Even if you’re not working in the cyber security field or keep up to date with infosec news, you’ve probably heard of a group called Anonymous.  If you haven’t heard the name, you’ve most likely heard about one of their many news-worthy operations such as Operation KKK, Operation Ice ISIS, or Case Donald Trump.  I tend to fan girl a bit when someone brings up the name, and then proceed to dive into a full historical documentary comparable to Stephen Hawking’s A Brief History of Time.  At the end of this overly detailed and excessively dramatic story, people are usually left with two questions:

1. Why do I associate myself with this guy?
2. Who is Anonymous?

Both valid questions, but ones I cannot answer for you.  And now you’re probably staring at your phone or computer like…

…to which I respond:

1. You should have seen this coming when you invited me to grab a beer.
2. You’re asking the wrong question.

The biggest misconception related to Anonymous is that it is not an organized group of hackers.  There is no leader or centralized command, and they do not operate based on directives.  A website associated with the group describes it as “an Internet gathering”.  Everything is based on affinity; if you agree with their ideals and you feel that you can contribute then you’re part of it.

It’s a weird concept, right?  This apparently leaderless group is executing operations?  For a lot of people, that doesn’t make sense.  Someone had to plan it out, pass instructions down, define an end goal.  But when you take into consideration that everything is based on ideas rather than instructions, then it starts to fall together.  Let’s take Operation Ice ISIS as an example.  The end goal was to hinder ISIS/ISIL recruitment in western countries.  Naturally, the targets were ISIS/ISIL social media accounts, but the method of disrupting these accounts was never given.  Some chose to utilize phishing and compromise the accounts and others simply reported the accounts to Twitter/Facebook/etc.  More information on this particular operation can be found here.

I think the one detail that really helps people understand is that there is a sense of seniority within the group.  More experienced members are given respect.  Not to mention, there are moderators and administrators in the IRCs to keep them updated and in order, as well as other members who manage social media accounts, websites, videos, etc.

There’s one word I have purposely avoided using thus far… hacktivism.  Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.  This is Anonymous’s primary goal.  Let’s take a look through some of their previous operations.

2008 – Project Chanology

Project Chanology was a series of attacks against the Church of Scientology and was the first act to associate Anonymous with hacktivism.  The attacks were incited when the gossip blog Gawker posted a video containing Tom Cruise praising Scientology, to which the Church of Scientology responded with a cease-and-desist letter for copyright violations.  A group of Anons soon posted a video to YouTube in response to the Church, stating “For the good of your followers, for the good of mankind—for the laughs—we shall expel you from the Internet.”

Raids included prank calling the Church of Scientology hotlines, sending black-page faxes to drain printer ink, and launching DDoS attacks.  This was how the Low Orbit Ion Cannon (LOIC) became the signature tool of Anonymous.  For those who don’t know, LOIC is a network stress-testing tool that floods a server with TCP and UDP packets.  On February 10th, thousands of supporters showed up to Church of Scientology facilities around the world for protests.  More protests against the Church continued throughout the year, including “Operation Party Hard” on March 15 and “Operation Reconnect” on April 12.

2010 – Operation Payback

In September 2010, Anonymous became aware that an Indian software company called Aiplex Software was being contracted to DDoS websites like the Pirate Bay.  In response, DDoS attacks were launched against the Aiplex website, as well as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA).  Continuing with the attacks, Anons hacked the Copyright Alliance website and posting the name of the operation, “Payback Is A Bitch” (or “Operation Payback” for short).  This was followed up by a press release:

Anonymous is tired of corporate interests controlling the internet and silencing the people’s rights to spread information, but more importantly, the right to SHARE with one another. The RIAA and the MPAA feign to aid the artists and their cause; yet they do no such thing. In their eyes is not hope, only dollar signs. Anonymous will not stand this any longer.

Moving forward to November, WikiLeaks began releasing U.S. diplomatic documents.  In order to avoid associate with the organization, Amazon booted WikiLeaks from their servers and Paypal, Visa, and MasterCard cut their services to the organization.  Operation Payback expanded to include Operation Avenge Assange and Paypal was declared a target.  DDoS attacks brought down Paypal’s blog, a web-hosting company named EveryDNS, and U.S. Senator Joe Lieberman’s website (who had supported the push to cut off services).

The attacks were then focused on Paypal.  Leveraging two botnets, Paypal’s main website was brought down briefly on December 8th and again on December 9th, costing the company roughly $5.5 million.  14 people we later arrested by the FBI (known as the Paypal 14), 13 of which pleaded guilty.

2013 – Operation Safe Winter

Operation Safe Winter was an operation to raise awareness about homelessness.  Three missions using a charity framework were suggested, spawning a variety of direct actions from used clothing drives to community potlucks feeding events across the U.K., U.S. and Turkey.  The call to aid spread to communities such as Occupy Wall Street and OccuWeather and encouraged participation from the general public.

2015 – Operation KKK

Anonymous announced that it would reveal the names and information of up to 1,000 members of the Ku Kluk Klan, stating “The privacy of the Ku Klux Klan no longer exists in cyberspace.”  On November 6th, a full list was released to the public (which is still available here).

If you have the time and interest, I’d recommend reading through the rest of their operations.  It’s extremely interesting to watch how the ideals have shifted over time.  Many of these operations have to do with the freedom of speech and information.  I hope you all enjoyed, and as they say…