Monday, December 13, 2010

Internet Anarchy: Anonymous Crowds Flex their Muscles

One of the things I love about working in the UAB Computer Forensics Research Laboratory is having the opportunity to learn from professors from so many different specialty areas. In addition to the Computer Science professors who visit our lab for the weekly Spam Researchers Meeting, where we entertain guests from the Knowledge-Discovery & Data Mining Lab and the Artificial Intelligence Lab I also get to work with criminologists, sociologists, and forensic chemists who make up the rest of our "CIS-JS Working Group." Last week I had the pleasure of visiting a DEA Drug Testing lab with my colleague Dr. Elizabeth Gardner. Today I was able to compare data mining techniques with a visiting Bioinformatics professor from Colorado State. But some of the times I learn the most though are when I visit with my department chairs, Dr. Anthony Skjellum in Computer & Information Sciences and Dr. John Sloan from Justice Sciences.

A Sociologist looks at AnonOps


Like most Computer Security people, I've been following the Wikileaks responses from Anonymous with interest. As I've watched Anonymous recruit their activist army, I've been thinking more and more about lynch mobs, so I asked Dr. Sloan to come up to the lab and help me understand how mobs work. I made my best pitch to him, explaining how "AnonOps" as the Anonymous Operations group calls themself, calls to mind a mob that was a cross between the angry villagers storming Dr. Frankenstein's castle, and childhood memories of Detroit fans burning cars in the streets.


Dr. Sloan explained that the public (like me) have a lot of misconceptions about mobs. He said what we are dealing with in the Anonymous DDOS attacks are actually instances of "Diffuse Crowds." In the case of Anonymous, Sloan says that "Convergence Theory" explains this type of crowd. Its not that a group of people spontaneously erupted into acts of cyber vandalism, but rather that people who share similar passions come together with an intention to "make a difference" but without a clear agenda on how to do so. Some of the people who come to these online gatherings are bystanders, some followers and some leaders, but these roles are not set in stone. When the crowd has gathered - in this case on an IRC channel - various members of the crowd propose courses of action. When one of the proposals is adopted by the group, that person, whether or not they intended to be, is suddenly, and perhaps only temporarily, a leader.

The earlier prominent theory of crowd behavior was called "Contagion Theory" and proposed that membership in a crowd results in "irrational, emotionally charged behavior."

My early suggestions to Dr. Sloan was that it was because of being Anonymous that the crowd was choosing to participate in DDOS attacks. Perhaps the leaders of the group also counted on that affect. Their instructions for how to volunteer your computer to participate in the DDOS attacks against Mastercard said "if you get caught, don't admit to anything and tell the authorities that your computer must have a virus!" The belief of the general public is that mob behavior, such as that which lead to race riots and lynchings in previous generations, counts on the anonymity and the irrational frenzy of the mob for its success.

Crowds that take action are "Expressive Crowds" or "Mobs" if those expressions lean towards violence towards a target or "Riots" if those expressions lean towards generalized violence and lawlessness. Expressive Crowds gather around strong emotions, such as joy, excitement, anger, or fear.

While Dr. Sloan said that Convergence Theory also says that groups come together along strongly felt emotions, that they should be seen as "rational" with individuals understanding their decisions and acting by choice, not due to some "mass hysteria" or "frenzy."

Expressive Crowds in Cyberspace


As we look at previous expressive crowds that turned towards cyber attacks in the past we see that this seems to be a correct characterization.

In 2008, when Russia invaded the area of Georgia known as South Osettia, the interest was nationalism. As online chatrooms and forums discussed the rightness of the Russian cause, the idea was planted and began to spread that individuals could help with a DDOS against Georgian government and media computers.

August 19, 2008 - Evidence that Georgia DDOS Attacks are Populist in Nature

In 2009, when the Iranian government cracked down on the process of a free election, Facebook and Twitter users colored their profile pictures green to show solidarity with the oppressed voters. As more Twitter followers started watching the "#IranElection" hashtag, some began providing information on how to DDOS the Iranian government. The number of participants in the group grew, with some reading the tags (bystanders), some choosing passive signs of response (green profile pictures), and some choosing active measures (DDOS Attacks).

June 16, 2009 - Armchair Cyberwarriors: Twitter and #IranElection

This past summer Islamic activists, already in chat rooms and forums to communicate about proselytizing the Islamic way of life in the west, began sharing information on how to attack Facebook by downloading an attack tool.

June 1, 2010 - Virtual Jihad Against Facebook

Anonymous and Operation Payback


Operation Payback takes its name, and its tactics from a company that claims to have been contracted by the Motion Picture industry to shut down websites that are trading in pirated movies. Girish Kumar, the managing director of Aiplex Software, explains that the Film industry hires cyber hitmen to take down internet pirates. He claimed that his company is hired "to launch cyber attacks on sites hosting pirated movies that don't respond to copyright infringement notices sent to them by the film industry."

