The voice-over then offers up a critique of the NATO draft document, alludes to recent Anonymous hacks of the private American security company HBGary, and in short, clipped sentences makes its threatening concluding argument:
Anonymous is not simply ‘a group of super hackers.’ Anonymous is the embodiment of freedom on the Web. We exist as a result of the Internet, and humanity itself. This frightens you. It only seems natural that it would. Governments, corporations, and militaries know how to control individuals. It frustrates you that you do not control us. We have moved to a world where our freedom is in our own hands. We owe you nothing for it. We stand for freedom for every person around the world. You stand in our way. We hope you come to see that your attempts to censor and control our existence are futile. But if this is not the case, if you continue to object to our freedoms, we shall not relent. We do not fear your tyranny. You cannot win a battle against an entity you do not understand. You can take down our networks, arrest every single one of us that you can backtrace, read every bit of data ever shared from computer to computer for the rest of this age, and you will still lose. So come at me, bro. You can retaliate against us in any manner you choose. Lock down the Web. Throw us in prison. Take it all away from us. Anonymous will live on. We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us.
Less than a year later, in an Anonymous signature moment, the movement posts an intercepted recording of a conference call between the FBI and Scotland Yard. The topic of the conference call? Anonymous itself. The call starts out with a few casual exchanges – jokes and observations about the weather – before moving on to the topic of rounding up people suspected of links to Anonymous, little doubt those behind the intercepted recording itself.
YouTube videos and other online statements such as these have become part of the Anonymous brand: brazen, irreverent, and almost always juvenile. Their videos typically include an ironic mixture of do-it-yourself editing tricks, silly Internet memes, pop culture allusions, and X-rated vulgarity topped off with petty anarchism. Part of me enjoys the videos, particularly those like the one about NATO that take a swipe at the defence and intelligence establishment. But another part of me sees them in a more troubling light. I am not so interested in the “who?” of Anonymous but in what their fight represents: resistance and rage against a state-security lockdown of the Internet. With each new video, each new Anonymous breach, a little part of me shudders, and I think of the other shoe dropping. At what point will taunts directed at the CIA, or NSA, or FBI finally wake up the bear? How long will they tolerate such open challenges to their power and legitimacy? And when they do lose patience – and no doubt they will – Anonymous will play right into their desire to do away with anonymity online altogether.
Part of me also thinks of the strategic benefit of Anonymous to those in power. As a child of the Watergate era – and an admirer of conspiratorial 1970s films about the dark forces pulling strings behind the scenes of government: Three Days of Condor, The Parallax View, All the President’s Men – I often wonder just how many of the attacks for which Anonymous takes credit are actually the work of the very intelligence agencies being targeted? As Harvard law professor Jonathan Zittrain puts it, “Anonymous could be anyone, it could be the government, we don’t know.” Indeed, it would not be difficult to imagine a clandestine operative working for the Americans or the British or another government seeding an AnonOp, the name given for operations undertaken by Anonymous. How about one that meddles with an adversary by giving them a taste of their own medicine? Could this have been what was behind Anonymous’s March 2012 sudden preoccupation with China? As The Who’s “Baba O’Riley” played over and over again on defaced websites containing links to circumvent Internet censorship, an Anonymous screed warned the Chinese government that it is “not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall.” At that very moment, several Chinese companies experienced data breaches, the stolen data posted to file-sharing sites. A taste of China’s own medicine?
• • •
By most accounts Anonymous’s origins stem from the 4chan message board, one of the many dark alleys of the Internet, like a Lower East Side of cyberspace where every delinquent, off beat, perverted taunt is not only tolerated but applauded. Anonymous spilled out of 4chan as a social movement in 2008, sparked when a decision taken by the Church of Scientology was viewed as a step too far across the breach of Internet morality. The Church sought to quash embarrassing online videos circulating across the Internet in typical meme-like fashion of a giddy Tom Cruise proclaiming his adherence to Scientology. A group calling itself Anonymous appeared, donned the now-familiar Guy Fawkes masks, and then started taunting the Church, both across the Internet and on the streets of cities throughout North America and Europe.
