Anonymous: the groups’ evolution and remarkable hacks

by Marius Marinescu / 2 October

For an unidentified group, the hacker collective called Anonymous has made the news quite a few times since its inception ­ both for good and for bad. Some say that they might just be the most powerful non-government hacking group in the world. They are also largely considered to be the most famous one. So, exactly how did Anonymous start, where do they come from, and what are they trying to do?

The group, which is composed of a loosely organized international network of hacktivists, has its roots in the online image-based bulletin board 4chan, that was publicly launched on October 2003. The site was inspired by 2channel, a massive Internet forum, with seemingly random content, which is especially popular in Japan. 2channel was launched in 1999. It has over 600 boards which cover wide ranging subject matters, such as cooking, social news, and computers. Visitors to 2channel usually post anonymously, and most of the content on this site is in Japanese. In the spirit of 2channel, 4chan allows people to post anonymously as well. Unlike 2channel, the vast majority of 4chan is in English. Any poster who doesn’t post text in the name field automatically gets credited as “Anonymous”.


The majority of the forums on 4chan are based on Japanese pop culture, but their most popular forum is /b/. /b/ has a fascinating culture onto itself. A lot of the user created graphical memes you may see circulating around the Internet, like LOLcats, “All your base are belong to us”, and Pedobear, originated in the /b/ forum. As it is an image board, its content is mostly made up of user generated graphics. Usually, they’re intended to amuse, offend or do both at the same time. The majority of the postings are with unknown author (“Anonymous”), so the „Anonymous” name was inspired by the perceived anonymity under which users posted on 4chan.


The group’s two symbols – the Guy Fawkes mask that they wear in public and the „man without the head” image – both underscore the group’s inscrutability and lack of any formal leadership. Members of the group call themselves “hacktivists”, a word coined from the combination of hacker and activist. When people have technical skills, have access to the Internet and understand how network infrastructure and servers work, it can be tempting to put that knowledge into having some effect on the world. The “activist” part of “hacktivist” means that they don’t do their hacking and cracking without a cause. The various people behind Anonymous worldwide are united in a belief that corporations and organizations they consider to be corrupt should be attacked.


Not all of Anonymous’ activities involve attacking networks or websites. Anonymous has also been active in initiating public protests. But the web and IRC channels are the lifeblood of the group. If it weren’t for the Internet, Anonymous would’ve never existed.


The hacker collective’s first cause to make headlines was a 2008 effort called „Project Chanology”. On January 2008, a video from the Church of Scientology was leaked onto YouTube. It was a propaganda video featuring Tom Cruise laughing hysterically. As the clip is arguably unflattering to Scientology, the cult tried to get YouTube to remove the video due to “copyright infringement”. In response a video was posted on YouTube credited to Anonymous titled “Message to Scientology”. Thus, began Project Chanology.


A press release was written explaining the intentions behind Anonymous’ Project Chanology. The release covers why Scientology is a dangerous organization and how the cult’s attempt to have the Tom Cruise video removed from YouTube violated the freedom of speech.


Scientology has a reputation for financially exploiting its members, engaging in threatening blackmail against people who try to leave the cult and various other abuses. “Call to Action”, also credited to Anonymous, was posted on YouTube calling for protests outside of Church of Scientology centers around the world. At some point in January, a DDoS attack was also launched on the cult’s website.


During the various Anonymous protests against Scientology that year, many protestors wore Guy Fawkes masks, in the spirit of the popular film “V for Vendetta”, and also to protect their identities from the cult, which is known for attacking dissenters that Scientology calls “Suppressive Persons”.


Between marches outside of Scientology churches and the videos the group posted, they managed to establish their power and resolve in this first project.


In February 2010, the Australian government was in the process of passing legislation that would make certain online content illegal. In response, Anonymous engaged in Operation Titstorm using DDoS attacks to bring down various Australian government websites.


In June 2010, President Mahmoud Ahmadinejad was elected in Iran, which triggered protests across the country. In response, Anonymous Iran was formed, an online project between Anonymous and The Pirate Bay, a popular, but persecuted torrent search engine site. Anonymous Iran offered Iranians a forum to the world which was kept safe amidst the Iranian government’s crackdowns on online news about the riots. Project Skynet was launched by Anonymous the same month to fight Internet censorship worldwide.


