Sophos Cloud Optix
RT’s The Alonya Show must have thought it had a great exclusive on its hands, when it announced it would be broadcasting an interview with a representative of the loosely-knit Anonymous protest group.
(In an earlier version of this article, I sloppily described Anonymous as a hacking group. Although there are hackers who support Anonymous, it’s an inaccurate way of describing the group.)
After all, the British and United States authorities had announced that they had arrested scores of people suspected of participating in denial-of-service attacks that had disrupted websites belonging to well-known organisations.
Of course, it’s not easy to tell with a group like “Anonymous” whether you’re talking to a real spokesperson for the group or someone playing a prank on an over-excitable TV programme.
Check out the following YouTube video of the show and see if you can tell if the person being interviewed is genuine or not.
The jury is certainly out in this case.
After all, during the Skype interview with host Alyona Minkovski, the “source” can’t resist crowbarring in some odd phrases seemingly for kicks. For instance,
"all of our base are belong to them"
and a reference to the classic internet meme inspired by 1980s pop crooner Rick Astley’s chart-topping song:
"we're never gonna give you up, never gonna let you down"
There are even references to:
"bitch-slap"
and
"I am in lesbians with this question"
(Although I’m not sure if that last one was a slip of the tongue or not.. Update: Security blogger Kurt Wismer tells me it’s a reference to a line used in the movie “Scott Pilgrim vs The World”. It’s further explored in the Urban Dictionary.)
It feels to me that perhaps the Alyona Show was so keen to interview a spokesperson from the computer underground, they might not have confirmed their interviewee’s veracity.
Whether he’s for real or not, I don’t see why the mystery spokesman (who appears to have made no attempt to hide his accent, by the way) doesn’t believe the FBI when they say that distributed denial-of-service attacks are illegal.
Umm.. don’t you think that the FBI would know they were illegal? Or have these hackers with such firm convictions made their own legal enquiries to find out the truth before engaging in such attacks?
Do you think the Anonymous source was for real? Leave a comment below, and let us know your thoughts.
"i am in lesbians with this question"
reminds me of scott pilgrim vs the world ("i am in lesbians with you").
Aha! Thanks Kurt. That's not a movie I've seen.
You know, the public's inability to comprehend "anonymous" continues to amaze and amuse me. There are no "spokespersons", no leader or hierarchy for the group, let alone any sort of plan. "Anonymous" is probably the most famous of the 4chan memes, a sort of ongoing joke and personality taken up from time to time by anyone who feels like doing it at any given time. Anyone who claims to be talking with "anon" is talking with some bored kid who decided to take up the "anon" moniker for a bit and have some fun.
That the media (and occasional security group) continues to get trolled into thinking there's some sort of hacking conspiracy by what amounts to an internet pub crawl has got to be one of the most hilarious phenomenas today.
Fun!
The description of this Anon clearly says "source within Anonymous", not "spokesperson" or "member". Anonymous chose this title simply to avoid pestering articles like this very one.
The memes he used were that of Anonymous Culture. He used them in context to blend in with his points, thus nodding to the rest of Anonymous that he's legit, while also keeping things clear for the general public. If you notice, no memes were out of place, and if you showed this video to someone that had never been involved with Anonymous before, they'd still understand it.
We can confirm that The Alyona Show (including Alyona herself) were informed by this Anon that memes would be used to verify authenticity, and that they should not be alarmed if odd things are said.
Graham Cluley: while Anon thanks you for paying such close attention to its statements in this video, we would like to suggest you don't make such accusations without at least reading up on Anonymous activities over the past few months.
We have no leaders
We have no spokesmen
Anonymous is not a group
Anonymous does not exist
TL;DR.
a rick roll is as good as a handshake to an identity-blind man. no insult intended, just a quirk of the culture.
that about sum it up?
"the Anonymous hacking group." ಠ_ಠ
Are you people still saying this?
Why can’t the media ever get anything right?
Anonymous is not by any means a group of hackers.
They are kids that claim whatever current event as their own doing. Nothing more.
And I find it amazing how anyone who has ever done anything anonymously is a member of anonymous. It is a group where you are in and you are not in at the same time, because it is anonymous.
I have personally participated in protests and I will again.
I never thought of DDoSing as "sit-ins," but now it makes complete sense. So, now Anonymous is the new black people.
Graham, you’re probably right.
I’m 10x more ‘anonymous’ than the guy in the clip is…
It looks like this was staged between the reporter and a colleague ‘next door’ (with most answers ready made – see 2nd part and voice inflections and confidence while ‘i’m in lesbians with this question ….’)
If I’d have to further analyse the clip, there is no issue with ‘anonymous’ voip connection while over transatlantic connections would have the usual 200-500 ms delays and huge jitter corrections. While this is true for the regular skype user (grrr, really hope the real anonymous aren’t using skype), a member of the underground community is 99.99% using a neat vpn & proxy combination: so expect a different sound characteristics coming from a voip conversation (disconnection in the clip is really hilarious).
