Jeffrey Carr tweeted about my blog on Akamai and Anonymous (Anonymous and the ‘threat’ against Akamai and Josh Corman).
Interesting to say the least.
But before saying anything else, I should stress that I am taking this tweet and the TechWeekEurope report on Josh Corman’s RSA 2012 comments at face value. I cannot personally corroborate either.
Firstly, the idea that being ‘kind’ yesterday should excuse being ‘unkind’ today seems strange. Corman’s latest reported comments are not capable of being misconstrued:
Anonymous has very few hackers, it has very few activists… It is very misleading to call the groups hacktivists. The common attribute is angst. The talented ones are either quitting or starting to do things that are more clandestine.
If accurate, the purpose of these sentiments can only be to belittle and perhaps ridicule Anonymous. The reality is, ridicule and disinformation are Authority’s most effective weapons against Anonymous. This explains why Anonymous questioned his motives.
But this is not what intrigues me most about Carr’s tweet. It is the comment, “trying to help Anonymous become a more effective org”. It is a fundamental contradiction in terms that displays a basic misunderstanding of Anonymous. In fact, I would go further. If someone really does understand Anonymous and tries to help it become a more effective organization, then that person has an ulterior motive and is actually trying to weaken Anonymous.
Anonymous is not an organization. Its strength is that it is not an organization. In fact I suggest that its survival depends upon it never becoming an organization. Organizations have structures. Structures have hierarchies. Hierarchies have heads – and heads can be beheaded.
Think of LulzSec. It was taken apart because it had at least a nominal head in Sabu. By first taking Sabu, the FBI was able to destroy LulzSec. It also explains why the US is expending so much effort on getting Assange – by attacking the structure of Wikileaks it will ultimately destroy Wikileaks. So long as Assange is a primary focal point for Wikileaks, Wikileaks has a weakness. But by having no structure, Anonymous becomes a Hydra.
I don’t know whether any such thinking exists within the Anonymous movement. I suspect the ‘official’ line is that it is governed by its own ‘collective consciousness’. On one level this is a weakness because it allows different factions to act out their own predilections in the name of Anonymous. The collective (not the organization) cannot denounce these acts because it would deny the principle of collective consciousness. As a result, winning the hearts and minds of the unaligned public becomes difficult and highly susceptible to ridicule and accusations of terrorism.
But it does have one huge strength. The mere fact that Anonymous exists is a testament to increasing worldwide discontent with the political and social status quo. As this discontent, illustrated by the Occupy Movement, continues to grow, so Anonymous will continue to strengthen. Becoming ‘organized’ will provide a weakness that the authorities will exploit. So it must continue with its disorganized and decentralised lack of structure. It will make the battle longer; but it is the only way it can win. Organizing itself will destroy itself.
Life is a game of cricket – sometimes you face bouncers, and sometimes beamers; but usually it’s spin and swing. The internet is full of spin and swing, with business, government, law enforcement and hackers all trying to spin the news to their own advantage in order to swing public opinion behind their own position. It’s called disinformation, and everyone’s at it. But like cricket, you only need one ball to spin or swing, and you cannot trust anything ever again.
So with that introductory warning that I really haven’t got a clue, we can ask, what’s going on with WikiLeaks? This is one possibility. It’s all down to TrapWire and the information about TrapWire coming out of the latest WikiLeaks Stratfor emails.
TrapWire seems to be an international surveillance system centred in and run by the US. It makes Cameron’s Communications Bill look pedestrian. That’s not strictly accurate, since the Communications Bill watches people’s cyber movements, while TrapWire watches real world movements; that is, pedestrians (and cars and anything else that moves). It connects the nation’s CCTV surveillance cameras. As an aside, we can be pretty confident that when (not if) the US gets its Cybersecurity Act, that data will be connected to the TrapWire data. What’s more worrying for Brits is that when (not if) Cameron gets his Communications Bill into an Act, that data will also be connected to TrapWire.
This latter is just conjecture, but look at the parallels in UKUSA and do the math. Also consider this from one of the WikiLeaks emails (dated 22 September 2010):
This week, 500 surveillance cameras were activated on the NYC subway system to focus on pre-operational terrorist surveillance. The surveillance technology is also operational on high value targets (HVTs) in DC, Las Vegas, Los Angeles and London and is called TrapWire (www.abraxasapps.com).
So TrapWire was already operational in the UK almost a year ago.
Well, of course I checked on the Abraxas site (a company apparently populated by a high density of ex-CIA staff), but got nowhere.
It’s not just me.
