Oh F#@&, The Internet is Here
The story of Anonymous, Wikileaks, Glenn Greenwald, a 16 year old girl, and a moron.
I came across three fantastic reads this week. I'll share and summarize. You'll laugh. You'll cry (probably not). You'll shake your head in disbelief. Then I'll put some thoughts on keyboard.
On February 11th, Salon.com reported that a disturbing threat against employee and pro-Wikileaks journalist Glenn Greenwald had surfaced:
"A bizarre plan for an attack on the whistle-blowing site WikiLeaks and journalists construed as sympathetic to it -- first reported by the Tech Herald -- clearly targets Salon's Glenn Greenwald, saying that his "level of support" for WikiLeaks "needs to be disrupted." The report (you can download the purported final draft here) is listed as an "overview by Palantir Technologies, HBGary Federal and Berico Technologies," and according to a string of e-mails also leaked, was developed following a request from Hunton and Williams, a law firm that represents, among others, Bank of America.
Bank of America is the presumed next target of WikiLeaks, and has reportedly been bracing for what's to come. "
Anonymous vs. HBGary Federal
A perfect storm was brewing. With Bank of America and its puppet government in Washington desperate to silence Wilikeas, combined with the ridiculous increase in cyber security contracts being awarded, someone was going to cash in. HBGary Federal was a struggling security firm desperate to make a mark for itself in the cyber security world. The company's head of information security was a not-too-bright go-getter obsessed with social networking and Wikileaks.
Wired.com: Spy Games: Inside the Convoluted Plot to Bring Down Wikileaks
"When Aaron Barr was finalizing a recent computer security presentation for the U.S. Transportation Security Administration, a colleague had a bit of good-natured advice for him: “Scare the sh*t out of them!”
In retrospect, this may not have been the advice Barr needed. As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients — and quickly — as the startup business hemorrhaged cash. To do so, he had no problem with trying to “scare the sh*t out of them.” When working with a major DC law firm in late 2010 on a potential deal involving social media, for instance, Barr decided that scraping Facebook to stalk a key partner and his family might be a good idea. When he sent his law firm contact a note filled with personal information about the partner, his wife, her family and her photography business, the result was immediate."
I highly recommeding reading both this article and the next one in full. They are both excellent. Do you ever get the feeling that the security threat in America might be just a tad overblown? Yeah, me too. But this is how it works. The government seems hell-bent on wasting billions of your paper notes on whoever can scare them (and you) the most. If that's not an open invitation for con artists, I don't know what is.
Barr is a con artist. The US government was his mark. The problem with Barr was that his bait (Anonymous) was more than he could handle.
Do Not Anger the Internet Gods
The FBI has been after Anonymous for some time. Born in the hell pit of 4chan, in the least politically correct world imaginable (the infamous /b/ anything goes board.), Anonymous grabbed some notoriety by waging war on Scientology.
Their pet peeve is the suppression of information. I believe Anonymous views themselves as a guardian angel of the Internet. Recently, they've come to the defense of Wikileaks and helped Egyptians regain Internet access following a country wide shut down. They've also seriously p*ssed off the Department of Justice and Bank of America, to name just a couple.
Anonymous is hard to dislike. They claim to have no leadership. Their real names are unknown. Their whereabouts are suspect. Extremely technically proficient, young, radical, and powerful, this is no run-of-the-mill hacker group. They have no age limits. No right-to-work laws. No living wages. Work is done voluntarily. No one gives orders. No one is coerced.
And you do not f@&! with them. They are the Internet Gods. They are the next Enemy of the State.
Ars Technica: How one man tracked down Anonymous - and paid a heavy price
This article goes into the details of Aaron Barr's run-in with Anonymous.
"Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code."
Barr's plan was simple enough. Try to link Anonymous users to profiles on other social media sites (Facebook, Twitter, LinkedIn, etc) The problem was sample size. There simply was not enough connections, not enough instances of correspondence, to make a definite link. Barr wasn't smart enough to realize this. And like all good program managers, he refused to listen to his programmers:
Beware the Underpants Gnomes
"His programmer had doubts, saying that the scraping and linking work he was doing was of limited value and had no commercial prospects. As he wrote in an e-mail:
Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit
But Barr was confident. "I will sell it," he wrote."
It's unsure whether Barr even cared if his idea worked. I think he just wanted something he could sell to the government. I'm not sure the gov would have bought the idea, but you never know. I was in Kuwait in 2003 when the war started. I witnessed far dumber contracts get handed out than this. So you never know.
