The hacker collective Anonymous and its factions LulzSec and AntiSec drew widespread attention between 2008 and 2012 as they tore loudly through the internet ruthlessly hacking websites, raiding email spools, exposing corporate secrets and joining the fight of the 99 percent. The groups seemed unstoppable as they hit one target after another, more than 200 in all by the government’s count. It seemed no one was beyond their grasp.
But then all went quiet.
The group was undone in part by Hector Xavier Monsegur, an Anonymous leader and government informant known online by the nom de hack Sabu, who was arrested in 2011 and quickly turned against his cohorts, helping the government arrest several key members in 2011 and 2012. Since then, aside from a couple of recent actions by Anonymous, such as Operation Last Resort, which targeted the U.S. Sentencing Commission and MIT websites to protest the unusually harsh prosecution of internet activist Aaron Swartz, and the recent leak of documents taken from Brazil’s Foreign Ministry, Anonymous has gone silent for the most part.
Those who have followed the movement closely say Sabu’s role in the arrest of Jeremy Hammond and others has had a chilling effect on Anonymous, causing members to lay low and worry if additional informants are lurking among them. But experts also warn that the sporadic nature of Anonymous activities is inherent in its makeup, and the group can be easily reconstituted and revitalized in an instant.
“It may never come back, but I wouldn’t count on it,” says Mark Rasch a former federal cybercrimes prosecutor and now chief privacy officer at SAIC. “Don’t throw away your Guy Fawkes masks just yet.”
Anonymous, he notes, is like a flash mob: It appears suddenly, acts quickly, then disappears. As long as the movement can attract new members, the arrests of former ones will have little affect on its survival.
“It’s not like you throw them in jail and they disappear,” he says. “It’s sort of like squeezing Jell-O. It just moves somewhere else.”
But while the amorphous, incognito nature of Anonymous is its strength it’s also a weakness in that maintaining strict and constant anonymity at the individual level is difficult to do and can lead to burnout as well as mistakes that expose members to arrest.
There’s also a basic conflict between the need to maintain constant anonymity while also establishing the kind of meaningful relationships with fellow Anons that make the movement effective.
“It’s extremely hard to … interact with people closely and have to hide yourself,” says Gabriella Coleman, a McGill University anthropologist who is one of the leading experts on Anonymous and whose book Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous publishes later this year.
“You’re not supposed to reveal much about yourself, but there is a kind of desire to connect and get to know each other,” she says. “Clearly if you do, you’re going to get in trouble. And if you don’t, over a period of time it gets exhausting. [Anonymous is] configured in such a way that it’s not ideal for its own social reproduction. But it’s ideal for its reinvention later.”
The Birth of AnonymousThe birth of Anonymous itself was sporadic and amorphous. It took form over several years, beginning around 2006 on the popular 4chan message board and in Internet Relay Chat channels. The initial group, if it could be called that, lacked the intensity and political fervor Anonymous later became known for, but drawing attention to their activities was one of their trademarks from the start.
The first Anons were in it for the lulz–simple amusement. In one of their first pranks they disrupted the virtual Habbo Hotel, an online hangout for teenagers, with a kind of denial-of-service revolt. They flooded the hotel with Afro-sporting avatars resembling “sharply dressed disco dancers” and blocked access to the hotel’s pool, according to Parmy Olson, who charted the rise of Anonymous and its splinter groups in her book We Are Anonymous.
The group’s focus turned to more serious matters in 2008 with Operation Basement Dad, in which members also got their first taste of widespread attention. The group created the @basementdad Twitter account in response to reports that Josef Fritzl, an Austrian man, had imprisoned and raped his daughter in the family’s basement for 24 years. Although the Twitter account was created just for laughs, it drew nearly half a million followers before Twitter shuttered the account.
But the group really got notice that same year when it took on the Church of Scientology after the church pressured YouTube into deleting a leaked video of an impassioned Tom Cruise extolling the church’s power and influence. Driven in part by reports that the church brainwashed members and punished those who challenged or questioned its dogma and leaders, Anonymous launched Project Chanology, a massive campaign against Scientology, beginning with DDoS attacks against its websites. The campaign, however, also moved offline with protests held outside Church of Scientology facilities and popularized two of the Anonymous memes that would become the group’s hallmarks: YouTube videos announcing their intentions using a computerized voice and the tagline “We are Anonymous; We are Legion” and the grinning Guy Fawkes mask members wore in public.