The movement remained obscure until the WikiLeaks saga and then the Arab Spring, when it unleashed a spree of overtly political AnonOps targetting what the amorphous mob claimed were foes of Internet freedom. It began with defacing and breaching attacks against websites and servers of a bewildering and sometimes confusing array: the Tunisian, Egyptian, Zimbabwean, Malaysian, Libyan, and other governments; private companies like Sony, accused of censorship in the guise of protecting its intellectual property; financial services companies like Mastercard, PayPal, and Visa (for boycotting donations made to WikiLeaks); and the CIA, NSA, FBI, U.S. Department of Justice, and police forces around the world. Twitter accounts with the prefix “Anon” proliferated, and at one point in the fall of 2011, it appeared that Anonymous and the Occupy movement would consolidate into a powerful social force threatening the elites of the industrialized world – a more mature, digitally empowered next-generation version of the 1990s anti-globalization movement.
But then a series of dragnet-style arrests took place. Beginning in July 2011, and coordinated across the U.S., U.K., and the Netherlands, twenty people were detained. This was followed in February 2012 with Operation Unmask, coordinated by law enforcement agencies in Chile, Argentina, Colombia, and Spain, and resulting in the arrest of twenty-five people, followed by another wave of arrests in March 2012. Confirming at least some of my suspicions, the FBI had quietly arrested and then turned over a prominent member of LulzSec in 2011, who helped secure the arrests for the police. Nicknamed “Sabu,” Hector Xavier Monsegur was charged with twelve counts of criminal conspiracy, and faced a maximum sentence of 124 years in prison. He secretly pleaded guilty and agreed to operate as an informer for the FBI to build cases for future arrests. The arrests (and later revelations about the turning of Sabu) dropped a poison pill into the networked well of Anonymous, and as 2012 rolled onward the number of AnonOps began to decline.
In analyzing Anonymous it is tempting to focus on salacious details: Who are the members? The ringleaders? What drives them to do what they do? The general impression might be white, nerdy, middle-class teens, a neat template for the Hollywood image of the “hacker.” Some do, in fact, fit this image: for example, Ryan Cleary, a nineteen-year-old member of LulzSec living at home with his parents, was arrested in June 2011 during the Scotland Yard and FBI probe. His counsel told the court that Cleary suffered from both Asperger’s syndrome and agoraphobia. He was subsequently given bail, under the condition that he stay off the Internet. But twenty-eight-year-old Sabu, who is of Puerto Rican descent and an unemployed foster parent of two children, clearly does not. Nor did the twenty-five individuals, mainly Latin Americans, arrested as part of Operation Unmask. The truth is, anyone can become part of Anonymous – that’s the point, and there will be future Operation Unmasks and future iterations of Anonymous: Expect it.
• • •
Anonymous’s methods fall into two general categories: breaches of computer systems and DDOS attacks. Breaches of computer systems are undertaken either by using malicious code that exploits a vulnerability in a server, or by fooling someone into giving you access to data, a technique known as “social engineerin
g.” Anonymous’s breaches are typically followed by the exfiltration of data from targeted victims, and the publication of private, embarrassing, and/or incriminating information, like the massive Stratfor breach, which led to Anonymous turning over tens of thousands of proprietary company emails and email credentials of Stratfor subscribers to WikiLeaks. (At the time, WikiLeaks noted: “The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients.”) Typically these are posted to sites like Pastebin, a resource primarily used to share bits of computer code but repurposed for Anonymous-style disclosures of data and announcements of successful attacks.
