Information security—the security of networked digital information—is becoming increasingly important to the national security concerns of states, as well as to users of the internet. Information conflicts—conflicts around the control, creation, aggregation and dissemination of online information—also warrant the attention of peace practitioners.
At the state-level, many political conflicts are manifesting as information conflicts. Additionally, information security (the security of networked digital information) is being increasingly “securitized.” Securitization involves describing an issue as an existential threat to a particular object and thus potentially bringing the issue onto the security agendas of states, thus justifying special measures to combat the threat.1
China, which has been accused of hacking Google’s infrastructures,2 has accused the US of being an “information imperialist,” and of using the internet to overthrow governments.3 States, corporations, and the media are increasingly accusing state actors of information security breaches.4
States are allocating increasing resources to information security, as well as to information warfare. This year, whilst the US faced a budget crisis, the Pentagon requested US$3.2 billion worth of funding be allocated to “cyber security”—a figure roughly equal to the military expenditure of Morocco or Argentina.5 The newly established US Cyber Command has had “operational capacity” since May 2010.6 “Cyber commands” are becoming increasingly attractive idea to ministries of defence. The defence secretary in the UK has proposed plans for an integrated cyber command under the Ministry of Defence.7 The Indian Ministry of Defence is looking to establish a “Cyber Control and Command Authority.”8 China has established a “Blue Army” to defend the People’s Liberation Army from attacks on its networks.9
The Stuxnet worm (a self-replicating computer virus that spreads without intervention)10, responsible for the sabotaging of centrifuges involved in the Iranian uranium enrichment program, is arguably one the most complex and expensive known pieces of malware11 in existence, and the most widespread malware specifically designed to infect industrial equipment. Stuxnet was possibly designed and deployed with the backing of state intelligence and security agencies.12
Cofer Black, ex-Director of the CIA’s Counterterrorism Centre (and director of a subsidiary of the largest private security contractor to the US State Department) recently announced at Black Hat, a security conference that facilitates connections between hackers and US defence, intelligence, and security agencies, that Stuxnet marked the “Rubicon of our future.”13 Whether or not this represents an historical turning point (or an implicit admission of involvement by a US agency in Stuxnet), this highlights the military industrial complex’s tacit acceptance of malware as a tool be used by states in future information conflicts.
Non-state actors are also important actors in information conflict. Information and communication technology also allows individuals or small groups to conduct actions with global impacts. Individuals acting as part of loosely coherent online movements are becoming increasingly significant in information conflict. This is reflected in the rapid growth of, and response to, the online “hacktivist” movement called Anonymous. This paper investigates current information conflicts involving Anonymous, outlines the electronic terrain, the tools and methods used, and addresses the greater significance of Anonymous to peace practitioners.
In December 2010, thousands of internet users conducted “protests” or “attacks” on the websites of MasterCard, Visa, and PayPal, bringing the MasterCard and Visa websites offline for a number of hours. These users were responding to a campaign launched by Anonymous called Operation Payback. Operation Payback was a protest action against these companies in response to their withdrawing access by Wikileaks to these services.14 At the time, John Perry Barlow, co-founder of the Electronic Frontier Foundation, a US-based internet advocacy group commented that “the first serious info(rmation) war (was) now engaged.”15 This was the beginning of a wave of protests and hacking attacks against different targets in the name of Anonymous and other affiliated groups that have been conducted in the previous year.
No “war” had begun. A conventional definition would include over 1000 casualties a year as a direct result of political violence, and there are no recorded physical casualties related to action by Anonymous. However, these events are highlighted the emergence of an information conflict or series of information conflicts that should warrant the concern of peace practitioners.
In 2011 internet users using the name and branding of Anonymous have been involved in protests and attacks on government and company websites in Algeria, Brazil, Bahrain, Ecuador, Egypt, Libya, Spain, Syria, Tunisia, Indonesia, Iran, Italy, Malaysia, Venezuela, the US, United Kingdom, and Zimbabwe, as well as the hacking of websites of police departments; US military, security and intelligence contractors; and NATO. Anonymous gave rise to the hacker group called Lulz Security (LulzSec), which has compromised and leaked information from the websites of (among others) Booz-Allen Hamilton, the Arizona state police, CIA and FBI contractors, Sony, and websites of the News International Corporation (controlled by Rupert Murdoch).
