What is Anonymous? How the infamous ‘hacktivist’ group went from 4chan trolling to launching cyberattacks on Russia

 

A person standing outside the White House wearing a Guy Fawkes mask as part of a 2013 protest featuring supporters of the hacking group Anonymous.

Saul Loeb | AFP | Getty Images

Anonymous is a loosely-organized international group of hackers that is known for its high-profile cyber attacks against governments, corporations, and other organizations. The group has been active since the early 2000s, and it is known for its use of the tagline "we are Anonymous, we are legion, we do not forgive, we do not forget, expect us."

One of the key characteristics of Anonymous is its decentralized structure and lack of formal leadership. The group is made up of individuals who share a common ideology and come together for specific campaigns or operations. These operations are often coordinated through online forums, chat rooms, and social media, and they often involve the use of distributed denial of service (DDoS) attacks and other tactics to disrupt the websites and systems of targeted organizations.

Anonymous has been involved in a number of high-profile operations over the years, including attacks on the websites of government agencies, law enforcement agencies, and large corporations. Some of the group's most notable campaigns have included:

• Operation Payback: This campaign, which was launched in 2010, targeted companies and organizations that had taken action against the file-sharing website WikiLeaks. Anonymous launched DDoS attacks against the websites of credit card companies, law firms, and other organizations that had cut off services to WikiLeaks.

• Operation Darknet: This operation, which took place in 2011, targeted websites that were associated with child pornography and other illegal activities. Anonymous claimed to have taken down more than 40 child pornography sites as part of the campaign.

• Operation KKK: In 2015, Anonymous launched a campaign against the Ku Klux Klan (KKK) in response to the group's threats against protestors in Ferguson, Missouri. The campaign involved the release of personal information about KKK members, as well as DDoS attacks against KKK-affiliated websites.

While Anonymous has been involved in a number of high-profile and controversial operations, the group's actions have also been met with criticism. Some have accused the group of engaging in vigilante justice, and there have been instances where individuals claiming to be part of Anonymous have taken credit for attacks that were later found to be the work of other individuals or groups.

Despite these criticisms, Anonymous continues to be a significant presence in the world of cyber attacks and activism. The group's decentralized structure and lack of formal leadership make it difficult to track and disrupt, and it has shown a willingness to take on a wide range of targets. It is likely that Anonymous will continue to be a significant player in the world of cyber attacks in the coming years.

For nearly two decades, one of the world’s most infamous hacker groups has operated under the name “Anonymous.” And the mysterious online community is making headlines once again.

After Russia invaded Ukraine at the end of February, a Twitter account with 7.9 million followers named “Anonymous” declared a “cyber war” against Russia and its president, Vladimir Putin. Since then, the group has claimed responsibility for various cyberattacks that disabled websites and leaked data from Russian government agencies, as well as state-run news outlets and corporations.

Often called “hacktivists,” Anonymous employs coordinated cyberattacks against various world governments, corporations or other groups, often in the name of social or political causes. In a Feb. 24 tweet, the “Anonymous” account — which says it “cannot claim to speak for the whole of the Anonymous collective” — called on hackers around the world, including in Russia, to “say ‘NO’ to Vladimir Putin’s war.”

Over the years, actions linked to Anonymous have inspired both Hollywood filmmakers and other hacker groups around the world. Here’s a look at the murky group’s origins, some of its most notable cyberattacks and the philosophy that allegedly steers its decisions:

Anonymous origins

Anonymous’ origin story begins in the online message forums of 4chan, the anonymous social community website founded in 2003. Even today, posts on 4chan from users who don’t specify a username are labeled as written by “Anonymous.”

In the website’s early days, users often organized group pranks called “raids,” flooding chat rooms in games and other online communities to cause disruptions. 4chan began cracking down on the raids after critics accused participants of cyberbullying and posting offensive content.

Those raids formed the basis of Anonymous’ operations: a decentralized movement of like-minded online users who would communicate in encrypted chat rooms to plan online disruptions. At first, those plans were largely about cheap entertainment. Eventually, they began to revolve around social or political aims.

The group’s most prominent early instance of “hacktivism” came in 2008, when 4chan users led by early Anonymous hacker Gregg Housh launched a coordinated effort against the Church of Scientology, using tactics like denial-of-service (DDoS) attacks on the church’s websites, prank phone calls and faxing the church black pages to waste their printer in

The cyberattacks, which Anonymous labeled “Project Chanology,” were retaliation for what the hackers deemed as attempted censorship: The church had legally threatened Gawker after the media outlet published a leaked video of actor Tom Cruise speaking enthusiastically about Scientology.

