It was 9:30 on March 5, 2012, and it was a warm night in Bridgeport, a diverse, predominantly working-class neighborhood in Chicago. An explosion cracked through the streets, and then 30 FBI agents broke into the house of a shell-shocked Jeremy Hammond, hauling him off to jail.
Hammond, who had helped steal sensitive files from global security firm Stratfor over the previous few months, was part of LulzSec, a spin-off of hacker group Anonymous. He was turned in, along with several colleagues, by Hector Xavier Monsegu, nicknamed ‘Sabu’, who had become an FBI informant several years earlier.
It was a dark day for hacktivism, which Josh Corman, head of the Security Intelligence team at content delivery network Akamai, defines as the combination of hacking and activism. Hacktivists ideally marry technological prowess with ideology, using their smarts to support a particular cause. They work covertly, typically exploiting security flaws to make their point.
Motivationally Speaking
The Stratfor hack was part of Antisec, a joint effort between Anonymous and LulzSec to “restore the tainted internet sea”, taking back documents censored by what it called “corrupt governments”.
Hacktivism is an overused term, warns Corman, a former analyst at 451 Group, and co-author of a series of influential articles called ‘Building a Better Anonymous’. “It is the combination of hacking and activism”, he says, arguing that there are few ideologues, and that the community of truly technically skilled hackers is relatively small. “There are very few hackers, and many in Anonymous who don’t have a clear set of ideals. Hammond clearly had an activist ideology, and was a talented hacker, too.”
Hacktivism didn’t start with Anonymous or LulzSec. The term itself gained popularity with the Cult of the Dead Cow, a group of hackers that created the infamous Back Orifice hacking tool in 1998. The cDc wrote several tools, including Peekabooty, designed to enable Chinese dissidents to communicate safely through the country’s ‘Golden Shield’ internet censorship system. Peekabooty was a good example of mixing online smarts with political motivation.
Motivation plays a big part in hacktivism, and the motives are diverse. “They’re political, social, and ideological”, says Shambhu Upadhyaya, professor in the Department of Computer Science and Engineering at the University at Buffalo. Upadhyaya has dismissed media hysteria about hacking groups such as Anonymous, arguing that there are other more serious threats.
“It’s civil disobedience”, he says of hacktivism. “Instead of doing it on the street, they’re doing it on the internet.”
Whereas the Antisec movement and the cDc focused on freedom of information, others were more interested in patriotism. In China, in 1998, hacking groups organized to deface Indonesian government websites to protest anti-Chinese riots there.
Others were more concerned with minority groups. In the same year, hacktivists defaced Mexican government websites to protest what they saw as oppression of the Zapatista rebels, a revolutionary indigenous group. The Zapatistas also organized activities using the internet as early as 1994.
Today, motivations and organization are less well-defined, particularly with Anonymous, the diverse, loosely-connected community that has targeted many enemies.
We Are Legion
Anonymous, which began as a group on the image posting board 4chan, has always been a vague collection of contradictions. Corman uses the metaphor of a flock of birds, which swarms this way and that in a haphazard fashion. "The bird swarm does or doesn't exist", he observes. But you can find patterns in the activity.
Anonymous is "allergic to the term 'leader'", says Corman. It is a group of groups; a brand franchise, rather than a monolithic structure. "Any attempt to give it a cohesive narrative misunderstands that", he says.
This brand is perhaps the sole unifying force for Anonymous. But within it, the different groups have specific interests and enemies. It will attack many organizations for a variety of causes. Those acting as spokespeople for Anonymous will contradict each other, claiming responsibility for actions that are later disavowed.
The franchise has often tried to take a Robin Hood-style approach, targeting those that it believes are unjust to a broader public. It made its name initially with a campaign against the Church of Scientology, which it criticized for suppressing its followers. The campaign, Project Chanology, sparked widespread protests against Scientology, and a legal and media campaign against the organization.
Collateral Damage
The techniques used by hacktivists are relatively few. Denial-of-service attacks are a common favorite, as are website defacements. Some of the more constructive activities, such as the development of anti-censorship tools, shown real initiative on the part of activist groups. More recently, the likes of Anonymous have been criticized for hacktivist techniques that some say may do more to harm to the victims of the perceived injustices than they do to the targets.
