Absolutely fantastic article over at Ars about a guy trying to hunt down Anonymous – which cost him and his company dearly. “Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code. […] But had he?” A comment to the article says it best: “Personally, I’m rooting for Anonymous. I may not care for their attitude or their methods sometimes, but I think a little fear and caution on the worst excesses of those who would impair our rights is good thing.” Governments and companies should fear the people – not the other way around.
Unfortunately Governments can, have and do make people just disappear or meet mysterious ends.
Edited 2011-02-10 11:54 UTC
…hence the use of technology to remain ‘anonymous’, and the general public support despite the childish nature of their actions.
+1
I rather their actions be childish than physically harmful.
Yea, me too. Unfortunatly that’s a bit of a false dicotomy, isn’t it? DDOS attacks would seem to fall into both categories.
Then again, I suppose it it’s still better than physical violence.
Edited 2011-02-10 14:30 UTC
It’s akin to real-world protests, like blockades of factories or government buildings and such. Perfectly allowed, and a key power of the people in ensuring their well-being. I see no reason why real-world protests should be accepted and protected by law, while digital protests are not.
Hi,
While there’s special provisions for real-world protests, there’s also special provisions to ensure real-world protests don’t (for e.g.) block access to people going into premises. For example, if you’re protesting against ice-cream then you can stand on the footpath/pavement yelling and holding signs outside an ice-cream shop, but you can’t prevent potential customers from going into that ice-cream shop.
While there could be special provisions for digital protests, there should be special provisions to ensure digital protests don’t block access to people going to web sites. For example, if you’re protesting against ice-cream then you can put up your own “No ice-cream” web sites, YouTube videos, articles, etc all over the place, but you can’t prevent people from going to an online ice-cream shop.
Note: I don’t see the need for special provisions for (the non-DDoS form of) digital protests – it’s already covered under “freedom of speech”.
– Brendan
No, your example would be analogous to protesting in San Francisco while you want to educate people to go into a specific ice-cream shop in New York. A more proper example would be allowing the deface a website yet leaving a link in an obvious place on the page to the original page, so that everyone walking into the ice-cream shop can see your sign, but they can still enter it.
Interesting idea. I really can’t support breaking into servers any more than I can support DDoS attacks. At least your suggestion mitigates damages without mitigating the activist complaint.
Ah.. but we know how this would end.. idiot breaks into server, instead of just defacing the site idiot pops the passwords and the rest of it with a nice big “na na.. your security sucks and I’m totally l33t3r than you is!”.. which would pretty much take any productive affect away from the defacement and political message.
In this day and age, “Virtual” attacks are just as severe as causing physical damage.
Let me quote from this very article:
That’s a pretty harsh form of “protest” if you ask me.
Edited 2011-02-10 15:28 UTC
Did anyone die? Did anyone loose a drop of blood? Did anyone even scrape a knee? Were any buildings burnt down?
Let us keep “virtual” in perspective. Physical damage is several magnitudes worse than any kind of virtual damage as anyone in any of the world’s hotspots can attest.
Edited 2011-02-10 16:35 UTC
That’s a somewhat extreme position to take. There are several magnitudes of “bad” before you reach murder.
I’d sooner have a “scraped knee” or cut arm than lose my job because the company I worked for had to lay off staff due to the cost of virtual attacks.
Wounds heal themselves however bills don’t.
Buildings can be rebuilt. Smashed windows can be replaced and so forth.
Yes it might place a financial burden, but so does a loss of virtual data.
Your comments are as if we, as a global population, have somehow forgotten how to build and repair tactile property that we once constructed.
I am. given the high value and global dependance on “data” – which essentially is just a virtual commodity, I’d say “virtual” attacks can be pretty serious.
We live our whole lives dictated by the strength of the local and global economies – all of which is essentially just a virtual number.
Our salaries are calculated virtually on computers then sent “virtually” to other computers (often, for example, via BACS). It’s all a virtual process. Nothing physical has traded.
Our modern day communication (e-mail, text, social networks and even phone calls) are all handed “virtually” by computers. We don’t use carrier pidgens nor smoke signals – we depend upon virtual bits on a computer to be traded, or in the case of phone calls, the telephone exchange software to correctly relay the number I dialled to the requested destination. Again, it’s all a virtual process. We no longer have telephonists working behind huge banks of physical sockets using jumper leads to make a phone connection. A have computers to do this virtually instead.
Nearly every single aspect of our modern day lives is dictated by computers. So don’t give me this bullshit that “virtual” data is trivial and irrelevant.
In fact, if anyone would spout that crap, the person I’d least expect to hear it from would be a geek on an IT news forum.
As a geek in an IT news forum, I’m here to warn you that our lives are being run for us these days – we have little control over what happens, and we better prepare for the worst – as this virtual world that runs us is more dynamic than we can imagine. Can you sustain your own life daily without the internet and all the convenience that it provides?