There’s no buzz on the internet (yet at least) that Abraxas has been tangoed down by Anonymous (in retaliation for Antileaks taking out WikiLeaks). So – pure conjecture – they’ve taken it down themselves.
Thank goodness for Google cache (if you’re quick, it might still be there…)
It wouldn’t be surprising if Abraxas has disconnected itself. This TrapWire thing is big, and the Stratfor emails show it’s being used much wider than published. It’s bad enough that the UK government wants to spy on its own citizens (using our taxes to pay for it, of course), but that it has already opened the door to facilitate US government spying on the British people is quite simply obscene. Or, to be British, unacceptable. I can’t begin to think what the American people will make of it.
So, to go back to the original question, what’s going on with WikiLeaks? The obvious conclusion is that it has been taken down (well, effectively blocked) by a continuing DDoS that has been claimed by Antileaks specifically to suppress the emerging information about TrapWire (WikiLeaks is still down as I write this). This is just conjecture on my part; but, well, the dots connect. Under the guise of anti-terrorism western governments will stop at nothing in their determination to have absolute control over us.
By way of introduction I will start by pointing to two stories I did for Infosecurity Magazine. The first is Bieber Hackers and the Anonymous image problem (7 June 2012), in which I argue that Anonymous will lose the battle for hearts and minds because the general public cannot distinguish between the unprincipled hangers-on (like UGNazi) and the politically motivated Anonymous-proper.
The second story was last week: WikiLeaks starts to publish Syrian emails (6 July 2012). This story introduces the Syria Files, the start of WikiLeaks’ publication of 2.4 million Syrian emails; and I mention that I had been told by Anonymous that the documents had come from their OpSyria campaign.
Between these two articles, Anonymous published its own paper called ‘Operation Rebuild the Hive’. It recognizes some of the image problems:
Anonymous has shown its weak point, EACH OTHER. We have let the world see we can be easily deterred from our main goals by simply turning on each other. Not only have long time friends become enemies, but also we have steered possible New Blood from wanting to join. Do not forget where we come from, Do Not forget why we fight, Do not forget the people who we have helped along the lines. We as a collective must Regroup, Rethink our strategies, and REBUILD not only each other, but ourselves.
Operation Rebuild the Hive
How? Well, much is what you would expect. By supporting newcomers and keeping them safe; by loving one another; by discussing new operations and agreeing them before executing them. But there is another theme that runs through the proposals: Anonymous should be Anonymous – full stop. Everyone should change their Twitter display names to Anonymous “so we can all be one, and not just an individual.” Operations and defacements should “Display the name Anonymous, so that we as a hive can stand out and not just a crew.” And, “we move as ONE. Do not let yours or someone else’s ego get in the way of who and what we are.”
If this approach were adopted, then a major structural problem within Anonymous would be eliminated. If UGNazi, or any other crew, wants to call itself UGNazi – or any other name – it is by definition NOT Anonymous.
But then, later in the day of my second article, Anonymous publicly claimed responsibility for the Syria Files. Its announcement starts with a bit of a put down to my little article in Infosecurity: “there seems to be one very obvious question that no one is asking. Where exactly did WikiLeaks get all these E-Mails? This press release is written and addressed to the media and the world to answer this important un-asked question.” Um, er, actually, I did ask…
However, my bruised ego aside, it continues
On February 5, 2012 at approx. 4:00 PM ET USA an Anonymous Op Syria team consisting of elements drawn from Anonymous Syria, AntiSec (now known as the reformed LulzSec) and the Peoples Liberation Front succeeded in creating a massive breach of multiple domains and dozens of servers inside Syria. This team had been working day and night in shifts for weeks to accomplish this feat. So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are “in country”) that the downloading of this data took several additional weeks.
Anonymous Operation Syria – Press Release
This shows that the lesson hinted at in the Rebuild document has not gone home. Anonymous still talks about AntiSec and LulzSec and Anonymous Syria. The problem is that anybody can claim to be AntiSec or LulzSec or Anonymous Isle of Wight. Surely one small start in protecting the Anonymous image would be the elimination of all crews. If some bieber hacking group calling itself Cr3wP01s0n then claims the kudos and protection of acting in the name of Anonymous in taking down some village charity shop, the world would know, this is not Anonymous.
Anonymous still has much to do before it wins the battle for hearts and minds. And it is a battle it must win if it is to succeed. Anonymous must be seen to be what it really is: a force for the people; not a just bunch of script kiddies out for the lulz.
There was a time when I would automatically turn to the BBC for solid, unbiased, simple news. Now, like many others, I am turning elsewhere.
