Anonymous Is Good

Kory Adams Larry Bee Jeremy Colwick Lyndon Curry Justin Griffin Eric McDonald April Medina Kate Wilson Rich von Buelow CST 373 Spring 2012

Problem Definition Anonymous is an underground hacking group that originated on the web message board 4chan that originated in 2003. It has a wide variation of members of the group and the organization is so loosely organized as to be almost chaotic in nature. At different times different people claiming to represent Anonymous might have different goals, and different parts of Anonymous might be engaging in different types. Anonymous is more of a symbol then an actual group, as different individuals can take up the mantle and operate under the Anonymous name in various scenarios for different goals. In this paper we will defend the ends that Anonymous seeks: freedom of information, exposure of corruption, and the truth.

History The global hacker group known as Anonymous originated on an online forum within the 4Chan website in 2003. Initially these people were typical internet hoodlums who harassed anyone and everyone. Soon they expanded their reach, realizing that they wielded a certain amount of power, and began to cause trouble outside the bounds of the 4Chan forums. After harassing the Church Of Scientology, they rallied around the idea of Internet freedom, grabbing headlines with their attacks on Visa and Mastercard. The following is a timeline, recounting various actions of Anonymous. Jan 2008 - Campaign against the Church of Scientology for its attempts to censor negative information about itself online. Anonymous organized a series of denial-of-service attacks against Scientology websites, prank calls, and black faxes to Scientology centers. 2010 - In their campaign against Mastercard, Paypal, Amazon, and Visa, Anonymous organized massive denial of service attacks in an attempt to prevent customers from conducting

online transactions with their credits cards. This was in response to these companies decision to prevent customers from donating to WikiLeaks, and brought Anonymous into headlines. 2010 - Several Bollywood companies hire Aiplex Software to launch attacks on websites that did not respond to software removal notices. Anonymous crippled Aiplex by using the same denial of service attacks Jan 2011 - Anonymous attacked Sony as part of operation payback. The PlayStation Network subsequently has had lengthy outages. Anonymous' actions also included personal harassment of employees and their families. They attacked Sony because it is taking legal action against programmers who altered Sonys software after Sony had removed certain aspects of functionality that had been advertised. Feb 2011 - Aaron Barr, the CEO of HBGary indicated that he intended to reveal the identities of the leaders of Anonymous, and the group responded by hacking into both HBGary and HBGary Federal, releasing the e-mail addresses and passwords of any person who had a membership to the site. Anonymous disagreed with the results of Barrs research, insisting that the names he had come up with belonged to people who were not affiliated with Anonymous in any way and therefore could compromise the well-being and privacy of an innocent person. In addition to publicly posting the information Anonymous found, they also revealed that HBGary, a security firm, was not very well secured, itself. Feb 2011 - In retaliation for the shut down of the file sharing service Megaupload and the arrest of four workers, Anonymous DDoSed (distributed denial-of-service attack) the websites of UMG (the company responsible for the lawsuit against Megaupload), the United States

Department of Justice, the United States Copyright Office, the FBI, the MPAA, Warner Brothers Music and the RIAA. July 2011- Sixteen people, suspected members of Anonymous, are arrested. Anonymous hacked into NATOs online databases after the Treaty Organization drafted a report implying that they may begin to take action against the collective. Anonymous is seen as a Robin Hood figure, although it is not necessarily greed that they are fighting against, but corruption. They are the little guys striking out against organizations when they feel an injustice has taken place. Members of Anonymous are skilled users striking out against offending parties via technology. With this new kind of protest for the 21st century, they are providing a service to us as citizens. They are trying to uncover corruption taking place in some of our biggest corporations. If they had hacked Enron before they were found to be a complete fraud, they probably could have saved a lot of shareholders their money. It is likely there were many secret e-mails floating around the Enron office that could have exposed that corporations innerworkings and true intentions. The FBI issued a statement declaring that participating in online attacks is a criminal offense with a sentence of up to 10 years in prison. Anonymous regularly engages in illegal activity, such as as breaking anti-piracy and copyright laws, and even stealing private data such as credit cards, emails, phone numbers, and addresses. They also support torrent websites which allow users to share files like movies, music, and T.V. shows illegally. These sites can serve many purposes, and Anonymous has typically engaged in the activities listed above in retaliation against groups or organizations who would attempt to limit the functionality of these sites or otherwise hinder the free dissemination of information on the Internet.