And, yes, I’d like to think that members of the real ‘anonymous’ are a bit more authentic than the guy in the clip.
His entire connection disconnected, he pinged on the anonymous IRC server too, it wasn’t a Skype failure
– observant Anon
right … and he had a premonition that this will just happen …
it was like his 'sensors' were informing him he has to pee 😛
if you have a good idea of protocols (tcp/ip, sip, etc …) and routing / vpns, you'd already know how this works (not to mention that there were no symptoms of any such issues).
unless he just clicked to run a script to change the anonymizer proxy and realized his session will be terminated :))) (indeed more hilarious).
This would defeat the purpose, don't you think?
The point is we are legion.
Interestingly, if you look at the meme (am I using your jargon correctly?) which gave the English language the phrase "to be legion", you'll find you may have picked the wrong group with which to identify yourself.
(In the meme, at the point when you say, "I am legion," I'm sorry to have to tell you that it goes pear-shaped. Next thing you know you're plummeting headlong over a cliff into a giant lake. Sadly, at this point, you drown.)
I'll guess you probably intended to put a negative into that sentence. But I'm not sure if you meant to negate the fact that you were legion, or to negate the fact that there was a point.
Don't debate English with Anonymous Sophos-drone.
It's from Engrish (badly translated parts foriegn language content).
Hence 'All Your Base Are Belong To Us'
Pear-shaped is the point, if there was a point, which there isn't.
Oh and they/we/legion/lolcatz love to mess with people. Period. Stop trying to find points and debate it. It's like debating a drunkard
lol he said "we're trying to make sure the internet is wide spread" heh heh.
"Do you think the Anonymous source was for real?"
"Of course, it's not easy to tell with a group like "Anonymous" whether you're talking to a real spokesperson for the group or someone playing a prank…"
Why are you using the word 'real' and 'Anonymous' in the same sentence? As a security blogger who has been blogging about Anonymous for a while now, I would have thought that by know you would understand that Anonymous does not have any 'official' representatives, therefore, anyone can speak for Anonymous as they wish (i.e. all interviews are real, – just because you thought it was a funny interview doesn't mean that you can declare it's 'fake'). There is no real, or fake, Anonymous. There is only what you THINK is real, according to your tastes.
No, it wasn't a prank. Just because the interview had memes, or some inside-references, doesn't mean it's a prank. Memes do not = prank. They simply = language. As you heard, every question was answered with a proper answer.
Exactly! The presence of a prank or two is likely the most reliable evidence that you are talking with "someone from Anonymous"!
Graham, please don't keep perpetuating this false image of Anonymous as a "hacking group". Pretty much anyone who comments in a professional capacity on computer security with any credibility should know who and what Anonymous is (though I appreciate getting people to think there are hordes of scary hackers out there on the rampage looking to pwn your computer is in Sophos' interest).
I do mostly appreciate your writing on this topic and for warning people about the potential legal troubles they could get into by downloading LOIC but people should be informed correctly that Anonymous is mostly just a bunch of bored kids looking for "lulz", some of whom occasionally like to get involved in free speech activism on-and off-line.
The result of this kind of exaggeration (not just yours) of Anonymous' powers is people on your Facebook page calling for the death penalty (for misguided teenagers!) and lawyers threatening them with 10 year jail sentences.
Hi Anon #2,938,748,293 (and thanks for adopting the naming convention we're suggesting for this website!)
Yes, it was sloppy of me to call Anonymous a "hacking group". I will fix that in the article.
Thanks for pointing that out.
No problem. Although I was only half-joking, it's clear that you do care for accurate representation so I take back any implication in my comment that there was deliberate exaggeration on your part. Thanks.
I'm not actually an "Anonymous" fan or of their tactics, by the way, although I support anonymity for law-abiding citizens, but I can see where they are coming from and I don't like to see misguided teenagers threatened with beatings or turned into hardened criminals through lengthy prison sentences.
This does of course make the vast assumption you're same the guy who posted above 🙂
No, I'm Anon #2,938,748,293!!!
Hey Anon guys why are you ddossing people? Wiki leaks can be a potientally security risk! Would you like someone posting how to break into your house/your private stuffs on the web?
If i was bullying all my neighbors invading their property and killing their children. Then yes.
Wikileaks is not a potentially security risk!
Seriously, citizens have a right to know what their governments are up to. Consider, for a moment, the future. A bright future when every government realizes it's beholden to its citizenry. A future with no secrets. A future lived with total government transparency. No wars. No nukes. No secrets. No blood-crazed american pilots gunning down journalists. No dictatorships oppressing their populations. The revolution is now people. Not just in tunisia, or venezuela, or egypt, or america or britian. Everywhere. The vox populi are sick of your shit and we're mad as hell. And we're not going to take it anymore.
Because we are anonymous. We are legion. We do not forgive. We do not forget.
Expect us.
"don't you think that the FBI would know they were illegal?"
–uh, no. The FBI neither creates laws nor adjudicates them. A law enforcement entity such as the police or the FBI, gathers information demonstrating that a law may have been broken. Then the lawyers argue about whether a law really _was_ broken, and the jury makes the final decision.
