist’, even if it is misapplied. In addition, given the diverse nature of the group, many members or people that identify with Anonymous have morals that would preclude them from staying involved if they thought they were close enough to even be mistaken for “terrorism”. Further, such a brand would work to counter their objectives and movement.

Fact or Fiction: They Are Not Moral

Cries that Anonymous is not legitimate in the activism movement because of a supposed lack of morals are shortsighted. It simply does not matter if you feel they are moral or not. Their activities are not about your morals or values. Ethics are a secondary thought at best; if Anonymous feels that a specific action will have the desired result, they act based on their perception of the greater good. It is clear that to many involved, the ends justify the means. In other cases, for some members of Anonymous, the real-world consequences for their digital activity may not be fully realized.

As previously covered, the notion that such a group adheres to any one set of beliefs, morals or code of ethics is wrong. With a large, nebulous, diverse group such as Anonymous, we must also consider that decisions are unlikely to be made according to any one person’s sense of morality (more on this later), making it difficult to ascribe an ethical standard to the group as a whole. There are simply too many factors at play and too many individuals affiliated with the group to ascribe a binary value of “yes” or “no” to the question of Anonymous’ morals.

Fact or Fiction: The Concept of “Organized Chaos” is Absurd

As people try to wrap their head around the concept of such a fundamentally different group, conclusions are reached that seem contradictory. The idea that a group or idea can be “organized chaos” appears to be an oxymoron, yet it certainly applies. The loose structure, lack of central leadership, diverse objectives, and wide range of tools at their disposal speak to this. They are certainly organized, as demonstrated by the BART protests. They are also most assuredly chaotic, practicing a form of civil disorder that borders on general chaos.

The concept that organization and logic can be found in chaotic situations has been studied and falls under the category of a complex adaptive system. Both Murray Gell-Mann and Kevin Dooley write about the topic as it applies to a variety of systems, including socially. Dooley writes:

Contingency theory states that an organization structures itself and behaves in a particular manner as an attempt to fit with its environment. Thus organizations are more or less complex as a reaction to environmental complexity. An organization’s environment may be complex because it is turbulent, hostile, diverse, technologically complex, or restrictive. An organization may also be complex as a result of the complexity of its underlying technological core.

Applying this to Anonymous is fitting and revealing.

Fact or Fiction: They Believe in Anonymity

As their name suggests, the group certainly cherishes their own anonymity. With some of their actions crossing moral and legal lines, anonymity becomes a protective blanket to keep them running afoul of the law. However, there is a flip side; many affiliated with Anonymous do not believe in the anonymity of the people they expose. This can be seen in their leaking of BART police information, leaking Booz Allen email and logins, and Arizona law enforcement information leak that included officer and confidential informant information. During our feisty DEFCON Q&A, David Etue posed this to the Anons participating in the exchange:

“There is something paradoxical about a group that promotes transparency, but isn’t transparent themselves; and believes in anonymity, but negatively impacts the anonymity of others. How do you resolve your values and operations?” — David Etue

This is further exacerbated when Anonymous claims to fight for the people, yet performs actions that directly hurt the common person. Leaking databases full of consumer information surely teaches a company a lesson in security, but does so in a manner that yields a high amount of collateral damage. Leaking the personal information about police officers and their family makes a point, but does not fight corruption or the relatively small number of “bad apples” in police departments. This not only belies a cognitive dissonance, but may also hint at the presence of less noble/righteous participants – and even psychopathy within the group.

Fact or Fiction: Anonymous Supports Free Speech & Civil Liberty

On the surface, this is most assuredly true. Looking deeper, there appears to be a lack of understanding of causality that could drastically impact both free speech and civil liberties. Legislators have a history of introducing new laws as part of a knee-jerk reaction to a high profile negative incident. If Anonymous continues to break the law to achieve their goals, they risk legislators replying the only way they know how; more legislation. In doing so, the risk of sweeping laws being enacted that are poorly considered is high. This could lead to new laws that limit free speech, suspend or restrict civil liberty, and take away freedoms we currently enjoy. As one of the authors remarked at DEFCON and elsewhere,

When threatened… powerful, uninformed people make powerfully uninformed decisions.

If Anonymous continues in the same fashion as they have for years, what will the group say when a “Cyber Patriot Act” modeled after the Patriot Act or “Cyber Neo-McCarthyism” is enacted as a direct result of their actions?