A case in point. Today the BBC reports on Julian Assange’s refusal to absent himself from the Ecuadorean embassy and present himself to the Metropolitan Police. The fourth paragraph, and remember that it is the first four paragraphs that also appear on Ceefax, says:
He wants to avoid being sent to Sweden to face rape and assault accusations.
Julian Assange ‘declines’ police order and Ceefax
These first four paragraphs are the ones read by most people, and seen probably by millions more on Ceefax. And that fourth paragraph misrepresents the truth so extensively it is effectively a lie. Assange repeatedly sought to have those charges properly investigated; but without the threat or possibility of subsequent, unrelated, extradition to the US.
The BBC gets closer, a little, to the truth, further on in the article:
Mr Assange fears that if he is sent to Sweden he could be sent on to the United States to face charges over Wikileaks and that there, he could face the death penalty.
There are two problems with this. Firstly, most people will have read the fourth paragraph, but not got as far as this tenth paragraph. Secondly, it is still carefully worded, so that ‘he could face the death penalty’. Most civilised people will dismiss this as paranoia: they will find it impossible to believe that the Land of the Free would execute someone for publishing genuine documents on a website. It’s simply beyond belief, therefore it can’t happen, therefore Assange is having a laugh. Therefore we don’t need to bother or even sympathise. And that is what this BBC report is designed to say; that is, what the authorities want us to hear.
The BBC report is actually about the statement by Susan Benn, a committee member on the Assange defense fund. Rather than read the sanitized BBC report, please read the full transcript here: Press Statement: By Julian Assange Defense Fund Outside the Ecuadorian Embassy. It includes this:
It should be made clear what would happen if Julian was extradited to the USA. The United Nations special rapporteur for torture, Juan Mendez has formally found that the United States has subjected Julian Assange’s alleged source in this matter, the young soldier Bradley Manning, to conditions amounting to torture. The UN found that the United States subjected Bradley Manning to “cruel, inhuman and degrading treatment”. Mr. Manning has been charged by the US government with the capital offense of “aiding the enemy” in relation to his alleged interaction with Mr. Assange. Bradley Manning has been detained without trial for two years and was placed into solitary confinement for 9 months in his cell for 23 hours a day, stripped naked and woken every 5 minutes. His lawyer and support team say these harsh measures were to coerce him into implicating Julian Assange.
This is the reality of what British justice is offering Julian Assange. And remember this: it took a British judge exercising unacceptable semantic contortions – by saying that UK law is dependent upon the French language translation of an EU requirement – in order to make the extradition from the UK to Sweden appear to be legal.
This is unacceptable. The UK should be protecting Julian Assange and the principle of free speech – not offering him up to an out-of-control United States courtesy of an increasingly worrying Swedish puppet. It makes me ashamed to be British. And ashamed to help pay for the BBC.
My news stories today:
Flaming Hack: What does ‘Flame’ mean for the rest of us?
We’ve all heard about Flame, the ‘mother of all cyberweapons’, the attack tool that takes cyberwarfare to a new level. But what does it actually mean for the rest of us?
30 May 2012
Neelie Kroes Promises champagne connection – for the wealthy
Neelie Kroes, European Commissioner for the Digital Agenda, has promised a champagne connection for those who can afford it.
30 May 2012
Assange’s appeal fails: extradition lawful – everything left to play for
By a majority of 5 to 2 (Lord Mance and Lady Hale dissented) the UK supreme court has this morning ruled that Julian Assange’s extradition to Sweden is lawful, “and his appeal against extradition is accordingly dismissed.” Assange was not present in court.
30 May 2012
My recent news stories…
You don’t need to be hacked if you give away your credentials
GFI Software highlights the problems of users’ carelessness with their credentials: who needs hacking skills when log-on details are just handed over?
22 May 2012
A new solution for authenticating BYOD
New start-up SaaSID today launches a product at CloudForce London that seeks to solve a pressing and growing problem: the authentication of personal devices to the cloud.
22 May 2012
New HMRC refund phishing scam detected
Every year our tax details are evaluated by HMRC. Every year, a lucky few get tax refunds; and every year, at that time, the scammers come out to take advantage.
22 May 2012
UK government is likely to miss its own cloud targets
G-Cloud is the government strategy to reduce IT expenditure by increasing use of the cloud. It calls for 50% of new spending to be used on cloud services by 2015 – but a new report from VMWare suggests such targets will likely be missed by the public sector.