Many of these attacks merely slowed down traffic to the websites or rendered them offline for some time. Some of these attacks involved the defacement of websites. Some attacks have involved the compromising of and subsequent leaking of private information contained by the websites or related compromised infrastructures.16
In 2011, Anonymous has also been involved in real-life protests and civil disobedience in the US and Spain.
What is Anonymous? Who are its “members”? What are their aims and objectives? How do they act in the arena of information conflict—and why?
Anonymous first caught the public’s eye with its protest action against the Church of Scientology(CoS) in 2008. This protest was in response to the CoS seeking legal action to remove videos about Scientology from the internet, which contained leaked footage of Tom Cruise making controversial claims about Scientology. “Project Chanology” as the protest movement was called, involved online protests and attacks on websites, supplemented by real-life protests at Scientology premises.17 Protesters often wore Guy Fawkes masks from the movie and graphic novel “V for Vendetta.” The mask has become a popular symbol for Anonymous.18
Canvas a range of commentators and you may be told that Anonymous is one of the following: a criminal group; a “cyber-terrorist” organization; a group of “hackers”; “crackers,” or “black hat hackers”; “script kiddies”; “activists”; “hacktivists”; or “slacktivists.”19 The terminology and its normative foundations are too complex to go into in this article, but ascribing a label to Anonymous is similar to the dilemma posed by the phrase, “one man’s terrorist is another man’s freedom fighter.”
Anonymous is not a coherent organization, and it has no identifiable leaders. Many argue there are no leaders, and leadership is generally renounced within Anonymous. Some say Anonymous is an internet meme—an idea or concept that is spread online and remixed such that it evolves in a dynamic and often unpredictable fashion.20 Memes often have no identifiable creator, and their origins come from their shared meanings. Anonymous, in this light, is more like an internet sub-culture or a brand than a coherent movement.
Anonymous has no manifesto, no constitution, no governing bodies. Operations are proposed within Anonymous, and “anons” (participants in Anonymous) decide whether to participate or not. Anonymous is largely devoid of a coherent ideology, other than a shifting combination of two ideals. The first is that operations are launched in support of information freedom (e.g. internet censorship), and against those who seek to restrict it.
The second ideal is that operations are done “for the lulz.” “Lulz” is a corruption of the acronym LOL which stands for laugh out loud.21 Doing things “for the lulz” implies doing things for fun, rather than for an ideological objective. The lulz can often imply laughter at the expense of others. Lulz can be thought of as a means to an end, but also as an end in itself, which adds to the ambiguity of the concept.
The word has been popularized by Lulz Security (LulzSec), a group of hackers that arose from Anonymous and use and communicate on the same chat rooms. LulzSec seem to have conducted operations both “for the lulz” (e.g. leaking porn users’ passwords and the leaking of the UK game show, “the X Factor” contestant database), as well as a means to an end in other political battles (such as their hacking of the Arizona state police and leaking of their data as a message against the war on drugs and immigration policies) or media battles (such as its attacks on websites belonging to News International).
It has been argued that there is a sort of democracy in the choice of operations conducted by those involved in Anonymous. Operations can be proposed by any “anon” (anonymous person) and are successful according to the amount of other anons who decide to participate. These details are discussed on public Internet Relay Chat channels (chat-rooms), online and sometimes on social networking sites like Twitter and Facebook. Anyone can propose an operation and any number of people, from a handful to thousands, may get involved.22 Attributing operations to “Anonymous,” although participants use the name and branding of Anonymous, is thus problematic, as anyone can perform an operation in the name of Anonymous.23
It is hard to generalize about the nature of the targets of Anonymous. Many operations have targeted governments or corporations for restricting internet and phone access, such as those complicit in such activities in the Middle East and North Africa. More recently Anonymous has protested against (and some members have hacked) the Bay Area Rapid Transport System (BART) in San Francisco. This was in response to BART shutting down mobile phone signals in order to interrupt a protest against the BART police for the shooting of a homeless man.24
Recent targets of Anonymous, as well as the targets of Lulz Security, could broadly be seen as an amalgamation of government agencies as well as corporations. Some corporate targets could be classified as parts of the US military industrial complex (the military, CIA, FBI, and their private sector contractors).
The “AntiSec” (Anti Security) movement promoted by some participants in Anonymous and LulzSec seem to point toward elements of the information security industry—corporations working with the military industrial complex being specific targets. Those who usually have been seen as “white hats” (“hackers for good,” or government and corporation hackers) or do business with military and intelligence agencies, are now possible targets of AntiSec. Many operations have no “targets” and are aimed more at fostering public debate.