The die was cast in September 2010 when AIplex pointed its attention at the greatest source of pirated movies on the internet, The Pirate Bay. In response, one of the /b/rothers from 4chan pointed a botnet under his own control at AIPlex, taking the company's website offline while other members of the channel were still talking about the best way to do so.

Almost immediately, the 4chan buzz began looking for a new target. TechCrunch ran a story that contained the original call to arms:

How fast you are in such a short time! Aiplex, the bastard hired gun that DDoS’d TPB (The Pirate Bay), is already down! Rejoice, /b/rothers, even if it was at the hands of a single anon that it was done, even if ahead of schedule. now we have our lasers primed, but what do we target now?

We target the bastard group that has thus far led this charge against our websites, like The Pirate Bay. We target MPAA.ORG! The IP is designated at “216.20.162.10″, and our firing time remains THE SAME. All details are just as before, but we have reaimed our crosshairs on this much larger target. We have the manpower, we have the botnets, it’s time we do to them what they keep doing to us.

REPEAT: AIPLEX IS ALREADY DOWN THANKS TO A SINGLE ANON. WE ARE MIGRATING TARGETS.


(The original Anonymous image, according to EncyclopediaDramatica.com's Anonymous entry)

They were able to knock offline, at least temporarily, the Recording Industry Association of America, the Motion Picture Association of America. Later in the month, the Low Orbit Ion Cannon, or LOIC as the chosen 4chan attack tool is called, was pointed at AFACT - the Australian Federation Against Copyright Theft. Nearly 8,000 other websites were casualties of that attack which overwhelmed the hosting platform. Many major organizations that deal with copyright and the protection of intellectual property have been attacked as part of Operation Payback at one time or another, including:
ACS Law
RIAA
MPAA
AIPlex Software
Davenport Lyons
Australian Federation Against Copyright Theft
DC Legal
Ministry of Sound
Ministerio de Cultura (spain)
Sociedad General de Autores y Editores
Federation of the Italian Music Industry (FIMI)
United Kingdom Intellectual Property Office
Associação do Comércio Audiovisual de Portugal
Gene Simmons
Hustler.com
Antipiracy.fi (finland)
US Copyright Office
Irish National Federation Against Copyright Theft
Warner Brothers


Anonymous went after RIAA again in late October after the RIAA achieved a court order to terminate the LimeWire file sharing network.


Wikileaks and AnonOps


While a group may have leaders of the moment, there are permanent roles assigned by the "true" leaders of AnonOps, as well as "talent-based" roles. As AnonOps tries to move through its paces, it needs developers to improve and modify its attack tools, graphic artists to create its images. Video editors to create its YouTube videos, and network designers to help it build stable infrastructure.

But mostly, it needs a cause that the public supports. Those causes go back to the basic emotions upon which Diffuse Crowds converge. Wikileaks stirred up the passion of the press and the public as it began releasing revelation after revelation.

AnonOps recognized such an opportunity with Wikileaks. While the early "Operation Payback" was exactly what it said: "You DDOSed our website, so we are DDOSing your website" the new act is to convince the public that this was all about Internet Censorship from the beginning. "We fight censorship and stand up for truth" is a much more stable platform upon which to base a group, as opposed to the original "We pirate movies and break the law."

However, breaking the law, and getting away with it, is a great attractor of media. Dr. Sloan explained that this reminded him of the 1960s Vietnam War protests on college campuses. The more the media covered the protests, the more likely it was that your neighborhood college campus was going to have a protest.

Cyber attacks => Media Coverage => New like-minded individuals "converge" into the group => New skills and ideas => New missions and leadership

Exit Strategy


The question that is yet to be determined is, has the AnonOps groups reached a stable form? It is clear that the illegal activity is getting out of hand, and threatening the existence of their group. This weekend's attacks on Paypal, Mastercard, and Visa demonstrated the group's online power, and attracted more hackers. The targeting this evening was sporadic and approaching "riot" stage as various participants shouted out target names in the AnonOps chatrooms and watched as they fell. Established leaders were shouting things like "WHAT ARE YOU DOING?!?!? WHY ARE YOU ATTACKING AIRLINES!?!?! WHAT DOES THAT HAVE TO DO WITH WIKILEAKS OR CENSORSHIP?!?!" Meanwhile, Delta.com, AA.com, United.com, and others all suffered brief outages.

