Oh the irony!
Barrett Brown was indicted last week on 12 new counts. The first was “Traffic in Stolen Authentication Features.” These authentication features (belonging to credit card numbers) were lifted from Stratfor by LulzSec/AntiSec around Christmas last year.
- Brown is not accused of being a member of LulzSec or AntiSec.
- Brown is not accused of being involved in the Stratfor hack.
- Brown is not accused of making fraudulent use of the credit card details.
He is accused that
On or about December 25, 2011, in the Dallas Division of the Northern District of Texas and elsewhere, defendant Barrett Lancaster Brown, aided and abetted by persons known and unknown to the Grand Jury, in affecting interstate commerce, did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority, in that Brown transferred the hyperlink “http://wikisend.com/download/597646/stratfor_full_b.txt.gz” from the Internet Relay Chat (IRC) channel called “#Anonops” to an IRC channel under Brown’s control called “#ProjectPM,” said hyperlink provided access to data stolen from the company Stratfor Global Intelligence, to include 5,000 credit account numbers, the card holders’ identification, and the authentication features for the credit cards known as the Card Verification Values (CVV), and by transferring and posting the hyperlink, Brown caused the data to be made available to other persons online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.
In other words, Barrett Brown has been indicted for posting a link on the internet. He did nothing more than that. That’s more than a bit worrying. Is the FBI going to come after anyone posting a link to a file containing information it doesn’t wish to be public? What does that do to the freedom of the press?
But that link for which Brown has been indicted has been made public by the indictment. Now I believe I am outside of the FBI’s jurisdiction (McKinnon and O’Dwyer and indeed Assange may think differently), but the signatories to the indictment are not. Candina S Heath (Assistant United States Attorney, Northern District of Texas) has her name printed. The others I cannot decipher:
In the interest of justice, then, I confidently await at least three new indictments with almost exactly the same wording as Brown’s, naming three new defendants who, by making public the same hyperlink, “caused the data to be made available to other persons online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.” Unless, of course, every single one of the 5000 cardholders (and for that matter every single Stratfor client mentioned in the leaked file) has given explicit consent for the disclosure…
Jeffrey Carr tweeted about my blog on Akamai and Anonymous (Anonymous and the ‘threat’ against Akamai and Josh Corman).
Interesting to say the least.
But before saying anything else, I should stress that I am taking this tweet and the TechWeekEurope report on Josh Corman’s RSA 2012 comments at face value. I cannot personally corroborate either.
Firstly, the idea that being ‘kind’ yesterday should excuse being ‘unkind’ today seems strange. Corman’s latest reported comments are not capable of being misconstrued:
Anonymous has very few hackers, it has very few activists… It is very misleading to call the groups hacktivists. The common attribute is angst. The talented ones are either quitting or starting to do things that are more clandestine.
If accurate, the purpose of these sentiments can only be to belittle and perhaps ridicule Anonymous. The reality is, ridicule and disinformation are Authority’s most effective weapons against Anonymous. This explains why Anonymous questioned his motives.
But this is not what intrigues me most about Carr’s tweet. It is the comment, “trying to help Anonymous become a more effective org”. It is a fundamental contradiction in terms that displays a basic misunderstanding of Anonymous. In fact, I would go further. If someone really does understand Anonymous and tries to help it become a more effective organization, then that person has an ulterior motive and is actually trying to weaken Anonymous.
Anonymous is not an organization. Its strength is that it is not an organization. In fact I suggest that its survival depends upon it never becoming an organization. Organizations have structures. Structures have hierarchies. Hierarchies have heads – and heads can be beheaded.
Think of LulzSec. It was taken apart because it had at least a nominal head in Sabu. By first taking Sabu, the FBI was able to destroy LulzSec. It also explains why the US is expending so much effort on getting Assange – by attacking the structure of Wikileaks it will ultimately destroy Wikileaks. So long as Assange is a primary focal point for Wikileaks, Wikileaks has a weakness. But by having no structure, Anonymous becomes a Hydra.
I don’t know whether any such thinking exists within the Anonymous movement. I suspect the ‘official’ line is that it is governed by its own ‘collective consciousness’. On one level this is a weakness because it allows different factions to act out their own predilections in the name of Anonymous. The collective (not the organization) cannot denounce these acts because it would deny the principle of collective consciousness. As a result, winning the hearts and minds of the unaligned public becomes difficult and highly susceptible to ridicule and accusations of terrorism.
But it does have one huge strength. The mere fact that Anonymous exists is a testament to increasing worldwide discontent with the political and social status quo. As this discontent, illustrated by the Occupy Movement, continues to grow, so Anonymous will continue to strengthen. Becoming ‘organized’ will provide a weakness that the authorities will exploit. So it must continue with its disorganized and decentralised lack of structure. It will make the battle longer; but it is the only way it can win. Organizing itself will destroy itself.
A simple glance around the contemporary threatscape shows that cyberwar is getting increasingly confused and complicated: confusticated, in fact. Nation states are (allegedly) attacking nation states; criminals are attacking infrastructures; nation states are (allegedly) controlling criminals; criminals are attacking the people; and the people are rebelling against their governments.
