On the road to becoming a hacker, it would be hard not to come across the name Anonymous. Who are they? What do they do? How can you “join” anonymous? These are some of the questions we will attempt to answer here.
Who are Anonymous?
Anonymous is a global hacktivist network that consists of people like teenage hackers to cyber security experts to pretty much anyone who has enough dedication. They are mainly known for their ‘criminal’ activities like organizing DDOS attacks, leaking confidential information, organizing rallies and protests etc. But we’ll get to the question of good or bad at the end. A recent example of an anonymous attack is what was called Operation Payback (Wikipedia). We’ll come back to this later.
Perhaps you’ve come across this little slogan of Anonymous:
“We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.“
It seems rather fancy, definitely catchy. Forget the slogan, Anonymous group is not about taglines and making false impressions, it’s about making a change – by hook or crook. Usually crook.
Most people see the surface and think that’s it. Most people believe the news they see on TV. Most people believe slavery has been abolished. Most people don’t know the world has over $50 trillion in debt to god knows who. Most people believe the world does not need to/cannot change.
(Anon = Anonymous member) A not-so-obvious point: Anonymous group is not limited to just hacking. Although it does constitute a fair percentage of their activities.
One more thing before proceeding: There is no anonymous. What I mean is, there is no official group, no website or anything where every anonymous member can communicate with each other. That’s the point, it is loosely bound. It has no leader, every member is equal. Although there isn’t any single place to definitely find anonymous footprints, there are several small hacking groups all over the world. Combine these together and that is what we call Anonymous. How do they organize themselves? They don’t. All that unites them are their beliefs and ideas.
Operation Payback was mentioned above. In a nutshell, certain websites of banks who had withdrawn banking facilities from WikiLeaks faced massive DDOS attacks. It was such a large attack, it could not have been done without cooperation of dozens, perhaps hundreds of smaller groups. What happened was the news of the withdrawal of banking facilities arrived, being like-minded, clearly no hacktivist would have liked it a bit. Then, perhaps a single person posted on a popular hacking forum about the idea of DDOSing the websites. The seed was planted. Although we may never know true origins of any single organised hack, this is how they generally occur. An idea pops up somewhere, it then gets floated around the internet (or deep web) for weeks or months while all participants prepare for the attack (that would include setting up botnets, infecting victims with backdoors to use for DDOSing in this case). Similarly, a common date and time are decided and the attack is carried out.
This whole process is quite surprising for newcomers, but in fact it is the only way it could be done. Clearly, any single website that people use to discuss illegal activities will be shut down as soon as it opens so that doesn’t leave them any other option.
If you try to google up some forum or blog post by an anonymous member, chances are that you won’t find anything. That’s because when dealing with such ‘sensitive’ topics, it probably isn’t a great idea to communicate using means that can lead the police to your doorstep. Say you’re browsing the ‘normal’ internet. Any website you visit can and does track your IP address. To open a website you need to send a request to its server. Along with that request, your IP address also becomes known to the server. If it didn’t know your IP address how could it reply to the request? (Without an address, the mail cannot arrive). So, every visitor’s IP address gets logged. If the website lets the user make an account, for all the user sessions (every time the user logs in), their IP address is saved. This way the website can track the activity of the user, know what all they are doing just by the IP address. Gmail doesn’t even let you login without further authentication if you try to login from some far off IP address (Try doing it right now through a proxy or VPN).
So, if the police or government catches an anonymous member organizing say a rally or protest, they get labelled as criminals and thrown into jail. What is needed is an anonymous way of communication.
TOR to the rescue. The onion routing project provides a solution to this. To learn more about it, see Using TOR.
Inside what’s called ‘The Deep Web’, this IP logging doesn’t happen. It does actually, but any data is practically useless. Through TOR, the IP address of a single user keeps on changing. Given that TOR relays are run daily on thousands of systems, the IP address of the user could be any one of those. So there’s no point in catching the person whose IP address suggests they are doing illegal activities, only their IP is being used. Plus, since the IP address is constantly changing, a single police department cannot possibly hope to extradite a hundred people from around the globe in the hope to catch one suspect.
