Hacker, Hoaxer, Whistleblower, Spy: why only an anthropologist can tell the story of Anonymous


The Spectator has just run my review of Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous , an anthropological recounting of the glories and disasters of Anonymous.

Read the rest

London, Tue night: Cory and Biella Coleman talk about "Hackers and Hoaxers: Inside Anonymous"


Anthropologist Gabriella Coleman (author of the brilliant Coding Freedom) spent years embedded with Anonymous and has written an indispensable account of the Anonymous phenomenon.

Read the rest

Hacker and FBI informant Sabu, aka Hector Monsegur, linked to cyberattacks abroad

Sabu.


Sabu.

From the NYT: "An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks." The informant was Sabu; his helper Jeremy Hammond.

Caption competition

Head over to the BBS and win nothing but the approbation of your peers! The true caption will be posted at 6 p.m. today. [Photo: Umit Bektas/REUTERS]

How UK spies committed illegal DoS attacks against Anonymous

A new Snowden leak, reported by NBC, documents the UK spy agency GCHQ's attacks on Anonymous, which included Denial-of-Service attacks, which are strictly forbidden under UK law. As the Slashdot story notes, "Regular citizens would face 10 years in prison and enormous fines for committing a DoS / DDoS attack. The same applies if they encouraged or assisted in one. But if you work in the government, it seems like you're an exception to the rule."

NBC has published a minimally redacted version [PDF] of the GCHQ slide-deck detailing the agency's illegal hacking attacks on alleged Anonymous participants.

Read the rest

LulzSec's Jake "Topiary" Davis interviewed

How did he get caught? "VPN provider ratted me out." [ask.fm]

Onion Pi - Convert a Raspberry Pi into a Anonymizing Tor Proxy, for easy anonymous internet browsing

About this nifty "Onion Pi" HOWTO just published at Adafruit, Phil Torrone says, "Limor and I cooked up this project for folks. We are donating a portion of any sales for the pack we sell that helps do this to the EFF and Tor."

Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi. Using it is easy-as-pie. First, plug the Ethernet cable into any Internet provider in your home, work, hotel or conference/event. Next, power up the Pi with the micro USB cable to your laptop or to the wall adapter. The Pi will boot up and create a new secure wireless access point called Onion Pi. Connecting to that access point will automatically route any web browsing from your computer through the anonymizing Tor network.

Anonymous declares religious war on Westboro Baptist Church

http://vimeo.com/55671721

Some people using the Anonymous banner have declared religious war on the Westboro Baptist Church, the real-life "God hates fags" trolls who have announced their intention to picket the funerals of the children shot in Sandy Hook. In addition to publishing a list of purported home addresses and phone numbers of alleged Westboro members, the Anons have released a videos that sets out chapter-and-verse citations of Biblical injunctions that Westboro is said to have violated, and promises to punish all of them.

In response to the WBC's plans early today, Anonymous tweeted, "It's so nice of #WBC to provide the internet with a list of their twitter handles..." Roughly one hour later, they revealed their plans for the WBC: "#WBC GodHatesFags Site Admin gets #DOX'd via: Anonymous." DOX, of course, refers to the work Anonymous did to find and publish a list of WBC members complete with e-mails, phone numbers, and even home addresses—all for the adoring public to access.

In addition to the DOXing, Anonymous has repeatedly promoted a whitehouse.org petition to have the WBC recognized legally as a hate-group. The petition was created on Friday and it has already doubled the required 25,000 signatures.

Anonymous sets sights on an old enemy—the Westboro Baptist Church [Nathan Mattise/Ars Technica]

How Anonymous broke its own rules to break free

Before the summer of 2011, Anonymous was an amorphous collective of hackers and pranksters ready to pour cold water on members’ nascent political aspirations. By 2012, a growing antiauthority, anticensorship, anti-surveillance sentiment asserted itself, and everything changed.

Read the rest

Where Anonymous actions come from


Quinn Norton reports in depth on Wired with a careful, important account of where Anonymous's actions come from -- how coordinated activity (political, lulzy, legal and illegal) can emerge from noise, randomness, bombast and joking. This is the best description of how decision-making works in decentralized movements, and has important implications for the future of activism, governance, politics, crime and security:

But it’s a mistake to identify Anonymous entirely with these arrestees, some of whom were blackhats and others who were guilty of just using the LOIC. The hacks draw their power from the support of the wider collective, not the other way around. The majority of Anonymous operations are conceived and planned in a chaotic and open fashion. At any given time, a few thousand people are congregating on the Anonymous IRC channels, figuring out for themselves what it means to be an anon. And together they embody whatever Anonymous is going to be that day.

Most of the time, in most of the channels, there’s little more than conversation; sometimes a whole channel will consist of lurkers, with no one contributing a thing. But when some offense to the net is detected, anons will converge on one or more of these “chans,” with hundreds or thousands arriving within hours—many of them new to Anonymous and yet all primed and eager to respond. What looks in one moment like a sad, empty chat room can quickly become the staging ground for a major multipronged assault.

Consider OpBART, which flared up in August 2011 and dealt with an unlikely issue for Anonymous: the messy offline world of race relations and police violence. Ever since 2009, when a Bay Area Rapid Transit police officer shot and killed an unarmed black man named Oscar Grant, protests against abuse of authority by transit police had grown. On August 11, anti-BART activists were planning a rally at several of San Francisco’s underground transit stops to protest another shooting by a BART officer, this one of a homeless man named Charles Hill. It was an unremarkable story by the standards of the national media, but the response from BART to the planned protest did catch the interest of the local press: To thwart protesters from coordinating via mobile devices, BART cut cell service at its downtown stations.