Operation Didgeridie started in September 2010. The Australian government had plans to censor the Internet at the ISP level. An Anonymous initiated a DDoS attack on Prime Minister Kevin Rudd’s website and brought it down for about an hour.


Operation Payback commenced in also in September 2010. The MPAA (Motion Picture Association of America) and the RIAA (Recording Industry Association of America) hired Indian software firm AIPLEX to launch DDoS attacks on The Pirate Bay and other websites related to file sharing. Anonymous executed DDoS attacks of their own, targeting websites linked to all three organizations, the MPAA, the RIAA and AIPLEX.


Operation Payback continued in December, but this time the targets were Mastercard, Visa, Paypal, the Bank of America and Amazon. Those corporations were targeted for blocking charitable donations for the This is a website for whistleblowers to post insider information about corrupt government activities around the world.


In December 2010, it was reported that the wife of Zimbabwean dictator Robert Mugabe, Grace Mugabe profited from illegal diamond mining. The information was revealed via a cable leak to WikiLeaks. Anonymous brought down Zimbabwean websites via DDoS attacks, as a response to Zimbabwean government corruption.


Starting on January 2011, websites for the Tunisian Stock Exchange and the Tunisian Ministry of Industry were brought down by more Anonymous DDoS attacks. It was a reaction to Tunisian government censorship. The Tunisian government had tried to restrict the Internet access of its citizens and arrested many bloggers and cyberactivists who had criticized the government.


Also in January 2011 the Egyptian government became the next target. Efforts started with the intention of removing Egyptian President Hosni Mubarak from office. Once the government blocked the citizens’ access to Twitter, Anonymous brought down Egyptian government’s websites with DDoS attacks.


On February 2011, Aaron Barr of security firm HBGary Federal claimed to have infiltrated Anonymous and said he would release information in a press conference. HBGary’s website was powered by a CMS (content management system) that had several security loopholes. Because of those loopholes, Anonymous were able to access the site’s databases via SQL injection. Usernames, e-mail addresses and password hashes were retrieved. The MD5 hash algorithms were cracked with rainbow tables, so eventually the entire database became accessible.


By April 2011, Sony became the next Anonymous target. Sony’s PlayStation Network banned user GeoHot for jailbreaking and modifying his PS3 console. GeoHot attracted Sony’s attention by posting information about how to mod PS3s to the Internet. Throughout April, the PlayStation Network and various Sony websites were brought down via organized DDoS attacks. This was Anonymous’ way of coming to GeoHot’s defense. It took a number of weeks until the PlayStation Network was operating normally.


Mid-July 2011, people from Adbusters, the anti-consumerism magazine, started discussing what could be done in response to corporate corruption on Wall Street. The “Occupy Wall Street” movement was planned from there, for mass protests on Wall Street starting on September. On August 2011 Anonymous expressed its support for this with a video post on YouTube to rally many thousands of people to be involved in the protest. The ubiquitous and now Anonymous related Guy Fawkes masks can often be seen on protestors.


These are just a few prominent examples from their early years of “hacktivity” but, since then, the hacker collective has been involved in everything from “Occupy Wall Street” to the recent violent protests in Minneapolis over the death of George Floyd.


While Anonymous initially was lambasted in the media for cyberattacks on the government and businesses, the group’s reputation has shifted recently. There are reports that the group is now even being praised for its work, particularly its mission to combat cyber jihadists. Some even went so far as to call the collective “the digilantes” for their efforts to retaliate against acts of injustice.


“Hacktivism” is now a major phenomenon, and Anonymous is far from the only “hacktivist” group. Networks, servers and databases which may become targets must audit for security. Harden networks from DDoS attacks, use virtualization and proxy servers when possible, and assure that passwords and hashes are difficult to crack. Special care must be applied to servers which contain encryption keys.


In the meantime, whoever they are, wherever they are, with their philosophy of activism, hopefully Anonymous continues to use their powers for good, rather than evil.