I put this here rather than in GQ because I’m interested in the opinions people have of anonymous as well as finding out exactly what anonymous is. Basically, all I understand is that it is some kind of hacker collective that is going about the world righting wrongs and such. I understand that their work is controversial, but they always seem to be portrayed in a rather benign light. I guess, getting around to my question, is does anyone know who anonymous is? Is it many people? A few people? How would one join anonymous, or do they pick you? Is there someone investigating and actively seeking them. I ask this because of their recent hacking of the DOJ website:
I’m curious as to what the general feeling towards them is. Thanks
Anonymous “is”. It’s not an organization, it’s a mantle. There’s nobody in charge, and there’s no leadership structure, no official roster. The way you join Anonymous is that you find a way to mask your computer (spoofing, proxies, what have you) and go to places that Anonymous hangs out (4chan, for one). You don’t “join” Anonymous, what you do is say “oh, hey, this guy in Anonymous is doing something I want to be a part of, I want to help” and congrats, you’re now part of Anonymous if you participate in the mission. Or maybe you have a goal in mind? Just say “hey, Anonymous, <these people> suck, let’s ruin their day.” Your idea may flop and you may get no support, or you’ll get a ton of help and it will be a front page Anonymous mission.
This is why opinion on Anonymous can be so divided, sometimes they pull off really benign or downright white hat work, and sometimes they do bad things – because there’s no control. There’s no central “vision”, it’s just a bunch of random people on the internet participating on whatever act of wanton hacking catches their whim and claiming the mantel of Anonymous.
So, I guess, investigating Anonymous is just basically impossible since it is only a mantle? I thought there may be some La Cosa Nostra type quality to the organization.
Well, people are kind of divided on that. I recall a recent incident about how the Mexican drug cartels went after some kid who was purportedly in “Anonymous” even though he had nothing to do with the attack on the cartel specifically – and in reality had done basically nothing truly illegal even in his capacity as part of it anyway. So no, there’s no real way to round up “Anonymous” as an organization, or even to make assumptions about somebody based on their membership to the group.
That said, obviously there’s crossover between people. And these people are connected and know things about each other, so it’s entirely possible to learn about Anonymous by monitoring its more active “members” and who they interact with. That said, it adds an extra layer of complexity above the Mafia or “real life” organizations because frequently these members have had no contact outside of the internet, not even knowing where their other members are located or even their names. Hell, some of them probably don’t even use the same username or email more than once (if they ever use a name at all).
Getting info on Anonymous is possible, and potentially worthwhile, but it’s very difficult just due to its nature.
Once again, thanks. I’m not illiterate when it comes to a computer, but I don’t know a damn thing about ‘hacking.’ I’ve read of famous hackers, etc. and it has always interested me. I guess phone hacking was about the first type. Does someone basically have to dedicate their life to being an el33t hacker to do shit like hack the DOJ?
I’m not a computer security expert. I know just enough about hacking that I could probably ruin something by accident if I tried it. I know more about how to prevent my programs from being easily hacked than I do actually hacking, but I do know a professor who specializes in security and malware and have talked plenty with him.
For one, hacking a website (as in, changing the front page), as I understand it, is child’s play for anybody reasonably competent that REALLY wants to do it. Getting info from the DOJ (i.e. the decryption codes) is harder, though I suspect getting them was carelessness on the DOJ’s part. The dark secret about “hacking” is that actual computer-based attacks aren’t the majority of the work. The majority of, and by far the most effective, hacking is social engineering. Duping that secretary into giving you the password, getting the webmaster to accidentally mention a security vulnerability or bug. Reading and interpreting the javascript for vulnerabilities (and being aware of general scripting bugs) on the site is also a good start. Hacking requires creativity and knowhow, but all things considered, hacking is generally the easier half of computer security. Making things truly unhackable is the hard part.
That’s not to say that some hacking can’t be really, really hard to pull off and require great amounts of expertise. It certainly can, but I’m more inclined to believe that the DOJ had a massive flaw in their security than I am to believe that Anonymous are that huge of geniuses. The ones who pulled this off are smart, sure, but the root of the problem is probably the DOJ messing up their security, more than it is Anonymous inventing new and exciting ways of hacking. Obviously I can’t say for certain this was the case here, but nine times out of ten hacking is a pretty rote job involving finding a common vulnerability and attacking it with a standard method.
You’re welcome :), but you don’t owe me anything. I’m sure somebody will be along shortly to quibble with some minor details about what I said anyway.
There are a few very clever hackers associated with Anonymous, but most are “Script Kiddies” (people who use prepackaged attacks against known weaknesses).
For example, during the Wikileaks revenge attacks (Operation Payback) on major banks and credit card companies, the main weapon was a distributed denial of service attack using a tool called LOIC (Low Orbit Ion Cannon). This is still a tool of choice, but is pretty poor, really. The attack used is just a flood attack and easily filtered using upstream rules. Also, the user can be identified by the IP address of the source packet, as a number of UK residents found out to their cost. Because they did not understand the consequences of using the tool (because they were not real hackers), they were not Anonymous (at least, in the way they wanted to be). Smart hackers don’t launch attacks from their own computers.
Not true, a well designed and protected site is anything but easy to hack. In fact, it’s not hard to protect a site from pretty much all attacks (except Denial of Service). It’s just that most people don’t take those steps, or keep their software up-to-date.
You might want to check out “We Are Anonymous” by Parmy Olson. Interesting read, and it gave me a new perspective on how the group orginated (if “group” is even the right term), their methods and goals, as well as the diversity of internal opinion.