Anonymous uses tools that are technologically simple, cheap to deploy, easy to use, and rely largely on spectacle, rather than solely on the physical damage caused. Some tools attack websites to slow them down. Some tools compromise the security of websites to obtain and leak information. Many tools cause no harm at all (physical or digital).
One previously used tool of protest or “weapon” is the distributed denial of service (DDoS) attack. A DDoS attack involves the continuous flooding of a website with useless information, which can cause the website to slow down or go offline. DDoS must be conducted from a large number of computers in order to be effective. Many tools can be used for DDoS attacks. Anonymous has often used software called the Low Orbit Ion Cannon, or LOIC. It is simple to operate, and does not require any advanced knowledge of computers.25
There have been arrests in the Netherlands, Spain, Turkey, United Kingdom and US for the use of the LOIC. In the US, 14 defendants stand accused of using the LOIC to attack PayPal online infrastructures. Many argue that partaking in a DDoS attack can be an act of protest—the online version of a sit-in. DDoS attacks have been recognized in a German court as a protest, not a crime. Some have argued that criminalizing such protest activity can have negative consequences for democracy.26 A DDoS attack will usually only take down a website for a few hours, until the attacks cease—like protesters outside a building stopping business activities from happening until the protest ends. DDoS does not alone generally compromise the security of a site and allow for the stealing of information unless the target site is hacked and exploited while it is weakened.
A distinction needs to be drawn between a DDoS attack conducted by use of the LOIC and attacks conducted by “botnets”—networks of “zombie” computers that have been infected with viruses or malware. Botnets do the bidding of their “herders,” which can be anything from sending spam or stealing information to conducting DDoS attacks. Botnets harm both their targets and the unwilling owners of zombie machines. Those using the LOIC voluntarily should be assessed differently from those employing botnets.27
Other tools are used by Anonymous to break the security of a website and thus deface websites or obtain private data hidden within the target website and related compromised infrastructures. One such tool is the SQL injection, an easily employed strategy for exploiting vulnerabilities on websites. Often SQL injections are used to gain access to private data and then leak the data online. Data from law enforcement agencies and defence and intelligence contractors have been obtained by participants in Anonymous using SQL injections and other “exploits” (vulnerabilities).
Many (possibly the majority) of operations do not compromise the functioning or security of websites but rather involve the spread of media and information. Images and videos are remixed and shared over YouTube, which are further shared over platforms like Twitter and Facebook. Musicians have made dedications to and songs for Anonymous and LulzSec.28 The anti-copyright online radio station, “Radio Payback” plays music in support of Anonymous.29 Many operations by Anonymous involve the dissemination of flyers and the sending of faxes.30 In response to PayPal providing the FBI with a list of the top 1000 participants in the attack against it, Anonymous launched a legal operation, a boycott called “Operation Pay Pal,” in which Anonymous encouraged people to close their PayPal accounts in protest.31 There are also “real life” protests by Anonymous, such as the protest against BART. At this writing, it seems that protests by Anonymous may occur in September and October, as part of the “US Day of Rage.”32
The involvement of Anonymous in the Arab spring represents a case of its involvement in violent political conflicts. After the actions in support of Wikileaks, Anonymous turned its attention to Tunisia where there was a government crackdown on bloggers, online activists, artists and other creators of internet content. Many in Anonymous conducted attacks on Tunisian government websites. Anonymous also disseminated information and advice to Tunisians about avoiding internet filtering and surveillance, as well as on conducting nonviolent protests. A document entitled “Guide to Protecting the Tunisian Revolution” was collaboratively created and disseminated online.
As the Tunisian uprising spread through the region, the “Guide to Protecting the North African Revolution” emerged.33 Attacks appeared on government websites throughout the region. Anonymous was also involved, with another online collective called Telecomix, in opening lines of internet communication to Tunisia, Egypt, Syria, and other countries in the area that were free of government filtering or surveillance.34
While Anonymous on the whole has been helpful to Tunisians, it has recently been criticized for continuing to be involved in the Tunisian conflicts by attacking websites in response to government censorship of pornography, (agreed upon by many Tunisians).35 Furthermore, throughout the region, in an environment where incumbent governments are increasingly accusing activists of being agents of foreign forces, the involvement of Anonymous, despite its best intentions, can by association be detrimental to the participants that it tries to support.
