Anonymous Mused

Donate for the Cryptome archive of 65.000 files from June 1996 to the present

30 December 2011. Also, by JYA: http://cryptome.org/0006/anonymous-wabc.htm

27 December 2011. Not by JYA.

Anonymous Mused

A sends:

The recent attack on Stratfor [1][2][3] brings to light some questions that can not be ignored. As we all well know, Anonymous has taken credit [4] for this attack. With events such as this it is very possible that there are goings-on behind the scenes that need to be taken into account.

Lets start with Anonymous' [5], and it's sub-organization #antisec [6], as a whole. Anonymous fancies itself as some sort of hacktivist organization fighting for the greater good of all mankind. In reality it is nothing more than a name that different groups can hide behind in order to leak/drop information and attach itself to the Anonymous "brand" or rather, it's PR infrastructure. For example, there are various Twitter accounts [7][8] and IRC servers [9] that serve as the main conduit for news and information related to recent Anonymous activity. Not only is Anonymous very good at PR, they piggy-back off of preexisting movements in order to gain attention and new members. For example, the "antisec" or "pr0j3kt m4yh3m" movement was not started by Anonymous, rather multiple groups started some years ago created this movement [10][11]. Anonymous has adopted it as their own after the movement slowed down due to various reasons (group members growing older and getting a job, getting arrested [12], drug overdoses, etc).

In earlier times, these groups would leak/hack/drop this information under their own name and release it in various "e-zines" [13][14][15] that were then passed around to other "underground" groups and hackers. Most of these groups found over the years that this system accomplished nothing but painting a target on themselves and their group. Victims of these groups would have a name behind who was responsible and would, if the right skills were had, be able to retaliate in a somewhat effective manner.

This is now why you see a sudden ramp up of hacks/leaks under the name of Anonymous. These groups realized that by using the Anonymous name they could effectively use other Anonymous members as a "human" shield and have some plausible deniability. Eventually, these groups realized that by leaking their hacks/information to the Anonymous "group" #antisec, they could easily hide and use the PR boost as an advantage. In essence, someone will hack a website (Sony, PBS, HBGarry, Police Websites) and then give the information and access to Anonymous groups to do what they please. These groups will then analyze this information and leak it in order to maximize damage. There are also times when Anonymous "leaders" will ask others to "donate" 0-day exploits [16] to them so they can use them how they please [17].

It does not take a brilliant mind to think of ways this system can be exploited. Some of Anonymous' targets have been government agencies [18] and corporations [19]. Organizations that have enemies and competitors that are extremely determined. If any of those enemies were to attack their competitor they would not have any good way of leaking that information without outing themselves as the culprit. This is where Anonymous comes in. Using Anonymous, anyone can hack/leak/and delete corporate or government secrets and make it look like it was the "hacktivists" that did it. Thus, diverting blame from themselves and onto, largely, unsuspecting groups of people who flock to the Anonymous "ideals." These people, or scapegoats rather, are the ones that read about these Anonymous "hacks" and decide to join in by connecting to their IRC servers and launching DDoS attacks on Anonymous targets [20][21]. They are the ones who are eventually caught, leaving the real (and more skilled/intelligent) culprits in the dark behind the Anonymous shadow.

Now lets talk a little about the recent events surrounding Stratfor [22]. As you have read in the news, hackers managed to download roughly 200GB worth of company emails, various IT support tickets, and the complete (90K strong) customer database including credit card information . Not only did the hackers acquire this information, once they were done downloading it all they deleted the backups [23], effectively putting Stratfor out of business for the time being. Many people [24] are left wondering why Anonymous has targeted such a company. Stratfor worked by providing news analysis to subscribers via email and their website and used mainly OSINT [25] to accomplish this. Their subscribers are made up of a multitude of organizations and people including: Police, Schools, Intelligence Services, Journalists, and international affairs aficionados. So this attack raises some eyebrows when it comes from the Anonymous name since the Anonymous name was at first established by those seeking to provide transparency and fight for first amendment rights in other countries.

It may be that a group of Anonymous has just picked the "low hanging fruit," but it seems that if someone really wanted to stick it to a private intelligence firm that worked with/for the government they would have gone after more shady intelligence companies such as GK Sierra [26], Aegis [27], GPW [28], or Hakluyt [29].

This then leaves the imagination to wander. Was the Stratfor hack the work of a competitor? Foreign Intelligence Service? Or was it really just a group that has been working under the Anonymous name in the past? I guess the question will take someone more "in the know" than me to answer.

[1] http://www.csmonitor.com/USA/2011/1226/Intelligence-firm-Stratfor-reels-after-data-breach.-
What-did-hackers-get

[2] http://edition.cnn.com/2011/12/25/us/stratfor-hacking/

[3] http://www.zone-h.org/mirror/id/16416728

[4] http://pastebin.com/q5kXd7Fd

[5] http://en.wikipedia.org/wiki/Anonymous_%28group%29

[6] http://en.wikipedia.org/wiki/Operation_AntiSec

[7] http://twitter.com/anonymouSabu

[8] http://twitter.com/#!/AnonymousIRC

[9] http://anonops.com

[10] http://en.wikipedia.org/wiki/Antisec_Movement

[11] http://lucifer.phiral.net/pHc/old/

[12] http://www.soldierx.com/hdb/Unix-Terrorist-Jim-Jones-theut-zmagic-yu0