Part 4: How Anonymous Has Failed in Theory & Practice
By Josh Corman & Brian Martin
If you are new to this series, please begin with Part 0 and the index.
NOTE: We will post each installment here for the security industry to garner feedback for about one week prior to posting to Forbes.com and a more mainstream and business readership. Please comment toward improving/clarifying the content.
While this post in the series gets more critical than prior ones, the post to follow (Part 5) serves as its companion on potential ideas for mitigating some of the issues identified below. We expect (and hope for) comments and discussion on the content below – and expect much of it will be addressed further in Part 5. Also note that this post was written prior to the arrests of alleged LulzSec members earlier this week. We will not dive into the details or recent press coverage in this installment. While some of the content below is relevant to these developments, it was written independent of them and with a bigger picture in mind.
Before addressing how Anonymous has “failed in theory”, it must be stressed that Anonymous is not an organization known for its internal consistency. There is no charter that lays out their theories and goals, so we must make our best guesses as to their nature. Their lack of stated beliefs is dual-edged and (in fact) one of their weaknesses and stumbling blocks – but we will explore this more in Part 5.
Failed in Theory: An Unmanageable Brand
Anonymous is not a simple group. It is more a group of groups. It is a brand or franchise which can be used or abused by anyone – and has been. The uncoordinated actions of one pocket can dilute, confuse, and/or adversely impact the overall brand and public opinion of Anonymous. These impacts can come by accident, but also via deliberate actions of imposters of various types. Since the court of public opinion is a major factor for the brand long term, this will increasingly be problematic.
Failed in Theory: Imposters are Legion
Since anyone can claim to be Anonymous, many imposters will. One CISO in the DC area claimed, “Anonymous is God’s gift to the Chinese” – asserting that the phenomenon allowed for easy scapegoating and “False Flag” operations which masked and served as distraction to straight up espionage. Other imposters from organized crime, law enforcement, and foreign agencies have been suspected and spotted as well. Beyond doing operations “in the name of” Anonymous, infiltration into their operations is also something that regular participants will have to expect as reality. The inability to trust others you are collaborating with is exhausting and eventually untenable for the average human. This state of war/inconvenience is why rationally self-interested people tend to form social contracts like those described by Hobbes and Locke respectively.
Failed in Theory: Unclear/Inconsistent Ideology
A mentor once told me:
“If you believe something, you should write it down. The more important the belief, the more critical it is that you are precise and clear in its articulation.”
To this we add:
“At some point, if you can’t state your principles, you may not have any.”
While some semi-consistent themes emerge, so do diametrically opposed actions. As time progresses, we sense that one reason no formal principles, code of conduct, or statements of belief have surfaced could be from fear that they know they will not all agree. Such tactical ambiguity may be beneficial in the short run, but can also come at the cost of greater impact and effectiveness. Can anyone state their top 3 beliefs? If we asked five members of Anonymous, would we get the same list? Maybe it is time to render these more explicit.
Failed in Theory: V’s Ideas Do Not Bleed… (but see above)
Anonymous’ iconography of Guy Fawkes draws immediate comparisons to the movie ‘V for Vendetta’. At the start of the movie, Evey (played by Natalie Portman), does a voice over:
Remember, remember, the Fifth of November, the Gunpowder Treason and Plot. I know of no reason why the Gunpowder Treason should ever be forgot… But what of the man? I know his name was Guy Fawkes and I know, in 1605, he attempted to blow up the Houses of Parliament. But who was he really? What was he like? We are told to remember the idea, not the man, because a man can fail. He can be caught, he can be killed and forgotten, but 400 years later, an idea can still change the world. I’ve witnessed first hand the power of ideas, I’ve seen people kill in the name of them, and die defending them… but you cannot kiss an idea, cannot touch it, or hold it… ideas do not bleed, they do not feel pain, they do not love…
While Anonymous does not directly quote this, many commentators and some who affiliate with the group will frequently use phrasing from it. There is a certain amount of romance in the notion that “ideas do not bleed”, and that Anonymous’ ideas and goals are like that. The decentralized group centered around common goals with a commonly accepted icon, the Guy Fawkes mask, further reinforces this kinship with ‘V for Vendetta’. However, there is a stark difference between the historical Fawkes or ‘V’, and Anonymous. Anonymous does not have one goal, nor do they have a list of goals clearly defined. While the group may embrace the notion that “ideas do not bleed”, the scattered and diverse membership and objectives will unfortunately lend to movements that are quickly lost in the noise, and to history.
