Senior Threat Researcher
François Paget is a senior threat research engineer and one of the founding members of McAfee Labs, where he conducts a ...
After the publication of the 2013 Threats Predictions from McAfee Labs, I have received many queries regarding our expectation of a possible slowdown in Anonymous activity this year. Some readers agreed, while others were more skeptical. With this blog, I will attempt to explain these positions.
The Anonymous signature
Today, many people use the Anonymous banner. It is more and more difficult to identify the true actors of this brand of hacktivism. In the following image (which appears to be from a French maker of false papers: “certified counterfeiter/fake document wholesaler”), we see the Anonymous logo used by cybercriminals.
“Anonymous” also appeared with a bomb threat on November 5, 2012. Last February, we saw an attempt to extort US$50,000 from Symantec by Yamatough, a hacker claiming sympathy for Anonymous and Antisec. Some researchers were very suspicious regarding the real motivation.
Consequently, some researchers claim Anonymous is now an universal banner for all kind of campaigns to misinform and brainwash, and with its image damaged its notoriety will decline. On the other hand, other researchers say that with #OpWCIT, #WBC, #SandyShooting, and #AaronSwartz, Anonymous has become even more visible.
In 2012 we noted various alleged Anonymous operations that were not just unclear but fake. On November 5t Anonymous threatened Facebook and Zynga; nothing serious occurred. In September, a tweet claimed attack responsibility after GoDaddy was unable to serve millions of websites hosted on its servers. The failure was in fact caused by a series of internal network events that corrupted router data tables. The same month, Antisec claimed to have stolen 12 million Apple device identifiers from a computer of an FBI agent. In fact, this data came from the app-publishing company BlueToad.
Some say Anonymous is eroding its credibility with such efforts. For example, they point the finger at @AnonymousOwn3r, who likes to spread such misinformation. Others are more cautious, wondering, for example, if they can believe BlueToad.
Confused or uncoordinated actions?
December was announced as the month of a leak of “an unprecedented amount” of data (Project Mayhem). In the fourth quarter, YouTube became saturated with hundreds of Project Mayhem’s call-to-action videos, mainly appealing to those who wanted to expose corruption and/or to support the hacktivist cause. As reported by the Examiner.com, it may be hard to determine who is associated with the Anonymous group or any other “establishment”-related entities set up solely to gather information on participants and to entrap those who are actively leaking information. Leaked data were said to be available via TYLER, a Wikipedia style peer-to-peer network reachable after the installation of some dedicated software. Today, it is difficult to measure the significance of this platform.
The lack of results is sometimes considered detrimental to the Anonymous reputation and its image. Many uncoordinated operations such as DDoS are launched for just one day but never succeed over the long term. (The targeted companies recover within a day.) Yet the other side will say these are uncoordinated efforts for certain ops but that doesn’t mean Anonymous is in decline.
Too many script kiddies and opportunists?
We also noted some thought-provoking arrests in 2012:
Are these arrests a sign of immaturity or a sign of gradual decay? What are their real motivations?
Some will say the arrests lead only to script kiddies. Others will mention Barrett Brown and add that arrests have made Anonymous more cautious but certainly not silent.
The need of another name?
In some recent attacks, the claims were not made solely by Anonymous, but also by groups called Parastoo—after breaking into the International Atomic Energy Agency server—or NullCrew—which claimed responsibility for multiple computer attacks against corporations, educational institutions, and government agencies. Perhaps for these people, calling themselves Anonymous and nothing more may now be inadequate to meet their goals? Here, like me, some researchers will explain that if we need to use your own pseudonym or a group name you cease to be a real Anonymous. Others will reply there has always been alignment between Anonymous and other groups.
Reinforcement of other actors
Anonymous is just one aspect of hacktivism. Without the Anonymous banner, people with strong political motivation, long-term dedication, or high-level hacking techniques will create significant actions in the future. Some will defend their ideas of freedom, like French hacktivists supporting people fighting against the new French Notre Dame des Landes airport. Others (which we call cyberarmies) will convey extremist ideas from nondemocratic countries. For example, do not confuse Anonymous and The Izz ad-Din al Qassam Cyber Fighters group responsible for recent attack on banks in the United States (Operation Ababil).
Several successes in 2012
Despite many discontinued operations, Anonymous enjoyed condemning the Megaupload closure (OpMegaUpload in Q1), demonstrating in European streets and online against SOPA, PIPA, ACTA, etc. (Q1), or in London on November 5 attacking the Westboro Baptist Church group after the Connecticut massacre (Q4).
Decline or second era?
In my last whitepaper on hacktivism (page 31), I included a diagram explaining where hacktivism is headed:
It seems to me that Anonymous in its actual form (first era) will have difficulty surviving. Those in it “for the lulz” are taking a step backward. For the present, this step may be the most significant movement in the group because the movements of “Real political consciousness” and “Cooperation” are still in their early stages. Anonymous in its second era has not yet appeared. That is why we predicted a decline in 2013. By next year, we should know if the Anonymous (second era) has appeared or if the movement morphes into another hacktivist group such as “Cyberoccupiers.”