Fact or Fiction: Disinformation Cuts Both Ways

With such a radical shift from a classic activist group, the level of inaccurate or misleading information is immense. The disinformation we see about Anonymous and their actions come from a variety of sources, including the media, analysts, law enforcement, chaotic actors (that may or may not associate with the group) and Anonymous themselves.

Law enforcement and media are consistently contributing to a campaign of disinformation, often times without realizing it. As we see more frequent articles announcing the “bust of # members of Anonymous”, it gives the perception that law enforcement is making steady progress fighting the group. In addition, it is easy to read into such articles and believe that they are “key” or “core” members of the group. In reality, they may be casual members, sympathizers or completely unaffiliated with the group. Regardless of their affiliation, once the announcement is made, they are branded as such and the world is rarely exposed to a correction or follow-up with details. The articles that claim “Topiary of LulzSec busted” or “Commander X taken down” also call into question the ratio of persons to handles. What if multiple people assume the same name, just as they assume one name as a group?

There are an increasing number of people that consider themselves ex-Anonymous. For a variety of reasons, they no longer identify themselves as part of the group. For example, “SparkyBlaze” quit the group leaving a missive behind focusing on Anonymous removing innocent peoples’ right to stay anonymous themselves. In a few cases, the persons will stay involved to some degree. For example, Gregg Housh no longer identifies with the group, but calls himself an observer of the group as he maintains a timeline related to Anonymous. Another person that is involved, but from a slightly removed stance, is St4rFox (Twitter feed now gone), who has talked about his involvement in running a site to train would-be Anonymous members on hacktivism and hacking, titled Operation NewBlood. Both of these individuals call to question if they are part of the group as a fringe element, members of the group that are attempting to manage public perception, or simply acting as sources of information and disinformation as is convenient.

With dozens of Twitter feeds likely operated by twice as many people, the level of accuracy and trustworthiness of the information being broadcast by Anonymous is questionable. With so many sources of noise about the group, for example Joseph Black and his creating confusion with wild claims, it becomes hard to find the signal. Finally, there are an unknown number of actors that are influencing, or attempting to influence, perception of the group such as a supposed Federal Bureau of Investigation (FBI) psychological profile of Anonymous that was later determined to be fake. Additionally, private citizens, some with an apparent motive to profit, have been attempting to infiltrate their ranks.

Anonymous: A Visit from Rorschach

This isn’t a case of fact versus fiction, this is a simple truth about human nature and perception. We project our own desires, fears and love on others, and Anonymous is no different. Anonymous is a real Rorschach test, helping us discover what we see in the group day to day. Yes, day to day because perception changes quickly, and what we see in the group can change just as quickly. Early on, one author of this article saw Anonymous as “light gray hats demonstrating insecurity to catalyze security”. Over time, that opinion changed as more activity occurred and Anonymous matured.

Many sympathetic to Anonymous see them as a group of Robin Hoods, hitting the rich and powerful in the name of the oppressed people. Some analysts see them more as the Joker, a purely chaotic actor that wants to see the world burn. Others romanticize the group, seeing the greater good they hope to accomplish, falling in love with the anti-hero ‘V’. This projection and perception says more about us than it does about Anonymous. In short, we see what we want to see in the group.

In the next installment: “How We Got It All Wrong”.

Copyright 2011 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic courtesy of Mar - sudux.com.

Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.

Expect Anonymous Fight Club Soap (Artwork by Mar - sudux.com)

Part 1: Introduction & Approach

By Josh Corman & Brian Martin

2011

If you are new to this series, please begin with Part 0 and the index.

NOTE: We will post each installment here for the security industry to garner feedback for about one week prior to posting to Forbes.com and a more mainstream and business readership. Please comment toward improving/clarifying the content.

Why Write This & Operating Parameters

As we sit here to write this in October and November of 2011, we’d like to render a few things explicit. As objective observers, we’ve seen the rise of Anonymous and other chaotic actors as both intriguing and “of consequence”. We’ve also seen very little in the way of what we’d call “insight” or “understanding” toward the evolution of the “group(s)”. Those who are publicly speaking don’t seem to “get it”. Those who seem to have insight are frequently unwilling (and in many cases afraid) to speak.