Just as Anonymous gained mainstream notice, however, it seemed to disappear. Little was heard from the group again until 2010, when Anonymous defended the cause of file-sharers with DDoS attacks aimed at the Motion Picture Association of America and others. But the move that really got the group attention was Operation: Payback (.pdf), a series of DDoS attacks against PayPal, Visa and MasterCard for their refusal to process donations to WikiLeaks after the site began publishing the leaks of Chelsea Manning.
When WikiLeaks drew attention to the DDoS attacks, interest in Anonymous grew exponentially. Participation on the public channel where members and spectators communicated jumped tenfold from 700 to 7,000 people, Coleman says.
But with the group’s new focus came conflict. The initial plan to support WikiLeaks only called for creating a mirror of the organization’s server and site. But then some in the group launched the DDoS against PayPal. This angered other members, who argued that the protocol for voting on the group’s actions had been breached, Coleman says. Some factions within the loosely affiliated collective developed a “hunger for leaking and hacking,” creating further division. The schism prompted the creation of AnonOps, a platform for organizing and managing different operations that was serviced by technical teams who provided support for the various operations.
The division in interests came into sharp relief in 2011 with the hacks of HBGary and HBGary Federal, which occurred around the same time that AnonOps was actively supporting the social revolutions of the Arab Spring. When some members, surprised by the ease with which HBGary was hacked, wanted to hack other corporations for amusement and for the purpose of exposing their poor security, it became clear that this kind of recreational hacking had to be separated from the political activism that was increasingly becoming the mark of Anonymous and AnonOps. Out of this division Lulzsec was born.
“The name Anonymous had become so synonymous with political activity, even if it was quite subversive and chaotic,” says Coleman. “[But] they started accessing data that had no political message. Lulzsec became the banner of doing it just for the laughs or for exposing bad security. Most of them were quite serious about their political causes, but also just loved to hack for the heck of it.”
Sabu’s ReignAnonymous was a loose collective with a decentralized command and leadership that fell to whomever had the skills or personality to seize it. Hector Monsegur, an experienced hacker who never finished high school, had both.
Monsegur, as “Sabu” had been part of a faction that, among other things, supported social revolutionaries in the Middle East. But he also had a hidden history of hacking for fun and, occasionally, profit–something that recently came to light in court documents. And so in May 2011 he shifted his attention from political activism to corporate and government hacking through LulzSec, which he founded with five others and led from his apartment in a public housing complex on New York’s Lower East Side.
Over 50 days, the group targeted media outlets, government agencies and private companies in an ongoing campaign that included a headline-grabbing hack of Sony Pictures Entertainment. During this time, Monsegur was a brash and bold leader who boasted loudly about LulzSec’s activities over Twitter.
“For many people he was a very symbolic figure. Although Anonymous claimed to have no leaders, it definitely had celebrities. Sabu was probably one of the biggest,” says Olson.
Offline, Monsegur was an unemployed, 28-year-old who bore the difficult responsibility of tenderly caring for two little girls, his cousins, who were left on their own after their mother was jailed.
But online, as Sabu, he was a temperamental man who was charismatic and friendly but was also feared as much as he was loved, Olson says. He regularly used his influence to his advantage.
“People loved giving vulnerability information [about web sites and servers] to LulzSec because they might get a pat on the head from Sabu,” Olson says.
But Sabu’s reign didn’t last long before it unraveled.
Aided by hackers who “doxxed” him by leaking information about his identity online the feds came knocking on his door on June 7, 2011 asking questions. Monsieur quickly admitted his guilt, although he hadn’t yet been charged with any crimes, and even confessed to criminal activity the feds didn’t know about. According to court documents, he flipped immediately and was already helping investigators target his cohorts the next day.
Rumor spread that he’d been arrested–fueled in part by his online disappearance for 24 hours after the feds seized his computers and by the previous doxxing. But despite this, many in the community were in denial and resumed their communication with him once he re-appeared.
“The people in Anonymous are not hackers,” Olson says. “They’re just young people getting swept up in this with no real understanding of hacker culture and the fact that informants are a huge part of hacker culture.”
This, she says, was their undoing. “I think that part of the reason it fell so quickly is that it was built on this superficial foundation of believing in this cause, but not really understanding the risks and consequences the way perhaps people who had spent years in hacker culture and hacker communities would have understood.”
