The goal was to agitate for various anti-government causes, ranging from letting up on Julian Assange to correcting what it sees as bad corporate behavior. However, its most high-profile targets went unscathed.
The hacktivist group attacked websites including NBC, pop singer Lady Gaga and the Australian government, causing minor outages – most are back up now. It did not, however, make good on its recent threat against Facebook and Zynga, nor, it turns out, did it hit PayPal, a BBC report said, despite tweets saying otherwise. Symantec, which it threatened, is still investigating whether anything has happened.
Though rumors abounded (promulgated through erroneous and non-fact-checked Twitter posts) that the group uploaded 28,000 email addresses, names, and passwords from PayPal accounts, it turns out that the firm it hit was ZPanel, a web hosting software developer, according to a PayPal investigation.
Anuj Nayar, a PayPal spokesman, told the BBC that the online payment firm had been investigating the attack since Sunday night and concluded that there was no evidence any of its data being breached.
The group takes its inspiration from Guy Fawkes' attempt to blow up Parliament in 1605, an occasion marked with fireworks and bonfires in the UK. Members wear Guy Fawkes masks when demonstrating in public, and often issue high-blooded manifestos against what it sees as social ills – most recently under the auspices of the #OpNov5 and #OpVendetta Twitter hashtags, which it used to stir up support virally. For instance, in the Australian government’s case, it was protesting the government’s proposed cybersecurity law, which would filter the internet for things like illegal porn rings.
"Not only does this legislation completely remove the presumption of innocence which all persons are afforded, it goes against one of the essential dimensions of human rights and privacy law: freedom from surveillance and arbitrary intrusions into a person's life," reads the statement on the front page of new-age website ascensionaustralia.com.au, one of the websites still affected at the time of this writing.
Despite the anti-climactic nature of Anonymous’ efforts, the tactic is unlikely to fade into memory. “The recent security breaches are no surprise, given that hacktivist groups are always seeking media attention around significant political events such as the US election,” said Gary Clark, vice president at SafeNet, in an email to Infosecurity. "This should raise a red flag to chief security officers as we are likely to see a spike in hactivist attacks around other major political events throughout the year.”
Organizations need to be vigilant because these threats aren’t usually easy to forecast in terms of targets, as the Bonfire Night spree showed. “Layering strong security in the forms of multi-factor authentication and data encryption will help mitigate damage from a group of threat actors who aren’t motivated by money but want to disrupt digital society and economies to justify their own political agendas”, Clark added.
"When will governments learn that the internet will never be controlled and we will not allow governments to trample on our civil liberties and our basic digital privacy rights?", the group said in its Australian message. According to Anonymous, not any time soon – meaning that the hacks are likely to continue for some time to come.