So with natural curiosity, we have attempted to ask questions, engage in dialectic, apply logic and analysis, and see if other willing minds can’t nudge the conversation forward in useful and non-confrontational ways for the benefit of all. As the group(s) continue to morph and evolve – and as our comprehension (hopefully) improves, this will clearly re-cast the content of what you will read throughout these articles. We will attempt to capture thought at this time – and when necessary, we may adjust/augment/update against this point-in-time content.

Operating parameters of this series:

• We are not now, nor have we ever been, members of Anonymous
• We have not joined any IRC rooms affiliated with Anonymous
• We are not seeking to “break” any story, but rather to logically analyze events as they unfold and to anticipate likely future scenarios and developments
• We are not seeking to identify or investigate individuals, but rather to understand broader attitudes and motivations
• By writing this article, we are not endorsing or denouncing Anonymous

Anonymous Background

Unstructured and nebulous, a group called Anonymous, born in the trenches of virtual trolling, has become a household name based on a reputation of civil disobedience and digital activism. They are a wildly diverse and unpredictable group, one that takes up arms to fight a varied collection of causes, while having no stated charter or organizational chart. Despite these seemingly limiting traits, Anonymous has flourished and become a force to be feared or respected, but not reasoned with.

Many people believe they know the history – but “which one?” The history of Anonymous is just as murky as trying to define them. The very brief history we present below could be thought of as a commonly accepted history. However, a similar history claims the background is more wrong than right. Gregg Housh, a former Anonymous member who now observes the group, has put together a considerably more thorough “chanology timeline” that attempts to chronicle all events related to Anonymous.

Formed in 2003, Anonymous was born out of a community / forum known as “4chan”, with a subset message board called “/b/”. Gawker wrote a concise summary of these boards and other 4chan affiliated projects, to better explain the origin of today’s Anonymous. Widely perceived as putting their attention and power toward a greater good only in the last three years, Gawker notes that previous pranks may have begun to show their ‘good’ side much earlier. Based on the concept of an anonymous community that became a shared collective identity, the Anonymous name gained international attention in 2008 for Project Chanology, a coordinated fight against the Church of Scientology. Years before Project Chanology, between 2006 and 2007, Anonymous demonstrated that they were heading down a path of righteousness with several high profile activities. In subsequent years, the group continued activities that garnered mainstream media that demonstrated the concept of digital activism, sometimes based on illegal hacking activity.

Anonymous activities in 2011 have helped them become a household name, covered by all types of media and gaining increased attention from law enforcement and pundits. Security firm and government contractor HBGary Federal angered Anonymous after claims that they were working with the FBI to unmask key Anonymous members, resulting in more than 60,000 private e-mails of CEO Aaron Barr and other employees being published. In response to Sony suing Geohot (aka George Hotz), Anonymous launched a Distributed Denial of Service (DDoS) against the corporate giant, resulting in Sony blaming them for subsequent attacks they had no declared part in, which were numerous. Banking giant Bank of America dealt with Anonymous when they released internal mails that claimed to prove corruption and fraud. “Operation Anti-sec” was (re)born, with the Anonymous splinter group LulzSec teaming back up with their parent group to protest a list of government transgressions by breaking into numerous sites ranging from the Arizona Department of Public Safety to The Times to the Fox News Twitter Account. One of the most recent attacks after our DEFCON 19 panel was launched against the Bay Area Rapid Transit (BART) after the death of BART passenger Oscar Grant, leading to BART customer information being exposed and increased calls for protests. These activities, and more, have resulted in the group being perceived as more dangerous as well as more effective.

Understanding Anonymous

It is not easy to claim understanding of a group so diverse as Anonymous. At best, one can attempt to understand some of the fundamental principles and ideas that motivate some, but not all, members. There are several articles that attempt to display this understanding, written from a variety of perspectives (and possibly involvement). For example, Adrian Crenshaw wrote “Crude, Inconsistent Threat: Understanding Anonymous“, in which he discusses the motivation and organization of the group. Josh Corman, co-author of this article “ has previously written about the topic“. Cole Stryker has even authored a book on the topic, titled “Epic Win for Anonymous: How 4chan’s Army Conquered the Web“. One thing should remain clear; no one person will ever fully understand Anonymous beyond the broad influences.

