“Building a Better Anonymous” Series: Part 3

Posted: 2012/02/13 in Anonymous
Anonymous Good and Evil (Artwork by Mar - sudux.com)

Anonymous Good and Evil (Artwork by Mar - sudux.com)

Part 3: How We All Got it All Wrong

By Josh Corman & Brian Martin

2011

If you are new to this series, please begin with Part 0 and the index.

NOTE: We will post each installment here for the security industry to garner feedback for about one week prior to posting to Forbes.com and a more mainstream and business readership. Please comment toward improving/clarifying the content.

Like many, early on we carried a cognitive dissonance about Anonymous. Is this a good thing? Or a bad thing? Many people seemed to approve of the attacks against Scientology – or Anonymous’ apparent passion for transparency and their crusade against corruption. Helping oppressed people in Tunisia and Egypt? Absolutely, people see that as a force for good. Others operations however, were a bit more disconcerting for the onlookers. Leaking personal details of law enforcement, their families, and confidential informants did not sit well with many.

Riding on the back of Part 2: Fact vs Fiction, there are some additional points to make. When we explored fact and fiction, many of the points were based on a lack of understanding. In this article, we discuss how we collectively “got it wrong”. This moves beyond misconceptions born out of poor reporting or conflicting information, and into the realm of our simple lack of understanding. Further, it highlights that as a society, we seem to be unable to learn from our history. As George Santayana famously said in The Life of Reason,

“Those who cannot learn from history are doomed to repeat it.”

Everything Old is New Again

Regarding this article, the concept of speculating and proposing a “better”, more efficient, and more serious adversary is old. Government sponsored think-tanks and the U.S. military have been doing this for decades. With regard to Anonymous, the idea of the group is also not new. All of their diverse traits seen in a single group, even if nebulous, may be new to most people. However, many in information security or law enforcement have been exposed to most of these traits before. The concept of Hacktivism has been going on for well over a decade, primarily through groups defacing web pages with political messages.

Disregarding the apparent disconnect between a “computer-based group”, as Anonymous is often considered, and more traditional groups, the traits of Anonymous become more prominent. Compare some of the actions of PETAthe Black HandKu Klux KlanWeather Underground, or Earth First to some of the actions of Anonymous. Despite their goals being diverse, and each group having their share of radical members, there are many parallels to be drawn.

While they have far less in common than a broad swath of their members or observers would think, their common traits are certainly there. Each group is frustrated about their raison d’etre. Each group believes in presenting a unified front outwardly while embracing diversity and resilience internally. Despite being a heterogeneous group sociologically, Anonymous does a good job putting forth a homogeneous image (arguably propaganda) through the use of iconography and central messages.

Being Dismissive is a Disservice

Over the last year, many media outlets, pundits, and security professionals have given commentary on Anonymous and LulzSec. In many cases, the tone of the commentary has been negative, with the commentator essentially dismissing the groups’ actions. In some cases, it has been a general dismissive “the group is not effecting change” line. In other cases, pundits outright deride LulzSec as having no advanced hacking skills and only attacking the “low hanging fruit”. While most, if not all, of their hacking exploits have been easy to find and exploit, these pundits are missing the bigger picture.

First, LulzSec didn’t need more sophisticated exploits to compromise these organizations. An attacker is only as sophisticated as they are required to be; when companies don’t make it a challenge for attackers, there is no reason to use more advanced attacks. If large companies and law enforcement are protecting such valuable information, why are their own security programs not catching the low hanging fruit?

Second, what if the high profile compromises using basic exploits are just a noisy cover hiding the real activity? The concept of misdirection when hacking has been around for over twenty years. It is dangerous to assume that we know the whole picture when we are only seeing what makes the front page. There are two aspects to this idea: LulzSec could be using some of these attacks as a method of distracting onlookers from their real goals, or third parties unaffiliated with LulzSec and Anonymous may be using their brand for misdirection. For example, a disgruntled employee could launch a denial of service attack against his employer and embed a message such as “We are legion” in it, giving the impression the attacks are the work of Anonymous.