21 May 2012
New Absinthe 2.0 Apple jailbreak expected this week
The tethered jailbreak for iOS 5.1, Redsn0w, still works on iOS 5.1.1. This week, probably on 25 May, a new untethered jailbreak is likely to be announced at the Hack-in-the-Box conference.
21 May 2012
TeliaSonera sells black boxes to dictators
While the UK awaits details on how the proposed Communications Bill will force service providers to monitor internet and phone metadata, Sweden’s TeliaSonera shows how it could be done by selling black boxes to authoritarian states.
21 May 2012
Understanding the legal problems with DPA
We have known for many years that the EU is not happy with the UK’s implementation of the Data Protection Directive – what we haven’t known is why. This may now change thanks to the persistence of Amberhawk Training Ltd.
18 May 2012
Who attacked WikiLeaks and The Pirate Bay?
This week both the The Pirate Bay and WikiLeaks have been ‘taken down’ by sustained DDoS attacks: TPB for over 24 hours, and Wikileaks for 72. What isn’t known is who is behind the attacks.
18 May 2012
BYOD threatens job security at HP
BYOD isn’t simply a security issue – it’s a job issue. Sales of multi-function smartphones and tablets are reducing demand for traditional PCs; and this is hitting Hewlett Packard.
18 May 2012
25 civil servants reprimanded weekly for data breach
Government databases are full of highly prized and highly sensitive personal information. The upcoming Communications Bill will generate one of the very largest databases. The government says it will not include personal information.
17 May 2012
Vulnerability found in Mobile Spy spyware app
Mobile Spy is covert spyware designed to allow parents to monitor their children’s smartphones, employers to catch time-wasters, and partners to detect cheating spouses. But vulnerabilities mean the covertly spied-upon can become the covert spy.
17 May 2012
Governments make a grab for the internet
Although the internet is officially governed by a bottom-up multi-stakeholder non-governmental model, many governments around the world believe it leaves the US with too much control; and they want things to change.
17 May 2012
The justification that all governments give for their increasingly draconian efforts to censor and monitor the average Joe is always the same: to fight terrorism. Apart from physical terrorists, they offer us the ‘information terrorists’: Anonymous, Wikileaks, Bradley Manning, The Pirate Bay and their ilk. Well, here are four quotes that are worth considering.
The first is from Christopher Doyon (Commander X) currently believed to be in Canada on the run from the FBI:
Information terrorist” – what a funny concept. That you could terrorize someone with information. But who’s terrorized? Is it the common people reading the newspaper and learning what their government is doing in their name? They’re not terrorized – they’re perfectly satisfied with that situation. It’s the people trying to hide these secrets, who are trying to hide these crimes. The funny thing is every email database that I’ve ever been a part of stealing, from President. Assad to Stratfor security, every email database, every single one has had crimes in it. Not one time that I’ve broken into a corporation or a government, and found their emails and thought, “Oh my God, these people are perfectly innocent people, I made a mistake.”
The second is from Rick Falkvinge, the founder of the Pirate Party:
It is universally agreed that Albert Einstein was a genius, and he defined insanity as “doing the same thing over and over and over again expecting different results.” So why, exactly, does the UK Government and David Cameron expect the results to be any different when heading down this path than that of North Korea, who censors everything?
The third is from the last remaining freedom fighter in the House of Commons, David Davis, speaking about Cameron’s proposed ‘Communications Bill’:
I took advice from experts. I asked them a simple question: “If you were a terrorist, how would you avoid this scrutiny?” I stopped them when they got to the fifth method. It is pretty straightforward: for terrorists, everything from proxy servers to one-off mobile phones means that such scrutiny is easy to avoid. For criminals, it is also easy and quite cheap to avoid. However, for ordinary citizens, that scrutiny is not easy and cheap to avoid. We will therefore create something, which some Ministers said will cost £2 billion—the London School of Economics suggests that it will cost £12 billion—that will not be effective against terrorism, but constitutes general-purpose surveillance of the entire nation.
The last flashed by me on Twitter. Sadly I didn’t record it, but it has stayed in my mind. It was in one of the Anonymous accounts. It was words to the effect:
You should always remember two things about censorship. 1. You can always get round it. 2. We will show you how.
It’s a strange, sad and worrying state of affairs. Governments cannot succeed in their stated aim: to use surveillance and censorship to fight the real terrorists. All they will do is turn the average Joe who values his freedom and liberty into an information terrorist – which is a misnomer. But I haven’t answered my own initial question: why are they doing this? When you examine what motivates a politician, it always comes down to the same thing: power. Politicians want the power to enforce their own opinions. They believe they are right and everybody else is wrong and we need to be made to do what they think is best for us, for them, for their paymasters – whoever. Government is, by its nature, a refuge for megalomania. Power is exerted and maintained by control. Information is the enemy of control. It has to be curtailed: they have no choice, it is in their DNA. And we have no choice but to fight it. It should be in our DNA.