The group’s own diversity and wildly varying causes will likely be the most significant contributor to their own ideas bleeding away, and eventually dying. As time passes, Anonymous will take on an increasing number of operations (ops). Some of their ops will resonate with larger numbers of the public, and some ops will remain mostly in the dark, rarely spoken about. The success of a high profile operation that appears to be a major win for Anonymous, may also be the same thing that effectively kills a half dozen smaller goals; some of which never left the planning stage as the group’s momentum carried them along the path of the higher profile op.
Failed in Theory: Winning the Battle, Not the War
As a group, or as individuals, Anonymous lacks long term vision. Only being able to focus on the here and now may be a side effect of the group’s nature, with members coming and going while limited resources are put entirely into the operation of the moment. Fighting one battle at a time, and not necessarily the most strategically sound battle, is not a recipe for winning a war. Small groups picking their battles is akin to guerrilla warfare. While problematic to an enemy with superior numbers and resources, such a tactic can be time consuming and very taxing on the smaller force. Without an end goal, without a defined way to ‘win the war’, Anonymous is left with a never-ending string of diverse battles and very few veterans to lead the troops. Big corporation (e.g., Visa), big money (e.g., Bank of America), and big religion (e.g., Scientology) have superior resources and deal with swings in performance and income as a matter of business. In short, they are used to the end result of an Anonymous operation. Some of these entities likely have a section of their disaster recovery policy that deals with protests. Even big crime (e.g., Zeta Cartel) will not be affected by a group such as Anonymous. After years of fighting a multi-million dollar war against law enforcement, they are well prepared for such an adversary.
The second problem Anonymous faces is that of commitment. While many core members of Anonymous are dedicated to the cause, a significant percentage of the group is made up of people that see themselves as casually involved. When your force is only half in the fight, your enemy has a significant advantage. The organizations that Anonymous fights are dedicated to their business, their bottom line. Showing up for a few hours on a weekend at a protest is great, but doesn’t send a message of being committed to the fight. This may give rise to hope in your opponent who sees waiting as a viable tactic. If your enemy is going to pack up and go home after weeks or months, you can focus on outlasting them, not beating them swiftly and surely.
The third issue we see, is that Anonymous sends mixed messages without realizing it. This is certainly a minor point, but most assuredly undercuts the message being delivered. For example, Anonymous has some level of involvement in the Occupy Wall Street (#OWS) movement. Activists in this fight write messages, communicate, and deliver manifestos complaining that corporations “have sold our privacy as a commodity”. They do this by delivering the message on Twitter and Facebook, two huge corporations that have undermined privacy in the most sinister of ways. Further, Anonymous has adopted the Guy Fawkes mask as one of their icons and wear the mask at protests and events. In doing so, they seem to forget that the rights to the image of Guy Fawkes is owned by Time Warner, parent company of Warner Brothers. Every time an Anonymous member buys a Fawkes mask, they contribute a tiny sum of money to a big corporation.
While minor, these points are not lost on the media and the companies they are fighting. Though Anonymous’ actions may go a long way to win the hearts and minds of some, the group also feeds their enemy by giving them weapons that can be used to undermine the group’s message.
Failed in Theory: Brand Management Examples
As we have mentioned several times, Anonymous is a nebulous group with no central leadership and no member roster. This is both a strength and weakness of the model. In the spirit of “building a better Anonymous”, we will focus on the weaknesses first, as they must be understood before they can be improved on.
With no list of members or official method for joining, any random person with a computer, Guy Fawkes mask, or fleeting desire can claim membership. This allows a single chaotic actor to commit an action that goes against Anonymous’ stated goals yet still claim to be part of the group. This in turn forces the group to issue a formal denial or denounce the actions of a person that is not part of the group, further reminding the world that their group makeup is questionable at best. If a rogue actor leaks a particularly sensitive database under Anonymous’ name, they have the ability to seriously hurt the public opinion of Anonymous. While the group may dismiss this, carrying public favor is an incredibly valuable tool in fighting perceived evil.
To counter this problem, Anonymous must figure out a channel for declaring projects, public action, or protests. The group already does this in many cases, but not consistently. If a goal or action is announced, even if it is not carried out, it helps confirm the legitimacy should an act be carried out. In the case of LulzSec, a splinter group of Anonymous, they maintained a Twitter feed that acted as their official channel to announce or deny involvement in activity. Falling back on “Did we Tweet it? No? Then not us!” became a simple and reliable method for journalists and bloggers to determine their involvement, should they be bothered to fact check.