If Anonymous is seen as an actor, or group of actors, in information conflicts, rather than one group in a battle between law enforcement and intelligence and military agencies, then surely peace practitioners should be involved in making peace and keeping peace. These conflicts must be managed or transformed, while paying attention to solving their causes, and cannot be resolved through law enforcement and intelligence gathering.
Anonymous makes it hard to understand who their enemies really are, and no doubt this enemy is as shifting as the make-up and temperament of Anonymous. There are allusions to the enemy being corporations or the “corrupt governments of the world”36 but this does not really help to clarify. Anonymous does not represent a single conflict but a multitude of interrelated and shifting information conflicts, with multiple participants, rather than a single one.
How does one assess conflicts in which many players are nameless and faceless? Who are the actors and what are the stakes? How does one identify stakeholders? Anonymous, and anonymous entities, cannot legitimately be considered stakeholders in a conflict unless they can prove to be affected by it. How can an anon from, say, the US or Serbia be considered a stakeholder in conflicts in the Middle East and North Africa? On the other hand, Anonymous gets involved many information conflicts in which it is hard to distinguish stakeholders on a national basis, and arguably in such instances (e.g.conflicts around Wikileaks) we are all stakeholders.
Online anonymity (and pseudonymity—the use of fake names) are not new, but as old as the internet itself. Anonymity, however, should be of concern to peace practitioners. Online participation is becoming an increasingly significant factor in violent conflicts as have been witnessed throughout the Arab Spring. Many protesters, as well as supporters of incumbent governments, have used online social networks as avenues to take part in and influence protests and political conflicts. Protesters often used anonymous identities to protect themselves from reprisals by security forces, or other negative results of protest action. Online anonymity cannot be rejected as illegitimate and politically insignificant, given the balance of power between protesters and incumbent regimes.
Randy Zuckerberg, ex-marketing director of Facebook, stated that “anonymity on the internet has to go away.” This is neither possible nor desirable, especially in repressive regimes. What extraordinary measures, like censorship and invasion of privacy, would such an enormous feat entail?
Many influential online identities were unmasked and linked to real identities during the Arab Spring. Despite being detrimental to the people behind these identities, this unmasking can prove beneficial to the movements they supported. In Egypt, Google executive Wael Ghonim used an online moniker when calling for protests and was detained by the security forces. His public appearance on television after his release (and subsequent television appearance) mobilized many new protesters to take part in the protests, and the day after his release saw one of the biggest crowds ever at Tahrir Square. However, those revealed as participating in protests online have also been unlucky, disappearing in places like Egypt, and losing jobs in Bahrain, for example.
Online identities provide opportunities for intervention by those external to the conflict and can often be harmful and counterproductive, as in the case of the Syrian “lesbian” blogger, who was revealed to be a non-Syrian heterosexual male. This gave the Syrian government “evidence” of foreign intervention in its affairs through the internet.
Fake online identities, or “sockpuppets” are not only used by non-state actors in information conflicts but are also increasingly used by states and military, security, and intelligence agencies. E-mails from US defence contractor H.B. Gary, which were acquired by hackers from Anonymous and leaked online, reveal an “astro-turfing” software commissioned by the US Air Force. Astroturfing refers to the practice of using multiple sockpuppets to mimic the activities of grass-roots movements online.37
Anonymous summarizes the software as follows:
“It is a software that would allow a single agent to command an ‘army’ of sockpuppet accounts on social networking mediums. It is sophisticated enough to develop a ‘profile’ for each puppet to add a level of ‘realism’ to each. In short, there would be no … way to distinguish between 100 people commenting on a subject, and 100 of these puppets doing the same.
This is nothing new for those of us familiar with how the net works. However, given recent events across the world, the idea behind (the software) seems to be “weaponizing” sockpuppets, in order to influence the face of revolutions that are based within social networking sites.”38
Online information is becoming increasingly important to real-life conflicts and peace practitioners need to concern themselves with the particular challenges posed by information conflict. The increasing socialization of the internet—its integration with social networks and their component online identities, the increasing involvement of online identities with real life conflicts, and the increasing use of, and weaponization of, sockpuppets represent new challenges to peace practitioners concerned with building peace in an information society.
Alex Comninos (http://alexcomninos.com) is a doctoral student at the University of Giessen and a researcher on ICT issues.
