<nettime> C. Bryan-Low & S. Gorman: Inside the Anonymous Army of 'Hacktivist' Attackers (Wall Street Journal)

["Patrice Riemens" <patrice@xs4all.nl>]

original to:
http://online.wsj.com/article/SB10001424052702304887904576399871831156018.html#ixzz1QJzHz74Y



Inside the Anonymous Army of 'Hacktivist' Attackers
By CASSELL BRYAN-LOW And SIOBHAN GORMAN

Anonymous, a loosely organized group of young computer experts once
focused just on Internet freedom, has turned to more menacing attacks,
including not only paralyzing websites but breaking in to steal data.
Cassell Bryan-Low explains.

HOOGEZAND-SAPPEMEER, Netherlands?In this sleepy Dutch town last December,
police burst into the bedroom of 19-year-old Martijn Gonlag as he
hurriedly pulled on jeans over his boxer shorts. He was hauled away on
suspicion of taking part in cyber attacks by the online group calling
itself Anonymous.

Mr. Gonlag admits taking part in several attacks on websites, but he
recently had a change of heart as some hackers adopted increasingly
aggressive tactics.

"People are starting to grow tired of" the hackers, he said in an
interview. "People are also starting to realize that Anonymous is a loose
cannon."

Now he appears to be a target himself. A chat room he hosts faces frequent
hack attacks, he says.

Mr. Gonlag's role reversal provides a glimpse of the unruly
hunt-or-be-hunted world underpinning a string of online attacks against
major companies and government bodies?incidents that have sparked a
digital manhunt by law-enforcement agencies in several countries.

What once was just righteous rabble-rousing by Anonymous in the name of
Internet freedom has mutated into more menacing attacks, including by a
splinter group of Anonymous called LulzSec, which is alleged to have moved
beyond paralyzing websites to breaking in to steal data.

The tumult over online agitators like Anonymous comes at a time when the
world's computers are under unprecedented attack. Governments suspect each
other of mounting cyber espionage and attacks on power grids and other
infrastructure. Criminal gangs using sophisticated viruses cull
credit-card and other sensitive data to steal from bank accounts.

Now "hacktivists" who populate groups like Anonymous and LulzSec, mostly
young males from their teens to early 30s, have also ignited increasing
concern among computer experts over the security of corporate and
government systems.

Authorities in the U.K., Netherlands, Spain and Turkey have made more than
40 arrests of alleged Anonymous participants. In the U.S., the Federal
Bureau of Investigation has conducted sweeping searches as part of a
continuing probe into various attacks. On Wednesday, U.K. police charged a
19-year-old believed to have ties with both Anonymous and LulzSec, a group
whose name is a blend of "lulz," or laughs, and "security."

Anonymous and LulzSec pose a problem for law enforcement partly because
their membership and operations are difficult to pin down. They are
amorphous entities with scant leadership structure or formal process for
making decisions.

Anonymous is "an idea" rather than a group, said Gregg Housh, a
34-year-old Web designer from Boston. "There is no one group, no one
website. That is what makes it so powerful in my eyes." Mr. Housh said he
helps Anonymous with logistics but doesn't take part in attempts to shut
down websites or do anything illegal.

Waves of infighting spring up periodically within Anonymous, Mr. Housh
added. "This is very natural. It's what happens."

A watershed in its tactics came in February when it hacked a
California-based Internet-security firm called HB Gary Federal LLC, which
sells investigative services to companies and government agencies, and
released tens of thousands of internal emails.
Types of attacks by Anonymous or LulzSec:


The incident sent a chill through the security industry.
"Computer-security specialists are afraid to challenge Anonymous," said
Mikko Hypponen, of computer-security firm F-Secure Corp. "No one is that
confident in their own systems."

Some participants involved in that hack formed the LulzSec splinter group,
according to security specialists and participants. LulzSec has claimed
credit for a string of computer break-ins, intensifying the response from
law-enforcement groups.

Anonymous grew out of an online message forum formed in 2003 called 4chan,
a destination for hackers and game players fond of mischievous pranks. Its
followers became more politically focused, embracing an ideology of
Internet freedom. In 2008, it made headlines with a campaign against the
Church of Scientology, protesting what Anonymous claimed was the religious
group's effort to control information about itself online.

