On 5 November 2012, hackers under the banner of Anonymous led a hacking operation to mark Guy Fawkes Day.
Anonymous’ "OpVendetta" included the defacement of a number of Australian websites, including the Fremantle Arts Centre, the Clinical Practice Guidelines Portal (a web-portal for medical professionals) and the Quality of Life Alliance (a disability support network).
Public recriminations were swift. One Melbourne-based information security consultant — Jody Melbourne of HackLabs — even offered to assist the Australian Federal Police to track down the hackers.
Previously, individuals working under Anonymous’ banner claimed the movement identified with values including "social justice" and "freedom of information".
But hacking arts, medical and disability services’ websites doesn’t gel particularly well with those ideals. So what, exactly is going on with Anonymous?
I decided to seek the insight of a hacker who was named in the US indictment of alleged LulzSec members. (He declined to be named here because of his ongoing legal issues.)
What can you tell the public about yourself?
I’m 20 years old. I’m interested in programming, astronomy, the outdoors, security and a whole bunch of odd things. I study science at university, specifically chemistry.
How old were you when you started hacking?
If the definition of "hacking" involves making computers and electronic things do stuff they weren’t designed to do, four or five years old, perhaps.
You were named in a US indictment, in relation to a group of hackers known as LulzSec. What can you tell me about what happened?
I was arrested. When the raid began, I was asleep. Armed police kicked the bloody doors in, the whole nine yards, at 7am. I was living with my parents. They, er, didn’t take it so well, as one can guess. They’d known I was hacking long before the police arrested me, but previously I’d simply told them I’d stopped.
The allegations in the US indictment were that I’d broken into numerous web servers, stolen data, and destroyed/damaged things on those computers. The "damage" in question was deletion of files and "defacing" the sites.
No charges have been laid in my home country yet — at least, none that I’ve been made aware of — however it can take a long time, if they do plan to lay charges. The US indictment is still looming, but I’m choosing not think about that too much…
Since 2010, the hacktivist scene has become a lot more visible to the public eye. It sort of exploded. How would you define "hacktivism"?
Hacktivism is the use of computer hacking, the internet, and technology to try to effect social change or spread a message. It’s similar to normal activism except it takes place online. For example, instead of a sit-in, you have a DDoS [denial of service]attack. Instead of graffiti, you have website defacements.
Twitter and other social media tools are used extensively to spread awareness about a certain cause. Hacktivism can be legal, or illegal, depending on the actions taken by the hacktivist in question.
How did you become involved in hacktivism?
I got involved in opposition to the MPAA [Motion Picture Association of America]. I dislike anti-piracy organisations. It was addictive, every success, we just wanted more — a bigger "win".
I’ve always wondered — how does it feel to hack?
Hacking feels like being a small child in a massive toy store where everything is free — completely unstoppable. It was like getting to the top of some massive hill — an achievement unlocked every time a door opened. Spending all that time working on it, the frustration, and then suddenly, it was all done and over.
To be completely honest, it was like, "This is fun!" The fact there was a reason, a cause to motivate, made it even better
You felt you were righteous, doing a good thing…?
I imagine every single freedom fighter, crusader and other such type has said the same thing. But really, you are enjoying doing something and feel it is right, which means someone arguing with you about your actions won’t matter because you’re completely "embedded" into it, in a way.
After the crazy days of LulzSec, I started to move away from it. I had this reality check of sorts — damage done to millions of people whose accounts were compromised, saw my own life was in shreds. But I kept going back for "one last fix". Then I was arrested and I could not go back.
After the arrest, you cut your associations with Anonymous and LulzSec. What was that process like?
I’ve had to readjust to living a "normal life". I’d been so used to living this double life — being an average student by day, then going and [REDACTED] at night per se, that I actually had some problems with "who I was". My "work" as I called it, had taken over a massive portion of my life, so getting used to life without it was a challenge.
At first I missed being a part of things, but now I don’t anymore. I have my life back. Back then I was literally 100 per cent "stuck" inside. I spent about 14 hours a day on IRC [Internet Relay Chat]. Like, if I had a connection to the internet, I was on IRC. I became a rather "closed" person. The first thing that failed was my relationship. Then friends saw me growing distant. My grades in college fell, literally everything. Almost a whole year of letting everything around me fall apart, but hey, we were changing the world, at least we thought we were at the time.
How have the world-wide law enforcement crackdowns on hacking over the last few years changed the experience of hacking and hacktivism?