1 For an overview of the school and the concept of securitisation, see Vladimir Šulović, “Meaning of Security and the Theory of Securitization”, 5 October 2010, Occassional Paper Series, Centre for Civil-Military Relations, Belgrade, http://www.ccmr-bg.org/Occasional+Papers+and+Analysis/3855/Meaning+of+Security+and+the+Theory+of+Securitization.shtml.
2 Dan Sabbagh, WikiLeaks cables blame Chinese government for Google hacking, The Guardian, 4 December 2010. http://www.guardian.co.uk/technology/2010/dec/04/wikileraks-cables-google-china-hacking.
3 Clifford Coonan, “The Google war: China calls US an ‘information imperialist’”, The Independent, 23 Jan 2010, http://www.independent.co.uk/news/world/asia/the-google-war-china-calls-us-an-information-imperialist-1876409.html.
4 A recent report from the anti-virus company McAfee alleged that hackers had penetrated 72 companies and organisations in 14 countries and had stolen national and corporate secrets. Allegedly, the nature of the targets “pointed a finger at a state actor behind the intrusions” (See the McAfee Report: Dmitri Alperovitch, Revealed: Operation Shady RAT, McAfee Blog Central, 2 Aug 2011, http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat). These claims were picked up on an reported quite uncritically by the media have been questioned by other anti-virus companies that point to a lack of evidence pointing to a state actor, as well as the stealing of data (see Gabriel Perna, “McAfee’s Rivals Scoff at Shady RAT Report”, International Business Times, 5 August 2011, http://www.ibtimes.com/articles/193338/20110805/mcafee-rivals-scoff-shady-rat-kaspersky-symantec.htm; Hon Lau, “The Truth Behind the Shady RAT”, Symantec Connect Community, http://www.symantec.com/connect/blogs/truth-behind-shady-rat; Egugene Kaspersky, Shady RAT: Shoddy RAT, Nota Bene, August 18 2011, http://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat). An information security professional alleged that “the media has spun this one way out of control” (Patrick Grey, “Risky Business #205 — Who’s the real Shady RAT?” (Podcast), Risky Business, 5 August 2011, http://risky.biz/RB205).
5 For US spending on cyber-security see Aliya Sternstein, “Pentagon seeks $3.2 billion for revised cyber budget”, nextgov, 24 March 2011, http://www.nextgov.com/nextgov/ng_20110324_2474.php. For a breakdown on this spending see “Cyber spending at Defense”, nextgov, 29 March 2011, http://www.nextgov.com/nextgov/ng_20110329_1325.php. US military expenditure for 2010 was 687 billion. Total military expenditure figures for 2010 are from the Stockholm International Peace Research Institute Military Expenditure Database (http://milexdata.sipri.org) and are in 2010 prices.
6 “On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command (USSTRATCOM) to establish USCYBERCOM. Initial Operational Capability (IOC) was achieved on May 21, 2010…USCYBERCOM is a sub-unified command subordinate to [USSTRATCOM]. Service Elements include Army Forces Cyber Command (ARFORCYBER); 24th USAF; Fleet Cyber Command (FLTCYBERCOM); and Marine Forces Cyber Command (MARFORCYBER)” (US Cyber Command Factsheet May 25 2010, US Department of Defense http://www.defense.gov/home/features/2010/0410_cybersec/docs/CYberFactSheet%20UPDATED%20replaces%20May%2021%20Fact%20Sheet.pdf). For US Cyber Strategy see http://www.defense.gov/home/features/2010/0410_cybersec).
7 Robert Densmore, “Liam Fox Faces Uphill Battle as He Leads MoD Into Cyber War”, DefenceIQ, 14 June 2011. http://www.defenceiq.com/air-land-and-sea-defence-services/articles/opinion-liam-fox-faces-uphill-battle-as-he-leads-m.
8 Harish Gupta, “As cyber attacks rise, India sets up central command to fight back”, Daily News and Analysis, May 15 2011, http://www.dnaindia.com/india/report_as-cyber-attacks-rise-india-sets-up-central-command-to-fight-back_1543352.
9 The Blue Army is not quite akin to a cyber command; it is composed of only thirty “cyber warriors” and is mandated to protect army networks. See Leo Lewis, “China’s Blue Army of 30 computer experts could deploy cyber warfare on foreign powers”, The Australian, May 27 2011, http://www.theaustralian.com.au/australian-it/chinas-blue-army-could-conduct-cyber-warfare-on-foreign-powers/story-e6frgakx-1226064132826; and Guo Lei, Gu Caiyu and Wu Lan, “Why China established ‘Online Blue Army”, People’s Daily, http://english.peopledaily.com.cn/90001/90780/7423270.html.
