The FBI’s war on Anonymous

The FBI announced yesterday “additional attempted computer hacking charges and 18 counts of cyberstalking” for Fidel Salinas. That now brings the total charges to 44 – each of which carries a maximum of 10 years in prison. This alleged hacker is now facing 440 years in prison.

According to the allegations, between December 23-29, 2011, Salinas had the intent to harass and intimidate a female victim. Allegedly, he repeatedly e-mailed her, attempted to gain unauthorized access to her website, made submissions through a contact form on that site, and tried to open user accounts without her consent.
Alleged ‘Anonymous’ Computer Hacker Charged with 18 Counts of Cyberstalking

440 years? Really?

The clue, perhaps, lies in the title of the announcement: “alleged ‘Anonymous’ hacker…”.

It is not illegal to be a member of Anonymous – so why describe him that way? Why not simply say, “Fidel Salinas Charged with 18 Counts of Cyberstalking”?

The FBI announcement goes on to say,

Salinas allegedly participated in an online chat room for the Operation Anti-Security faction of Anonymous and attempted to enter the IRC Operations server for Anonymous. According to the charges, after his alleged attempt to hack his way into the Hidalgo County web server, he posted a profanity-laced rant on his Facebook page that ended with a quote used by Anonymous members: “We do not forgive, we do not forget, divide by zero we fall, expect us.”

Again, I’m not sure what is illegal here, apart from the attempted (alleged) hack “into the Hidalgo County web server”. It is possible that he posted something illegal in the ‘profanity-laced rant’ (if, for example, it falls foul of ‘hate’ laws); but profanity itself and the freedom to say ‘We do not forgive, we do not forget, divide by zero we fall, expect us’ is, I believe, protected by the US constitution and therefore perfectly legal.

Well that’s another few zeros on the budget…

So why bring it up?

There can be only one reason. The FBI is continuing with its nuclear option against hackers in general and Anonymous in particular. This is a terror campaign designed to terrify existing and potential hackers, and turn public opinion against Anonymous.

Now don’t get me wrong. I do not condone hacking in any way whatsoever – except of course when conducted by the FBI, NSA and/or GCHQ in pursuit of our national interests; in which case it is perfectly legal, laudable and a Good Thing. Obviously.

GCHQ, DDoS, Anonymous, the Law and Lying

Either we believe that the Snowden leaks are the biggest con in the history of the universe, or we accept that they are true. I know of no-one who has suggested the former – so they should be taken at face value.

The latest leak, published by NBC, is a presentation that discusses GCHQ’s DDoS attack against the anonops IRC channel, and its infiltration of the Anonymous chat rooms by GCHQ agents.

Nobody who has ever spoken to anyone in Anonymous will be surprised by this. Firstly, the group automatically assumes that every second person in the chat rooms is a ‘Fed’; and secondly they have been faced with DDoS attacks (either directly or via government supporters such as Jester) for many years.

So the reality is: no surprise here.

For me, the most worrying element is the response from GCHQ. It said, according to the NBC report:

All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.
War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show

Think about this. Firstly, GCHQ is saying that its use of DDoS is legal. I doubt if many Brits understand that the law (probably the Terrorism Act and/or RIPA) allows the spy agency to engage in broadbrush DDoS attacks against innocent citizens (not everyone who uses IRC is a criminal!).

Secondly, GCHQ is saying that everything it does is subject to the oversight of the Secretary of State. That the Secretary of State did not stop this DDoS attack means that the Secretary of State sanctioned it.

So what we have is a government and legislation that specifically allows GCHQ to engage in practices against innocent people of unknown nationality with impunity, when members of Anonymous doing similar would be, and are, locked up. The only alternative is that GCHQ is lying – in which case Sir Iain Lobban should be locked up. Either way, it is an unacceptable situation.

Reckz0r’s at it again – another hack that hasn’t happened yet

Like many bloggers I watch my logs, trying to work out what appeals to readers. One thing that has continually surprised me is the popularity of a little posting I did almost 18 months ago: Reckz0r hacks MasterCard and Visa. Anonymous says no.

Reckz0r had just claimed two major hacks. Wrongly. In fact an Anonymous contact told me at the time, “He [Reckz0r] is considered the village idiot in Anonymous circles. He pretended he hacked Sony for LulzSec; he pretended he hacked sites that UGNAZI hacked. He has just faked another hack like he always does. Pure Bieber Hacker.”