Not long after Sabu returned online, members of LulzSec decided to disband their group. In the vacuum created by this decision, a new group named AntiSec formed to take its place. Sabu announced the change in a tweet sent on June 25, 2011: “We are working under the #antisec flag now gentlemen. LulzSec will live on forever as a successful operation. Much love to all.”
Monsegur, fully in charge of this new group whose work was now being directed by the feds, led AntiSec in a series of new hacks, including the December 2011 breach of the private intelligence firm Stratfor that resulted in thousands of the company’s emails being leaked online.
The hacking campaign continued for nine months until Fox News publicly exposed Monsegur in March 2012 in a story identifying him as an informant. Confirmation of what many had suspected for a long time hit Anonymous hard.
“That’s when people stopped going on the IRC channel. It was like tumbleweeds [in there],” Olson says. “People just became paranoid. They realized they couldn’t really trust anyone in Anonymous anymore.”
Three months after becoming an informant, when speculation about his work with the feds was still just that, Monsegur had talked about the possibility of being arrested in a phone call with Olson. He told her the feds “have no way to prove where I am or what I’ve done” and said he had no fear of going to jail should he ever be caught.
“If I get caught, I will plead guilty to the charges,” she says he told her. “All these kids want to play hacker, but when they get a visit from the police they all turn over. They would love to get a confession out of me. The truth is that the only way is if they use my kids against me. If they say they’ll take my kids away. I will not assist them. I will go down as a martyr, not a snitch.”
Notably, he also told her, “the FBI gives [informants] immunity to hack. You don’t understand [the] corruption.”
The reference is significant, because the FBI has been accused of using Monsegur to direct Jeremy Hammond and others to hack multiple victims. Hammond, who was convicted of hacking Stratfor, has said Sabu directed him to hack the company and provided a list of other targets.
“It is kind of funny that here they are sentencing me for hacking Stratfor,” Hammond told The Guardian last year, “but at the same time as I was doing that an FBI informant was suggesting to me foreign targets to hit.”
While Hammond was sentenced to ten years, Monsegur was sentenced on May 27 to time served – just seven months – as a reward for the assistance he gave investigators.
Authorities say he helped them nab at least eight of his former colleagues. Hammond’s lengthy sentence, no doubt, is intended to send a message to other hackers that their sentence will be severe if caught. Sabu’s sentence sends a different message, former federal prosecutor Mark Rasch says.
“Once you’re caught, you want to be the first one to testify” against your colleagues, he says. Because once prosecutors have secured the cooperation of one suspect, he says, they won’t be so eager to make deals with others. Sabu’s sentence also suggests that hackers who can provide extensive technical assistance to authorities in the way that Monsegur did stand a greater chance of leniency than run-of-the-mill suspects who have no special skills.
“If you’re caught in a scheme that is sophisticated and difficult for the government to understand, you have a better chance of mitigating your sentence [by providing expertise] than if you’re the average mope getting caught in some kind of criminal enterprise,” he says.
Whatever message the sentences of Hammond and Monsegur send, it remains unclear what long-term effect they will have on Anonymous.
Where Anonymous Goes From HereOlson says that Monsegur’s betrayal scarred Anonymous to some degree and has had an effect on it. But she says the movement was also a victim of its own success and notoriety.
“The catch-22 of Anonymous is that for it to be successful, it has to get a lot of attention,” she says. But it also “becomes so much easier to track them when people try to get notoriety.”
She suspects the collective is having trouble finding its footing without new leaders to move it forward. She believes most people are reluctant to expose themselves to the same risks Monsegur did. “Nobody else really had the balls to try, and perhaps rightly so, to fill that leadership vacuum because they could see very plainly that there are huge risks to trying to be a leader, even a symbolic leader,” she says.
The problem lies in part to the fact that the qualities needed to lead Anonymous are antithetical to maintaining anonymity. The job requires someone who is charismatic to inspire people to support a cause, but who also has the skill and discipline to maintain anonymity. It is difficult to master both of these equally.
But Olson cautions against writing off Anonymous. The collective has ebbed and flowed over the years, taking long breaks between attacks.
“I wouldn’t write off their existence completely just because they’ve gone quiet,” she says. “You never know what’s going to happen.”
Don’t be too quick to write off Monsegur, either, she says. He may well be back. Hacking, Olson says, is a game where people switch sides with some regularity. It’s hard to see Anons welcoming Sabu back, but Olson isn’t ruling out the possibility that he’ll be back in the game in some way.
“The internet has a short memory,” she says, “so a couple of years from now, he can reinvent himself. Who knows what he’ll be doing?”