10 “A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention” (Wikipedia contributors, “Computer Worm,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Computer_worm, Accessed 7 Aug 2011).
11 “Malware, short for malicious software, consists of programming … designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior … Malware includes computer viruses, worms, trojan horses, spyware, …and other malicious and unwanted software” (Wikipedia contributors, “Malware,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Malware, Accessed 7 Aug 2011).
12 For a description of the discovery of Stuxnet see Kim Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History”, Wired, July 11 2011, http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1.
13 Cofer Black is chairman of Total Intelligence Solutions, a subsidiary of Xe Services (formerly Blackwater). See Tabassum Zakaria, “Former CIA official sees terrorism-cyber parallels”, Reuters, 3 August 2011, http://www.reuters.com/article/2011/08/03/us-usa-security-cyber-idUSTRE7727AJ20110803; and Glenn Chapman, “Cold War gives way to Code War: CIA veteran”, Agence France Press, 4 August 2011, http://www.google.com/hostednews/afp/article/ALeqM5h-_86Ftav0uDHvMYDzydPgVWjNzQ?docId=CNG.0dcc70d787af82f2b283aeb2af9d940e.e01.
14 Anonymous is not formally affiliated with Wikileaks. Operation Payback was the continuation of an operation started by Anonymous in September 2010 in protest against copyright legislation, litigation and policing directed against digital piracy. See Wikipedia contributors, “Operation Payback,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Operation_Payback (Accessed 7 Aug 2011).
15 The full Tweet was ‘The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops. #WikiLeaks’(https://twitter.com/#!/jpbarlow/status/10627544017534976). John Perry Barlow is also an ex-lyricist for the band, the Grateful Dead.
16 To quantify the scale of the breaches I will use one example. Analysis of the “AntiSec” (a movement within Anonymous) data dump of 10GB of data from 70 law enforcement agencies obtained from a single hack revealed that the data contained 1,923 unique Social Security Numbers, 8 credit card numbers, 4,661 unique passwords, 57 bank account numbers, 53 drivers licence numbers, 17,105 unique phone numbers, 7,1665 unique postal addresses, and 1,531,638 non unique email adresses (Identity Finder LLC, Data Leakage Report for Antisec August Data Dumo, August 8, 2011, http://www.identityfinder.com/us/Press/201188). Leaked information is posted on websites, often the text sharing site PasteBin, as well as shared over torrents (a peer to peer file sharing protocol).
17 Project chanology was started by users of internet image sharing boards, 4chan and 711chan (Wikipedia contributors, “Project Chanology,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Project_Chanology, Accessed 7 Aug 2011). Many see the origins of Anonymous in the controversial image-sharing website, 4chan, where the default identity for a person posting on the site is “Anonymous”. However, many “Anons” and users of 4chanthese days feel that Anonymous and 4chan no longer have much of a relationship. For more on Project Chanology, see Chris Landers, Serious Business: Anonymous Takes On Scientology (and Doesn’t Afraid of Anything), Baltimore City Paper, 2 April 2008, http://www2.citypaper.com/columns/story.asp?id=15543.
18 Aaron Colter, ‘V for Vendetta’ Inspires Anonymous, Creator David Lloyd Responds”, Comics Alliance, 04 August 2011, Read More: http://www.comicsalliance.com/2011/08/04/v-for-vendetta-anonymous-david-lloyd/#ixzz1UZliJo3u.
19 A hacker refers in its original usage is not a pejorative term and does not refer to those who simply break into or break the security of systems. The original usage of the word hacker was ‘person who enjoys exploring the details of programmable systems and how to stretch their capabilities’(Multiple constributors, The Jargon File, version 4.7.7, last accessed 07 Aug 2011, http://catb.org/jargon/html/H/hacker.html). This is far different to current usage of the term by the media. Crackers refer to those who break security of systems. Black hat hackers refer to those who compromise the security of networks for criminal gain. Script kiddies refer to those who use pre-assembled programs or scripts, rather than the problem solving skills. Hacktivism refers to use of technological tools as instruments of activism. Slacktivism refers to the relative ease with which online activism is conducted in comparison to ‘real life’ activism. For a good overview of the definitions of cracker and hacktivist, see David Peter Hansen, “Is ‘cyberterrorism’ a serious threat to the integrity and function of computer networks?” MA dissertation, 2010, University of Bradford, pp. 19-20 accessible: http:/files.dave.dk/cyberterrorism.pdf.