But for 18 months visitors have been landing on that page. Is Reckz0r popular? I doubt it. But what it does tell me is that he is probably much better than I am at self-publicity. And now he’s at it again. This time he claims to have hacked the PS4 — well, not personally, but he almost provides a tutorial on how to implement someone else’s hack.

“Voila! JAILBROKEN!” he concludes. “You now have the ability to run unassigned/assigned code and pirated games on your PS4.” Only, naturally, the link to the actual exploit doesn’t work.

But to support his assertion he also published a Twitter conversation between himself and Sony.

Sony chastises Reckz0r, right?

Doesn’t really sound like Sony, does it? And in the first one they have very cleverly got slightly more than 140 characters into the message.

So, once again we can say with a fair degree of certainty that this is a faking hoax. But, if you’ll pardon the vernacular, it is lame. It is lame beyond even Reckz0r’s traditional lameness. It is so lame, you even have to wonder if it’s a lame joke. But that would be cleverness beyond Reckz0r — so is it even Reckz0r?

Bugger. He’s just proved the point — he really is better at self-publicity than I am.

The truth is out there – it’s just not in the newspapers

Blogs are different to newspapers. You can get away with greater subjectivity in a blog than you can in a newspaper. But newspapers cannot absolve themselves of their responsibility for pure objective fact by calling a particular section a blog.

So when Martha Gill wrote about Anonymous in the Telegraph blog, it was wrong. Her headline says it all: Anonymous have been exposed as hypocrites. Watch them try to wriggle out of it (6 November 2013). You can hear the glee in her voice – this is personal, not factual.

Anonymous responded with an open letter to the media in general. It accused Gill of being inaccurate in one of her two accusations (that their masks are produced in what she strongly implies is a sweatshop) and hypocritical in another (that Warner Bros benefits from every sale of a mask). On the latter, Anonymous suggests that royalties are a sad fact of life; and wonders how many Telegraph staff support Foxconn by using Apple or Dell, Sony or HP equipment. “Since 2010, at least 17 deaths occurred when employees committed suicide by jumping from the roof of the building. To use a phrase from Martha Gill’s article, these are certainly ‘unpleasant conditions.’”

But in reality, this incident is just a small local battle in a much larger war. Anonymous – and it’s not alone – believes that much of the media has been bought and usurped by government and big business; and supports the agenda of government and big business to the exclusion of truth. It is no coincidence that there is a nationwide (US) march against corporate media planned for next Saturday:

We are planning a march and rally in Washington DC to raise awareness of the privatization, corporatization, and monopolization of the mainstream media and the corruption of our fifth estate. The failure of the corporate networks to adequately cover critical social issues has allowed for the rampant corruption of our political and economic system to go unquestioned and unchallenged.
March against mainstream media

If you have already thought about this, it cannot be denied. A few (very few) newspapers have kicked back in recent months with the Snowden revelations (notably the Guardian, Washington Post and Der Spiegel); but it’s also noticeable that the Guardian is under threat of prosecution in the UK for doing so.

And if you want a specific current example of this media betrayal, consider an EFF blog from Thursday: How Can the New York Times Endorse an Agreement the Public Can’t Read?

The New York Times’ editorial board has made a disappointing endorsement of the Trans-Pacific Partnership (TPP), even as the actual text of the agreement remains secret. That raises two distressing possibilities: either in an act of extraordinary subservience, the Times has endorsed an agreement that neither the public nor its editors have the ability to read. Or, in an act of extraordinary cowardice, it has obtained a copy of the secret text and hasn’t yet fulfilled its duty to the public interest to publish it.

TPP is the successor to ACTA. ACTA was defeated by European activism. It is dead. TPP allows the same provisions to be established everywhere else without European involvement. Once this is achieved, the new discussions on an EU/US trade agreement will be dragged into the same agreements – it will be inevitable.

But where is the mainstream media’s concern over either? In defeating ACTA, the people made it very clear that they do not want ACTA – more specifically the internet-controlling, copyright-enforcing aspects of it. To understand the great Battle of ACTA, read Monica Horten’s new book, A Copyright Masquerade.

Rather than accept the will of the people, big business and government withdrew, regrouped, renamed and returned from a different direction, calling it TPP and being equally if not more secretive.

The problem is that the mainstream media is not on the side of its readers, but on the side of its owners.

Quite simply, the majority of US news outlets are owned by the same media companies that are lobbying in favour of trade agreements that will take over control of what appears on the internet, who can see what, and who goes where. Quite frankly, we can no longer believe what we read in the press any more than we can believe what government tells us.