In theory, this sounds like an uncrack-able and untraceable system. But, revelations about the activities of NSA and related organizations suggest that even TOR is not a 100% safe and anonymous. TOR relies on a tweaked browser to reroute all internet traffic through the TOR client. As of 2014, this browser is partially based on a version of Mozilla Firefox which has a vulnerability that can be exploited to reach back to the original TOR user. However, for this to work the organization would have to be targeting a specific user and somehow gaining access to his/her system. Makes you think, when the government itself is carrying out obviously illegal activities, what gives them the right to call a group like anonymous ‘criminals’?
To snuff out even this small-but-real possibility of being tracked by a government organization, the ‘top level’ members prefer to use a VPN and use it to run TOR. For the overly paranoid ones, the same could be done using a public WiFi hotspot. So first layer is TOR, second the VPN and third the public WiFi. Even if someone manages to get pass through the first two (which is nearly impossible), all they will get is the location of the public WiFi hotspot which could be used by hundreds of local visitors. Although the internet speed after going through all these levels would, well, suck. But at least the anon is out of jail.
Now comes the question of good or bad. For obvious reasons, anonymous members prefer to keep a low profile. Hardly any evidence of organization or motivation of attacks is found before the attack actually happens. Many don’t even bother discussing the tactics, opinions and motives openly. The lesser is known the more chances of success. Since anonymous is just a collection of similar minded people and not a well formed society, individual opinions vary quite a bit. Some may be doing it for fun, some for the thrill while others may be participating in the hope to bring about a change. If an idea travels far enough, it may become impossible to stop. An attack could have real reasons to fight for, while at some times it may be just dumb luck. This is the price of being a ‘headless organization’. Nobody can be completely sure if they are in fact doing a little bad for the greater good or not.
DDOSing is a serious crime and it is the anon’s go-to attack method. A company’s policies and decisions depend on several factors. Attacking them based on just a single narrow viewpoint is clearly not right.
Let’s take a look at “Operation Avenge Assange”, a part of operation payback.
WikiLeaks is a website cofounded by Julian Assange. It is widely used to bring out the truth by, for example, leaking government documents. In 2010, WikiLeaks posted some very controversial leaks. This lead to a lot of governments becoming very angry and wanting to shut down WikiLeaks. Several countries and key officials started targeting him. Another controversial case popped up and he was facing extradition to Sweden. This led Assange to request political asylum in Ecuador where he remains today (early 2014).
Forget Assange. If something can be destroyed by the truth, it deserves to be destroyed by the truth.
Given the political pressure being faced by WikiLeaks, almost every single donation method was suspended (Including Visa, MasterCard etc.) WikiLeaks is run entirely on charity. Even their donation accounts were frozen. All this cost the organization millions of dollars. Eventually, they started accepting other forms of donations like Bitcoin. Today, WikiLeaks is mirrored on dozens of servers around the world in the internet as well as the deep web. Hopefully, it will always live to fight another day.
Fun Fact: While you cannot use a Visa card to donate to WikiLeaks, you can use it to buy firearms, donate to the homophobic and what not. (Taken from this WikiLeaks page)
This action against WikiLeaks is evidence, that it hit the governments where it hurts. They brought the government’s lies in front of everyone. Does bringing the truth to people deserve this? Who is right and who is wrong in this case, I leave the reader to decide. Although keep in mind the following: What would have Hitler done to those who conspired against him? How about Joseph Stalin or Kim Jong(s)? Now take a look at what the government is doing to Assange.
In this case, Anonymous decided to avenge him. They launched DDOS attacks on every single major company or service who stood against WikiLeaks. Dozens of websites were taken down, the message was sent. However, it was not nearly enough. Nothing was changed. One can only do so much to help open your eyes.
This was just one example, a lot more incidents have happened in the past and even more are destined to happen in the future. This is what the anonymous group stands for, to fight for the truth. There can be no single opinion on whether their activities do good or not. However, the issues they raise have important consequences for the world and all they can do, all anyone can do is to at least try to steer ourselves to the right path.
What’s the final verdict? Guilty as charged. But isn’t doing “something” better than sitting and watching silently? You decide.
Want to be a real hacker? Sign Up!