Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Mayer

VIEWS: 9 PAGES: 12

									                                 Anonymous: Cyber Vigilantism
       Online, information moves fast, connecting everyone and making whole societies feel like small

towns. A transgression can be discovered, spread around, and have a retaliation formed within the day.

Those that feel they either have the right, or have a good chance of getting away with the retaliation

broadly fit under the guise of cyber vigilante. In the real world vigilantism is widely seen as dangerous

to the whole. It undermines the authority that everyone gives to the select few. For the most part, real

world dangers and offenses can be taken care of by real world agencies. There's definitely a feeling of

stepping on ones' toes, and getting in the way. Online, that feeling isn't so widely shared. Some people

believe it is necessary, that laws haven't caught up to the times, that agencies haven't been formed, or

filled out to meet their need. Cyber vigilantism, as in all vigilantism, lives in shades of gray. Sometimes

it is hard to determine how you feel about a certain action, and the only easy answer is to side against it

in all its forms, in all severity. This paper will be covering the general idea of cyber vigilantism while

finely examining the most prominent group known, Anonymous. Reasons as to why cyber vigilantism

is more prominent than the real world counter part, as well as the ethics to each case presented will be

covered.

       To start we should cover possibly the most difficult cases to judge, those of white hat hackers.

There are two recent cases that happened last year that cause pause when reading about them. One was

the case of Goatse Security which went public with proof that AT&T's network had a hole. They mined

“thousands of email addresses of iPad users” on the network (Samson). They went public when AT&T

did not inform its users that their information had been compromised. The security company did the act

to inform AT&T of their flaw which actually stemmed from a poorly designed web app. This act is

known as a white hat style of hacking, even though this particular case involved no hacking, just brute

force gathering when passing an ID (Keizer). Most would argue that it is good that there are people out



1
there looking for security holes without malcontent. Also, many would approve of holding AT&T to a

high code of conduct in informing their customers. Another white hat case is that of Google's security

engineer, Tavis Ormandy. He found a bug in Microsoft's Windows XP and informed them of it. He then

negotiated a timely window for fixing it. After five days he went public stating that Microsoft would

not agree to fixing it within 60 days (McAllister). Some thought he was being unreasonable, while

others thought it was good for the users to know. Issues such as these aren't always easy to judge, a lot

of times you need to know motive and enough facts to gain perspective. For this case, involving a zero-

day bug, a bug the developer was unaware of, fixes were done on average of 43 days in 2010. That

seems to make his request of 60 days reasonable, but the shortest time was eight days, the longest, 125

days. Without knowing the difficulty, it is impossible to judge whether Ormandy was justified.

       A lot of times white hat hackers are lone wolves, so are some other forms of cyber vigilantes,

especially those tracking hate speech and suspected terrorists. There are also large groups, however.

The main group that will be examined is Anonymous, but first, some other groups should be

mentioned. To start, this group is not vigilante in nature, but more of an activist movement. The 1984

Network Liberty Alliance was about free speech online, and later about open software. Another that

began in 1984 was The Cult of the Dead Cow which coined the term, hacktivism. They were

particularly active in providing access in China to censored online content.

       Anonymous as a group came from an internet meme, a joke that spreads around the internet. It

came from the imaginary persona given to any information by an unknown source. On image boards

such as 4chan this imaginary persona gained a name, Anonymous, and eventually a visual

representation. The idea behind Anonymous was at first just to be funny. It was an embrace on internet

culture, and the effect it has on people when they are themselves anonymous. Eventually free speech

and openness became a primary concern, but the shock factor never faded. To understand Anonymous

it is necessary to try and understand where its effect on people comes from.

2
       In psychology there is a concept called internet disinhibition effect. It covers several factors as

to what may cause a person to act different when becoming anonymous online. The first is the obvious

dissociative effect of anonymity itself. Being unknown is liberating, allowing the user to act differently

than their normal selves. Another concept is invisibility which hides one's reactions, and the reactions

of others. Not being face to face makes outrageous behavior easier. A third concept is that of

asynchronicity, which covers the time delay that can happen between messages on a message board or

other form of online communication. This allows a person to act out, or vent, then run away. They can

choose to never look back at the fallout, or come back after some time. The point is there is no

immediate consequence, and it is their choice as to whether they even want to deal with it. Another

thing that helps the user disassociate is fantasy, imagining what they do online is just a game and has no

real world repercussions. Perhaps the most telling about Anonymous is the concept of minimizing

authority. This is a condition where users feel completely equal online and real world status has no

bearing.