20 “An Internet meme is an idea that is propagated through the World Wide Web…The meme may spread from person to person via social networks, blogs, direct email, news sources, or other web-based services. An Internet meme may stay the same or may evolve over time…Internet memes can evolve and spread extremely rapidly, sometimes reaching world-wide popularity and vanishing within a few days.” (Wikipedia contributors, “Internet meme,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Internet_meme, accessed 7 Aug 2011).
21 The definition is from fictional overviews generated by multiple users: Encyclopaedia Dramatica contributors, “Lulz”, http://encyclopediadramatica.ch/Lulz; Know Your Meme contributors, “I did it for the Lulz”, Know Your Meme, http://knowyourmeme.com/memes/i-did-it-for-the-lulz; Oh Internet constibutors, “Lulz”, Oh Internet, http://ohinternet.com/Lulz. All links are last accessed 07 August 2011 and are not suitable for viewing in a work environment. Encyclopaedia Dramatica has historically been involved in creating and documenting memes used by Anonymous and the image sharing site 4chan.
22 For an overview on the power structures within Anonymous, and how decisions are made, see Gabriella Coleman, “Anonymous – From the Lulz to Collective Action”, The New Significance, 9 May 2011, http://www.thenewsignificance.com/2011/05/09/gabriella-coleman-anonymous-from-the-lulz-to-collective-action/; Kristine Schachinger, “The Revolution Will Be Streamed — Operation Payback: Protest or War?”, Search Engine Watch, 09 December 2010, http://searchenginewatch.com/article/2065407/The-Revolution-Will-Be-Streamed-Operation-Payback-Protest-or-War; and “Anonymous: Just for the lulz?”, ABC Radio National, http://www.abc.net.au/rn/360/stories/2011/3275935.htm.
23 Information security practioner, Patrick Gray mentioned in his podcast, that in order to ensure correct reporting and lack of confusion, one should replace the word “Anonymous”, with “someone”. Therefore it would be more correct to say “Someone has hacked corporation X”, rather than “Anonymous has hacked corporation X”. Patrick Grey, “Risky Business #203 — LulzSec: They’re baaaaaaaack” (Podcast), Risky Business, 22 July 2011, http://risky.biz/RB203.
24 For an overview of the operation in protest against BART see: The War and Peace Report (news show), 16 August 2011, Democracy Now!, http://www.democracynow.org/2011/8/16/stream and Vince in the Bay, Disorderly Conduct – Operation BART Recap (podcast), 17 August 2011, http://www.blogtalkradio.com/vinceinthebay/2011/08/17/disorderly-conduct—operation-bart-recap-1).
25 The LOIC is an “open source network stress tool”, the software and a description is available at https://github.com/NewEraCracker/LOIC#readme. To conduct an attack, Users must set the LOIC to send a flood of data to a specific target. Alternatively the LOIC can be set to connect to a ‘hive mind’ — a central command and control server — which determines the target. The LOIC is simple to operate: download the software, enter the address of the website to attack or the hive to connect to, and press the ‘IMMA CHARGIN MAH LAZER!‘button. See Wikipedia contributors, “LOIC,” Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/LOIC (Accessed 7 Aug 2011).
26 A German court ruled that certain DDoS attacks was equivalent to a sit-in protest. This was in respnse to a protest called “Deportation Class” which involved a pDDoS attacks on the Lufthansa booking system in protest against Lufthansa involvement in the deportation of asylum seekers. Jehns Ohlig & Hannes, “Legal, illegal, decentral: Post-hacker-ethics cyberwar”, Presentation at Chaos Communication Camp 2011, 11 August 2011, accessible, ftp://media.ccc.de/events/camp2011/video. James Ball, By criminalising online dissent we put democracy in peril, The Guardian, 1 August 2011, http://www.guardian.co.uk/commentisfree/2011/aug/01/online-dissent-democracy-hacking. The LOIC does not offer any anonymity when an attack is conducted as it does not hide the users Internet Protocol (IP) address (Aiko Pras, Anna Sperotto, Giovane C. M. Moura, Idilio Drago, Rafael Barbosa, Ramin Sadre, Ricardo Schmidt and Rick Hofsted, Attacks by ‘Anonymous’ WikiLeaks Proponents not Anonymous, CTIT Technical Report 10.41, December 10 2010, http://eprints.eemcs.utwente.nl/19151/01/2010-12-CTIT-TR.pdf).