The campaign included "denial-of-service" attacks?bombarding websites with
data to try to knock them offline. Later attacks targeted the movie and
music industries, because of their efforts to stop piracy.

In December, the group hit on a cause that propelled it into the
spotlight: WikiLeaks. Anonymous began attacking organizations and people
who tangled with WikiLeaks and founder Julian Assange, who had been
arrested in London over sexual-misconduct allegations in Sweden, which he
denies.

Anonymous attacks shut or slowed websites of businesses that had cut ties
with WikiLeaks, including MasterCard Inc., Visa Inc. and PayPal, a unit of
eBay Inc. All said their systems weren't compromised. PayPal said the
attacks temporarily slowed payments via its website but not significantly.

The campaign, Operation Payback, brought Anonymous new followers from
around the world. Via online chat forums and social-media websites,
participants disseminated instructions about how to download attack
software and about sites to target. Software called LOIC, or low-orbit ion
canon, was downloaded tens of thousands of times, security specialists
say.

Among recruits was Mr. Gonlag, under the nickname Awinee, an online handle
the Dutch youth had used during a lifetime of intensive video-game
playing. Spurred by talk of the WikiLeaks campaign in chat rooms, he piled
in, at one point writing: "Fire, fire fire."

Mr. Gonlag has admitted he participated in attacks including one against
the website of a Dutch prosecutor who announced the arrest of a
16-year-old in connection with the WikiLeaks campaign.

Returning home in the early hours of Dec. 10, Mr. Gonlag said in an
interview, he typed the address of the prosecutor's website into the
attack software and let his computer fire data for about half an hour.
That afternoon, Dutch police arrested him and seized his desktop computer
and phone.

Mr. Gonlag, who awaits trial, is charged with crimes related to destroying
a computer network and inciting others to cause an attack, which carry a
possible six years in prison.

Tapping at his keyboard recently in jeans and a green T-shirt, Mr. Gonlag
said that he took part in several pro-WikiLeaks attacks, which he likened
to a "digital sit-in," but that he wasn't guilty of the charges because he
didn't destroy or steal anything.

He indicated he grew disenchanted as some arms of Anonymous allegedly
moved from paralyzing websites to stealing from them, putting the group in
"a very, very bad position."

Alluding to the cyber attacks he himself now faces, he said that when his
computer server that powers the online chat rooms comes under fire, he
takes the server offline and waits until his attackers tire of the effort.
Then he connects back online again.

Each online Anonymous forum, such as AnonOps and AnonNet, has multiple
chat rooms or "channels," typically focused on a particular operation or
theme.

While there may be a hundred or so active followers of a network on a
regular basis, numbers swell into the thousands during popular campaigns.

Many channels are public, but participants can also set up invitation-only
chat rooms or send each other private messages. Participants often speak
online using audio or camera software, and they also can share videos and
other files. Many participants are U.S.-based but there is also a
significant following in Europe and elsewhere.

Discussion ranges from political theory to technical chatter to juvenile
banter. In one chat log, a participant promised to push a company "so far
into orbit that they'll transmute into a gravitational dip and exude
Hawking radiation."

Anonymous does have a hierarchy of sorts, with a core group of about 15
leaders who run the online chat rooms, participants say. They can issue
sanctions, including banning someone from a channel or an entire network.

"There are nodes of power and authority, but it is pretty decentralized,
and no one is calling the shots for all the operations," said Gabriella
Coleman, a New York University academic who follows Anonymous.

The Anonymous attacks turned more ominous in February, when some members
broke into HB Gary Federal's systems.

The Internet-security company's then-chief executive, Aaron Barr, noticed
the problem one morning when he was unable to access corporate email via
an iPhone.

He instantly suspected Anonymous, as he had been quoted in a newspaper
article saying he had uncovered key participants. Soon, his Twitter
account was hijacked and used to post racial slurs and his Social Security
number. Then Anonymous announced it had hacked his email and would make
the contents public.

"I was shocked and consumed by it," Mr. Barr said.

