Pierluigi Paganini July 05, 2012

I desire to tribute another article to the group that catch the  worldwide attention of security community, Anonymous. Few years to consolidate its image become one of the most debated phenomenon on internet, many consider the collective a threat, many other the expression of a dissent to listen. Both interpretations are correct, but let’s think for a moment to the misuse of the name Anonymous, who and why can bring in the fame of the famous group of hackers?

Are we really able to fight against the hacktivism and do we desire do it?

It’s true that the raise of hacktivism in the last 4 years has created several problems to governments and private firms, but it also true that many figures have benefited of the operation promoted by Anonymous.

First of all many security firms have had the opportunity to promote their services and solutions to protect companies from the attacks of collective, for example DDoS attacks have become famous after the first attacks made by Anonymous, with their popularity is increased the sold for network appliances able to secure prevent the destruction of web services or data breach.

Again we can consider the intelligence services provided to prevent the clamorous operation of the hackers and to expose the identities of members of the collective, several private agencies have sold their reports and advices to law enforcement and private businesses, we speak of flourishing business!

But in many cases the reality exceed fiction, the governments seems to be the entities that can most benefit of the hacktivism. Last year I wrote on the possible usage of Anonymous as cyber weapon trying to explain how foreign government could conduct covert operations, such as cyber attacks or cyber espionage in the name of the group or influencing the choices of the Anonymous.

Several operations of Anonymous have attacked networks and web site belonging to governments, it’s happened for example with #OpChina and #opJapan, when the hackers have targeted the two countries to officially protest against censorship and web monitoring.

This offensive scenarios could advantage a state sponsored attacks, attackers could benefit of the rumors of the attacks to bypass security protection stressed by the events.  In this case group of hackers could follow the organization of an event that represents for them a diversion option, a lapse time in which the adversary protection are engaged against attacks coming from other sources.

Well this in in my opinion the most plausible scenario, but not the only one.

In other situation governments could be in interested to put the blame on Anonymous while they remain hidden, we are living in the era of cyber war and the operations in cyberspace are joining more and more frequently conventional military operations.

For example some experts believe that the #opChina could be also be supported by foreign governments like US or other western countries, Rob Rachwald, directory of security strategy at Imperva, doesn’t exclude the participation of governments in the attack declaring:

“It was a pretty extensive campaign. Could it be the US government helping out? I don’t know, [but] I wouldn’t rule it out. Could it be German, UK hackers sponsored by the government? I don’t know.”

Many skeptics may argue then why the collective Anonymous in these case leaves governments to act with impunity. Possible explanations could be the intent to don’t be catch in a potential trap set for to come forward them, we have also hypothesize that the same Anonymous benefits in terms of media exposure in a time where its operations have triggered a process of habituation, but the most plausible thesis is in the inability of a central collective to validate and monitor attacks made by various groups all over the world.

The common trend to underestimate Anonymous groups may conceal other intentions, the desire of governments to be able to infiltrate the hacktivists influencing their policies and strategies. The governments know well the potential of their cyber threats, despite they represent a serious danger, they prefer to avoid a direct confrontation, there are no serious offensives of intelligence against the collective operations that have not been a response to an attack. Yes we often read of sporadic arrests that actually represent a sop to the collectivity, Anonymous must continue to operate, there are too much conveniences to stop them.

Nobody really know identities of these individuals that fight for freedom and internet rights, but what is indisputable is their offensive power. I’m not speaking of DDoS attacks but the effected related to various data breach they conducted.

China taught the world the importance of cyber espionage, discovery the enemy secrets, to steal their intellectual property, well all this attacks could benefit of the Anonymous brand. Governments can masquerade their identities hacking foreign networks, they could infiltrate groups of hacktivists acquiring sensible information, in many cases in fact following data breach the disclosed data have been used for further attacks such as APT and other targeted offensive.

In light of all the above reflection are we really sure that there is imminent need to eradicate Anonymous?

Pierluigi Paganini