       With Anonymous being a collective group, crowd psychology also comes into play. Two

theories as to its cause are contagion and convergence. Contagion describes that the group causes

others to act a certain way. Peer pressure and excitement get people caught up in the group.

Convergence states however, that like-minded individuals come together to form groups. The real

question is whether the group enables people to do what they really wanted, or whether the hive-mind

causes people to do things against their judgment. In the real world, there are events called flash mobs

which are usually just for fun or for publicity. The term isn't typically used for online groups, but with

Anonymous it seems fitting. As Anonymous has gained attention, there are those who have rushed to be

a part of the newest event. These people don't always know the full consequences or how to protect

themselves from discovery. They rush to be a part of the action in the same way people get involved

with flash mobs.

3
       These events, or 'operations' are hard to judge sometimes. Anonymous as a group lashes out at

what it perceives as injustice, or bullying behavior. There are some who completely disagree with

vigilantism, for those, judging Anonymous' actions is pretty easy. That said, it is still pretty hard to feel

sorry for some of its victims. Examples of such operations are the Hal Turner raid, project Chanology,

Chris Forcand's arrest, the Iranian elections, Operation Didgeridie, and helping the protests in Tunisia

and Egypt. In the Hal Turner raid Anonymous brought down his website, presumably because of his

white supremest radio show. He lost thousands in bandwidth costs and attempted to sue the websites of

Anonymous' meeting places, but was unsuccessful. Hate speech unless explicitly exciting violence is

protected under free speech. This is one of several examples where Anonymous seems to prove that

everyone is equal, equal in terms of being targeted. There is an obvious contradiction in terms of seeing

people as equal, but then feeling the authority to attack someone as well. Contradictions seem to be

common place however. Hal Turner was targeted for his speech, but when publicly challenged by the

Westboro Baptist Church, Anonymous seemed to take the high ground saying that the church had its

write to protest and say what they wanted. It seems to be proof that the group is not controlled by a

shared code of ethics in which it should act, but by two competing forces, the need to mess with people,

and the need for self preservation.

       In project Chanology, the group took on the Church of Scientology. Their reasoning was that the

church was sending take down notices to websites, trying to censor what information was available

about the church. Also the church had been involved in scandals throughout the seventies and eighties

where it tried to discredit its critics. The 'war on Scientology' wound up giving the group its most

exposure yet. For some it is simply the church's right to protect copyrighted material. For others

however it is shady for a church to keep information secret, especially when many former members

have spoken out about the religion as a scam. Project Chanology was one of the biggest attacks

Anonymous has formed. Online, the group formed denial of service attacks on Scientology websites,

4
sent black faxes, and made prank calls. Offline, the group held real world protests in several cities

around the world. Their numbers were not high, topping out at around eight thousand total, but it is a

sign that Anonymous can make it away from the keyboard (Ramadge).

       One case where it is hard to fault Anonymous is when it outed Chris Forcand, an online sexual

predator. Members pretended to be young girls for the purpose of “trolling” him. His conversations

were then sent to his church, as well as the religious blog he wrote for (Jenkins). His personal

information such as address and phone number were also spread online. The man was later tipped off to

police and busted in a sting operation.

       Another case that leans towards Anonymous' favor is of the Iranian elections where Anonymous

joined forces with Pirate Bay to help spread information in and out of Iran. They created the website,

Iranian Green Party Support, where Iranians could connect and communicate to form protests. During

this time the Iranian government had started censoring the internet, which is definitely something

Anonymous disagrees with. The group has also been involved with Tunisia and Egypt, to help them

with their own protests where their governments have also went the route of censorship. One

government most people wouldn't jump to the idea of censorship however, is Australia. In Operation

Didgeridie Anonymous did a series of denial of service attacks on government websites including the

prime minister's and parliament's. The policy of ISP censorship also saw political push back within

Australia. Some may believe that government websites should never be targets to any kind of attack,

but to many the internet is a place of free speech, and when one country has its access cut off, the

whole of the internet should fight back.

