‘We are Anonymous. We do not forgive. We do not forget. Expect us.’
| By Jennifer Wilmore |
If you were to pass Jeremy Hammond on the street, you would probably never guess that you had just passed a convicted criminal. With clear blue eyes, wavy brown hair, and boyish good looks, this gangly 27-year-old from Chicago hardly seems the type to have served hard time. But at the age of 22, Hammond was sentenced to two years in federal prison, and it looks like he may be heading that way again. His crimes? Computer hacking for social justice.
Hammond, who operated under online aliases such as “anarchaos” and “crediblethreat,” was charged in 2006 with breaking into a conservative website and stealing its computer database. He served his time but was arrested again at his home early last month in the latest international bust on prominent hackers. This time, he faces up to 30 years in prison for allegedly hacking into computers at Stratfor Global Intelligence, a security research firm, late last year and stealing thousands of pieces of personal data, including credit card numbers and email addresses.
The thing that sets hackers like Hammond apart is they don’t hack systems for financial gain, but for the thrill of the challenge and, increasingly, for an ideology. They are the so-called hacktivists—computer geeks with a cause—made of equal parts mission and mirth.
Employing a sort of irreverent, “stick it to the man” rhetoric, the ad hoc movement of international hackers broadly opposes any form of censorship and claims to promote the defense of freedom for all people. Last summer, for instance, they hacked into Syria’s Defense Ministry website and replaced its content with a message to the Syrian people: “All tyrants will fall, and thanks to your bravery, Bashar Assad is next.”
With the exception of Hammond, who prosecutors say intended to use the data he stole in 2006 to make donations to liberal organizations, hacktivists generally claim they have no intentions of using or selling the information they obtain. But this distinction seems to matter little to governments and the global intelligence community. Over the past year, officials have scrambled to ramp up punishment of hackers, calling for them to be treated the same as organized criminals.
The arrest last month of Hammond, along with four others, is just the latest in a string of international arrests of more than two dozen high-profile hackers that began in force last summer. They were part of LulzSec, an offshoot of the now infamous online collective Anonymous, notorious for hacking just for the “lulz,” or the laughs. Over the past few years, however, Anonymous has been increasingly hacking and attacking sites for a host of political reasons.
“Anonymous has always tried to fight for the little guy, because let’s face it, most of these guys are nerds. They like fighting for misfits,” Cole Stryker, author of the book Epic Win for Anonymous, told me in an interview. “They are like the white blood cells of the Internet,” Stryker explained, “finding things that should not be and attacking them, thereby preserving the integrity of the Internet.”
I attempted to get in contact with someone within Anonymous, creating a separate email account and only using public computers to post inquiries on various message boards. Stryker advised me to take these precautions, as some within Anonymous can get peeved if they sense an outsider poking around. (After his book came out, unsolicited pizza orders would occasionally show up on his doorstep.) But, unsurprisingly, I never received a response to my posts.
It’s difficult to know much about the demographic makeup of Anonymous or how many people are in it—all personal information is, after all, kept anonymous—but Stryker thinks it’s mostly white males in their teens and 20s living in the U.S. and other developed countries. And when Anonymous first appeared on the online message board 4chan eight years ago, it was easy to picture a bunch of bored, socially awkward computer geeks surfing the web from their parents’ basements. Initially known for trolling message boards and picking on teenage girls, Anonymous defines itself on 4chan as “a god amongst men” who “currently resides with his auntie and uncle in a town called Bel-Air (however, he is West Philadelphia born and raised)”—a line pulled from the ’90s sitcom The Fresh Prince of Bel-Air.
But the emergence of hacktivists over the past few years has represented a maturation both of Anonymous’ tactics and its influence. Still superciliously calling itself the “final boss of the Internet,” Anonymous has recently been credited with hacking into several major private and government websites, including the FBI, CIA, Mastercard, Sony, and several private defense contractors. It also helped instigate the Occupy Wall Street movement. And a recent study conducted by Verizon indicates that in 2011, hacktivists stole more data from private companies than did cybercriminals.
“Even though they’re not causing much legitimate damage, it’s still egg on [security officials’] faces,” Stryker said. And those officials are taking notice.
Military and intelligence services have dramatically increased the amount of money spent on cyber security in recent years, according to Abraham Wagner, an expert in security and intelligence at Columbia University’s Saltzman Institute of War and Peace Studies. “They’re taking [cyber security] a great deal more seriously than a few years ago,” Wagner told me. “Years ago, the Defense Department was spending $25 million a year [on cyber security].” Now, although it’s hard to know precise numbers, he said, “you’re talking probably a couple hundred million to half a billion.”