A series of worldwide protests against Scientology soon followed, with many Anonymous-supporting protesters wearing white-and-black Guy Fawkes masks, depicting the 17th century British insurrectionist. Those masks have since become closely associated with hacking group.

Philosophy and targets

Generally, Anonymous opposes governments and corporations that it views as participating in censorship or promoting inequality. Since the group is decentralized, it has no real structure or hierarchy — so there’s often much internal debate about which ideas or causes to support.

A pinned 2019 tweet on the @YourAnonNews Twitter account – which, again, claims not to speak for the collective as a whole – describes Anonymous members as “working class people seeking a better future for humanity.” It lists Anonymous’ guiding principles as “freedom of information, freedom of speech, accountability for companies and governments, privacy and anonymity for private citizens.”

Since “Project Chanology,” Anonymous members have targeted a long list of parties, including:

• the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA), after those organizations worked to stop pirating websites from sharing copyrighted music and movies.
• the U.S. Department of Justice and FBI, after federal authorities shut down file-sharing website Megaupload.com in 2012.
• PayPal, after the online payments platform stopped allowing donations to WikiLeaks and its controversial founder, Julian Assange.
• government websites in Tunisia, Egypt and other countries in the Middle East and Africa as part of the 2011 Arab Spring pro-democracy protests.
• ISIS, following the 2015 Paris terrorist attacks.

Authorities around the world have arrested dozens of hackers with alleged ties to Anonymous, including at least 14 people charged with hacking PayPal in 2011. Barrett Brown, a journalist and self-professed Anonymous spokesperson, served more than four years in prison after a 2012 arrest on charges related to cyberattacks and threatening a federal officer.

The collective’s activities trailed off after some of those arrests, but resurfaced last year when Anonymous claimed responsibility for hacks targeting the Republican Party in Texas, in protest of the state’s controversial abortion law. Anonymous also claimed responsibility for a September hack of web-hosting company Epik, which leaked more than 150 gigabytes of data on far-right groups like QAnon and the Proud Boys.

Supporters and critics

In 2012, Time magazine named Anonymous one of the world’s 100 Most Influential People. Today, millions of people follow Anonymous-affiliated social media accounts.

Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, told CNBC last week that Anonymous’ supporters likely view the group as somewhat of a “cyber Robin Hood,” targeting powerful governments and corporations in the name of popular causes.

“You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction,” Fowler said.

But Anonymous definitely has critics. Many believe the group’s vigilante tactics are extreme and potentially dangerous. In 2012, the National Security Agency deemed Anonymous a threat to national security.

Parmy Olson, a journalist who wrote a 415-page book on Anonymous in 2012, stated at the time that even the group’s supporters should consider its legacy a mixed bag.

“Has Anonymous done good for the world? In some cases, yes,” Olson told Radio Free Europe/Radio Liberty, citing Anonymous’ support of pro-democracy demonstrators in the Middle East. “Unnecessarily harassing people? I would class that as a bad thing. DDOSing the CIA website, stealing customer data and posting it online just for sh-ts and giggles is not a good thing.”

Read more

The FBI's Perspective on Ransomware

 

Ransomware: contemporary threats, how to prevent them and how the FBI can help#

Ransomware attacks are a type of cybercrime that have gained significant attention in recent years. These attacks involve the encryption of a victim's computer or network by an attacker, who then demands payment in exchange for the decryption key. The consequences of a ransomware attack can be severe, including the loss of sensitive or personal information, disruption of operations, and financial loss. The FBI, as a federal law enforcement agency, has a vested interest in combating ransomware and other cyber threats. In this article, we will explore the FBI's perspective on ransomware, including how it investigates and responds to these attacks and the measures it takes to prevent them.

The FBI considers ransomware to be a serious and growing threat that affects both individuals and businesses. In response to this threat, the FBI has a number of tools and resources at its disposal. One of these is the Internet Crime Complaint Center (IC3), which is a centralized repository for cybercrime complaints. Through the IC3, individuals and organizations can report a ransomware attack and help the FBI gather intelligence and build cases against those responsible.

In addition to its work through the IC3, the FBI also conducts proactive investigations into ransomware and other cyber threats. This includes working with other government agencies, such as the Department of Homeland Security and the National Cybersecurity and Communications Integration Center, as well as international partners and the private sector. The FBI's National Cyber Investigative Joint Task Force (NCIJTF) brings together more than 20 federal agencies to share information and resources in the fight against cybercrime, while the Cyber Action Team (CAT) is a rapid-response unit that can deploy to the scene of a cyber incident to provide on-the-ground support.