       Some examples of Anonymous' actions are easier to cast judgment on such as the Habbo Raids,

the Defacement of SOHH and AllHipHop, the attack on No Cussing Club, and Operation Payback.

These campaigns seem much easier to discredit because of the senselessness of them. They seem to

come out of boredom more than a real justifiable need for action. The Habbo raids in 2006 and 2007

5
look like they could be one of the first, if not first, actions taken by the group. Habbo is an online

community centered around a cartoon hotel. For these raids they decided to all dress the same and

invade certain areas. Around that time a case about a girl not being able to enter an Alabama

amusement park due to her having AIDS surfaced online. The raids then added this as part of the abuse.

They surrounded virtual pools and wouldn't allow people to get in, stating the reason was that they had

AIDS. It's obvious these raids were meant for nothing more than agitation, there was no real message to

be heard, or guilty parties to rally against. It was a joke that then spun itself rather untasteful for shock

value. Since these raids the group has definitely tried to seem more professional, and more of an online

army. Events like these however, show that the group at its core is about acting out.

       The Defacement of SOHH and AllHipHop are another case where there was really no reason to

attack. The whole incident started from an online argument on the Support Online Hip Hop forum.

Users of SOHH made insults of users of eBaumsWorld, one of the many hangouts for Anonymous.

Before long there was a denial of service attack on the site and the front page was defaced to make

racial slurs. AllHipHop which was unrelated also got attacked, after which it and SOHH united for

legal action. Events like this show how Anonymous can do things for immature reasons and are not

always fighting for moral reasons, but because they themselves were targeted.

       In the case of No Cussing Club there didn't seem to be any reason for the attacks other than it

rubbed Anonymous the wrong way. The No Cussing Club is a site that was being run by a fifteen year

old boy in South Pasadena, California (Davies). After going on the Dr. Phil show his family started

getting pizza and porn deliveries. Once death threats started coming in, the family called the FBI.

Actions such as these are just juvenile. It is one thing to go head to head with a political figure, or an

establishment, but a fifteen year old? It could be argued that Anonymous doesn't discriminate its

targets, but people feeling it is immoral to cuss doesn't seem quite the same as censorship.

       One large campaign the group took on was Operation Payback which has recently resurfaced. It

6
was originally in 2010 when Bollywood studios had the company Aiplex battle piracy for them. The

company would start with take down notices for sites that hosted bit torrent trackers, then they would

move to a denial of service attack on the site. Operation Payback was retaliation by Anonymous with

DDOS attacks on Aiplex and several other sites, such as the MPAA and RIAA (Leyden). Recently in

2011 Operation Payback has come back for Sony who has recently taken court action against a hacker

named Geohotz. He was made famous by jailbreaking the iPhone, and recently by allowing homebrew

software on the PS3. Sony went to court and won against Geohotz, forcing him to stop distributing his

hack. The company also got the IP addresses of people who commented to his tutorials on YouTube.

This invasion of privacy angered many, as well as Anonymous. They ran DDOS attacks on the

PlayStation Network servers, shutting them down, off and on for a couple of days. The problem with

the Payback campaign is that on both counts there are logical issues. The actions against the media

industry may have been because of their use of DDOS, but it seems like Anonymous supports piracy.

That would be a new stance, and morally a wrong one. The battle with Sony may have started as

retaliation for demanding IP addresses and fighting the openness of the PS3, but they attacked PSN, not

Sony corporate. This means those that suffered the most were mainly gamers, those that would most

likely support Anonymous. So it seems they attacked the wrong people.

       The message that Anonymous sends is important because the collective can pay for the actions

that few of them put in motion. Some of Anonymous' cases sit directly in the gray area. These cases are

Operation Bradical, Operation Leakspin, and the Attack on HBGary Federal. The reason for these

being gray is because it questions whether all information should be free, and who is allowed as a

target. Anonymous has targeted everyone from Sarah Palin, releasing her personal email during the

2008 election (Metz), to a fifteen year old boy trying to stop cussing. In Operation Bradical,

Anonymous has threatened to go after public officials due to the treatment given Private Manning for

releasing documents to WikiLeaks. Manning has been forced to sleep nude, treatment that Anonymous

