• Irongeek Security
• Hacking Illustrated Videos
• InfoSec Articles
• Mobile Pen-testing Tools
• Apps/Scripts
• Reviews
• RSS
• Your IP
• Podcasts
• Hoosier Hackers
• Newscat
• Links
• Contact
• Forums
• Workout
• Nutrition
• Supplements
• Humor
• Irongeek Campuses
• Fed Watch
• Books
• Store
• About
• Follow @irongeek_adc

Text from slides:

Crude, Inconsistent Threat: Understanding Anonymous
Adrian Crenshaw
About Adrian
• Since I have a name, I’m not Anonymous 
• I run Irongeek.com
• I have an interest in InfoSec education
• I don’t know everything - I’m just a geek with time on my hands
• (ir)Regular on the ISDPodcast
http://www.isd-podcast.com/ 

Dubious Disclaimer:
Easily offended?
• This may not be the talk for you.
• I’m not the one that came up with the terms in use.
• Some terms seen in “Chan culture” you may find offensive.
• Still, they are useful terms to know when you read “Anonymous” items in context.
Abstract
• Intended to define Anonymous (roughly)
• Not intended to condemn nor promote, but just to help folks understand "cyber-lynch mobs" and perhaps their security ramifications
• Mostly I’m just tired of hearing the news get it wrong concerning the nature of the “organization”

Confusion over what Anonymous is
• News reporters have written a lot about a "group" referred to as Anonymous recently
• The thing is, it’s more of a meme than a group
• People in the news refer to:
 Official press releases
 Leaders
• Though there are what could be considered subgroups
• The thing is, anyone can be “Anonymous“

What and who is Anonymous?
• Not really a group, more of a shared label, or meme
• This causes big league attribution problems
• There are some sub-groups of a sort
• Unifying principals (if any):
• Do it for the lulz.
• Internet censorship is bad.
• Don't hurt cats.
• Silly, but I’ll explain more

What is a meme?
• ‘A meme is basically an idea that is easily transferable from one mind to another. Think "catch-phrases". Memes are created when a large group of users come to identify with a particular image or slogan. Their continued [mis]use will bring about the destruction of the universe.’
Source: http://www.4chan.org/faq#meme

• “Over 9000”, “the game”, LOLCats, etc.

Example
• Unclaimed posts on image boards are marked as Anonymous



• Over time the meme developed that Anonymous was a real person/group
Change over time…
• Check out changes over time via archive.org
http://replay.web.archive.org/20070607170247/http://www.encyclopediadramatica.com/Anonymous 

Cohesiveness?
• No real leader…
• Resource owners may have more influence however
• May be able to say “this subgroup” organized via 4chan/Partyvan.info/Insurgen.cc/AnonOps 
• Popular causes may become larger

Raid Order
• Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel posts “hey, this is wrong/messed up/has lulz potential. I think we should give them grief!”
• Those that agree follow suit with sometimes vague details given as to their intentions and tactics.
• Lulz ensue or they don’t.
• If Lulz ensue, go back to step two and see if more people join the action. Or...
• Lose interest because of attention deficit or the target seems thoroughly beaten.
Next Steps
• Dropping someone's docs (doxing or other spellings)
 This could also be family members
• In Real Life (IRL) pranks using the information above
 Unwanted pizza delivery
 Swatting
 Phone harassment
• Defacing of websites or social network profile pages to embarrass and annoy
• Denial of service attacks: Sometimes referred to as “bandwidth raep” depending on how they are done. Some see DoS as equivalent to a sit-in
Going no where
• Not all raids/ops get off the ground
• Not your personal army/Lurk moar
• Lack of interest
Ways of organizing
• Raid boards /i/
http://711chan.org/i/
• Also done on /b/, but very ephemeral
• IRC
AnonOps IRC Network
• News
http://anonnews.org/
• Edit pads and paste boards
http://piratepad.net/q6IfcBltJB 
• Use Tor/I2P 
 Some blocking issues


Skillsets
• Not necessarily “1337 h@c3r dud3$”
• Some have skills
• Some just use DoS tools to feel like they are participating
• Some just like to yell loud on social media
• Primers for the noobs
http://pastehtml.com/view/1dzvxhl.html
http://ge.tt/#62ymxTx/v 

Some tools
• Nothing too special…
• DoS tools (and Mail Bombers)
BWRaeper.NET, LOIC, PyRAEP, Longcat Flooder, Slow Loris
http://partyvan.info/wiki/Tools
• DangerousKitten.jpg
Collection of tools in a (zip/rar) jpg
• Anonymous Care Package Light
• Beware of trojaned tools if you do research
• Some Darknet use
Tor
I2P
A few more notes on DDoS
• LOIC In Hive Mind Mode = Self selecting botnet
• Seen as a virtual sit in?
• Legality?
 Title 18, U.S.C. Sections 1030(1)(5)(A)(i) and 1029(a)(3)
• IP is obvious, hope that number mitigate risk
• Can’t really use proxies for it
• Free speech issues
• “I support freedom of expression, no matter whose, so I oppose DDoS attacks regardless of their target,” he said. “They’re the poison gas of cyberspace.” ~ John Perry Barlow
A few past raids
Do you see a connection?
Habbo Hotel Raids
• Trolled the social network/game by showing up as an avatar that looks like Jules from Pulp Fiction
Internet Vigilantism
• Go after some pedos (Chris Forcand for example)
Project Chanology
• This was/is a protest agains Scientology for various censorship tactics and the way they treat members of the “Church”
A few others
• Epilepsy Foundation Raid
Defaced the website with flashing items
• Operation Titstorm
Protest over filter laws in Australia
• Hal Turner raids
• ACS Law (Related to OpPayback)