In our previous article, Fact vs. Fiction we highlighted a recent example that clearly illustrates the weakness in an open model. The recent attack on Stratfor by Anonymous, as credited on the defaced Statfor web page quickly gave way to an “Emergency Christmas Anonymous Press Release” in which Anonymous claimed they were not responsible. Not even a day later, another release appeared once again taking credit as Anonymous. This will continue to be a problem for Anonymous in the future, and likely be used as a method to undermine the Anonymous brand.
To date, it appears that a handful of independent would-be do-gooders have been the only ones to undermine Anonymous in such a fashion. Anonymous simply isn’t prepared to deal with an adversary that uses this against the group intentionally, especially in bigger and more public ways.
First Rule of Anonymous; Stay anonymous
The second rule of Anonymous; stay anonymous. This amusing reference to Fight Club may seem a joke of sorts, but in reality it is an object lesson in how Anonymous is failing. Our preliminary count at the time of this posting shows the number of arrests or “busted” (search/seizure) is around 175 – including the 25 interpol arrests last week and the LulzSec arrests this week. The fundamental purpose of anonymity and presenting a uniform singular image is to strip away personal identity when committing an act of disobedience. Violating anonymity, whether it is at the hands of an Anonymous member, or through the diligent work of law enforcement, gives their enemy a win. Lapses in operational security (OpSec) are not just a matter of “leaking an IP address or name”, it may have a more serious impact such as being arrested or facing retaliation from a rival entity.
Some members of Anonymous dismiss these busts as inconsequential, stating “they weren’t really a member”. In some cases, when a high profile pseudonym is busted (e.g., Topiary), there are replies from the group saying “that wasn’t the real Topiary”. Such claims may be the truth, or disinformation. Eventually, claims that the police “got the wrong guy” become disingenuous as they simply can’t be wrong all the time. Either way, Anonymous appears to miss the more important point; each bust, no matter if legitimate, works against the group in several ways.
First and perhaps most importantly, every time law enforcement (LE) busts a member of Anonymous, public perception is swayed. The bust is always covered in the media, and the resulting press tells the public that law enforcement won a victory that day. This is LE’s attempt to win the ‘hearts and minds’ in the never-ending battle for public opinion. Second, if LE continually busts members, it may severely impact Anonymous’ recruiting efforts. Potential members or contributors that see a long string of arrests may reconsider becoming involved. Third, statistics are on LE’s side. For each person busted, there is a chance that they may seek a more lenient sentence and do so by turning state’s evidence. Even worse, they may become an informant who helps to infiltrate the group and report subsequent activity to law enforcement. NOTE: Much of this seems to have transitioned from theory to practice as of this week’s LulzSec / FBI activity.
Failing in Practice (aka Pyrrhic Practices)
This criticism of the theory behind Anonymous is not simply academic. The failure in theory has led to failures in action, as illustrated in the following examples. Note that as is often the case, the public does not have all the details of a given incident. We can only make these observations based on what we know.
OpBART – More Wrong than Right
In August, 2011, there was a flurry of news regarding Anonymous protesting the Bay Area Rapid Transport (BART) administration. This lead to a wide variety of drama as BART jammed cellular telephone signals at some of the stations, leading to cries of censorship and concerns for safety (e.g., inability to dial 9-1-1). Anonymous called for several types of attacks as well as defaced the mybart.org site as well as leak user data from the site. There are several issues with this operation that question if Anonymous is really helping and/or getting their message out there.
First, there is relatively little coverage of why the protests were originally called for. More mainstream media such as the Tech Herald wrote one piece on opBART, but did not cover the history. Non-mainstream sites like KnowYourMeme are about the only ones who give a concise and clear explanation of what prompted the protest (the shooting of a homeless man by two BART officers months earlier). Listening to Anonymous’ own two videos don’t give background. The leaking of mybart.org user emails, passwords, addresses, and phone numbers certainly doesn’t punish BART, rather it punishes their customers; the average citizens Anonymous claims to fight for. Between the lost message and collateral damage, Anonymous seams to undermine the overall message.
OpDarknet – A Question of Ethics
In what appeared to be a significant win for Anonymous, news broke about the group shutting down part of ‘Darknet’, a shadowy technical network dedicated to sharing child pornography among other things. This event, announced via pastebin, certainly garnered more attention, reaching the mainstream including CNN and Fox News. With child pornography, it is seemingly the universal immoral act that everyone is against. After Anonymous took out ‘Lolita City’ and ‘Hard Candy’, two sites dedicated to child pornography, a third site was compromised and declared to have the same material. In reality, OpDarknet called Anonymous’ own ethics into question as much as their victims.