Some of the leadership are attempting to distance themselves from the DDOS attacks and are encouraging an alternative approach of encouraging people to read the leaked cables and write about them as a way of "uncensoring" them. Others are encouraging a new form of cyber attack, asking members to DDOS companies that are found to have been involved in, or believed to be involved in, atrocious acts described in the classified cables. Remember above that members are attracted to groups that share their same strongly held feelings and attitudes. When AnonOps revealed today that US taxpayer dollars were used by a defense contractor to pay for sex with young boys, they were playing perfectly to this theory of the crowd. EVERYONE would be outraged by some of these actions, if they occurred the way AnonOps describes them. That's a powerful tool for enlarging your group, and lowering the barrier to otherwise illegal action. It may be difficult to convince a member to DDOS their own credit card company, but the moral barrier to DDOSing "sex slave brokers" as one AnonOps post described the company, may be lower.

One attempt at legitimacy was to engage the Electronic Freedom Foundation. Leaders reasoned in the AnonOps chatrooms that a partnership with EFF would bring legitimacy to their cause, and EFF responded positively to the approach with their new Say No To Online Censorship campaign.


The new campaign within AnonOps uses the name "truthisrevolutionary.org" which comes from a George Orwell quote:

“During times of universal deceit, telling the truth becomes a revolutionary act” - George Orwell

I guess my big takeaway from my discussions with Dr. Sloan was the new sociological theories on crowds and gatherings. Crowds can be rational. And, according to one Sociology text:

...Crowds themselves do not impair judgment. The actions of individuals at gatherings also illustrate that individuals remain independent, sometimes responding to solicitations, sometimes ignoring them, sometimes interacting with their subgroup, and sometimes acting spontaneously.


I hope the members of Anonymous will remember that while they are Anonymous, they are also individuals, and responsible for their individual behavior and decisions.

2 comments:

  1. Anonymous6:44 PM

    There are only a few of people in Anonymous that are total anarchists, it's just that that is the steriotype of the group because of few actions done by the lower, less-trained fraction of the group. It's even wrong to call it a group because it's not even organized. Anyone who hacks for the cause or is a supporter is allowed to dubbed "anonymous". You don't even need a mask, but the political figure gives a sense of leadership and a feeling that they are led by this figure, but in reality its just the true thoughts and words of all the people of the group. There is a higher group called "Anonymous Elite" where the top hackers organize and put out the most important and moving actions and messages, but they only speak occasionally.

    So in reality, Anonymous is more of a democracy than our current government.

    And if you really research into what they do as a whole, they actually bring out the flaws of government that nobody wants to admit to. And things may get out of hands by few individuals, but that is simple human nature when they take part in occupying or other forms of protests, and is to be expected. A completely peaceful protest simply would not diliver the same message. The people take this risk by participating, but normally, it is the government force that acts first, but censorship monopolizes the situation in favor of the government so that it seems that the protestors are to be the ones to be looked down upon.

    ReplyDelete
  2. Anonymous6:44 PM

    Here are some examples of what the larger side of Anonymous has done-

    PSN Hack- They never actually used the info they hacked, they just proved it could be done before somebody else got to the users' info.There are no links or accounts whatsoever that Anonymous actually used crdeit card numbers or identities from these accounts. Now think what could have happened if someone besides Anonymous did the same thing. It would be far more likely that they would have used the information for their own benefit.

    Occupy protests- Mainly to display how corrupt the country when police forces come out and brutally deny the people the right of speech and to organize. A popular image of such is a policeman pepper spraying a group of peaceful protestors sitting on a sidewalk. They sat and accepted it with no violence, but still refused to move. This shows that they truely believe in what they are standing up for and are willing to go to an extent of putting themselves at risk to support their cause. Don't you wish there were more people like that who would support our government's side now as we know it? Anonymous is trying to make that possible.

    Not to mention that they have hacked and shut down countless websites relating to child pornography and illegal music downloading.

    They also scan trials of people, and when they see someone who was wrongfully judged (EX- 7 police officers beat a defenseless homeless man to death for no relavent reason, 4 triald and all judged innocent) they let the word out and allow the poeple to decide themselves whether it wqas right or wrong- hence the part of they're slogan where they say they do not forgive and do not forget.

    They have targeted a person that bullyied a highschool girl into suicide and allowed the people to take act accordingly.

    So in the government's eyes, yes, they are illegal because they are a threat to them and the money they wrongfully took from government. But the point of Anonymous is to give back power to the people, so the reality of it is that you decide wheather its right or wrong. Either way, Anonymous will still exist and fight for the innocent and those left without word in government anymore, leading a relovution into the new world.

    Think of the revolutionary war, The bravest men organized and did illegal things to gain their independence back from britain that they had wrongfully taken. Anonymous is the modern day revolution, a group of people with a cause doing what they believe is right (even if it is deemed illegal by government) to give people freedom that has been taken from them.

    The majority doesn't want anarchy, they want a government that is fair and powered by the people, not over budgeted politicians.

    This is just to let you know what I know. Hope this helps in any of your research on the subject.

    ReplyDelete

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.