Stakeholders With a name like Anonymous, it is no surprise that accurate, detailed information is difficult to find regarding either the players or supporters of the group. It is thought that Anonymous is built up of many individuals or small groups that originally sprang from the imageboard, 4Chan, in 2003. Since then, many subgroups have formed and broken off from the original. Overall, the stakeholders of Anonymous see themselves as the Robin Hood of the people, fighting for the freedom of information and the Internet . For them, the ultimate goal is not fame and fortune, but rather freedom. When large corporations try to withhold funding or block social networks, Anonymous steps in and brings them down as a collective whole. When freedom of speech is threatened, Anonymous fights back. The following groups have been known to support Anonymous: those who believe in the freedom of speech, the subgroups of Anonymous, AntiSec, LuzSec, and AnonOps, Commander X and the Peoples Liberation Front (PLF), hackers, freedom fighters, internet formums and social networking sites, the Pirate Bay, Al Jazeera, and Julian Assange. The following groups have benefited from Anonymous actions: the general public ,when corruption is exposed, and charitable organizations, who were given money by Anonymous. Anonymous may have started as a quiet Internet counter-culture, acting out like pranksters and as Saki Knafo from the Huffington Post states, were mostly, self-proclaimed jerks who joked around on the website 4chan and played mean-spirited pranks on people for the hell of it. The earliest attack, which brought Anonymous their first wave of publicity was against the Church of Scientology. They have since evolved, with most recent attacks against the U.S. Justice Department, Universal Music, BMI, the Motion Picture Association of America (MPAA), the

Recording Industry of America (RIAA), Mastercard and Visa. They even attempted to take down the website of the White House. For obvious reasons, these stakeholders see Anonymous as a huge threat to security because they have proven that no information can be considered confidential. Last year, we saw the expansion of Anonymous effecting stakeholders on an international scale by breaking into and stealing sensitive documents from NATO. Additionally, their support of Julian Assanges efforts, such as exposing the Tunisian government and supporting other Arab nation revolutions, have brought the group into the political spectrum. Anonymous has proven that even though they are capable of hiding behind the veil of technology for a period of time, they are influential within the political and social spectrum and able to create viable changes which they perceive to be for the greater good. To reiterate, the following is a list of groups against Anonymous: U.S. Justice Department, Universal Music, BMI, MPAA, RIAA, Mastercard and Visa, NATO, and a number of smaller city Police forces who have been hacked The list of people who have been hacked or supposedly hacked by Anonymous goes on and on. This is due to the nature of the group; namely, the fact that it is more of a movement or an idea and they are very decentralized. Given the proper software created by one or more of the members of Anonymous, even the most basic of computer users can help take down a site.

Competitive Analysis The majority of information available to the U.S. citizenry is received through common news outlets such as CNN and Fox either through their website or their affiliated T.V. channels. These news outlets often report on Anonymous as a direct news item just like any other. Large

corporate news agencies often portray Anonymous as purely criminals without introducing aspects for which they fight and the greater good they are trying to accomplish. The second set of news outlets available are the numerous, fungus-like, websites devoted specifically to news regarding Anonymous. These websites spring up quite quickly, but some have been established for several years now. Despite minor examples, the majority of information published by the larger news agencies have been biased against Anonymous. There is often no mention of the intentions of the organization, and it is often painted as a purely a criminal organization. Fox News describes certain factions of Anonymous as just doing it for the thrills. In the absolute other direction, the majority of Anonymous specific news websites are biased for Anonymous and often the focus of their articles is the corruption which they targeted. These articles, often linked to and discussed in great detail spread around the Internet, never seem to make it to main stream news. The larger corporations are not serving the American interests by reporting on Anonymous in a biased fashion. They are serving the pocketbooks of their shareholders by reporting in the way analysts say will sell the best. Often, the goals of each will align, but in this case, the biased reporting on Anonymous is purely for the good of the companies. Another information set, reported and published by Anonymous specific organizations, is currently serving the American interest more by showing that the targets are not being attacked due to financial reasons. These news sites are praising Anonymous, and they are doing a great service to the American people by spreading awareness of the corruption that Anonymous is targeting. The following commercial news agencies have reported stories of Anonymous: CNN, Fox, the Huffington Post, BBC, Al Jazeera, Techdirt, and Wired. The following agencies are non-

commercial resources through which information on Anonymous is available: anonops.blogspot.com, which is dedicated to reporting news about Anonymous, anonnews.org, and anonanalytics.com.

Technological Factors Anonymous is not made up entirely of the technologically elite. Those who know how to do so create programs like the Low Orbit Ion Cannon so that the average computer user can take part in their demonstrations, if they choose to do so. The increasing ease-of-use of technology has helped to increase the numbers of the Anonymous collective, thereby increasing their power and their resolve. Perhaps because a group as large as Anonymous unabashedly supports piracy sites, organizations like Hulu and YouTube have increased their efforts to quickly and easily provide customers with legal access to television shows and movies. Anonymous is less about doling out punishments as it is about raising awareness and encouraging the development of ethical alternatives. Members of anonymous would be difficult to find. Anonymous meets online in forums where members can create accounts without using their real information. Also, members can access these forums from any computer and anywhere. Even if members of the collective are identified, there most likely will be no way to prove whether they were involved in any criminal activity. Anonymous can attack any computer connected to the Internet in any location. Any computer connected to the Internet has the potential to be attacked from an outside party. There are several different ways that Anonymous can accomplish this. In the HBGary attack, Anonymous

used an SQL injection attack to hack into their content management system. SQL, or Structured Query Language, is a language used to communicate with databases. Database programmers use SQL queries to access information on the database and to store data in the database. When a programmer needs user input for a SQL query, like needing a user name, they take the user input and put it into a query. An SQL injection attack exploits this by inputting SQL queries as user input. They can use this to gain access to the database and eventually the web server. A Denial of Service (DoS) attack prevents legitimate users from accessing data and services. Hackers attack by targeting a personal computer or network or by targeting the computer or network a user is trying to access. These attacks can be used to prevent victims from accessing emails, websites, etc. A DoS attack can be done by flooding a network with data. This will prevent victims data from reaching its destination.