“Pretenders” also came up during the Q&A following our DEFCON 19 panel. Several in-room members of Anonymous claimed the two large Sony breaches of credit cards were “not us” but rather “the Russians” – as many suspected. Regardless, many have been dismissive of the group or the impact of an attack – until they’ve been on the receiving end.

The Media’s Field Day

To say the media has collectively had a field day with coverage of Anonymous is certainly an understatement. The group’s diverse actions, ranging from in-person protests or virtual sit-ins (DDoS attacks) to leaking information from hacked corporations, provides a gold mine of drama-rich news. The lack of a central authority or official channel for public statements from Anonymous helps the media run wild, and Anonymous must play a game of catch-up when trying to hold the media accountable. The perception that Anonymous is new and a game changer has led many media outlets to go to press without finding a qualified person to speak on the matter. Simply grabbing the nearest mouthpiece, that frequently has a personal or corporate agenda, does not help the media, Anonymous, or the public.

When LulzSec splintered off from Anonymous, the more revealing story was not the material results of their hacking; rather, it was the sad commentary on infosec-centric and mainstream news coverage alike. After 50 days of hacking into a wide variety of sites, accompanied by a high profile predominantly Twitter-based media presence, the pressure added up. With the looming threat of law enforcement catching up to them, LulzSec announced their retirement on Pastebin and broadcast it via Twitter. While the announcement was deemed inevitable, many figured we hadn’t heard the last from them, and they were right. Some in the mainstream media announced it and gave commentary on why it was inevitable and certain.

One of the most noticeable traits of media coverage during the 50 days LulzSec was active, was the lack of truly critical press. Publications and authors that have been more vocal and firm in the past seemed to pull their blows when covering the hacking activity of LulzSec. Since the group was executing a wide variety of attacks, and supporters of the group were carrying out DDoS attacks against detractors, it appeared that journalists were scared to be overly critical. Paul Carr wrote for TechCrunch saying “Please Hacker Don’t Hurt Us: The Media’s Coverage Of LulzSec Has Been Cowardly and Pathetic”. It should be noted the irony that this article came a day after LulzSec posted their retirement message. Worse, the timing of the article and criticality suggests that Carr, like many others, felt that the group was truly done and their “vandalism spree” was finished. Similarly, Bill Brenner wrote an article for CSO Online called “Whatever, LulzSec”, two days after the retirement message. The timing of these articles suggest the authors feared potential retaliation from LulzSec should their message be construed negatively. Provoking these groups may seem undesirable, but it would also prove an interesting point; if Anonymous or LulzSec retaliate over poor press, they may be considered the tyrants they so oppose.

Arresting Anonymous Won’t Help

The pursuit of Anonymous is just as futile as it is necessary. Thinking of the group in terms of traditional crime simply doesn’t hold up. This group is not four people that have been knocking over banks, where bringing even one of the four to justice may stop further robberies. For each Anonymous member busted, another will take his or her place, maybe two. That said, law enforcement cannot let the group go unchallenged. Public and corporate pressure to put a stop to their activity is stronger than ever. With a nebulous group that has new recruits ready to step in for fallen comrades, it could be a never ending battle. With a seemingly endless supply of new recruits, all with a strong belief in the movement, a few dozen arrests won’t put a dent in the organization.

Some have suggested the only way to truly stop these groups is to capitulate, and meet their demands, which is as much a pipe dream. With a diverse set of demands, that are often not well defined, or more of a general principle such as “maintain secure networks”, meeting them is often not possible. If you take away the reason someone is protesting, they will generally stop. Locking them up or pushing back rarely leads to a real solution. As Natalie Portman’s voice over in ‘V for Vendetta’ said,

“We are told to remember the idea, not the man, because a man can fail. He can be caught, he can be killed and forgotten, but 400 years later, an idea can still change the world.”

