Anonymous owns the California State Law Enforcement Association (CSLEA) website

Shortly before midnight on New Year’s Eve (I’m talking GMT here), Anonymous tweeted us all a happy new year.

I want to wish everyone a happy new year. Stay strong. Do what you feel is right. Respect your peers and love your people. We are Legion.

Then, just into the new year, it issued its warning.

2012: White security experts and their LEA colleagues: We’re coming for you and your mailspoolz. Why? because you’re a fucking cancer.

And then, just minutes later, it declared

http://CSLEA.com owned. California Statewide Law Enforcement Agency. #antisec owning LEA and Whitehats for fun and m4yh3m!

Anonymous owning and defacing CSLEA

At the time of writing this, cslea.com is down.

Anonymous fascinates me. I must own to a sneaking sympathy for some of their aims. Who of us, apart from the 1%, does not at least in part and perhaps secretly support the 99%? But some of Anonymous’ comments leave me cold: “#antisec owning LEA and Whitehats for fun and m4yh3m!” is completely the wrong attitude. ‘Fun and mayhem’ is not for me a justifiable motive.

I see Anonymous as the heirs of the street protests of the ’60s and ’70s, only this is cyber protest rather than street protest (in the Lands of the Free, at least). And if anything, rebellion is more necessary now than it was then. We have less democracy, less freedom, and more surveillance, curtailment and restriction than ever before. The power of the 1% is stronger, more entrenched, better protected, and more coordinated than ever. This is just plain wrong.

But let’s look at Anonymous. One of the accusations leveled against it is that it publishes ‘personal’ information. From this CSLEA breach it has published email addresses and home addresses and phone numbers of the law enforcement officers. I don’t agree with this. But it’s collateral damage. And I don’t have the right to object to this without equally objecting to the very real ‘collateral’ damage of killed and maimed innocent civilians and children in Iraq and Afghanistan. And nor does the government – that is simple hypocrisy.

In its favour, Anonymous takes great delight in exposing sloppy security. And CSLEA was certainly sloppy. The defacement includes a long text message, stating

In all fairness, they did make an effort to secure their systems after discovery of the breach. They changed a few admin passwords and deleted a few backdoors. Shut mail down for a few days. They also finally decided to set a root mysql password, but we got the new one: “vanguard”. We noticed that you got rid of the credit card table, and most of the users in your database. Still haven’t figured out how to safely hash passwords though: we really loved your change from ‘redd555’ to ‘blu444’. Clever.

‘vanguard’ and ‘redd555’ and ‘blu444’ are hardly strong passwords – and pretty meaningless when Anonymous was already/still on the inside. So the activities and successes of Anonymous could be a wake-up call for us all to enforce and ensure better security on our own systems. In the meantime I shall continue to watch this battle between the establishment and the anti-establishment from the outside; just as for the most part I did in the 60s and 70s. I didn’t know then whether the protests were a catalyst for change or were a result of change; and I don’t know now. The one thing that is certain is that things MUST change.

Text of the Anonymous message