"I am going to focus on outing the major players of the anonymous group I think," he [Barr] wrote. "Afterall - no secrets right? :) We will see how far I get. I may focus on NSA a bit to just so I can give all those freespeech nutjobs something… I just called people advocating freespeech, nutjobs - I threw up in my mouth a little."
"I have developed a persona that is well accepted within their groups and want to use this and my real persona against eachother to build up press for the talk. Pre-talk plan.
I am going to tell a few key leaders under my persona, that I have been given information that a so called cyber security expert named Aaron Barr will be briefing the power of social media analysis and as part of the talk with be dissecting the Anonymous group as well as some critical infrastructure and government organizations" - Barr writing to his colleagues
Here's my advice to the next person looking to tackle with Anonymous: talking to them does not mean you're in.
Here's my second piece of advice: be sure before you go public.
Read the last chapter of Sun Tzu
In a creepy exchange with an Anonymous member (possibly a powerful insider named CommanderX), Barr gets a firm warning to back off.
Undeterred, Barr pressed on, but his programmer freaked and contacted company officials:
"He's on a bad path. He's talking about his analytics and that he can prove things statistically but he hasn't proven anything mathematically nor has he had any of his data vetted for accuracy, yet he keeps briefing people and giving interviews. It's irresponsible to make claims/accusations based off of a guess from his best gut feeling when he has even told me that he believes his gut, but more often than not it's been proven wrong. I feel his arrogance is catching up to him again and that has never ended well...for any of us."
Executives at HBGary intervened. They warned Barr that the company could not survive the backlash that was sure to come down hard.
The next day, Barr announced that he had infiltrated Anonymous, had real names and locations, and could take them down. The article was carried by Financial Times.
All your base are belong to us
(Outdated reference, I know, but I couldn't think of a more apt one.)
The response was swift, efficient, and devastating. Barr's file of real names turned out to be innocent people unrelated to the group. While HBGary executives started damage control, Anonymous was already comprising every aspect of their and Aaron Barr's virtual world. Emails from company execs were hacked, downloaded, and distributed via BitTorrent. Websites were compromised. Barr's twitter account was hacked. An associated company (rootkit.com) was taken down by a 16 year old girl:
One of those five [team members running the hack] was allegedly a 16-year old girl, who "social engineered your admin jussi and got root to rootkit.com," one Anonymous member explained in IRC.
Translation: The girl hacked into the boss' email account. Then sent an email "from the boss" to the top administrator requesting a password reset. Since the boss had root access (highest level of access on a server), the sixteen year old could now perform nearly any operation she wished on the company's system.
HBGary was finished. Every business partner disavowed knowledge of their plans. Everyone cut ties. No more money. No more company. Barr was fired in an attempt to mollify the Gods' anger, but the damage was done.
Truth is treason in an empire of lies
This isn't the last we'll hear of Anonymous. They've already made themselves an enemy of almost every government on the planet, including the United States. Make no mistake about it, Anonymous is a powerful group. They've had years to do nothing but plan their defenses. Try to take them down and you will pay. Should the FBI go after them, expect massive DDOS attacks against US government networks. With a handful of keystrokes members can summon the power of systems they long ago infected without the system user's knowledge.
So what should be done? Well, if you want to waste a lot of money, urge the government to go after them. It's be like 9/11 times 1,000. (Yes, 911,000.)
Seriously though, the only people that should be afraid of Anonymous are those who wish to hide information, especially embarrasing or compromising infomation. That is exactly why governments and corporations everywhere are waking up to the "threat" Anonymous poses.
I don't know anything about Anonymous' political views, if they have any. Wikileaks' founder Julian Assange has stated that he is heavily influenced by Rothbardian Libertarianism and you'll find the occasional Ron Paul quote on his website. It's unclear if the Internet Gods feel the same way.
I also found Anonymous' attack on Amazon.com unfortunate from a Libertarian perspective. Sure, Amazon caved to government pressure. But just as boycott calls were misguided, so was Anonymous' backlash. Why reward Amazon's competitiors who never even offered to help in the first place? At least Amazon had given some assistance to Wikileaks.
Hopefully, you'll read these articles and gain some understanding because this is the next group the US government will target. The Department of Homeland Security is extremely interested in controlling the Internet and Anonymous is standing in the way. A showdown is looming. In one corner, billions in taxpayer money and bureaucrats with below average intelligence. In the other corner, pimple-faced WoW experts with no allegiances playing on their home turf.
My money is on the Internet Gods
David in Qatar