The @Anonymous collective comprises a decentralised community of hacktivists and hackers, uniting under a common symbol.
The collective has supported various international initiatives and issues globally and their targets have included governments, offensive websites, ISIS, religious organisations such as Westboro Baptist Church and the Church of Scientology, law enforcement, media and gaming. They oppose internet censorship and have targeted organisations for causes such as violations of human rights, austerity measures, conflicts and government policies.
Despite the above, @Anonymous does not promote any specific unifying ideology. Further, it has no official leader, and this lack of formal overall control means that individuals or hacker groups might join the collective either due to previous connections to other like-minded people, or because they support a particular cause being promoted. With no membership criteria beyond a general empathy with the loosely-stated aims of the collective, it is also possible for anybody to claim they are part of it, regardless of whether or not they possess any hacking skills or even take part in cyber attacks.
This casual affiliation also means that members will not always agree with each other or with operations launched: some will rally to a cause, others will not, and disputes may arise.
@Anonymous members have been involved in the majority of well-publicised or serious hacks. Some of their operations consist of cyber-only attacks, while others are linked to ‘on the ground’ demonstrations, adding weight to protests and publicising street actions.
The collective is integrally linked to the Occupy movement, and the major @Anonymous-led operation, #OpIcarus, launched in 2016, was an attempt to draw support from both online and street activists. The Twitter hashtags #OccupyLondon and #OccupyWallStreet were originally used in Tweets about this operation, which focused on attacking banks and financial institutions. While the New York Stock Exchange and the Bank of England were listed as the original targets, a long list then appeared encouraging attacks on major financial institutions worldwide.
Having developed into an anti-global banking cause, new phases of #OpIcarus were then announced. In September 2016 Phase 4 of #OpIcarus, also dubbed #OpBlackOctober/#OpBlackOct, was promoted, again targeting major financial organisations. The fifth phase, also called #OpSacred, was announced in May 2017, and this time the promotion material also asked for supporters to ‘spread the knowledge’ and truth around the net by exposing corrupt governments globally.
Other groups have also participated in the operation, and in August 2017 @MinionGhost created an event page for #OpIcarus2018, which is planned to take place from 11-25 June 2018 and will involve further DDoS attacks in an attempt to cause disruption for target organisations. Those behind the operation have offered open source intelligence tools to help those who wish to support it.
The following groups are reported to be supporting this operation: @Anonymous, @IndonesianAttackerCyber, @MinionGhost, @LulzSec, @AnonGhost and @LizardSquad.
The Million Mask March offers another example of an attempt to link cyber and street activists. Taking place in various cities around the world on 5 November every year, these events are heavily promoted on various @Anonymous websites. Perhaps surprisingly we do not see many cyber attacks linked to the street protests, though this could obviously change at any time.
Another well-known @Anonymous-led operation is #OpIsrael. While this is slated as taking place in April every year, attacks can be – and are – launched at any time. We have seen a steady stream of attacks against Israeli sites this year as part of the operation. Further, #OpIsrael has also led to opposing actions being launched: in 2017 #OpIslam was also listed as taking place in April.
Meanwhile, members of the @Anonymous collective have recently posted a list of over 80 websites for #OpIsrael which are likely to be targets, whether later this year or in April 2018. The list contains a significant number of government and business domains.
In June 2017 a new operation, #OpArabGulf, was launched amid an ongoing diplomatic crisis in the Middle East: Saudi Arabia, Egypt, Bahrain, Yemen, the Maldives and the UAE cut diplomatic relations with Qatar after accusing it of backing terrorist and sectarian groups. @Anonymous DDoSed Dubai Airport as part of the operation, and on 8 June Qatar’s Al Jazeera news agency reported it too was under heavy attack. Although this operation did not evolve into a major threat, as we originally thought, we are continuing to monitor the situation. Airlines, banks, oil companies, military, large corporations and government organisations linked with the region are all possible targets.
Most recently, following events in Charlottesville, Virginia, we have seen the launch of #OpDomesticTerrorism, with @Anonymous hacktivists posting videos and call-outs for support in attacking organisations promoting white supremacist ideology.
In the announcement made on their official YouTube channel, they state:
We stand with the people of Charlottesville who are instilling hope and optimism to its citizenry. It’s quite clear that we do not stand with its citizens who are instilling fear and hate. The title of this operation explains the situation clearly. We are coming for those who have aligned themselves with the Ku Klux Klan, with Nazism, and with White Supremacy. We will be watching over the innocent and punish those who lay a finger on them. This message isn’t aimed at the president of the United States, or the Charlottesville government, or even the citizens who’ve done no wrong. This message is aimed at those who believe themselves the master race. We are coming for all of you. In recent years anonymous has proved itself a valuable asset to human society. Indeed, operations and projects have failed, but many have succeed. This operation will succeed because we will not be tackling this alone. Ordinary people will stand by our side, and even if you don’t stand by us, so long as you believe in good and righteousness, we will stand by you. Operation Domestic Terrorism, engaged. America, stay vigilant. We are the common citizen. We do not forgive. We do not forget. We already know who you are, expect us.[1]
Various attacks using the @Anonymous handle have been made in relation to this operation, with specific @Anonymous-affiliated groups making claims. For example, @AnonymousBelgium said they had launched a DDoS attack against the website for the Loyal White Knights of the KKK as part of #OpDomesticTerrorism. @AnonymousAlbania claimed to have hacked and defaced various websites in support of it: while the UK’s Blood and Honour website and the American Nazi party may seem to be obvious targets, the group’s defacements of other sites such as Brazil’s Infoside (an IT website) illustrate nicely that hacktivists can easily stray outside of an operation’s remit for any number of reasons: carelessness, identifying wrong targets – perhaps deliberately in some cases – or simply because they are trying to gain e-fame and therefore honing in on an easy target.
Meanwhile, other members of the @Anonymous collective also claimed to have obtained and released contact details for US senators as part of #OpDomesticTerrorism and in preparation for #DayToDenounce. The leaked data contained names, email addresses and phone numbers for 22 US senators.
This operation shows no signs of abating, and we could well start to see more serious attacks being launched against government websites.
Members of @Anonymous also hack a broad range of websites with the specific aim of accessing and leaking data. In July 2017alone, @AnonymousBulgaria successfully targeted Azerbaijan’s Embassy in Bulgaria.
The collective also claimed to have hacked and leaked data from the Tamil Nadu Electricity Board and various other organisations involved in the production and transmission of electricity in the region.
And other hacktivists took aim at the Colombian Bancolombia, hacking and leaking email addresses and passwords as part of #OpCyberGuerraColombia.
@Anonymous hacktivists have historically been largely dismissed as young, disaffected people with a social conscience and a desire to fight against government authority. Their abilities to take websites offline with DDoS attacks have also been portrayed as mere annoyances. However, it is a mistake to ignore the threat which @Anonymous poses to government and business organisations worldwide. These hacktivists now have a whole raft of more powerful tools at their disposal, many of which can easily be found on sites such as Pastebin or GitHub. Further, it should be appreciated that DDoS attacks can lead to significant financial losses for companies when websites are taken offline; reputational damage is another important consideration.
Given our close monitoring of a variety of information mediums, we are able to track the activities of hacktivists affiliated with @Anonymous, and to quickly identify new accounts made by individual hackers or groups. This allows us to provide clients with timely, comprehensive information on new threats, enabling a strategic defensive approach to be formulated to mitigate more effectively and to provide a looking glass into the ideology of @Anonymous.