27 A joint statement by LulzSec and Anonymous the FBI’s arrest of LOIC users read: “‘What the FBI needs to learn is that there is a vast difference between adding one’s voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence’(“Anonymous and LulzSec attack FBI and PayPal”, Russian TV, 27 July 2011, https://rt.com/usa/news/anonymous-lulzsec-fbi-paypal).
28 YTCracker, “Nerd Core” hip-hop artist, has written a song in support of LulzSec and Anti-Sec (see “ytcracker – #antisec, http://www.youtube.com/watch?v=7YoDt-MxhHg). Beast 1333 ex-KRS one rapper has made a song about Anonymous (see www.beast1333.com/). Alec Empire from Atari Teenage Riot has mentioned on Twitter that he would be writing a song about the accused hacker Ryan Cleary, who was arrested for links with Anonymous and LulzSec. Cleary is generally distrusted by Anonymous for attacking their chatroom infrastructure and leaking personal information (IP addresses of users). See Svirgula, “Script Kiddies and the Noise Musicians Who Use Them” (blog post), Svirgula Against All, 24 July 2011, http://svirgula.org/script-kiddies-and-the-noise-musicians-who-use-them.
29 Radio Payback Radio payback has been broadcasting since late 2010. It is currently available at http://www.radiopayback.com (last accessed 07 June 2011).
30 Justin Massoud, “Anonymous wants more bill posting with ‘Operation Paperstorm’ “, My Consumer Electronics News, 06 August 2011, http://www.myce.com/news/anonymous-wants-more-bill-posting-with-operation-paperstorm-49628. Anonymous, Operation Paperstorm Revival, p2pnet, 5 August, http://www.p2pnet.net/story/52111.
31 AnonymousIRC/Anonymous, “A message to PayPal, its customers, and our friends”, Pastebin, 27 July 2011, http://pastebin.com/LAykd1es. Mvelase Peppetta, “Anonymous and LulzSec coordinate global anti-PayPal movement”, memeburn, 27 July 2011, http://memeburn.com/2011/07/anonymous-and-lulzsec-coordinate-global-anti-paypal-movement.
33 Multiple contributors (posted by Barrett Brown), “Guide to Protecting the North African Revolutions”, The Daily Kos, 21 Jan 2011, http://www.dailykos.com/story/2011/1/21/937994/-Guide-to-Protecting-the-North-African-Revolutions.
34 Dial-up numbers were established in Europe which Tunisians and others in the MENA region could dial into to access the internet when it was blocked nationally. Participants put information and instructions on how to use these numbers on faxable images which were then faxed to numbers throughout Tunisia, Egypt and other countries (The War and Peace Report, 16 August 2011).
35 The Chief Technology Officer of the National Agency for Computer Security in Tunisia, Haythem El Mir, stated “First of all I would like to thank anonymous for helping us in January, it was a great job, but now it’s not the case. Tunisia is changing; we are busy with the political and economic environments, and not censorship…Censorship is a battle inside the Tunisian court, between conservatives and people looking for a fully open Internet, and there is no way to go back to censor the political opinion, because all Tunisian people will be fighting for that” (Antisec Attacks on Tunisian Govt are not Justified, SecTechno, 7 July 2011, http://www.sectechno.com/2011/07/02/antisec-attacks-on-tunisian-govt-are-not-justified).
36 Kloudization/Anonymous, “Anonymous-Operation AntiSec”, YouTube, Jul 11 2001, youtube, http://www.youtube.com/watch?v=GmgpvjTBfN4
37 Peter Bright, Anonymous speaks: the inside story of the HBGary hack, ars technica, 15 February 2011, http://arst.ch/o9q; George Monbiot, The need to protect the internet from ‘astroturfing’ grows ever more urgent, The Guardian, 23 February, http://www.guardian.co.uk/environment/georgemonbiot/2011/feb/23/need-to-protect-internet-from-astroturfing.
38 Anonymous ‘Operation Metal Gear’(AnonNews, n.d.), http://anonnews.org/?p=press&a=item&i=752.