Is Trend Micro correct in its #OpIsrael ‘Botnets Involved in Anonymous DDoS Attacks’

OpIsrael DDoS spike: 7 April

Trend has done an analysis of #OpIsrael attacks on April 7. It notes that on that particular day, traffic to one particular website, normally around 90% Israeli, became 90% international due to the botnet DDoS attacks.

This increase in non-Israeli traffic was well distributed, with users from 27 countries (beside Israel itself) accessing the target site.

This is factual and we can take it at face value from a company like Trend. The next comments, however, start with fact but end in interpretation:

[fact] Examining the IP addresses that had accessed the target site, we noticed that some of these were known to be parts of various botnets under the control of cybercriminals. In addition, further investigation revealed that these IP addresses had been previously identified as victims of other attacks like FAKEAV, ransomware, and exploit kits.

[opinion] These findings highlight how major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well. These attacks are not nearly as “harmless” as some would think.

The interpretation is that because a particular PC is known to be infected with a bot, participation in the DDoS attack against Israel was necessarily under the direction of the botherder criminal. But an alternative interpretation could be that the PC owner, entirely independently, decided to take part in the protest. (This is unlikely given the need to hide the source IP during such a protest.) Another possibility, however, could be that an activist protester, not otherwise a criminal, could have hired a botnet from a criminal, not otherwise an activist.

My point is that the final comment (“major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well”) is a non-sequitur from the preceding argument. Trend may be right; but should not be making such a bald statement without further ‘proof’.

It highlights a danger we all face as we shift our news intake from traditional newspapers to blogs: the automatic acceptance of an opinion as fact. Blogs, for their part, should draw a distinction between fact and opinion – and the conclusion of this particular blog should be clearly labelled ‘opinion’.

israel-trade.org got hacked – israeltrade.org did not

There’s a really nice hack of israel-trade.org – visually very, well, nice. And coming at the beginning of the ‘Anonymous’ war on Israel, I suppose it is only to be expected.

Nice hack design on israel-trade.org

Thing is, I’m not sure whether saying ‘you’re hacked’ on your own website is genuine hacking…

There is a very similar sounding site called israeltrade.org – and that site is still (at least at the time of writing this) running fine.

israeltrade.org still running…

But israel-trade.org got got – and oh look – it only took the hacker a couple of hours from registration to hack…

A rather late April Fool joke on the media, I suspect.

If Izz ad-Din al-Qassam is the Iranian government, does that mean that Anonymous is the US government?

Incapsula recently reported that it discovered one of its clients was being used to launch DDoS attacks against US banks. It doesn’t say, but it seems likely that the DDoS tool was the same ‘itsoknoproblembro’ that I reported on in Infosecurity Magazine here, currently in use by an Iranian hacking group calling itself the Izz ad-Din al-Qassam Cyber Fighters.

Most of the media that has picked up on the Incapsula story consciously or unconsciously links it to a separate concurrent story in the New York Times:

But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.
Bank Hacking Was the Work of Iranians, Officials Say

The whole article can be consigned to the category of sensationalist journalism, well beneath what we should expect from the New York Times. The purpose, however, is very simple: “There is no doubt within the U.S. government that Iran is behind these attacks,” said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington.”

The purpose behind this and many similar articles – on both sides of the Atlantic – is to put cyberfear into the hearts of the people. This then justifies the introduction of more and more draconian legislation and more and more surveillance from the US and European governments on their own people. Just read the press and see how many threats are coming from Iran and China. Mostly, the implication rather than anything else is that these threats are government sponsored; that is, it is the Iranian government and the Chinese government that is behind them all.

That, frankly, is baloney. It is targeted fear-mongering by our own governments.

The reality is that the Iranian and Chinese governments are most likely aware, and possibly tolerate the existence and aims, of these hacking groups – but there is no evidence that they are behind them. The same goes on in the West. The hacktivist known as Jester shares the same views as the US government. He attacks muslim websites, and anyone he believes ‘disses’ US government policy (such as WikiLeaks and Cryptocomb). When he took down Cryptocomb, the site put up the notice: ‘Cryptocomb will be back after the state sponsored attack ends.” It beggars belief that neither the FBI nor DHS know the identity of Jester – but it doesn’t benefit their policies to arrest him; so they don’t and won’t. I have no doubt that the same goes on in Iran and China – but that doesn’t mean that governments are directing the attacks.