By hacking into the company's public Web page and stealing passwords,
attack participants obtained about 70,000 emails, which they posted
online. The traffic included details of a proposed effort to gather
information on critics of the U.S. Chamber of Commerce in an attempt to
prove illegal activity by labor-union members. Mr. Barr said the
initiative was only intended to show what information could be retrieved.

The attackers also exposed minutiae of Mr. Barr's marital issues. He said
the personal communications were taken out of context.

Mr. Barr stepped down from his job in late February.

Anonymous participants say the attacks expose weaknesses in the systems of
computer-security companies and large organizations. "They should be
scared," said Corey Barnhill, a 23-year-old New Jersey native who uses the
online nickname Xyrix and who said he took part in the attack on HB Gary
Federal. "You're college-educated and you can't secure a server? How hard
is it? They can't keep a kid out?"

Mr. Barnhill said the HB Gary Federal hack was designed to teach Mr. Barr
a lesson for suggesting he could unmask Anonymous. "Whacking him down a
peg was pretty funny," he said.

In April, an Anonymous denial-of-service attack against Sony Corp. was
followed by a breach of its computer system that resulted in the theft of
names and birth dates and other personal information on about 100 million
people who play online video games through Sony's online gaming services.

Sony shut down its PlayStation online network for nearly a month and has
estimated the attack cost it $171 million, including costs for enhanced
security.

Sony has said that it isn't clear that any credit-card data were ever
accessed. The company said it has added security to its systems.

Sony told U.S. lawmakers it found a file left on its servers called
"Anonymous," the contents of which said "We are Legion," a tagline often
used by Anonymous.

Anonymous participants claim responsibility for the denial-of-service
attacks, in press releases and via their Twitter account. They said the
group didn't orchestrate the data breach but didn't rule out that someone
from the group could have been involved. Meanwhile, the LulzSec group
formed.

Security experts who follow LulzSec say it has about 10 core participants
and is known for its hacking expertise. In recent weeks it has claimed
responsibility for breaking into computer systems of several
organizations, including the U.S. Senate and an FBI affiliate called
InfraGard.

Last week, LulzSec said it had knocked the Central Intelligence Agency's
website offline for about an hour. The CIA said no internal or classified
networks were affected.

A call to a phone number set up by the group, 614-LULZSEC, wasn't
returned. One LulzSec follower called "tflow" responded to a Wall Street
Journal reporter in an online chat room, saying: "Unfortunately the gnomes
are too busy to pick up your clearly inferior call."

"For the past month and a bit, we've been causing mayhem and chaos
throughout the Internet, attacking several targets," LulzSec said in a
statement last week. "This is the Internet, where we screw each other over
for a jolt of satisfaction."

This week, LulzSec claimed to rat out a couple of individuals it said had
"tried to snitch" on it. In a document addressed to the "FBI & other law
enforcement clowns," the group appeared to reveal the full names,
addresses and other contact information of two U.S. men it claims were
involved in some hacks. "These goons begged us for mercy after they
apologized to us all night for leaking some of our affiliates' logs,"
according to the document, accessed via a link on LulzSec's twitter page.
"There is no mercy on the Lulz Boat."

?Ian Sherr contributed to this article.

.........................................................................

Insert: Terms explanation:

Denial-of-service attacks

Computer users bombard website servers with data in the hopes of knocking
them offline. Among targets have been companies, such as PayPal and
MasterCard, as well as government sites, including the CIA's. Such attacks
can cost tens of thousands of dollars for the victim, including the cost
of defending against the attacks and improving security.

Hacking

Break-ins into computer systems, potentially giving access to sensitive
data such as customer information and internal emails. A hack into Sony's
systems resulted in the theft of personal data of about 100 million online
video-game users. Sony shut its popular PlayStation online network for
nearly a month, and has estimated the attack cost it about $171 million.
Anonymous participants said the group didn't orchestrate the attack, but
couldn't rule out that someone involved in the group could be involved.

Doxing

Involves finding personal information about people and disclosing it
online. LulzSec this week claimed to rat out two U.S. individuals it said
had "tried to snitch" on the group, apparently disclosing names, addresses
and other contact information.






#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org