Throughout their history, Anonymous has exposed weakness and vulnerabilities in a wide variety of social and technical systems. In doing so, the group has been demonized unfairly by a wide range of people including the media and law enforcement. One fundamental truth that seems to escape many observers is that the vulnerabilities were already there. Anonymous just brought them to the public’s attention. In crying for the heads of Anonymous, we are effectively shooting the messenger bearing bad news. Gene Spafford, from the Center for Education and Research in Information Assurance and Security (CERIAS), summarized the underlying issue that is absolutely critical for everyone to understand:

“First, if a largely uncoordinated group could penetrate the systems and expose all this information, then so could a much more focused, well-financed, and malevolent group – and it would not likely result in postings picked up by the media. Attacks by narcotics cartels, organized crime, terrorists and intelligence agencies are obvious threats; we can only assume that some have already succeeded but not been recognized or publicized.” — Gene Spafford

Anonymous Zeitgeist in Popular Media

For those who wish to avoid the laborious task of trying to define a chaotic and disparate group, there are several pop culture leanings that may help paint the group in a very broad stroke. These media references are based on Anonymous’ actions and the authors’ interpretation of their activity and writings.

V for Vendetta by Alan Moore

Due to the adoption of the Guy Fawkes mask as a symbol of the group, perhaps the most popular pop culture reference would be Alan Moore’s V for Vendetta. Toward the end of the movie, the protagonist V outfits thousands of citizens in a black cloaks and Fawkes masks to create an anonymous army of sympathizers fed up with the totalitarian government. This scene is perhaps the ultimate symbolism for the group as we know it; an army of oppressed citizens finally fed up with an abusive regime that has stripped them of privacy, civil liberty and ultimately power.

Fight Club by Chuck Palahniuk

Chuck Palahniuk’s Fight Club touches on broad leanings of Anonymous members. The idea of a near cult-like group engaging in diverse projects under the names ‘Project Mischief’ and ‘Project Mayhem’ certainly draws parallels to Anonymous. Members of the group determine their own level of involvement, a strong theme of Anonymous. Ultimately, tapping into the latent frustration of members, eloquently summarized by Tyler Durden (Brad Pitt) in the movie adaptation:

Man, I see in Fight Club the strongest and smartest men who have ever lived. I see all this potential, and I see it squandered. Goddammit, an entire generation pumping gas, waiting tables, slaves with white collars. Advertising has us chasing cars and clothes, working jobs we hate so we can buy shit we don’t need. We’re the middle children of history, man; no purpose or place. We have no Great War, no Great Depression. Our Great War is a spiritual war. Our Great Depression is our lives. We’ve all been raised by television to believe that one day we’d all be millionaires and movie gods and rock stars. But we won’t; and we’re slowly learning that fact. And we’re very, very pissed off.

Watchmen by Alan Moore

Another Alan Moore graphic novel, The Watchmen, highlights several aspects of the Anonymous collective; post-modern anti-heroes willing to do evil things to avoid a greater evil, a cast of characters confront and challenge both morality and alignment, redefining the popular concept of heroes embodying good. One of the running themes throughout the novel is the idea of “who watches the watchmen?”

The Dark Knight

The Dark Knight introduces people to a purely chaotic evil actor, The Joker, who the butler Alfred draws an allegory to. He tells Bruce Wayne of a bandit he helped chase in a forest who was throwing away the jewels he stole, saying “Some men aren’t looking for anything logical … [they] just want to see the world burn.” Wayne asks how he was ultimately caught. Alfred replies, “We burned the forest down.” A simple solution, but one that is easily argued as worse than the bandit’s actions. Opposite of the chaotic evil Joker is Batman, a chaotic good hero that demonstrates a steady scale of escalation to fight evil, just as Anonymous appears to do often times. At the same time, Anonymous likely has a handful of chaotic evil actors involved, even if they don’t realize it yet.

Ghost In The Shell: Stand Alone Complex The Laughing Man

There are several other notable media that draws parallels to Anonymous to some degree or another. Ghost in The Shell – Stand Alone Complex is eerily prophetic about these concepts, with a villain named Laughing Man that is essentially a collective of infectiously contagious meme copycats of an original that may not even exist.SLC Punk showcases the fleeting catharsis, contradictions, inconvenience, and ultimate emptiness experienced by a few young anarchists.

SLC Punk!

With the group constantly changing and adapting, losing followers as often as they gain new interest from the disenfranchised, understanding will come in small waves and require reexamination every step of the way.