David Graham makes a valid point.

When Muslims claim the offensive “Innocence of Muslims” video is state-sponsored by the U.S. government, we know their conspiracy theory is silly.
State sponsored attack: a howto guide

But when Muslim activists retaliate, we immediately accuse the Iranian government. Strange.

But it’s not at all strange. The simple fact is that US and EU law enforcement agencies are using the attacks to justify increased ‘counter-terrorism’ budgets, and increased home surveillance and control. And articles like this from the New York Times will help them. Calling Izz ad-Din al-Qassam an arm of the Iranian government is similar to calling Anonymous a branch of western governments because it has supported the Syrian rebels against Bashar al-Assad.

Tyler – the embodiment of freedom of expression guaranteed by Anonymous

Earlier today I talked to Anon Winston Smith about Tyler – because like many of us, I have heard of Tyler, but know very little about it. I had thought it was just an alternative to WikiLeaks; but in reality it is very much more. You can find a summary of the chat here on Infosecurity Magazine.

I’d like to make one point, because I think it’s quite important. I referred to Winston as the man “who fronts the AnonUKIre group,” and got an instant rebuke. No-one ‘fronts’ Anonymous or any part of it. That’s the whole point about Anonymous; it has no structure, no hierarchy, no frontsman – and one of our difficulties in understanding the collective is an automatic tendency to try to pigeon-hole it in traditional terms. It doesn’t work, because Anonymous is quite literally and genuinely anarchic. That, probably more than anything else, is what worries the suits.

But back to Tyler. I’ve talked to Winston before and know a little about his background. I know, for example, that he has held quite senior IT positions in quite major banks – so I thought it a fair bet that he would know a bit about Tyler. What I didn’t realise was just how much he knows:

IRL [‘in real life’] I was a professional systems architect and financial engineer. That career was destroyed by a number of corrupt officials and professionals. I am providing these skills to Anonymous to assist Tyler in these critical stages until it can support itself of its own accord. An open source, open contribution based system is being setup so that Tyler will be open to all for design, development and implementation – as it should be. Within a few months Tyler will be able to be contributed to anonymously by as many people who want to become involved, on any aspect of its evolution. Until that time, I will be answerable to Anonymous for its design and architecture. It does not mean it’s my project, it means I am the one people can shout at. Many other Anons are involved, anonymously. Their contribution is no more nor less important than mine. The nature of their involvement means secrecy.

For the moment, Tyler would appear to be operational as a closed system. Anons seem to be using it to help develop it; but only with the use of RetroShare and only within a select group. Joining that group is by invitation only. However, by the end of next year, Winston expects it to be fully operational – and by then WikiLeaks-style leaks will be only a small part of a fully distributed, fully functional, encrypted social network. The fear that Twitter, or Facebook, or Google or Microsoft will disclose our personal details to law enforcement or sell our privacy to the highest bidder will be no more. To help understand this, Winston sent me two graphics. The first is a representation of the existing WikiLeaks.

The structure of WikiLeaks – a single point of failure

It has a single point of failure – well, two to be precise: it’s structure and its head (Julian Assange). I actually did a post two years ago with the same conclusion: You cut off the head to kill the snake – the threat to Julian Assange. WikiLeaks is vulnerable. Tyler is designed to be not so.

The distributed nature of Tyler

The point about Tyler is that it is effectively modeled on Anonymous itself: distributed, anonymous (encrypted), and with no head (either personal or structural) that can be cut off. Tyler is the hydra to WikiLeaks snake. It is also Facebook, Twitter, Tumblr, Skype and many other things all rolled into one; but private, secure and not subject to subpoenas. It will eventually be, as Winston Smith suggests, a delivery of the right to freedom of expression guaranteed not by our legal systems or governments, but by Anonymous.

See also: More accusations for Barclays to answer

Civil war isn’t coming – it’s here

Stratfor founder and CEO George Friedman talks about the potential for civil war in Europe. He discusses the ‘national tensions and the class tensions’ that have prevented a European solution to the European (and, by extension, the World) problem. But, “If the Europeans do not generate that sort of solution in 2013, it is time to seriously doubt whether a solution is possible and therefore to think about the future of Europe without the European Union.”

The problem, he suggests, is that the European elite has done much to stave off another banking crisis, but little for the people. “And since the core promise of the European Union was prosperity, the failure to deliver that prosperity — and the delivery of poverty instead, unevenly distributed — is not sustainable.” That poverty could have serious consequences. “Progress, if not a solution, must become visible. It is difficult to see how continued stagnation and unemployment at these levels can last another year without starting to generate significant political opposition that will create governments, or force existing governments, to tear at the fabric of Europe.”