Shortly after the news broke, a blogger named ‘Justice Duck’ wrote a piece that presents compelling evidence that the third site brought down by Anonymous was not actually a child pornography site at all. Based on the blogger’s research, it appears that the only person who likely had virtual child porn was a member of Anonymous. In addition, with the release of the densetsu.com site’s user list, Anonymous advocated the harrassment of what appear to be legitimate users (including many females) that are likely innocent of any allegations related to such pornography. The site’s members that signed up because of their interest in Hentai were in turn branded ‘child porn traders’ and paedophiles. While some may argue that Hentai is ‘virtual child porngraphy’, remember that law enforcement and retailers disagree.
There are enough bad actors committing heinous crimes out there, that Anonymous should never have to resort to the same criminal and unethical behavior as their targets do. Further, vigilante takedowns may complicate/undermine justice. If systems were compromised, is any evidence against true criminals contaminated and therefore inadmissible? What is to stop the attackers from planting false accounts to smear enemies? Given this subject matter, suspects are especially “guilty until forever” in the court of public opinion.
Texas Takedown Thursday (#ttt) – Crime vs. Bureaucracy
Anonymous has been in a half-year war against law enforcement, targeting their systems and releasing sensitive data. In an operation titled Texas Takedown Thursday, Anonymous released extensive emails and details from TexasPoliceChiefs.org. Some of the emails released exposed a variety of problems within law enforcement including abuse of government resources, racist and sexist messages, and pornography. Such an exposure is likely good for the citizens who pay the salary of law enforcement via tax dollars. On the other hand, criminal trespass into a computer system to leak the emails may not be as effective as other legitimate avenues.
In a Star-Telegram article about the incident, Saginaw Police Chief Roger Macon made the observation that “[Anonymous] could have had … a whole lot more [e-mails] just by sending a public information request.” Some of the emails leaked that were marked ‘Law Enforcement Sensitive’ may not be covered under such requests, but a surprising amount of information is available from all levels of government offices if you know how to ask correctly. After figuring out the procedures which vary on a nearly per-office basis, it becomes pretty straight forward.
If Anonymous is truly intent on opening government records, a coordinated series of Freedom Of Information Act (FOIA) requests would be interesting and potentially compelling. To date, Anonymous does not appear to have considered this route, instead relying on computer intrusion to obtain documents. A completely separate, but more relevant issue to the law enforcement leaks, is that Anonymous is leaking data that puts police officers and their informants at risk. You may not agree with some police activity, but to put them at increased risk of violence or attack does not help anyone, especially the citizens they are supposed to protect. It also damages the Anonymous brand in the court of public opinion. This is not because breaking any law will be judged. Rather what may be judged is breaking laws unnecessarily or breaking “unjust” laws without the aforementioned, articulated ideology to support the “unjust” claim.
OpSatiagraha – Separating the Wheat from the Chaff
The last year has seen Anonymous leak a considerable amount of data from the victims of their hacking. The leaking of user databases and thousands of emails is becoming a routine part of their hacktivism methodology. The downside to such data dumps, is that the amount of information is overwhelming to a majority of would-be readers. As Scot Terban writes, the material is often interesting, but “it’s certainly not earth shattering.” Hundreds of megs (or gigs) of data with no context or analysis, puts the burden on journalists to scour the information looking for the juicy bits. Anonymous will go so far as to imply a conspiracy or overstate the scope of the data being released, only to leave readers underwhelmed when the data is finally made public.
When faced with thousands of routine email correspondences, finding the handful of gems becomes the more valuable service. This is something that Wikileaks has had to contend with over the years. Rather than rely on journalists or hope that a member of Anonymous will pick out the material of interest, Anonymous needs to focus on analysis as much as providing the data dumps. For all we know, they could have leaked earth-shattering information a year ago, and it was simply lost in the noise. Without methodical analysis of each data dump, we may never know.
While these failures in theory and in practice are not exhaustive, we now have a basis for discussing some ways one could “build a better Anonymous” in Part 5 of this series.
Which failures, weaknesses, or challenges would you add? Please comment below.
Copyright 2011-2012 by Josh Corman and Brian Martin. Permission is granted to quote, reprint or redistribute provided the text is not altered, appropriate credit is given and a link to the original copy is included. Custom graphic courtesy of Mar – sudux.com.
Should you feel generous, please donate a couple of bucks on our behalf to any 501(c)(3) non-profit that benefits animals or computer security.