Copyright 2011 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic courtesy of Mar - sudux.com.

Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.

A Better Anonymous - (Artwork by Mar - sudux.com)

By Josh Corman & Brian Martin

2011

This multi-part article, with original artwork by Mar, is a follow-up to a one hour panel discussion at DEFCON 19 titled “‘Whoever Fights Monsters…’ Confronting Aaron Barr, Anonymous and Ourselves” moderated by Paul Roberts, discussed by Josh Corman, Brian Martin and Scot Terban. The views of the authors are not meant to be a criticism of Anonymous, nor are they meant to be encouragement for future criminal activity. It is an inevitable fact that Anonymous, or similar groups, will become bigger, stronger, and more effective. Discussions on how to build a more potent digital hacktivism group (illegal hacking to achieve a political goal) have occurred for over a decade. This article will not attempt to introduce groundbreaking new ideas, but rather will summarize many existing ideas and subject them to analysis from two security practitioners on two sides of this issue. If anything, this will serve more as a ‘Lessons Learned’ with the aim of broadening the reader’s understanding of the topic, while demonstrating that the “problem” is not going away; the “problem” is evolving and growing.

When we say “building a better Anonymous”, we seek to explore the ideas of making such a group truly better. That means better for all parties involved; the group, end users, citizens and law enforcement. “Better” does not mean more criminal acts in the name of the greater good, it means a more efficient organization that can achieve the same (or better) results with less collateral damage. We envision a group with better defined goals, more accountability, a healthy dose of humor and the legendary resolve of the sabertooth squirrel. Of course, the chaotic nature of a group such as Anonymous means that any hopes of improvement will likely come in the form of small numbers of members guiding the rest toward these goals.

NOTE: We will post each installment here for the security industry to garner feedback for about one week prior to posting to Forbes.com and a more mainstream and business readership. Please comment toward improving/clarifying the content.

Below you will find an index for the series (links will be added as published):

1) Introduction & Approach

A brief introduction to this article series and Anonymous.

2) Fact vs Fiction

Figuring out the fact versus fiction of Anonymous.

3) How We Got it All Wrong

How the media and professionals got it wrong.

4) How Anonymous Has Failed in Theory & Practice

Anonymous, as they are today, and various shortcomings.

5) Building a Better Anonymous

Improvement ideas for Anonymous, or the next group like them.

6) Abstract Ideas

Other considerations relevant to this topic.

7) Conclusion

What have we learned, and what we hoped to teach.

Copyright 2011 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic courtesy of Mar - sudux.com.

Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.

We see in Anonymous what we WANT to see (Anonymous Rorschach) - (Artwork by Mar - sudux.com)

I have a “simple”, non-rhetorical question for you:

When you look at Anonymous, what do you see?

Context:

Jericho (@attritionorg) and I have been working on a BLOG series about Anonymous, as a follow-on to our DEFCON19 Panel called “Whoever Fights Monsters: Confronting Aaron Barr, Anonymous and Ourselves”. We’re pretty close to posting the 1st of these (possibly next week).

It dawned on me as we researched that one of the “distortion fields” surrounding “understanding Anonymous” is that we see in them what we WANT to see – like we do with a Rorschach ink blot test. We project. Our narrative says more about us, than it does about them. This is the double-edged sword that sometimes comes with symbols and iconography.

For those who didn’t immediately recognize the Friedrich Nietzsche reference in that DEFCON title, it comes from this:

Whoever fights monsters should see to it that in the process he does not become a monster. And if you gaze long enough into an abyss, the abyss will gaze back into you.

As a teaser to our series – and as I finalize my slides for my Anonymous talk for next Thursday at SOURCE Barcelona, I thought I’d throw this Non-Rhetorical Question out to each of you…

When you look at Anonymous, what do you see?

As succinctly as you can – either within the Comment field or with a BLOG post/response of your own… please add your take on Anonymous (initially, today, going forward, all of the above…)

I hope to share some of the more interesting responses during my talk in Barcelona.

Remember… as you gaze into the Anonymous Abyss… it too gazes back into you.

Artwork Note:

This Rorschach and several other BEAUTIFUL pieces of orignal artwork come from -MAR- at sudux.com – just amazing.

We see in Anonymous what we WANT to see... what do you see? (Artwork by Mar - sudux.com)