Anonymous Alleged Mugshots

Anonymous Alleged Mugshots

(Source of mugshots: talkingpointsmemo.com)

Even with dozens of arrests in several countries, there is no indication that Anonymous is dissuaded.

Occam’s Razor Cuts Deep

Like most current topics, a prevailing trend in media coverage of Anonymous is heavily based on making assumptions. A news organization may receive one or two pieces of information about a situation or scandal, then fill in the blanks with their best guesses. We’ve become accustomed to news coverage that consists of a commentator standing by repeating the same fact over and over, interjected with their guess of additional facts. Moving beyond the simple (e.g., “the politician is greedy”), commentators will speculate wildly about state of mind or other actors that may or may not be involved. We, the viewers, are the cause of this. As a society, we are willing to forgo logic and simplicity in favor of drama and intrigue.

For Anonymous, a group largely grounded in the Internet as a medium and meeting place, the theory of Occam’s razor is largely applicable. Combine with that the Online Disinhibition Effect, and it becomes obvious that many are acting out because they can. More interesting is the notion that the casual members and new recruits, viewed as ‘cannon fodder’ by some, are the ones acting out the most. Further, they feel safer with a layer of anonymity and perceived protection that they do not enjoy in real-world protests or activity. In some cases, it is simply a matter of the participant not fully understanding technology and how it relates to anonymity. They feel that being virtual protects them, without understanding the exposure of a disclosed IP address that has not been masked with effective technology (e.g., TOR, proxies).

On the flip side, many members of Anonymous are proving that the Online Disinhibition Effect only goes so far. With members helping in Internet activism before proceeding to a local protest to square off with those they are protesting, anti-protestors, and law enforcement, one has to accept that not all members act differently simply because of perceived Internet anonymity. As this happens, media outlets are guilty of varying degrees of projection, assigning traits and beliefs to persons that have made no definitive actions of the sort.

In challenging the integrity or morals of someone that hides behind a mask or computer, many of us fail to realize that dissociative anonymity may also be helping our society. The protection provided by that anonymity may be leading people to find the strength or freedom to say things they wouldn’t otherwise. At DEFCON 19, one member of our panel began the session wearing a mask. When we asked the audience if he should remove it, a majority said “no” (with a noted selection bias). This lends to the idea that many sympathizers don’t want Anonymous unmasked, perhaps as a way of supporting or agreeing with a majority of their actions; or simply out of fear of repercussions. Like most tools, anonymity can be used for good or evil.

Those seeking anonymity may include people effectively whistleblowing, arguably a valuable public service that puts them at risk for the greater good of society. Further, asynchronous communications may be fueling people to embrace speaking out. The ability to voice opinions or share information on message boards, via e-mail, or on web sites, without immediate backlash or punishment is a powerful motivator for opening up and sharing.

There are many factors that contribute to the actions and mindset of a person affiliating themselves with Anonymous, LulzSec, or any group tangentially related to Anonymous. Despite all of the speculation and possibilities enumerated in this article, Occam reminds us that a group such as LulzSec may truly be doing it all “for the lulz“. Every time the media or an analyst takes a guess or makes a suspect claim about Anonymous’ motivations, it is important to go back to a more simple explanation and give it serious consideration.

Copyright 2011 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic courtesy of Mar - sudux.com.

Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.

Comments
  1. Thank you for the work on this series. I am going to offer a lengthy comment in hopes it proves enlightening to whomever stumbles across this in the days, weeks, months and years to come.

    I am a 26 year veteran of the Internet, having abandoned University in Canada in 1986 to pursue a dream .. A decision I have come to regret recently – but sometimes good dreams are expensive.

    As envisioned by my contemporaries and mentors – the X.25/IPSS ‘Internet’ of 1986 had within its power the recreation the social, political and economic revolution brought about by commons publishing in the 18th century.

    No longer, we hoped, would those who controlled a press own the Ideas and I believe, largely, it is achieving that dream.