He doesn’t use the term ‘civil war’, but that’s really what he’s talking about. He compares the rise of the far right in Greece now to the rise of the Nazis in Germany for basically similar reasons: severe poverty and lack of national esteem imposed by external forces perceived to be corrupt and self-seeking. Since this is happening within the Union, it is a civil rather than international war.

But Friedman, like our national leaders, has not yet grasped that the entire world is already in civil war. It is a war being fought by the people against corruption and arrogance and mis-management by the political classes and their instruments. It is a civil war being fought on the streets by Occupy and on the internet by Anonymous – and with the continuing corruption, lies, cronyism, mismanagement and double-standards from the people we pay to protect us it is only going to spread.

Steubenville is an example of both the cause and effect of this civil war. A 15 year-old girl was drugged and raped by multiple members of the local high school football team. Two were arrested and charged with adult rape and kidnap. The kidnap charge has been dropped, the rape charges moved to the minor court, and both are released on bail. Nobody else has been charged.

I challenge everybody to read two statements: one from Anonymous (The Steubenville Files), and one from the City of Steubenville and the Steubenville Police Department (Steubenville Facts). You may draw your own conclusions. If you have a strong stomach – but only if you have a strong stomach – watch this video:

If the double-standards, corruption, cronyism and self-protecting lies of our political leaders and their law enforcement instruments is not stamped out, and political forces start to protect the innocent from the evil, rather than the evil from the innocent, then the civil war being led by Anonymous and Occupy will undoubtedly and inevitably spread. The People will stand up and say, We’ve had enough.

See also: Rebellion follows breakdown in a feudal society – we are a broken feudal society; and Anonymous is the first sign of rebellion

Rebellion follows breakdown in a feudal society – we are a broken feudal society; and Anonymous is the first sign of rebellion

Nothing but the words we use have changed since the Middle Ages: we still live in a feudal society that is designed to funnel the labour of the masses into the pockets of the few. The ‘few’ are the owners of wealth: it used to be just landowners, now they are joined by financiers and industrialists. The government remains the administrative arm of the few: governments continue to organize the means by which the funnel works and cloak it in arguments about the ‘economy’. Even the social contract remains the same: the people hand over the results of their labour in exchange for peace, protection and security.

Problems arise in a feudal society, such as ours today, when that basic contract begins to fail. It is failing now: people feel neither protected nor secure. First, the people begin to question things. See the Truth movement. Then they start to protest. See the Occupy movement. Then they take action. See the increasingly interventionist stance of the Anonymous movement. This can only increase.

The problem is that the social contract has always been a fallacy. Government priority has never been to protect the people; it has always been to enrich the wealthy. Throughout history government has been able to fool the people by controlling information as well as money and arms. The internet is changing things. Governments still control the ‘media’, because they either own the media or are the servants of the owners of the media.

But the people are turning away from the media and looking for the truth on the internet – by reading independent bloggers, and multiple news sources such as alJazeera, RT and Mehr as well as the BBC in order to get a balance. And as the people learn more of the truth, they are less content with the status quo – that false social contract. We have reached that stage where the people will increasingly take the law into their own hands because they do not believe the governments’ law is working for them. It has already happened in parts of the Arab world. It is happening now in the ‘west’, not in the same open and bloody rebellion, but in the green shoots of rebellion shown by Anonymous.

The law was not able to protect Amanda Todd (watch her video, please), nor find the bully who drove her to suicide. So Anonymous did (or at least provided the name of the person it believes was responsible). The law is unable or unwilling to navigate the dark net and expose paedophile websites. So Anonymous does – and acts where the law doesn’t. This interventionist approach will grow because it is a popular uprising in protest against the way government fails to protect the people and concentrates on enriching the rich at the expense of the people; and that will not change.

Make no mistake, the few will not give up their current position. They are not going to say, you’re right, we’re wrong; here, take all your money back and let’s be more egalitarian from now on. They will fight, first by seeking to regain control over information through controlling the internet, then by demonizing all popular movements, then by new and draconian laws, and finally by increasing use of physical force.

All of this is happening right now, all around us. We see it everywhere. You can see it as clearly as I do if you just look and question. The issue is where do we go from here?

See also: Civil war isn’t coming – it’s here