Back on Christmas Day, Wikileaks tweated: “is it possible for JA to run for the Australian Senate from house arrest in another country?” Later on the same day, Australian solicitor Peter Kemp responded:
He explained his reasoning in a subsequent article posted to WL Central – an independent site dedicated to allow free and open discussion on WikiLeaks issues. Now, it would appear, WikiLeaks and JA have decided:
It’s going to be interesting. Australians have a natural tendency to thumb their noses at the establishment. He might well succeed. I hope he does.
But what then? I don’t know the law; but even if it is possible to extradite an elected Australian senator, would the UK wish to? Will we see the Swedish judiciary and the UK Home Office trying to expedite the extradite to avoid embarrassment? I hope not – and here’s why…
Nobody doubts that Sweden will just be a staging post for Assange en route and in irons to the USA. The US wants him because of the Bradley Manning leaks. But Bradley Manning, and ergo WikiLeaks, has a very strong defence: public interest. What the FBI really needs is a charge that carries no public support. Like the hack and leak of private correspondence from a well-respected independent news organization. Like Stratfor, perhaps.
Stratfor was hacked by Sabu. Anonymous immediately and officially – as far as Anonymous can ever do anything officially – denied involvement; and accused Sabu: “Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs.” Since then we have learned that Sabu was turned by the FBI and had been working with the FBI since the end of last summer. In short, Sabu hacked Stratfor while he was working for the FBI. Anonymous was aware of this. ‘Agent provocateur’ was not an insult, it was a description.
More recently still, the stolen Stratfor emails have been leaked to WikiLeaks. On 27 February, WikiLeaks announced: “LONDON–Today WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered “global intelligence” company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example…”
But remember, Anonymous has denied involvement. So who leaked to WikiLeaks? The FBI? On 7 March, the Guardian wrote:
A second document shows that Monsegur [Sabu] – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous, another hacking group, about the leaking of thousands of confidential emails and documents.
The Hacker News put it more bluntly a couple of days ago: “But if Sabu was in fact working for the FBI, how could the Stratfor hack be anything more than a clearcut case of entrapment perpetrated by the FBI?” It looks horribly like Stratfor was sacrificed and Anonymous used simply to get Assange.
I call on all Australians – do what other nations daren’t do: thumb your nose at US machinations, and vote Assange. For all of us.
Lisa Vaas has an interesting post on the Sophos Naked Security blog (and of course on Graham Cluley’s, Paul Ducklin’s, SophosLabs’, and Chester Wisniewski’s own blogs – call it saturation marketing). She questions the effectiveness of the Anonymous ‘bullying’ campaigns, especially against companies like Sony.
She is right to make the question. Anonymous claims to be fighting for democracy; but if it alienates the population, it will be defeated by democracy. For Anonymous to win, it has a fine line to tread; it will need all the political skills of its enemies to take the people with it.
Lisa Vaas’ own comments illustrate the problem, She says, very bluntly,
SOPA is an affront to the Internet.
But what does she suggest to prevent this affront?
Anonymous, back off. Let consumers handle this, and let us do it without bullying.
Politically, this is a shockingly naive statement from an intelligent lady.
Bread and circuses have been used since our earliest political systems to appease the public. It is particularly relevant to this situation: bread is government and circuses is the entertainment industry; and together they represent the unholy alliance that is driving SOPA in America, ACTA around the world, and so many other restrictive, controlling and censoring laws.
This is the problem faced by Anonymous. How can it fight for freedom without appearing to be taking away the bread and circuses fed to us to keep us quiet and happy and docile. I hope Anonymous succeeds. I hope it grows up and realises that the stakes are enormous. The stakes are freedom itself. It is, along with the other rebels of the Internet such as Wikileaks and organizations like CCC our best hope. But it has to take the people with it. In the end, only people power can make governments realise that they are our servants and not our masters.
Let’s assume that this trial is in China or Russia. You are an independent observer, tasked with ensuring real justice.
The ‘judge’ also works as a prosecutor for an organization that is currently seeking to prosecute the defendant separately. One of the first witnesses for the prosecution admits in testimony that her written evidence is wrong. The ‘judge’ refuses to allow a large number of defence witnesses.
Show trial? No, Bradley Manning’s trial in the USA.