One of the challenges that the FBI faces in combating ransomware is the constantly evolving nature of the threat. Cybercriminals are constantly developing new ways to carry out attacks and evade detection, which can make it difficult for law enforcement and other organizations to keep up. To address this challenge, the FBI has a number of programs and initiatives in place to improve its ability to respond to ransomware and other cyber threats. This includes partnering with industry experts and academics to stay up-to-date on the latest trends and techniques used by attackers.

Prevention is also a key aspect of the FBI's approach to ransomware. While it is not always possible to prevent a ransomware attack, there are steps that individuals and organizations can take to reduce their risk. The FBI recommends a number of best practices, such as keeping software and systems up-to-date, implementing strong passwords and two-factor authentication, and regularly backing up important data. The FBI also works with industry partners to promote the adoption of industry-standard security practices and technologies, such as network segmentation and threat-hunting software.

In conclusion, the FBI views ransomware as a serious and growing threat that requires a multifaceted response. Through its investigations, partnerships, and prevention efforts, the FBI is working to protect individuals and organizations from this type of cybercrime and bring those responsible to justice.

In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis.

The Ransomware Landscape#

Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars.

Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The second threat has an indirect impact, yet it is just as serious (if not more). Publication could trigger regulatory and compliance issues, as well as negative long-term brand effects.

Here are some examples of real ransomware notes:

Ransomware as a Service (RaaS) has become the most widespread type of ransomware. In RaaS attacks, the ransomware infrastructure is developed by cyber criminals and then licensed out to other attackers for their use. The customer attackers can pay for the use of software or they can split the loot with the creators. Etay maor, Senior Director Security Strategy at Cato Networks commented, "There are other forms of RaaS. After receiving the ransomware payment some Ransomware groups sell all the data about the victim's network to other gangs. This means the next attack is much simpler and can be fully automated as it does not require weeks of discovery and network analysis by the attackers."

Some of the major RaaS players, who are notorious for turning the RaaS landscape into what it is today, are CryptoLocker, who infected over a quarter million systems in the 2000s and profited more than $3 million in less than four months, CryptoWall, who made over $18 million and prompted an FBI advisory, and finally Petya, NotPetya and WannaCry who used various types of exploits, ransomware included.

How the FBI Helps Combat Ransomware#

An organization under attack is bound to experience frustration and confusion. One of the first recommended courses of action is to contact an Incident Response team. The IR team can assist with investigation, recuperation and negotiations. Then, the FBI can also help.

Part of the FBI's mission is to raise awareness about ransomware. Thanks to a wide local and global network, they have access to valuable intelligence. This information can help victims with negotiations and with operationalization. For example, the FBI might be able to provide profiler information about a threat actor based on its Bitcoin wallet.

To help ransomware victims and to prevent ransomware, the FBI has set up 56 Cyber Task Forces across its field offices. These Task Forces work closely with the IRS, the Department of Education, the Office of Inspector General, the Federal Protective Service and the State Police. They're also in close contact with the Secret Service and have access to regional forensics labs. For National Security cyber crimes, the FBI has a designated Squad.

Alongside the Cyber Task Force, the FBI operates a 24/7 CyWatch, which is a Watch Center for coordinating the field offices, the private sector and other federal and intelligence agencies. There is also an Internet Crime Complaint Center, ic3.gov, for registering complaints and identifying trends.

Preventing Ransomware Attacks On Time#

Many ransomware attacks don't have to reach the point where the FBI is needed. Rather, they can be avoided beforehand. Ransomware is not a single-shot attack. Instead, a series of tactics and techniques all contribute to its execution. By identifying the network and security vulnerabilities in advance that enables the attack, organizations can block or limit threat actors' ability to perform ransomware. Etay Maor added "We need to rethink the concept that "the attackers need to be right just once, the defenders need to be right all the time". A cyber attack is a combination of multiple tactics and techniques. As such, it can only be countered with a holistic approach, with multiple converged security systems that all share context in real time. This is exactly what a SASE architecture, and no other, offers the defenders".

For example, here are all the steps in a REvil attack on a well-known manufacturer, mapped out to the MITRE ATT&CK framework. As you can see, there are numerous phases that took place before the actual ransom and were essential to its "success". By mitigating those risks, the attack might have been prevented.

Here is a similar mapping of a Sodinokobi attack:

Maze attack mapping to the MITRE framework:

Another way to map ransomware attacks is through heat maps, which show how often different tactics and techniques are used. Here is a heat map of Maze attacks:

One way to use these mappings is for network analysis and systems testing. By testing a system's resilience to these tactics and techniques and implementing controls that can mitigate any risks, organizations reduce the risk of a ransomware attack by a certain actor on their critical resources.

