Sign up to our newsletter
The latest security news direct to your inbox
Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around a bit, hopefully attracting attention to convince them to get right with the world and the greater good.
Now months later, some announced attacks have gone as planned, and others (shutting down NYSE on a given date) never came to fruition (well yet anyway). So are they to be believed as an organization, and – more importantly – is this an idea who’s time has come, or just a passing fad?
During the nascent stages of the Occupy Wall Street (and others) movement, Anonymous chimed in saying they would provide collateral support aiding the folks on the ground, sort of a synergistic parallel movement online, marching “virtually” along with the sign bearers, and possibly even defending them against perceived heavy-handed treatment by law enforcement (and the alleged proxy forces behind them).
To be fair, no organization hits all its targets as planned, so it may be too soon to return a verdict. But what of the bigger trend, that of using online forces and pseudo-communities to target perceived nasty mega-corporations’ stunts? It will all come down to credibility, both in the message as well as the messenger.
I was recently in Hong Kong and observed some picketers protesting near outside a major bank. When passing such a demonstration, we are forced to judge the merits of the event by two factors. First, what is the message? Does it resonate, seem plausible, etc. Second, does the organization itself have credibility, i.e. do they come across as balanced, introspective, substantive, with depth to their arguments? To be sure, people who get worked up enough to start a direct action feel a bit like David in the David vs. Goliath equation, so they may be quite vocal and/or outraged when they go tromping in to garner initial attention. But is it enough to keep passers-by interested in the message and – importantly – will it motivate the general public and/or the organization to act?
Since Anonymous can’t really be thought of as a monolithic structured organization, it’s possible that various subsets of the movement pick targets (based on stronger feelings about the target by a given subset) which are tougher than originally envisioned. Here, it’s less of an issue if they happen to have 100% kill rate, it’s only important that they are seen (internally as well as externally) to have continued success within the larger psuedo-organization’s stated intentions.
After months, that’s a mixed bag. If asked, how many people think Anonymous will be around 10 years from now? Hard to say. There have been various law enforcement actions, rounding up suspected members and spiriting them off to jail, which would seem to have a cooling effect on the group’s motivation (and new membership prospecting efforts). But does the concept have the long term resonance of – say – peer-to-peer networking? Time will tell. If the group continues to scrape up a series of wins despite opposition, and the momentum doesn’t fizzle, maybe. On the other hand, if the noise drowns out the message and there are a series of misses after prophesying that certain lofty targets will meet public demise, expect the message to get tougher, especially in light of the famously short attention span here in the US.
In the meantime, the same personal protection advice applies about taking online security into your own hands. As an organization, there may be a fair amount to be said for doing the right thing, thereby presumably flying under the radar of hacktivist organizations who might feel one day you should be wiped off the face of the earth, or some equally menacing demise. In short, be nice, it might be better for lots of reasons. In the meantime, it's still a good idea to keep your security stance updated and in place, it can be a bit of a jungle out there.
Author Cameron Camp, ESET