Opinion: Why we need Anonymous 2.0

Filed Under: Featured, Law & order, Vulnerability

Anonymous masksA few thoughts on the "hacktivist" group Anonymous that came out of Josh Corman and Brian "Jericho" Martin's keynote at the SOURCE security conference in Boston last week:

  1. Hacktivist is a sloppy term. A small percentage of those who claim affiliation with the ideology, or movement, or brand, or whatever we wind up calling it, are hackers or activists (5 to 10 percent are skilled hackers or activists, while the lowest common denominators "don't do much" and are "glorified cheerleaders, at best", they said).
  2. We need a better, more efficient Anonymous.

Before we explore their rationale for Anonymous 2.0, it's worthwhile to know why Corman - director of Security Intelligence for Akamai - and Jericho - a "hacker turned security mouthpiece" - care, and why they think we all should.

Here's how Jericho explained it:

"Most problems on the Internet don't affect us. With Anonymous—and we're using Anonymous as an example for this presentation, but it could be anybody: Anonymous or a splinter group [such as LulzSec] or the next [group] that comes along—almost everyone is involved. Vigilantes, 'good guys,' analysts ... with civilians stuck in the middle. Those whose information is doxed, those people are getting affected more than anyone. If you're affected, you're involved. … Look at [Anonymous's] influence. From analysts, to law enforcement, to former members, to the media, to organized crime, to foreign nation states. "

Nobody in technology, nor in business, for that matter, can get away from fighting Anonymous or other similar groups, whether the fight transpires in media or anywhere else, he said.

So that's why they care, and why we must. Beyond our own, personal involvement, a broader concern is that much of what we lay at the Anonymous doorstep may be branded as such merely as a smokescreen.

Source logoAs Corman noted, this amorphous thing we call "Anonymous" has become the perfect scape goat. Anonymous members continually drop in and out of affiliation with, or actions taken on behalf of, the group.

Any attack can be labelled with the Anonymous brand, regardless of whether it was sincerely done under activist principles or is simply branded that way to cover the tracks of, say, a nation state (sound familiar? "Suspicious attack. Must be China!").

For all the mayhem they've caused, much of what "Anonymous" has "done" (I use quotes because there's often [usually?] no way to determine actual perpetrators) is to simply exploit low-hanging fruit, Jericho said, thus erecting worthwhile signposts to cyber security flaws.

As Corman put it:

"Anonymous has held up a mirror to our defects. [They've done] nothing really hard. They've just showed us how insecure we are [with regards to] basic Internet hygiene. If they turned up the heat, it would be even worse."

In a nutshell, if we can't deal with the worst the Anonymous-affiliated have to offer, "we're f*cked," Jericho said. If that word offends you, "you have to get out of the industry," because sooner or later, in one fashion or another, you'll likely have to deal with Anonymous.

Which leads to why we we should wish for, or even need, a better, more efficient Anonymous.

As it is, Jericho said, Anonymous are "a crude, blunt weapon". Why not a better Anonymous? One that's more efficient and that gets stuff done with less collateral damage? One that doesn't dox the personal information of innocent people and put them and their families at risk?

The pair have concocted a three-step plan for Anonymous 2.0. It's fully laid out in part 5 of their "Building a Better Anonymous" series.

The steps for creating what they call a "a straw man of 'organized chaos'":

  1. Statement of belief, values, objectives, and first principles – i.e. WHY you have come together
  2. Code of conduct and operational parameters – i.e. HOW you conduct your pursuit of your common goals
  3. A plan for streamlining success, increasing potency, and mitigating risks – i.e. WHAT will make you more successful

Would such codification cause the group to splinter? Hopefully. The group needs to specialize, Corman and Jericho said. An Anonymous splinter devoted to free-speech issues would be a boon if it could devote itself to the task at hand, for example.

AnonymousDoes Anonymous agree with the proposals? Anonymous has no unified voice, the keynoters said, so it's a moot question — it is, after all, a composite, rather than a singular, monolithic group, and there are any number of levels of allegiance and reasons for participating.

But some regular actors in the movement have agreed with the tenets - one plus of a codified Anonymous is the ability to disavow a given action that goes against the stated objectives of the group.

Jericho pointed to the recently announced MalSec (Malicious Security) group as an example of how new splinter groups might codify their beliefs. From their YouTube video:

"For many years we have watched as more unconstitutional laws are proposed and passed and as censorship, disinformation, and corruption have become the norm."

"In an attempt to bring these acts to a halt, we are targeting the very people that have attempted to do us harm. We do, however, fervently believe in free speech. Everyone should be able to express themselves freely, even if others disapprove. As such, we have decided never to remove the original data, when a website of an enemy is defaced."

That's a start. That's a statement of a belief - free speech - and a practice - refraining from removing original data. Thus the group can disavow fraudulently labelled MalSec actions.

Now, regarding the term hacktivist: I've used it. Lots of journalists have used it. I'm not going to use it anymore.

When Corman and Jericho polled the audience to ask how many thought that the law was winning in its fight against Anonymous, only one hand went up.

That only shows that Anonymous has won the media, Jericho said, whereas the law has failed to engage our attention.

The keynoters' research has shown that some 184 Anonymous actors have been arrested and charged in 14 countries. Only one in three Anonymous-branded actions make the news, one in five make the news on tech sites, and only one in 30 make the mainstream news.

These are guestimates. The point is, law enforcement is making busts. They need to rattle their sabers more, and we journalists need to pay attention.

We also need a better term than hacktivist, which embodies the romantic type of Robin Hood image that Hollywood, journalists and the public adore.

