At the end of every year, security companies push out their predictions for the coming 12 months. Most are mundane prophecies: an increase in malware sophistication, more advanced persistent threats (APTs), a general widening and deepening of the threat landscape. But last year, McAfee surprised the security community with something provocative, suggesting one threat would weaken: hacktivism.
In particular, McAfee suggested Anonymous’ activity would slow down. The Intel-owned security giant had already seen a decline in successful campaigns in 2012. It went as far to say that Anonymous, “in its actual form (first era), will have difficulty surviving.”
“Those in it ‘for the lulz’ are taking a step backward”, explained Francois Paget, McAfee threat researcher, who said the hacktivist body was morphing into something different, possibly into “cyberoccupiers.”
What did Anonymous and hacktivism become in 2013 then? Looking at Anonymous campaigns over the last year-plus, there have been some notable flops. The group said OpIsrael, which sought to take down Israeli government and business websites in reaction to alleged breaches of a ceasefire with Palestinians, had caused $3 billion worth of damage. Yet experts laughed that claim off and evidence appeared to justify their scorn. OpUSA had similarly grand plans and even caused the US Department of Homeland Security to put out a warning to the banks and government bodies targeted. But it passed “like tumbleweed”, according to various sources in the industry.
Anonymous Bites Back
The Anonymous response to the Edward Snowden revelations on mass global surveillance has been noticeably quiet too. This was the organization that cost PayPal millions for stopping payments to WikiLeaks just two years ago. Why has it not been more active this time around? “The sheer scope of the information that continues to come forth from the Snowden files is taking all of us time to absorb”, says Anonymous member BlackPlans, who tells Infosecurity he has a background in IT. “While it has confirmed some of our worst suspicions, it has also shown many of us that we were not in fact paranoid enough. That is a tough pill to swallow.”
| "The sheer scope of the information that continues to come forth from the Snowden files is taking all of us time to absorb" |
| BlackPlans, Anonymous member |
BlackPlans, along with many other Anonymous members, is unhappy with media and FBI bragging about the “dismantlement of the largest players” within the group. There have been some notable Anonymous successes this year, according to BlackPlans. The activist cites recently reported breaches of US government servers. “Anonymous apparently wasn't dismantled after all, in fact apparently Anonymous had created ‘a widespread problem’ by infiltrating US government servers throughout 2013”, BlackPlans adds, claiming the group has been highly effective in non-Western nations too.
“Many in the media, and certainly segments of Anonymous itself, are also guilty of giving complete prominence to American and European operations, ignoring a lot of what anons in Central and South America, or Asia, for example, are achieving. These stories gain extensive local coverage but do not manage to attract the attention of the often myopic Western media.”
Police Make their Presence Felt
Yet Anonymous’ ostensible enemy, law enforcement, has seen a decline in activity. Back in October, the head of the UK’s new National Cyber Crime Unit told Infosecurity the group had “gone quiet. It’s not as prevalent”, he said. “I think the protections are better. But like all these things, it will re-emerge in some form.”
Arrests and subsequent convictions appear to have paid off, from the perspective of British police. Across the world, DDoSers have been convicted of attacks throughout the year. In the UK, the most significant were those of Christopher Weatherhead, Peter Gibson, Ashley Rhodes and Jake Birchall, who hit PayPal, MasterCard, Visa and the British Recorded Music Industry, allegedly causing millions of pounds of damage. LulzSec’s Ryan Cleary, Ryan Ackroyd, Jake Davis and Mustafa Al-Bassam were also handed sentences.
Earlier in the year, BlackPlans admitted to Infosecurity that some members had left either because they had become disillusioned, or had been scared off by the threat of imprisonment. Police are doing a good job of creating effective deterrents.
Hacktivism Is Just Activism Now
With the decline of hacktivist group LulzSec – which was torn apart after apparent leader Sabu became an FBI informant – and a weakened Anonymous, one might surmise that hacktivism is less of a threat than it has been over the last few years. Yet that misses a key point: activists now see digital tools as vital in showing dissent to their opponents. This year, it has become evident that internet attacks have been core to major protests and they often aren’t carried out by Anonymous or their ilk.