Economic Factors Anonymous wields great power. After HBGary attempted to infiltrate and release an expos on the group, Anonymous retaliated by infiltrating their servers and making public sensitive documents, illustrating HBGarys less than ethical actions, including intimidation tactics, phishing, and various forms of fraud. This company has been described as toxic by Forbes, and has more or less been ruined in the aftermath of the raid. The Anonymous attacks on Paypal and Mastercard companies not only temporarily tampered with business transactions worldwide, but also encouraged consumers to take a closer look at the actions and policies of the companies and corporations with which they interact. Alternatives to online transaction services like Paypal began to emerge.

There are several different economic issues that need to be considered when looking at the group Anonymous, such as: how much time and money will it take in order to catch Anonymous; what have been the cost to companies that have been targeted by Anonymous; who has benefited economically from the works of Anonymous; and how has Anonymous itself benefited economically? Countries all over the world are chasing after clues that will lead them to members of the group Anonymous. In the United States the FBI, police forces, and private companies are all pouring money into tracking down the people behind these attacks. Exact figures are hard to find, but estimates are in the billions. And while all this money is being spent, has the government stopped to consider the fact that for every person they catch, dozens more step up to take their place? What have been the cost to companies that have been targeted by Anonymous? Regardless of the hassle and embarrassment of having their website hacked, vandalized, and brought to a complete halt, the victims of Anonymous have suffered millions of dollars in losses. Last year, a splinter group affiliated with Anonymous attacked the Sony Corporation, shutting down its PlayStation online network. The attack was rumored to have cost the company around $171 million, according to industry estimates. Sony is not the only large company that has been attacked by Anonymous or one of its subgroups. Visa, PayPal, and several others have been attacked as well. But in each case, Anonymous has stepped in when it felt that corruption needed to be exposed, or when freedom of information was denied. In the case of Sony, it was a large corporation attacking a single man and trying to take away his right to post information on the Internet. With Visa and Paypal, it was a

10

large corporation again taking support away from a site on the Internet that promoted the freedom of information. During December of 2011, Anonymous hacked into Stratfor, a company that provides political, economic and military analysis to help clients reduce risk relating to security. Unknown to Stratfors clientele, Stratfors own internal data security was lacking. They did not even encrypt their clients information. In an effort to expose how poor Stratfors security was, Anonymous hacked in and got the the name and credit card information from the company's private clientele list which included the likes of the US Army, Air Force and the Miami Police Department. All of this information was stored as plain, unencrypted text. Using the credit card information of these large corporations, Anonymous made donations in the amount of approximately one million dollars to various charitable organizations. They took no money for themselves. To date, Anonymous has not benefited financially from their own work. They have not hacked into a bank to get money for themselves, but instead that have donated to charities or nonprofit groups. This only further upholds their main agenda which is freedom of information and exposing corruption.

Recommendations Anonymous is a force that cannot be regulated. Laws cannot effectively be enforced against such an elusive group. After studying the attacks of Anonymous, we have found a pattern in their behavior that distinguishes them from simply a Robin Hood figure, which steals from the rich and gives to the poor. While the methods Anonymous employs often break the law, we all stand to gain from the ends they seek. These ends include freedom of speech and information on the Internet, and the exposure of corruption. Therefore we recommend that the hacktivist group

11

Anonymous be rendered obsolete though actions and regulations of the government. In this case, the government is to be responsible for increasing both corporate and government transparency. There is another force that the esteemed members of this congressional committee have to consider. At this point in time, both Anonymous and Occupy Wall Street, with which Anonymous has been associated, are immensely popular in America. Taking any sort of drastic action against them would be a great political risk. There are two additional possible recommendations we make: either do nothing until Anonymous popularity falls to levels where actions can be taken, or take a stand against the entertainment lobbying industry, specifically MPAA and RIAA. The entertainment industry is set on not adapting to the digital age, and if the government keeps bowing to their actions, we could eventually see the collapse of the entertainment industry as a whole.

Pros and Cons An advantage to making Anonymous obsolete is that the group will, ideally, no longer need to continue its current course of actions, due to the government creating a culture in which corruption is exposed. Thus a group that was in the past unable to be regulated will find the government stepping in to expose the corruption it once fought itself. Hackers will still be a prevalent issue in the field of computer science, but that is not an issue that the government can tackle on their own. A consequence of such flawed security is that the technology of the day must evolve or be replaced, especially if such a need for tight security on the Internet continues in the future. A disadvantage to this is that it may point to a weakness in our government: that a group of anonymous online criminals cannot be convicted. Convicting members of Anonymous would set

12

an example for other potential criminal hackers. The government would eventually have to figure out a way to track these hackers. Not going after Anonymous is just delaying the inevitable.

13