Most Anonymous DDOS attacks employ a crowd-sourced piling-on against targeted websites, using their preferred Low Orbit Ion Cannon (LOIC), a DDOS attack application that sympathetic users are encouraged to download and employ against a chosen victim. When used in numbers (i.e., in a “distributed” way), the LOIC makes repeated requests to servers from so many users that the servers are overwhelmed, taking them offline for a period of time. In cases where financial firms and retailers are involved, the DDOS attacks can result in significant losses of revenue. In 2012, Neustar, an Internet analytics company, surveyed IT professionals from twenty-six different industries to understand what was at stake during a DDOS attack. Over half of the companies surveyed reported that a DDOS outage would cause substantial financial damage, with 82 percent of financial firms estimating losses at more than $10,000 per hour, and 67 percent of retailers at $100,000 per hour. Beyond financial losses, companies also reported fears of damage to brand reputation and customer service experiences.
The DDOS attacks employed by Anonymous, though higher in profile than many others in recent years, are certainly not new. DDOS attacks have been going on for decades on the Internet, mostly launched by cyber criminals for extortion or other nefarious purposes. I first heard about politically motivated DDOS attacks in 1998, with reference to those organized by the New York-based hacker and artist collective, the Electronic Disturbance Theater (EDT). Led by the charismatic Ricardo Dominguez (now a professor of media studies), the EDT organized DDOS attacks against Mexican government servers in support of the Zapatista movement for autonomy in the Mexican province of Chiapas. Dominguez and his group openly advocated widespread participation in the DDOS attacks not only against Mexico but also against the U.S. Defense Department and other targets seen as sympathetic to Mexico. The attacks combined art and digital activism, loading up their DDOS tool with requests for non-existent content and sending these requests to Mexican government servers. When network administrators looked over their logs after the DDOS attacks, they saw results like “Ana Hernandez: Not Found,” she being one of many Chiapan dead. The computers used by Dominguez and his group became the object of a counterattack by American law enforcement, one of the first active defence initiatives that are now so prevalent.
(At the time of the Zapatista cyber resistance, I was still formulating ideas for the collaborative research effort that would later become the Citizen Lab. Also living in Toronto at the time was Oxblood Ruffin, the self-appointed “foreign affairs minister” of one of the world’s oldest, most respected, and principled hacker collectives, The Cult of the Dead Cow, or cDc. Oxblood and others were forming a politically charged subgroup of cDc called Hacktivismo, and we had discussions about the limits of acceptable political action online and the philosophy that would underpin Hacktivismo and the Citizen Lab. We agreed that DDOS attacks were unjustifiable except in extreme circumstances and that they were contrary to human rights because they infringe upon free speech. We still share that view.)
Some have tried to downplay DDOS attacks, even legitimize them. The Internet pundit Evgeny Morozov, for instance, has likened them to picket lines and sit-ins, the electronic equivalent of civil disobedience. But even Morozov recognizes the analogy only goes so far. Picket lines, sit-ins, and civil disobedience, as traditionally understood, all entail accepting the possibility (even the probability) of considerable personal consequences in the name of some higher moral good. DDOS attacks, on the other hand, can be carried out anonymously, usually without participants accepting legal consequences, and they involve little effort or cost. They are more akin to armchair activism, which raises the question: “Can an act of disruption undertaken without getting out of your seat and that has no likely legal repercussions be considered a legitimate form of civil disobedience?” (Such activism, however, can have serious unintended consequences, generally not for the armchair activists but for others. For instance, after Anonymous’s Operation Tunisia – largely mounted by hacktivists in North America and Europe – it was Tunisian bloggers and activists who were the ones arrested and had their computers confiscated).
More importantly, with the tools to cause havoc so cheap and readily available, and the consequences so potentially low, is it wise to actually encourage DDOS attacks as a form of political protest? Yale University’s Yochai Benkler thinks so: “Except in extreme cases akin to the real-world burning of cars and smashing of windows (e.g., had PayPal’s payment systems been disrupted and customers lost money, rather than the company’s homepage being unavailable), they should simply be absorbed as part of the normal flow of the Internet. When addressed, these actions should be treated as a disruption to the quality of life, similar to graffiti.” And yet, it is not unrealistic to imagine a kind of mass vigilantism in which any person with an axe to grind and a cheap laptop could seriously pollute, even bring to a halt, the free exchange of ideas through the global Internet. Don’t like what someone says online? Blast them offline with a Low Orbit Ion Cannon. I cannot imagine any serious advocate of liberal democracy welcoming that prospect and, for that reason, I don’t see this form of political action as justifiable. At the same time, it is not something that should be treated as a national security threat.