How Anonymous Picks Targets, Launches Attacks, and Takes Powerful Organizations Down

Effective and disorganized: a new thing upon this earth

My latest Guardian column is "Disorganised but effective: how technology lowers transaction costs," a piece about a new kind of group that has been enabled by the Internet -- a group with no formal structure that can still get stuff done, like Occupy and Anonymous.

The things that one person can do define what is "human". The things that transcend the limits of an individual – building a skyscraper, governing a nation, laying a telecommunications network, writing an operating system – are the realm of the super-human.

The most profound social revolutions in human history have arisen whenever a technology comes along that lowers transaction costs. Technologies that makes it cheaper to work together lower the tax on super-human powers.

Language (which allowed for explicit communication), writing (which allowed for record-keeping), literacy (which allowed for communication at a distance and through time) and all the way up to assembly lines, telegraphs, telephones, cryptography (which lowers transaction costs by reducing the amount of energy you have to expend to keep attackers out of your coordination efforts), computers, networks, mobile phones and beyond.

Decreasing transaction costs means that the powerful can do more. If you've already organised a state or criminal enterprise or church with you at the top, it means that you've figured out how to harvest and distribute resources effectively enough to maintain your institutional stability.

Disorganised but effective: how technology lowers transaction costs

Pirate Bay to Anonymous: DDoS is censorship, cut it out

A good-tempered rebuke from The Pirate Bay to the Anons who staged a raid on Virgin Media in protest of the ISP's participation in blocking The Pirate Bay for its customers:

Seems like some random Anonymous groups have run a DDOS campaign against Virgin media and some other sites. We'd like to be clear about our view on this:

We do NOT encourage these actions. We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us.

So don't fight them using their ugly methods. DDOS and blocks are both forms of censorship.

If you want to help; start a tracker, arrange a manifestation, join or start a pirate party, teach your friends the art of bittorrent, set up a proxy, write your political representatives, develop a new p2p protocol, print some pro piracy posters and decorate your town with, support our promo bay artists or just be a nice person and give your mom a call to tell her you love her.

DDOS and blocks are both forms of censorship. (via /.)

Anonymosus-OS: the checksums that don't check out

Further to the ignoble saga of Anonymosus-OS, an Ubuntu variant targeted as people who want to participate in Anonymous actions: Sean Gallagher has done the legwork to compare the checksums of the packages included in the OS with their canonical versions and has found a long list of files that have been modified. Some of these ("usr/share/gnome/help/tomboy/eu/figures/tomboy-pinup.png: FAILED") are vanishingly unlikely to be malware, while others ("usr/share/ubiquity/apt-setup") are more alarming.

None of this is conclusive proof of malware in the OS, but it is further reason not to trust it -- if you're going to produce this kind of project and modify the packages so that they don't check, you really should document the alterations you've made.

all.md5 > /dev/shm/check.txt
md5sum: WARNING: 143 of 95805 computed checksums did NOT match
anonymous@anonymous:/$ grep -v ': OK$' /dev/shm/check.txt
usr/share/locale-langpack/en_AU/LC_MESSAGES/subversion.mo: FAILED
usr/share/locale-langpack/en_GB/LC_MESSAGES/gbrainy.mo: FAILED
usr/share/applications/language-selector.desktop: FAILED
usr/share/locale-langpack/en_GB/LC_MESSAGES/file-roller.mo: FAILED
usr/share/locale-langpack/en_CA/LC_MESSAGES/metacity.mo: FAILED
usr/share/locale-langpack/en_GB/LC_MESSAGES/jockey.mo: FAILED
usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo: FAILED
usr/share/doc/libxcb-render0/changelog.Debian.gz: FAILED...

The bad checksums in Anonymous-OS (Thanks, Sean!)

Preliminary analysis of Anonymosus-OS: lame, but no obvious malware


On Ars Technica, Sean Gallagher delves into the Anonymosus-OS, an Ubuntu Linux derivative I wrote about yesterday that billed itself as an OS for Anonymous, with a number of security/hacking tools pre-installed. Sean's conclusions is that, contrary to rumor, there's not any malware visible in the package, but there's plenty of dubious "security" tools like the Low Orbit Ion Cannon: "I don't know how much more booby-trapped a tool can get than pointing authorities right back at your IP address as LOIC does without being modified."

As far as I can tell, Sean hasn't compared the package checksums for Anonymosus-OS, which would be an important and easy (though tedious) step for anyone who was worried about the OS hiding malware to take.

Update: Sean's done the checksum comparison and found 143 files that don't match up with the published versions.

Some of the tools are of questionable value, and the attack tools might well be booby-trapped in some way. But I don't know how much more booby-trapped a tool can get than pointing authorities right back at your IP address as LOIC does without being modified.

Most of the stuff in the "Anonymous" menu here is widely available as open source or as Web-based tools—in fact, a number of the tools are just links to websites, such as the MD5 hash cracker MD5Crack Web. But it's clear there are a number of tools here that are in daily use by AnonOps and others, including the encryption tool they've taken to using for passing target information back and forth.

Lame hacker tool or trojan delivery device? Hands on with Anonymous-OS

FBI's LulzSec informant Sabu: "Party boy of the projects"

The New York Times has a colorful profile piece out on Hector Xavier Monsegur, who agreed to serve as an FBI informant in the LulzSec/Anonymous sting in hopes of reducing possible prison sentence of more than a hundred years.