In Ukraine, distributed denial-of-service (DDoS) attacks have taken government sites offline, as protesters showed their dismay at the president’s decision to distance the country from the EU. Dell SecureWorks revealed to Infosecurity that the Dirt Jumper botnet was used in attacks on the president’s site (president.gov.ua) and Ukraine’s unicameral parliament, the Verkhovna Rada. They have now ceased their actions on those sites, instead hitting a number of Russian websites, including a pornography site. This would indicate those running the botnet either rented out their bots to activists, or they were joining in the protests themselves.
Attacks on internet infrastructure don’t have to be carried out from a computer either. During the riots in Thailand in November, anti-government protests voiced anger at Prime Minister, Yingluck Shinawatra, over her decision to pardon her brother, Thaksin Shinawatra, who is wanted and was slated to serve a jail term for corruption. The protesters shut off power to the state-owned Communications Authority of Thailand, otherwise known as CAT Telecom.
Arbor Networks showed Infosecurity the impact this had on Thailand’s internet, which saw thousands of websites go down, including thaiairways.com, the site of the national air carrier. For three hours between 9 am and 12 am on November 30, 2013, CAT Telecom and the sites it was serving went completely dark. This ended up being counterproductive for the activists, due to their reliance on Facebook and Twitter. They didn’t consider similar tactics as protests continued throughout December.
The Banner of Anonymous
Whereas Anonymous may no longer be a tight unit with common aims, it has shown the world DDoS and other forms of attack can be useful in fighting for a cause. Raj Samani, CTO of McAfee EMEA, in explaining his employer’s prediction, says the Anonymous ‘banner’ can now be adopted by any protester hoping to add some weight to their online campaigns.
| "[Anonymous is] more of a cause rather than an active group working collaboratively now… the very nature of the attacks have changed" |
| Raj Samani, McAfee |
“That’s probably been its biggest success story, to create a collective banner for those who believe there has been an injustice”, he adds. “Yes we’re seeing a decline of Anonymous the group, but that’s not to say that other groups will not use the banner.
“Two to three years ago it was a core few individuals. It’s more of a cause rather than an active group working collaboratively now… the very nature of the attacks have changed. We will certainly see some more [Anonymous] campaigns, but they won’t have the same intensity.”
As for those who have left Anonymous, they “will no doubt continue to campaign for the same issues that made them interested in joining the hive in the first place, just via different methods”, adds BlackPlans.
Hacktivism is now such an integral part of activism that the term itself is becoming meaningless. Just like e-commerce is becoming an obsolete term, because it is simply part of general commerce in the internet age, hacktivism is no longer an adequate neologism. Attacking websites is now just another way of showing dissent.
Time for a Change?
Many activists still yearn for a change in tack when it comes to digital efforts, however. DDoS has always been controversial, in that it denies one of the core rights Anonymous has always stood for: freedom of speech. Others have been perturbed by the homophobic language used by the hackers, such as the term ‘faggot’ repeatedly appearing in open forums. They worry amoral script kiddies are the dominant forces in the scene.
For Mustafa Al-Bassam, the aforementioned convicted member of LulzSec, a more constructive approach is needed if hacking is to remain a useful tool for activists. “The shift in ‘hacktivism’ needs to be more constructive and focus on building tools that address issues, which I think is what we're already seeing”,
Al-Bassam says.
DDoS, he believes, is already on the way out of activists’ arsenals. “I don't think it's an effective tool in the sense that it directly achieves the intended direct result, and I often cringe when people respond with a DDoS attack to almost every issue that they want to campaign against rather than thinking of more creative or constructive means, but it does often bring publicity to issues that the mainstream media doesn't cover.
“I think we're already seeing DDoS as a knee-jerk response declining.”
Rather than hacktivism falling in 2013, it has changed in manifold ways. Anonymous is even less tight-knit than it ever was. DDoS in its various forms has been adopted by all dissenters. And yet, as we head into 2014, it looks set to become something considerably less destructive than before. That can only be a good thing.