How to Avoid Attacks - From the Horse's Mouth#

But don't take our word for it. Some ransomware attackers are "kind" enough to provide organizations with best practices for securing themselves from future ransomware attacks. Recommendations include:

• Turning off local passwords
• Using secure passwords
• Forcing the end of admin sessions
• Configuring group policies
• Checking privileged users' access
• Ensuring only necessary applications are running
• Limiting the reliance of Anti-Virus
• Installing EDRs
• 24 hour system admins
• Securing vulnerable ports
• Watching for misconfigured firewalls
• And more

Etay Maor of Cato Networks highlights "Nothing in what several Ransomware groups say organizations need to do is new. These best practices have been discussed for years. The reason they still work is that we try to apply them using disjoint, point solutions. That didn't work and will not work. A SASE, cloud native, architecture, where all security solutions share context and have the capability to see every networks flow and get a holistic view of the attack lifecycle can level the playing field against cyber attacks".

Ransomware Prevention: An Ongoing Activity#

Just like brushing your teeth or exercising, security hygiene is an ongoing, methodical practice. Ransomware attackers have been known to revisit the crime scene and demand a second ransom, if issues haven't been resolved. By employing security controls that can effectively mitigate security threats and having a proper incident response plan in place, the risks can be minimized, as well as the attackers' pay day. The FBI is here to help and provide information that can assist, let's hope that assistance won't be needed.

Read more

New best story on Hacker News: Microsoft is preparing to add ChatGPT to Bing

Microsoft is preparing to add ChatGPT to Bing
625 by mfiguiere | 519 comments on Hacker News.


Read more

New best story on Hacker News: Scientists have discovered the first virovore – an organism that eats viruses

Scientists have discovered the first virovore – an organism that eats viruses
543 by xiaodai | 87 comments on Hacker News.


Read more

New best story on Hacker News: How many layers of UI inconsistencies are in Windows 11?

How many layers of UI inconsistencies are in Windows 11?
551 by crecker | 403 comments on Hacker News.


Read more

New best story on Hacker News: Petals: Run 100B+ language models at home bit-torrent style

Petals: Run 100B+ language models at home bit-torrent style
549 by antman | 140 comments on Hacker News.


Read more

New best story on Hacker News: Airbnb removed my negative review

Airbnb removed my negative review
511 by luminaobscura | 298 comments on Hacker News.
I recently had a bad airbnb experience. During check in the host requested a cash deposit. this wasn't explained in the listing or prior to arrival. i couldn't check in and went elsewhere. Then i posted a review* giving these details. Airbnb removed my below review because "The review didn’t have enough relevant information to help the Airbnb community make informed booking or hosting decisions." The rating of the place went back up after removal. The host still have "superhost" status. Needless to say, i no longer trust airbnb reviews. *my full review was: I wasn't able to check in because [Host] requested 300 USD security deposit during check in. I told her - I don't have that much cash on me. - That is against AirBnB rules. - This should have been explained in airbnb listing. She can't just surprise guests with this at the last minute. She didn't listen. She said: "my house my rules", "you can't tell me how to run my business", "if you don't like it, you can cancel". I told her if i cancel, i don't get full refund so she should cancel. she said she won't cancel and me not getting refund is not her problem. I think she counts on the fact that guests typically wouldn't want to cancel in the last minute. you can see in some other reviews people had to agree to paying her this deposit. But i didn't want to cave in and called AirBnB. Thankfully, airbnb fully refunded the payment and i was able to find another accomodation in the last minute. I don't recommend this host unless you want a stressful start for your vacation.

Read more

New best story on Hacker News: Why Not Mars

Why Not Mars
465 by maxerickson | 589 comments on Hacker News.


Read more

New best story on Hacker News: Conversation skills essentials

Conversation skills essentials
460 by lylejantzi3rd | 182 comments on Hacker News.


Read more

New best story on Hacker News: Ask HN: Concepts that clicked only years after you first encountered them?

Ask HN: Concepts that clicked only years after you first encountered them?
452 by luuuzeta | 669 comments on Hacker News.
I'm reading Petzold's Code [1], and it dawned on me that I didn't understand logic gates intuitively until now. I took a Computer Architecture course back in college, and I understood what logic gates meant in boolean algebra but not empirically. Petzold clarified this for me by going from the empirical to the theoretical using a lightbulb, a battery, wires, and relays (which he introduces when he talks about the telegraph as a way to amplify a signal). Another concept is the relationship between current, voltage, and resistance. For example, I always failed to understand why longer wires mean more resistance while thicker wires mean less resistance. [1]: https://ift.tt/GxN52sM

Read more

New best story on Hacker News: Croatia to switch to euro, enter passport-free Schengen zone

Croatia to switch to euro, enter passport-free Schengen zone
419 by eatonphil | 426 comments on Hacker News.


Read more