Let’s start at the top: state-sponsored cyber attacks. It came to the surface with Aurora two years ago – and incidentally, the gang behind it, whether state- (for which read ‘China’) sponsored or not, is still active – blossomed with Stuxnet and Duqu and went into overdrive with Flame and Wiper. The last four are all (allegedly) part of a US/Israeli campaign against Iran; and this is not cyber-espionage, this is pure war.
The thing about Wiper is that it is destructive. It attempts to be – and succeeds in being – a new form of ‘stealth’: it self-destructs to avoid being taken alive. And as far as is known, there is still no live Wiper in captivity. First, as far as we understand, it steals data; then it destroys data; and then it kills itself.
After Wiper we had Shamoon, and this is where things start to get complicated. Shamoon seems to be a poor copy of Wiper, and is believed to have been used to attack the Saudi oil company, Aramco – and possibly the Qatari energy company RasGas two weeks later. Now we are in the land of conjecture. Shamoon could have been designed and used by traditional criminals; but that idea doesn’t quite hang together.
Another theory points the finger at Iran. Shamoon, it suggests, is an Iranian retaliatory strike following Stuxnet and Flame; and targeting Aramco because of the Saudi promise to increase oil production to offset the effect of sanctions against Iranian oil. This theory suggests that since Iran was the primary target of Wiper, it more than any other source would be well-positioned to develop a copy – and indeed Shamoon does appear to be a poor copy of Wiper.
This political theory of Shamoon is supported internally by the malware itself. Part of its data wiping process is to use a fragment of a JPG file. That picture has now been recognised: it is a picture of a burning US flag. What we don’t know is whether Shamoon is state-produced in the same way as Stuxnet, Flame and Wiper; or whether it is produced by criminals ‘encouraged’ by the state. Incidentally, we are in exactly the same position with Aurora. The gang behind Aurora, called the Elderwood gang by Symantec, is still very active and still targeting primarily US defense companies. Is it China or Chinese criminals or Chinese criminals ‘encouraged’ by China?
The simple fact is the confustication of modern cyberwarfare means we neither know nor are likely to know the answers to these questions: plausible deniability lies at the heart of all cyber criminality.
Now let’s consider hacktivism, the ‘civil war’, or just civil rebellion part of cyberwarfare – Wat Tyler Vs the king. Anonymous is the seminal hacktivist – but not the only actor. Since the demise of LulzSec, Anonymous has largely undertaken its protest through DDoS (not entirely, since it was involved in first stealing huge volumes of Iraqi emails, and then leaking them to WikiLeaks). But now it has been ‘joined’ by NullCrew, adding to the hacking power of AntiSec. AntiSec may be mainstream Anonymous; but NullCrew is separate. It just has similar sympathies, and many of its recent hacks have been performed in the name of the Anonymous-led and politically motivated #OpFreeAssange.
Both AntiSec and NullCrew are seriously ‘talented’ hackers. AntiSec recently stole a large number of Apple UDIDs from either the FBI or BlueToad, depending on who you believe. Null Crew hacked a Cambodian Army site, Logica, Cambridge University, the European Space Agency and more and more. 0x00x00, perhaps a member of NullCrew, perhaps not, has undertaken his own Assange campaign, breaking into numerous websites and leaving an Assange poster calling-card.
But while we’re talking about hacktivism, let’s not forget that the king has his own men – the FBI (and SOCA) acting within the king’s law, and Jester – that ‘hacktivist for good’ – acting outside of it. The latter recently took on and took out a well-respected site, Cryptocomb, in what Cryptocomb openly described as a ‘state-sponsored’ attack. Now, if this isn’t confusticating enough, there is even a civil war within the rebels. One faction has been calling for a more organised Anonymous with a supreme council directing operations – only to be slapped down by the existing Supreme Council of One, Commander X. There will be no Supreme Council for at least as long as Commander X remains in charge (which, of course, he is not, other than by general consensus). Confused yet?
Well let’s summarize. There is a legal cyberwar being fought by the US and Israel (and if you believe the cyber-underground, the UK was involved – shortly before his very strange death, it is claimed that Mr Williams had been commuting between GCHQ and the NSA, and had just started talking about whistleblowing on something; all just before Stuxnet exploded. AntiSec claims on Pastebin, “And then you have Gareth Williams (31), the GCHQ hacker murdered and ‘bagged’ inside a MI6′s ‘safe’ house (we’d hate to see what the unsafe ones look like) in August of 2010 after talking about being curious about leaking something to Wikileaks with fellow hackers on irc.”
Then there is an illegal war of retaliation being fought by Iran, together with old-fashioned cyberespionage from China. And finally, the war against terror has spread to the battle against Anonymous (always classified as cyberterrorists, and therefore within the purview of the war on terror, by the king’s men) in an attempt to quell the cyber rebellion.
But – and we have to stress this – it is all conjecture, allegation and confustication. The problem is, we haven’t mentioned that primary weapon of all warfare used by all antagonists against all enemies: disinformation. And all sides are very good at it.