7
has said, is worse than Nazis were forced to endure (Decarlo). The two public officials that Anonymous

is targeting are Department of Defense Press Secretary Geoff Morell, and chief warrant officer Denise

Barnes (Greenberg). It is questionable whether Anonymous should get involved in legal cases, and the

claims that they may go after communications at Quantico is especially troubling. Another case is

Operation Leakspin where Anonymous has been digging through WikiLeaks documents and then

spreading word about things they've uncovered. Depending on one's viewpoint, this could be seen as a

great service or an extreme danger. Uncovering corruption is generally accepted as a good thing, but

putting servicemen and women in danger, as well as civilians is reckless.

       One campaign that uncovered corruption was the attack on HBGary Federal. It started with the

CEO Aaron Barr making a public claim that his firm had uncovered the identities to some head

members of Anonymous. This turned out to not be such a good idea. Anonymous went on to what

appears to be one of its strongest offenses yet. The company got the normal harassment of phone calls,

pizzas, black faxes, and DDOS attacks. Where Anonymous really got them was their data, which

should have been embarrassing for a security company that does contracts for the government. Once

Anonymous got in, they deleted files, and dumped emails. Some documents that came out of the attack

showed how the company was compiling a list of donors to WikiLeaks, and a systematic way to bring

down the site. Aaron Barr later resigned after Anonymous demanded he be fired. At one point the

president of the parent company came on to IRC to plead with the group. Apparently their demands

were met, as the company lost millions (Anderson).

       With over 60,000 emails shared via bit torrent, the story of Aaron Barr's tangle with Anonymous

becomes pretty clear. He believed he could figure out who the lead members were by social

engineering in the IRC channels, and message boards. He made fake persona on Facebook and Twitter

and even burned different fake identities so to elevate others into confidence. He found that the group

used a security tool which tested websites; being open source they modified it to work as a hive. With

8
the tool being so stressful on the servers it allowed them to take down large sites with reasonably low

numbers. Barr never did reveal his list, and from the investigating others have done through the emails,

it's not clear how accurate he might have been. Anonymous is of course going to deny any names he

came up with, so without proof it's impossible to know.

       When Aaron Barr first started he seemed to have an appreciation for Anonymous, and his work

was purely a way to get the firm publicity, and a way for him to boost his ego. His presentation was

titled “Who needs NSA when we have Social Media?” Later he started to show that he questioned

Anonymous, saying “Its about trying to take power from others and give it to themselves.” He

obviously saw Anonymous as no better than those they chose to fight, getting ego boosts when they

took down large companies. Hypocritically, he seemed to be the exact same way about the idea of

single handedly toppling the group, before the FBI could.

       He does bring up the ethical question however, does Anonymous have the right to take it upon

themselves to enact justice online? If he were correct in thinking the group was small, and in control of

thousands of computers through botnets, would that change anything? Does their size make a

difference? Society gains its authority based on the power of the majority. If the group were really in

the tens of people, not thousands, it would change many people's view on Anonymous. It is very easy

for computer nerds to get the stigma of cocky elitist, if the group were small then their perception could

swing towards manipulative terrorists, instead of unruly youths. Also, do the laws they break make a

difference? Barret Brown, a senior member of Anonymous said this: “When we break laws, we do it in

the service of civil disobedience. We do so ethically. We do it against targets that have asked for it”

(Isikoff). Other people such as Martin Luther King Jr. and Rosa Parks broke laws as well, and

Mohandas Karamchand Gandhi is world famous for civil disobedience. So are DDOS attacks and

hacking OK if for the right reasons? One big difference in these past figures and Anonymous is that the

laws they broke were unjust and later overturned. The laws Anonymous breaks have merit, and will not

9
likely ever be overturned. Another similarity to figures such as Martin Luther King Jr. is that DDOS

attacks are sometimes referred to as digital sit-ins, a form of protest he made famous. Is this action not

semantically the same? It is odd how the digital form is thought worse than the physical form. In

reverse, most people consider physically breaking in to find incriminating evidence to be much worse

than hacking one's network for the same reason. These differences must be examined if the world of

cyber vigilantism is to be understood, as it is very much the same as the other term, hacktivist.