Putting aside the “who” and the “how” of Anonymous, the deeper question is why? Why has Anonymous erupted now, and what does this phenomenon represent? One of the few to study this question in depth is McGill University anthropologist Gabriella Coleman (who admits that after years of analyzing Anonymous she still has trouble answering the question, “Who is Anonymous?”). Anonymous is not an organization, Coleman believes, it’s a name adopted by a range of groups to describe a wide array of actions linked in spirit and that share a certain disdain for authority. The few figureheads that have been arrested are not, for Coleman, emblematic of what Anonymous as a social movement represents: “They have tapped into a deep disenchantment with the status quo as concerns censorship, privacy, and surveillance … and they dramatize the importance of anonymity and privacy in an era when both are rapidly eroding.” For Coleman the central, most interesting, point is the deep well from which Anonymous has emerged: “Irreverent dissent on the Internet is not going to go away with Anonymous,” she asserts.
Is Anonymous a spontaneous reaction to growing controls over cyberspace, a crude affirmation of the human desire for freedom, and a reflexive, almost unconscious, self-protective mechanism against stifling constraints? Is it a kind of autoimmune response by cyberspace itself? A rage against the machine? If so, will it end up being counterproductive: the rage provoking, even infuriating the machine?
• • •
What is a hacker? For many the term conjures up images of a young, hoodie-wearing criminal bent over a keyboard, connecting remotely to an unwitting person’s computer, siphoning off money from a bank account in some far-off jurisdiction or engaged in untoward cyberspace activities meant to upset the order of things or simply to embarrass some powerful person or entity, somewhere. Like Anonymous itself, rarely, if ever, is computer hacking considered benign, let alone useful. In the FBI’S intelligence assessment of Anonymous a hacker is defined as someone who “conducts cyber intrusions to obtain trade secrets, financial information, or sensitive information,” while a hacktivist is “someone who conducts a cybercrime to communicate a politically or socially m
otivated message.” Either way, according to the FBI, to hack is to break the law.
It was not always thus: indeed computer hacking once had positive connotations. Its origins date back to the late 1950s at the Massachusetts Institute of Technology (MIT), first surfacing among the engineers of MIT’S Tech Model Railroad Club, who playfully referred to themselves as hackers. When the first mainframe computers were introduced at MIT soon thereafter, the hackers turned to fiddling with the machines in the same way as they did with trains. The term gradually embedded itself into the MIT computer science and engineering community by way of describing a curiosity about technology. A hacker was someone who did not accept technology at face value, and who experimented with technical systems, exploring their limits and possibilities: that is, a hacker opened up technical systems and explored their inner workings.
This original positive idea of hacking is what I had in mind in setting out to create a research hothouse that would bring together computer and social scientists. Hacktivism by my definition is the combination of social and political activism with that original hacker ethic, and this captures the gist of what I was hoping for in founding the Citizen Lab. Oriented around a specific set of values that would inform our research, as I saw it (and still do) hacktivism has a lot in common with a philosophical tradition stretching back to the ecological holism of Harold Innis, the pragmatism and experimentalism of William James and John Dewey, and the yearning for a return to a polytechnic culture of the early Renaissance articulated by Lewis Mumford. These thinkers all shared a particular view of technology as something that should be seen not as a thing or product, but as a technic, a craft, that was inherently political and essential to a healthy, democratic, and public life. Just as Mumford saw Leonardo da Vinci as the paradigmatic proto-citizen of a polytechnic society, I saw him as a prototypical hacktivist: interdisciplinary and experimentalist.
Black Code: Inside the Battle for Cyberspace Page 22