In particular, Corman cites frequent posting of customers' personal details online as a form of protest. This does more to hurt customers who may have nothing to do with an organization's transgressions, he warns. He points to the Anonymous attack against BART, the San Francisco area transit system, where a homeless man was shot. Anonymous blamed BART for the shooting and attacked the organization, posting customer details online. This only injured the customers, Corman suggests.
There is also something opportunistic about the attacks, argues Tim Jordan, senior lecturer in digital humanities at Kings College London’s Creative Arts Administrative Centre. Not all attacks may work. “They’ll often say they will attack someone after they’ve done it, which is why their attacks seem slightly random”, he argues.
However, Anonymous can be reassuringly constructive at certain times, Jordan adds. “Sometimes Anonymous connects to people sensitively and sometimes it doesn’t. Consider Operation Tunisia. They went in offering a bunch of tools, and tried to keep the information flows going, which some Tunisians [considered] very important.”
| "[Hacktivists] often say they will attack someone after they've done it, which is why their attacks seem slightly random" |
| Tim Jordan, Kings College London |
But, as Anonymous grows in size, there are signs that its internal structure has become increasingly difficult to manage, with externally obvious results. When the brand says that it is both responsible and not responsible for attacks, and when it is seen to have done something damaging to the public, it belies a weakness that stems from a lack of cohesion. The wisdom of crowds isn’t absolute.
“There are some very principled people in Anonymous that think they’re making the world better, and they are repeatedly frustrated by the aggressive, louder, less noble ones”, Corman warns.
The Offspring
This lack of cohesion can lead to the creation of entirely different groups. The FBI indictment against Hammond and his colleagues highlights a group called the Internet Feds, an organization that in May 2011 spawned a reborn group called LulzSec, after allegedly hacking the computer systems of security firm HBGary, among others.
LulzSec also engaged in the ‘Summer of Lulz’, a 50-day spree of attacks against organizations that seemed largely random, stemming from some perceived injustices, and often launched against organizations that had been critical of LulzSec itself.
Occasionally, hacktivism can bleed into trolling, or what some call ‘internet griefing’, whereby technically competent hackers can behave in inane ways, offending others purely for the fun of it. Andrew Aurenheimer, nicknamed 'Weev', is a 27-year-old hacker known for his racist and homophobic pranks online. He claimed to have removed gay fiction on Amazon.com by scripting online complaints about inappropriate content to drastically lower their ranking, for example.
Activities such as these come from roots in the original Fortran days, when people would club together and attack organizations just for the fun of it, or, in the common parlance, ‘for the Lulz’. This led to some particularly mean attacks, including one on a support forum run by the Epilepsy Foundation of America, in which flashing computer animations were posted to try and trigger seizures. The administrators of the image boards commonly used by early Anonymous members pointed to the Church of Scientology as the culprit, mounting the attack to ruin public opinion about Anonymous.
Moving Forward
LulzSec eventually disbanded, and its members were then arrested. This raises an important question: What is the future of hacktivism, and Anonymous as a whole?
It depends in part on the system of punishment, argues Shambhu Upadhyaya. At the time of writing, Hammond faces 30 years in jail, and others also face potentially harsh sentences. "If we have stringent measures and punishments, and if you put such people behind bars, then probably that will get the message out", he says.
But it could also lead to a new kind of activism; one in which puckish, unfocused behavior could be replaced by a more measured, thoughtful and effective response to perceived social injustices. Corman outlines a potential set of principles for a "better Anonymous" that includes a stringent code of conduct, and a more equitable approach to free speech (including not targeting organizations purely for speaking out against hacktivist brands or groups).
An evolution such as this could create a set of more focused splinter groups, with specific agendas, and a less chaotic approach. The barrier to entry into these groups could be higher, keeping out script kiddies, and others there purely for the glory.
“I sometimes refer to Anonymous as an emergent property of a hyperconnected world”, Corman concludes. “It isn’t the final state. It’s the Canary in the coal mine, singing of what’s to come.”