Wikileaks/Operation Avenge Assange/Operation Payback
• Bollywood companies hired the firm Aiplex Software to DDoS websites involved in what they saw as copyright infringement, and that ignored take-down notices.
• In retaliation the idea was put forth to DDoS Aiplex, but someone beat them to it . Instead, they attacked groups they saw as being in a similar vein, like the MPAA & RIAA.
• Eventually the operation moved to targeting firms that stopped doing business with Wikileaks.
HBGary Federal Hacks
• Aaron Barr made some noise about exposing people in Anonymous and Anonymous fired back
• Find SQL injection flaw in homebrew CMS.
• Dump passwords hashes and crack them.
• See if many of the same passwords were used on mail system (they were).
• Some local privilege escalation.
• Send some Social Engineering emails to gain further access.
• Profit?
OpLibya, OpEgypt, OpTunisia
• Helping establish communications amongst protesters via non government controlled/less snoopable means
• DoSing government sites
Many more…
• Way too many other “Ops” to even mention.
• See:
http://anonops.in 
http://www.anonnews.org
http://partyvan.info
http://insurgen.cc 
• Use Tor/I2P 
 Some blocking issues
Demographics?
• I have my stereotypes, but hard to know for sure
• You can’t poll a troll
• My general thoughts/observations?
 Young
(based on time and humor)
 Middle class to well off
(have and Internet connection)
 Black and White thinking
 Bored
• Slacktivism?
Another word for those who are easily offended
• Two things you may be able to generalize about Anonymous:
 They hate to be told what they can and can not say/do/look at (political correctness be damned)
 They love to troll.
• It takes more and more to offend people these days
• …but various slurs still do the trick
• You will see plenty of examples of *tard and*fag type names
• This is how people refer to themselves and others in the culture
• Some folks have used this to label them a hate group, but that’s really not the case
Categories of people who self-identify as Anonymous?
• As with any label, there will be disagreement as to who is what
• Moralfags
These are people who think that Anonymous should use its trolling power to accomplish something they see as a social good or to counteract some injustice. These people are also sometimes seen as corresponding to Newfags; changing the meaning of what it means to be a part of Anonymous.
• Newfags
These are people who are seen as new to the whole Anonymous/Internet culture scene.
Terms for categories of people who self-identify as Anonymous?
• Oldfags
These are people who are seen, or see themselves, as having been in the culture for awhile.
• Hatefags
Hatefag is the banner term for those that think the Moralfags are ruining the point of Anonymous: to boldly troll as no one has trolled before, not causes. These people are also sometimes seen as corresponding to Oldfags and wanting to go back to the older meaning of Anonymous as it relates to being The Internet Hate Machine
• Namefags
Those who choose to use a name/handle instead of truly being anonymous.
My point in this diversion?
• I’d like to paraphrase something Jason Scott said, but I doubt I’ll do it justice:
• Terms like hacker and biker, and their “true” definitions, are often claimed by different groups who, in the wild, would beat each other up.
• Like religious denominations: When one faction says some other is not the real Anonymous, who is to decide but ceiling cat?
Attribution
• Hey, we did not do it!/Hey, maybe one of us did!
• Sony
• Westboro Baptist Church
Are there any common criteria for an attack?
• Lulz potential
 Moral issues may guide some, but it’s not as big of a draw for bringing in the masses.
• Unwarranted Self Importance (USI):
• Censorship
• Some moral issue
 Avoid troll's remorse even if they really don’t care about the moral issue.
 Self-justifications are wonderful things.

Other future possibilities
• Infighting over USI?
 Magnanimous
 Backtrace is dropping dox on AnonOps
 AnonOps is dropping dox on Backtrace
 Ryan/Owen and AnonOps.ru/net/in
• Use as cover?
• Can you really be a part of Anonymous if you are not anonymous?
• Lots of handles/names seem to be used now.
TL;DR Version
• Anonymous is not really a cohesive enough group to make definitive statements about
• Basically what Anonymous comes down to is this: Cyber-lynch mobs that are organized via the Internet, who share the common meme of “Anonymous“, where a few people say "hey let's do this", and those of like mind go do it…
• …while the others sit it out and post lolcat pictures on 4chan.
Links and resources
• http://www.irongeek.com/i.php?page=security/understanding-anonymous
• http://en.wikipedia.org/wiki/Anonymous_%28group%29
• http://encyclopediadramatica.ch/Anonymous 
• http://partyvan.info
• http://insurgen.cc
• http://anonnews.org 
• http://www.whyweprotest.net 
• http://anonops.in 
• http://www.4chan.org 
Thanks
• Central Ohio Infosec Summit for having me
• By buddies from Derbycon and the ISDPodcast
Events
• DerbyCon 2011, Louisville Ky
Sept 30 - Oct 2
http://derbycon.com/ 
• Louisville Infosec
http://www.louisvilleinfosec.com/ 
• Other Cons:
http://www.skydogcon.com/ 
http://www.dojocon.org/ 
http://www.hack3rcon.org/
http://phreaknic.info 
http://notacon.org/
http://www.outerz0ne.org/ 
Questions?
42
 

Printable version of this article