A NATO report published in June of last year noted that Anonymous had been growing more sophisticated and expressed concerns that it would hack into “sensitive government, military and corporate files.” The report called for Anonymous to be infiltrated and dismantled. The U.S. National Security Agency also recently expressed concerns that Anonymous could hack into the national power grid within a couple of years – a claim that was immediately mocked by Anonymous and labeled as “fear-mongering.”
In an emerging digital age, it is no surprise that hacktivists may tend to hover in legal gray areas and occasionally engage in illegal attacks, according to Tom Glaisyer, coordinator of the Media Policy Program at the New America Foundation’s Open Technology Initiative. Anonymous represents a new type of digital social movement, he said, and “these movements, just like social movements everywhere, will push and cross the line.” These movements are changing the world, he said, but “the legacy of political institutions is having trouble adapting to this new reality.”
As recent history has shown, the tactic of rounding up individual hackers seems to simply provoke more retaliatory attacks. In response to last month’s arrests of the LulzSec affiliates, for instance, hackers took down and defaced several Panda Security sites and published one employee’s profile information after he made a comment online that the arrests meant an end to major hack attacks by Anonymous. Hackers also declared in a YouTube video posted in March that LulzSec will soon return with a vengeance and with an expanded range of targets for their attacks: “You haven’t stopped us,” a computer-generated voice declares in the video. “You have merely disrupted the active fashion.”
But could it be possible that intelligence services may actually have an incentive to continue provoking such attacks from hacktivists? Just last month, FBI Director Robert Mueller declared that cyber attacks may soon surpass terrorism as the number one security threat to the United States. Around the same time, former 9/11 Commission Co-Chairs Tom Kean and Lee Hamilton compared the nation’s unpreparedness to deal with the new security threat of cyber attacks to its lack of preparation for the September 11th terrorist attacks.
What better people to test and improve the nation’s security systems than those who know how to quickly find and penetrate its flaws? Some may object to this idea, as the term “hacker” seems to have developed a negative connotation. But hacking has its origins in a more benign, problem-solver mentality. Indeed, “the hacker way” concept recently popularized by Facebook’s Mark Zuckerberg suggests that hacking essentially means improving or fixing something and can be used for good. For this reason, some have suggested that one way to address cyber security issues is to recruit hackers.
Wagner indicated that governments have already attempted to do just that by sending people to hang around hacker trade shows. The Department of Defense will occasionally find someone who is on trial, he said, and will cut a deal with them. They’re doing “way too little of that,” though, according to Wagner. “They need a much more robust mechanism to try and coopt hackers to do positive work,” he said.
But getting Anonymous on board in any legitimate fashion may be a hard sell. “The mentality at work in hacktivism is one of trying to take apart world social appropriations and improve them,” said Stryker. And in the case of Anonymous, whose members praise anarchy and seem to constantly criticize government, the possibility that they will be willing to work for “the man” seems highly unlikely. So perhaps in the short-term, another way for governments to test systems—with no risk that hacked information will be used against them—is to adopt a sit-back-and-see posture, letting the hacktivists find what wormholes exist then going in to plug them.
One thing is certain: hacktivist attacks are on the rise, and it doesn’t look like they will let up anytime soon. The U.S Department of Homeland Security recently reported that between October and February there were 86 attacks on computer systems that control important infrastructure, databases and factories, compared with only 11 during that time last year. Could it be merely coincidental that these five months were also those in which the proposed SOPA/PIPA legislation spurred Anonymous to down dozens of major sites? Or in which the Occupy Wall Street movement emerged and the Obama Administration introduced legislation that would double current prison sentences for hacking?
The message from the hacktivists is clear. “If you want to see Anonymous rise up, try to shut down the message. Try to chill our speech. Then you’ll see what Anonymous can do,” a member of the collective says from behind a Guy Fawkes mask in the recent film, We Are Legion: The Story of the Hacktivists. Governments need only make attempts to further regulate the Internet, restrict flows of information or arrest other hackers, and hacktivists like Jeremy Hammond will retaliate. And for the time being, maybe that’s exactly what governments like the U.S. are counting on.
Jennifer Wilmore is a second-year Master of International Affairs student. This article first appeared in the Spring 2012 issue of CQ Magazine.