In this case, the actions were international, so there is a serious question as to whether US law applies at all. The FBI is proceeding using the theory that it does, and they are further acting on the theory that they are the agency with jurisdiction. Interpol or some other agency may disagree. It's not an easy question. It's reminiscent of the snarl of claims that arose from actions at sea before there was an International Law of the Sea treaty.
(BTW, I think DDoS attacks SHOULD be illegal, but I know just enough about International Law to know that it's a can of worms. There IS no "truth" to find out.
If the FBI is investigating people in the USA for DDoS activities against servers in the USA owned and operated by companies in the USA (e.g. Mastercard), which seems likely to be the case in some of the 40 warrants they've been busy with, I'd imagine their jurisdiction over all aspects of the issue would be obvious.
And if it's US victim/UK perp, or vice versa, and you're the perp, I'd start off by assuming the worst – namely that the jurisdiction issues are well-known and easily sorted, and that you might very well end up on a one-way flight. Probably want to get a list of attorneys/solicitors while you still have the sort of reliable internet access you so keenly want to deny to others 🙂
(And it's not just the US which likes to get cybercrooks sent Stateside. You might just as easily end up going the other way – the first cybercrime-related extradition I can remember was back in the early 1990s, when a bloke called Joseph Popp was extradited from the US to the UK and sent to trial for blackmail in England in connection with the AIDS Information Trojan.)
if DDoS is initiated by individuals, they are breaking the law.
if DDoS is initiated by governments, well, they believe they're above the law and entitled to break it.
if you're a targeted individual or company, and the offender is an individual or group of individuals, the State will try to prosecute the offender(s) just to make sure it's taking the measures to protect itself and not you.
if you're targeted by a government, then only God can help you 😀
welcome to the morale & law jungle 🙂
I hope you understand that Anonymous can be anyone? The So called hackers are just kids who follow retarded instructions off 4chan because someone told them to. Even moot, the creator of 4chan, dislikes actions like this because they are considered raids.
There are over 1,000 image boards that use the same or similar image board software as 4chan, with a handful that use the Anonymous title for their Anonymous users. The Drug board 420chan chooses to use made up names instead of using Anonymous. Since 4chan is the most popular on the internet, it is why people who see memes attributed to 4chan.
4chan has nothing to do with the DDoSing. All of it was run through an IRC server, 4chan is a mainstream website used for recruiting, just like Facebook or Twitter.
Did you not read my post? I obviously stated it wasn't 4chan, i said there are other image boards that tend to do things that are considered rash, and because they don't understand the word anonymous, they blame it on 4chan.
Don't you mean over 9000 image boards?
Yeah, no that's a legitimate anon. If any doubt was to be had, the hackers on steroids definitely verified his authenticity. We are legion. And we are HIGHLY amused.
Try a little Googling, Cluley:
http://en.wikipedia.org/wiki/All_your_base_are_be…
Oh yes, very aware of that meme. Did you see the April Fool SophosLabs produced a couple of years ago?
http://nakedsecurity.sophos.com/2009/04/01/shatne…
I appreciate your blogs Graham. I think I know what you mean by is he real or not. Since the whole subject of the Anonymous group can be a bit iffy, in that it consists of so many different people.. Anyway I think what Graham meant was is he really representative of the many anonymous participants who have been DDoSing, because there are many who are of the "anonymous crowd" who don't do this stuff, but just like to observe the memes that are created everyday. It's fun. It's a hobby. Idk.
DDoSing is simply using up the bandwidth and resources of a server. In this context it is no different than what civil rights protesters did taking up seats in Woolworths. It is a cyber sit it. Is it illegal ? Sure, so were the Woolworth protests, the Vietnam sit ins, etc.
The question then is not the legality of civil disobedience, but the moral imperative. When faced with implacable injustice, civil disobedience is not only a natural right, it is incumbant upon all sane, moral – and able citizens of the world.
Commander X
Come on Graham!!!
Have you not seen the Westboro Church video (http://www.youtube.com/watch?v=OZJwSjor4hM)?? This is the same dude who faced WBC in real time!!!
I think the author is incorrect, this IS anonymous. All those cues are deep in the anonymous culture. It is obvious they were meant as a verification.
I think your conclusion would have been otherwise ff you had concentrated your analytical powers on the message that the representative was actually trying to convey and whether it makes sense in the context of the overall dynamics of Anonymous.
Nobody is going after Anonymous.
They are targeting people running the LOIC tool. There is a difference and it is significant.
Anonymous is everybody who ever got pissed off enough to do something about bullies abusing their power, not a bunch of people running a DDoS tool.
You and I are anonymous on our best days.
Govs fail when it comes to the Internet and they know it. They will attempt to destroy the Internet because it denies them the power of censorship. Anonymous will fight censorship, and govs around the world will step up on the repressive measures until there is an all-out war of information between Anon and the gov. What we are seeing now is only the beginning of an epic moment in history