More recently things have slowed down. There are less headlines about hacks that I’m noticing in the news, and the ones that do make it into the public eye are lame.
Seriously, hacking a furniture store in the name of a cause does nothing good. Nor does hacking a bunch of universities (Hello TeamGhostshell!) to protest education issues.
I’ve also noticed people hacking websites for furniture stores, venetian blinds shops, anything with .uk in it for alleged Anonymous operations like #OpAssange — supposedly in support of Julian Assange. My response is "What the fuck!" None of this nonsense helps anyone, it just means some poor, underpaid bastard has to spend ages cleaning up your mess. The sheer number of pointless hacks these days is truly astounding.
Of course there are still good people in Anonymous, trying to do the right thing. But the Anons with true hacking skill, as well as an understanding of real Anonymous ideals, they’re few and far between. They’re just not fronting up for public attention or for the drama of the hive anymore.
So what exactly is going on? Why are these "pointless hacks" increasingly occurring under the Anonymous banner?
A number of groups like LulzSec that were initially involved in hacktivism have split from their parent groups like Anonymous, and struck out alone in search of fame and added hilarity. To be completely honest, all of these groups have failed.
It was somewhat amusing when LulzSec arrived on the scene, but only because it was a "new thing" — it was audacious in a way that captured people’s imaginations.
The copycats and such all became rather un-funny rather fast, as it came out that they were mostly just script kiddies and scammers looking for a quick bit of fame. I am referring to Ugnazi and Teampoison here. I am a bit biased, but many others feel the same.
The crackdown has meant a lot of the more skilled individuals are either busted, or in hiding. There are a lot of skilled people still out there, but they now tend to pick and choose their targets more carefully, while the script kiddies and such have no discretion over who — or what — they attack. This leads to bad press for causes in general.
These days, to succeed at it, you would have to be so incredibly careful that nothing leads back to you. Ever. A lot of the better hackers these days are moving themselves to within the TOR network to hide (hidden services for IRC, etc), and a lot are simply leaving the scene as it is no longer worth the personal risk.
Is what we’re seeing the impact of decentralisation of groups of individuals previously under the Anonymous banner?
So the crackdown led to decentralisation — both a good and a bad thing. It means more freedom for operators to get stuff done on their own, without having to handle other people’s dramas. It also reduces risk.
But decentralisation is also problematic because it reduces the number of critical eyes we hackers have on each other. It means a lot of people can get away with blatantly criminal and unethical activity under the guise of "hacktivism" where previously they would have been called on their behavior, by other people in the hive.
Some hacktivist groups now don’t have the cohesiveness to keep people in check who use and abuse the concept of hacktivism. But highly public, cohesiveness models of hacktivism don’t seem to be the answer either, especially for hackers constantly under legal threat. How should hacktivists move forward?
To be honest, I hope that more movements learn from Telecomix’s model and such, and migrate away from the Anonymous style of hacktivism. Telecomix spent more time looking at data and creating connections rather than "hacking" things, and generally provided far better information and had a better long term effect than the Anonymous "smash, grab, move on" style of hacktivism.
The other hope I have is that activists start being more proactive, rather than simply protesting about problems. Sure, there needs to be some protest, but if you can go and fix the issue then there is no point wasting a bunch of time making noise about it.
Which is more effective? DDoSing some sites in response to censorship, or distributing anti-censorship software and literature? The hacktivism scene can either evolve into a more decentralised movement focussing on education and information dissemination, or die because it will be a brand taken over by blackhats and script kiddies who will get everyone arrested. Currently it seems to be used as an excuse by blackhats and skiddies to wreak havoc under a "name".
Any final thoughts about hacking, hacktivism and activism?
For those who remain as hacktivists and activists: Do what has to be done, never give up! But think carefully about what you are doing. If there are a legal alternatives, try them first. If you choose to break the law, remember leaking a billion random email passwords helps no one. Hacking a furniture shop helps no one. And it makes you — and your cause — look like a pack of dicks.
For those that left the hacktivist scene: Be careful out there, the past tends to come back to haunt you. And for those who simply went deeper underground, take extra care. The underground can hold many false promises of wealth and fun for minimal effort. But the deeper you go, the blurrier the lines get. Take care you do not end up betraying that what you claim to believe in.
And to law enforcement and governments? Perhaps listening to the other side occasionally might help prevent confrontation. I think we can all do this better, if as civilised men and women, we avoid the yelps of "Cyberwar!" and "Fire Lazors!"