       In terms of causes, people online have always found it easier to act out against others. When

like-minded groups form, it is easier for the individuals to act against corporations, and other large

entities. The group makes illegal actions less frightening as the individual can blend into the crowd

under anonymity. Also the internet's perceived balance of authority probably plays a large role in the

actions of Anonymous' members. The ego boost they receive from being able to topple such large

powers, leveling the playing field, adds to the disconnected view of invincibility. As to whether a group

like Anonymous is needed, it is hard to say. So far they've provided entertainment and have started to

steer a more finely tuned path. What Anonymous will stand for in a year's time is anyone's guess.

Aaron Barr and others have felt what it's like to fall under the group's cross hairs. Even if the FBI

reports tomorrow that they have uncovered the lead members of Anonymous, the meme will live on,

and others will simply take their place, embracing the decree:



                                           We are Anonymous

                                              We are legion

                                            We do not forgive

                                             We do not forget

                                                Expect us



10
Bibliography

Anderson, Nate. "How One Man Tracked down Anonymous—and Paid a Heavy Price." Ars Technica.

       Conde Nast Digital, Feb. 2011. Web. 20 Apr. 2011. <http://arstechnica.com/tech-

       policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars/>.

Davies, Shaun. "'No Cussing' Teen Faces Net Hate Campaign." 9News. Ninemsn Pty Ltd, 18 Jan. 2009.

       Web. 20 Apr. 2011. <http://news.ninemsn.com.au/technology/720115/no-cussing-teen-faces-

       net-hate-campaign>.

Greenberg, Andy. "Anonymous Hackers Target Alleged WikiLeaker Bradley Manning’s Jailers"

       Forbes. Forbes.com LLC, 07 Mar. 2011. Web. 20 Apr. 2011.

       <http://blogs.forbes.com/andygreenberg/2011/03/07/anonymous-hackers-target-alleged-

       wikileaker-bradley-mannings-jailers/>.

Isikoff, Michael. "Hacker Group Vows 'cyberwar' on US, Businesses." Msnbc.com. 8 Mar. 2011. Web.

       20 Apr. 2011. <http://www.msnbc.msn.com/id/41972190/ns/technology_and_science-

       security/>.

Jenkins, Jonathan. "Man Trolled the Web for Girls." Editorial. The Toronto Sun [Toronto].CNEWS.

       Canoe Inc, 07 Dec. 2007. Web. 20 Apr. 2011.

       <http://cnews.canoe.ca/CNEWS/Crime/2007/12/07/4712680-sun.html>.

Keizer, Gregg. "Sloppy AT&T Software Led to Theft of IPad Email Addresses" InfoWorld. IDG

       Network, 10 June 2010. Web. 20 Apr. 2011. <http://www.infoworld.com/d/security-

       central/sloppy-att-software-led-theft-ipad-email-addresses-832>.

Leyden, John. "4chan Launches DDoS against Entertainment Industry." The Register. 20 Sept. 2010.

       Web. 20 Apr. 2011. <http://www.theregister.co.uk/2010/09/20/4chan_ddos_mpaa_riaa/>.



11
McAllister, Neil. "Google vs. Microsoft: The Battle of Ormandy" InfoWorld. IDG Network, 22 July

       2010. Web. 20 Apr. 2011. <http://www.infoworld.com/d/developer-world/google-vs-microsoft-

       the-battle-ormandy-170>.

Metz, Cade. "Anonymous Hacks Sarah Palin's Yahoo! Account" The Register. 17 Sept. 2008. Web. 20

       Apr. 2011. <http://www.theregister.co.uk/2008/09/17/anonymous_hacks_sarah_palin/>.

Ramadge, Andrew. "Second round of Anonymous v Scientology"News.com.au. News Limited, 18 Mar.

       2008. Web. 20 Apr. 2011. <http://www.news.com.au/technology/second-round-of-anonymous-

       v-scientology/story-e6frfro0-1111115818537>.

Samson, Ted. "Should We Cheer or Fear Cyber Vigilantes like Anonymous?" InfoWorld. IDG Network,

       02 Mar. 2011. Web. 20 Apr. 2011. <http://www.infoworld.com/t/hacking/should-we-cheer-or-

       fear-cyber-vigilantes-anonymous-122?source=footer>.




12

								
To top