    The #Anonymous movement is a practical example of that dream in action. The movement is a direct mirror of the world in which we actually live and is, in point of fact, a natural outcome of the technology operating at scale.

    It was our dream that the Internet would once again allow people with limited capital, education and time to know all that was knowable about anything as and when needed ..

    To achieve that goal – it was RFC’d specifically to allow the voiceless and powerless to speak and be heard regardless of where they lived or what they had to say. That you and I were able to add comment to the RFC in the first place was revolutionary.

    You and I are living that dream right now by reading my comment here.

    The reason why we felt this was possible was because a Neutral information and communications Network, uniquely, is a wholly Darwinian ecosystem of culture and information where the natural laws of evolution could be applied and re-applied, to the knowledge economy.

    That was the real lesson of commons publishing in the 18th century that inspired my work all these years and continues to sustain me even now as I go slowly blind awaiting eye transplants.

    Propose anything, say anything, offer anything you want to the Internet and like minded people anywhere will find and support you, or confront your position. If you are just wrong, say a Westboro Church screwhead, then you will be outted for it. If you are right, say anti-SOPA campaigners, then you will find support and your idea will evolve to its natural outcome.

    Then, as now, critical advancements in science, commerce and society where no longer the exclusive purview of the church, government or the gentry. Although now, as then, great ideas and advancements are not exclusionary of the church, government or gentry – they just want to be equal.

    Indeed, more so as the knowledge genie is actually out of the bottle – ideas need to be equal if my own children are to advance and survive as contributing members of a very recent species here on planet earth.

    And that is why the #anonymous movement is so very important. Even if it is as messy and disorganized as almost everything groups of people have ever done when getting started on something new.

    #Anonymous itself a natural maturation in the Internet’s evolution and one that I fully support – because it forces those who continue to hold onto the 19th century illusion that by virtue of their press, capital or ability to wield legal powers – they do not need to subject their ideas to the evolutionary process or public scrutiny and discourse.

    The Internet remains, so far, a place were the only real thing that counts is the truth or love held in your heart.

    And that was exactly why Dr Postel designed the IP system he did and why dreamers like me put on suits and hustled ever angle we could to get the beast to operate on a self-sustaining financial and cultural basis.

    Keep up the good work kids – just make sure its good work – because it has been damned expensive and extremely difficult getting the ball to here ..

    Cheers and best wishes – Jon Blanchard

    Cheers – Jon Blanchard

  2. This is a must-read, probably the most important of your series so far. I did write a reaction to it in Salted Hash, including my thoughts on the fearful media issue: bit.ly/wzdvxD

    Best Wishes,

    Bill Brenner

    • joshcorman says:

      Good reply post, Bill. Folks should give it a read. We should have noted that you did at least write about LulzSec when others didn’t – and have written about Anon a lot since. During the LulzSec 1st round, very few wrote at all – and it is undeniable that bloggers/writers were pulling punches. Several were (and are) afraid to write or speak. Many Anons hate censorship, hate leaders who rule with fear, and treasure empowerment and participation – and yet look at how many industry voices have felt muzzled and intimidated and have abstained from meaningful dialogue.

  3. .. But why gentlemen ? ..

    Offer an Idea and see what, if any, lint it finds.

    Eventually – good Ideas will find support – bad ones will wither and die. That remains the one and only stable reality of the the Internet.

    I agree entirely that Industry voices have felt muzzled and intimidated ..

    Perhaps the Industry isn’t really the answer to the underlying problem.

    It may instead be that the driving forces are not, strictly speaking, security related ..

    Consider the Prison Guard on Robin Island in 1975 ..

    Even though he is tasked with being responsible for his prisoner – it does not mean that he should not be free to speak against his imprisonment – IF – the imprisonment is at its root unjust in his estimation.

    If the Guard is unable to speak freely – then he must ask himself even more carefully what is in his power to change that he may speak freely, because eventually he himself may become the prisoner.

    Jon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s