"The Anonymous affiliated" is kludgy. But perhaps we won't be able to come up with a better term until Anonymous itself draws its boundaries, making it possible for a given action to be rightfully branded or justifiably disavowed.

If you can think of a better term to use in the meantime, please share it in the comments section.

And kudos to Corman and Jericho for opening up such a thoughtful discussion about a topic that's too easily simplified and romanticized.

, , , , ,

You might like

13 Responses to Opinion: Why we need Anonymous 2.0

  1. Just a voice · 875 days ago

    Food for thought, indeed.

  2. Angelo · 875 days ago

    I humbly propose "Anonihilist"

    • Lisa Vaas · 873 days ago

      Nice, and perhaps more clearly a play on anarchism/nihilism than another proposed term: "inarchist" (which I don't really understand—how does inarchist add on to the term anarchist? I'll ask the commenter...)

  3. John Alarcon · 875 days ago

    Hacktivist is just a buzzword that the media caught onto and perpetuated. It's catchy; it's a shiny new word; it draws readers. But as you laid out, it's not even close to appropriate. They're activists and should simply be called that... but that term is all played out by now, so a new spin had to be created or we'd just glaze over it in the media like we do with everything else we've become desensitized to. The term hacktivist is just another example of the linguistic tricks used on "lay people", I'll call them, to get a desired reaction. Another blatant example of such trickery to sway opinion is in how the FedGov calls our rising debt a "National Defecit" but back when there were surpluses, it was called a "Government Surplus". Tricky bastards fooled most people, too.

    Anyway, I think the strongest aspect of Anonymous IS the collateral damage. People often will keep their head in the sand (about virtually anything, really) unless it directly affects them in some detrimental way. Collateral damage sees this achieved. It gets people thinking, paying attention... And, to me, this is the best Anonymous can hope to achieve.

    I don't condone the actions of the group, but neither can I deny that it has brought a lot of things to the forefront of attention that never would have found the light of day otherwise.

    The idea that Anonymous could become an organized movement and still remain anonymous is, well, somewhat dreamy. Organizing things leaves a lot of paper behind, does it not? Actually, I think it's more effective as a chaotic splintered group because the targets -- whoever we may be -- will never be able to plan for an attack.

    In my mind, Anonymous works like the lofty concept of "god" -- make people feel like they're being watched (and will be punished for wrongdoing) and they'll be less likely to engage in said wrongdoing.

    I'm very curious to see how Anonymous evolves... keep reporting!

  4. Scott · 875 days ago

    Okay, now you guys have the right idea. If you want to start a revolution the wrong way to go about it is to attack the people you are ostensibly trying to "save". That will get you nowhere fast. I understand that collateral damage is part and parcel for any war (and don't fool yourselves, anon is engaging in cyber guerrilla warfare), but to just blame on the "protectors" is not a way to assimilate yourselves with the populace. Hearts and minds guys, hearts and minds.

  5. "Why not a better Anonymous? One that's more efficient and that gets stuff done with less collateral damage? One that doesn't dox the personal information of innocent people and put them and their families at risk?"

    I would like you to name me one person (families optional) who has ever been harmed from being doxed in the history of the Internet.

    • solenoid25 · 874 days ago

      The irony of naming one person harmed by doxing is incredibly dense, whether intentional or not. Do you realize that you are inviting something akin to the same topic you are discussing? I'm certain that you could search and find what you seek without others' assistance.

      @Lisa, great article! Thank you for keeping it objective.

  6. Freida Gray · 875 days ago

    To me, Anonymous appears to be more of a "network" than a loose group or a botnet.It seems that a few people got together & linked their computers into a network.Then each person added some more members to the network who added more members & so on.This could account for why they haven't been stopped,even with all of the arrests made.So, my name for them would be the Anonymous Network.

  7. LG · 874 days ago

    For a descriptive term, how about "Anonarchist"?

    As for the article, I'm glad it's been said. I hope the right people are listening, and that they'll think about it.

  8. Nigel · 874 days ago

    Cracktivists. It's closer to the truth.

    Sucktivists is closer still, but I suppose it's too crude for the mainstream.

  9. Rick · 874 days ago

    Excellent article

  10. Fubar · 874 days ago

    Was any consideration given to the possibility that actual political reforms of the underlying problems (corporate greed and the related political corruption and fraud) that these groups are "protesting" might cobntribute to stopping the problems caused by the "hacktivism"? Or is the idea of real political reform considered to be too "utopian"?

    I guess the IT "security" industry will always contain elements whose purpose is to serve such corrupt politics, and "journalists" and "experts" will santize and narrow the politics of greed/corruption down to lesser technical issues for consumption by their corrupt clients/customers.

    In that sense, those elements of the IT "security" industry are part of the totalitarian system being "protested". The resulting conflict between corrupt IT "security" and "hacktivists" will be good for business on both sides.

  11. random joe · 873 days ago

    its like this -

    terrorists will never kidnap or threaten to harm your closet even tho it has most of your clothes in it and will affect your ability to work/ socialize. so it makes sense for "X"sec to " kidnap or threaten to harm your" internet (or our internet) since it would produce the desired effect - the internet nowadays is your "everything" in the way that its used to make everything work around you or for you directly.

    the problem is that each side claims (and it is partially so ) that "the other side" is doing this hostage taking that the internet seems to be in at the moment ; weather they are freeing, securing, monitoring or restricting, everything is done to protect us form the other side.

    it never really is more than economics after all and in the same way we could reason a elegant comparison - 1 part is screaming "profit loss" and the other side "price fixing"

    i do think you can blame each side for things and i chose only to name 1 each:

    -didn't see any anonymous donation to 3rd world countries form all the "hakers"
    -didn't see any real action unless its motivated by profit (or the loss of it)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.