Individual Privacy: The Latest Victim of Anonymous Hacks?

Written by

In its characteristically brash expression of anti-establishment fervor, Anonymous released a flurry of names that are believed to belong to members of the Ku Klux Klan, the notorious right-wing, white supremacist group that once commanded great respect in the segregated, mid-20th century southern United States.

The list, which contains 57 phone numbers and 27 email addresses of alleged clan members, was officially leaked on 5 November, commonly known in the UK as Bonfire Night, which includes the burning of an effigy of Guy Fawkes who attempted to blow up the Houses Of Parliament in 1605.  But for “Anon” supporters, the date symbolizes a movement made famous by the 2005 film “V for Vendetta”, in which a disguised vigilante, donning a Fawke’s mask, launches a series of violent attacks against a tyrannical government in a dystopian, post-war Britain. 

While the data dump was met with online adulation on social media, digital privacy advocates were far less keen to embrace the idea of a leak containing sensitive individual data released by a group that has historically targeted institutions engaged in internet censorship and privacy violation.

The news of an imminent release from the Anonymous Twitter page in late October sprouted a myriad of copycat leaks that sought to capitalize on the attention generated from the event. A list of names, social media accounts, credit card numbers and addresses of alleged members paraded as the “Official OppKKK Hoods Off Data Release” on the website Pastebin, purportedly targeted US citizens who had expressed online interest in “opposing interracial relationships, homosexuality and illegal immigration,” but was swiftly discredited by members of the group. The fraudulent leak was nonetheless widely shared by left-wing news sources such as US Uncut, and more credible outlets like the International Business Times.

The most prominent victims were politicians from several states and major cities in the United States, among them the Democratic mayor of Lexington, Kentucky, Jim Gray. Gray’s case was sufficient to put the incredulity of the leaks to rest—in 2005, the then political hopeful announced that he was gay—enough to dissuade even the most liberal members of the clan from allowing him into their ranks.

In the chaos of the internet backtracking to confirm the information, the damage had already been done. In an attempt to reach out to a randomly selected “white-supremacist group”, UK-based newspaper, the Guardian managed only to get hold of a non-profit organization specializing in nuclear non-proliferation instead.

Humorous as this instance may be, seemingly legitimate faux-leaks conflated with the unmitigated impressionability of the internet is a disaster waiting to happen. Loads of cached credit card, social security and address information of unsuspecting individuals and organizations were posted online, thus putting into question the credibility of hacking collectives to regulate themselves.

When Daniel Domscheit-Berg, a former WikiLeaks confidant, announced his departure to expand the “leaks” label, the soaring popularity of the open-sourced, anonymous model immediately took a hit. The new site, TradeLeaks, became inundated with irrelevant information, unverifiable half-truths and spam. Anonymous’ decentralized “hacktivist” model is inadvertently careening down the same path, accumulating a heap of collateral damage as imitators hastily join its descent.

The organization is becoming a victim of its own strength: the unbridled inconspicuousness of the internet that gives rise to spurious claims and bogus sources. More particular to their actions, the group has been criticized relentlessly for being selective with their targets, choosing to combat what they view as censorship and freedom violations by ironically violating the privacy of their targets. In 2011, the group unleashed havoc on the Arizona Department of Public Safety in retaliation for strengthened immigration laws, leaking credit card and social security numbers of border patrol agents and employees of civic institutions, members of the public workforce who were unlikely to be influential in the passage of the law to begin with.

Oxblood Ruffin, a Canadian hacker who gained acclaim by serving as a key figure in one of the oldest hacker groups on the net, Cult Dead Cow, described the group’s actions as an affront to civil liberties. While maintaining the importance of access to free speech and privacy, Ruffin assessed that Anonymous’ function as a vigilante group essentially anoints it with the arbitrary ability to decide who can and cannot express themselves, a concept forbidden to most governments in liberal, western democracies.

In an interview with Motherboard, Ricardo Dominguez, a University of California professor and founder of activist group Electronic Disturbance Theatre, disagrees with this assessment. Conceding that “radical transparency” is an idea he is not fond of, Rodriguez views the denial of service attacks that Anonymous often employs as a form of civil disobedience, akin to that of sit-in protests during the African American civil rights movement.

Though they deviate in their perception of modern hacking groups, both Ruffin and Dominguez seem to agree that leaks containing sensitive personal data are tantamount to data theft and should never be employed in a way that would expose an innocent bystander to harm.

But the Pastebin copycat leaks are a glaring contradiction to that code. A Wall Street Journal interview with J. Keith Mularski, the agent in charge of the cyber squad of the Federal Bureau of Investigation in Pittsburg, Pennsylvania revealed that “anybody could say that they have their own group that was a member of Anonymous” and thus use the reputation of the hacking cooperative to pursue their own agenda.

Although Anonymous has galvanized a cult-like following into the age of 21st century civil disobedience, the internet has long been known to house a dungeon of unsupported information and anonymity has occasionally added fuel to the fire. The delicate balance between privacy and information sharing is as ambiguous as it is unobtainable and the rate of copycat attacks seeking to ride the bandwagon has expanded with the popularity of internet hacking groups.

The goal of hacking collectives is becoming less an issue of fairness and more of an issue of retribution at the expense of the values the hackers themselves preach.

What’s hot on Infosecurity Magazine?