I’m not being alarmist, just realistic, too many people have become dependent and complacent.
Well that was my whole point.
People say “it’s only virtual, it doesn’t matter”, but the reality is our lives are governed by this “irrelevant virtual shit”.
I’m not about to say that virtual stuff matters more than physical stuff – however our dependance on virtual data makes it every bit as relevant as bricks and mortar
Edited 2011-02-10 18:19 UTC
The takeaway lesson is supposed to be: Reduce your dependence on “virtual shit” and get your head out of the clouds (double meaning bonus!)
I’m the only person I know who doesn’t carry a cell phone 24×7… that scares me. I don’t even own a cell phone (although, my wife owns two pay-as-you-go phones).
I won’t pretend that the internet isn’t a major part of my daily life (both at work, and at home), but this “always connected” lifestyle is disturbing when one realizes how dependent people have become on it. I’ve stepped back and analyzed my dependence on the internet and virtual infrastructure, and it’s scary. I hate that feeling – I try to take minimal steps all the time to reduce my dependence, not increase it.
I sure hope that you don’t use direct deposit, debit or credit cards, or even have a bank account because guess what? They use Internet technology to transfer funds. So does any government service that you are required to use. Not having a cell phone, or using a PC, is only the part of the iceberg showing. The rest is below the surface and you would be best served to recognize that. Unless you live in the mountains, completely self-sustained, you are more connected than you realize.
Yes, I’m well aware. Fortunately my finances are in pretty good shape – I keep a bit of cash in my safe. In the event of a major economic/financial disaster, however, I’m not sure that money will be worth much. At that point, the economy is likely to fall back to currencies such as gold/silver, and bartering. I am an extremely versatile person, experienced in all aspects of life – building/repairing homes, repairing cars, some aspects of farming and hunting, etc. I suspect if it comes down to bartering, I can survive.
I do live in the “mountains” – I have a small chunk of land, can raise and butcher my own livestock, and can grow my own food if I must. Due to my constant power outages each winter (sometimes up to a week at a time), I am setup to sustain myself without power as well.
I also own several guns – which are going to be important items to have in the event of a “virtual failure”… I do try to plan ahead, for the potential worst. If it never happens in my lifetime, great! At least my children will learn something from it.
That said, I work in the valley, in a suburb to a large California city, and it almost pains me to watch people there live a completely different, sheltered life. To Each Their Own, I suppose.
As I said, I’m not alarmist, but realistic. There’s always the possibility – but I also believe that in the event of an infrastructure failure, it will only be temporary. As long as I can survive for a few weeks or months on my own, I think I’ll be far ahead of the majority of people out there.
This thread has taken a turn for the weird
Isn’t that what happens when people start discussing “infrastructure failure”?
Prior to the recent crazy ice storm, I evaluated my family survival position.
Yes, we’re prepared. Barring a nuclear assault on tier-3 strategic targets.
Yes, it’s not that hard but since I have the choice I’d rather not.
Sure, let’s keep “virtual” in perspective; are all staff at the affected companies decision makers deserving of criminal attack?
I mean, this is excessive.. even as a network attack it’s excessive. It’d probably put a smaller company close to bankruptcy or at least shatter it’s ability to do business with others. Yeah, I know.. the plan was to cause the company harm but how many of the employed staff deserved the harm? Deleting backups is far beyond just affecting Barr (the target of the attacks).
This was children running rampant on keyboard courage. This was group-think maliciousness not responsible political outcry. Remember it’s about the LOLs.. the kids join into the actions that get them the best LOLs not that produce the most effective protests.
If you really think this kind of virtual attack is no biggy.. please post your personal contact information, internet connection details and details for any connected systems in your home. If you’ll just sign this waver, we’ll get under way and you can show how it’s no biggy to be digitally brutalized.
The question is not whether it’s harsh, but whether it’s justified. HBGary may be ‘private industry’, but the fact that it is taking public funds makes it complicit in the war against personal privacy and government transparency–and this war is directly linked to the fact that Americans are being sent into harm’s way in the Middle East–for what, exactly? Wikileaks and Anonymous represent an attempt to restore the balance in a time when both governments and the financial elite* are showing complete disregard for the private citizen. Comparable times in history show that sooner or later there is a popular revolt, and there is always violence of some sort. Those who do not learn from history…
*Banking has always been a part of war–in fact often an instigator of it. Also see: bailouts, currency manipulation, debt abuse… sooner or later the hard-working private citizen needs to realize he is being used.
I do appreciate all of that and wasn’t blind to it even prior to your post. However 2 wrongs don’t always make a right.
This is where I sit on the fence.
I don’t agree with Barr in the slightest. However I also can’t help but think that sometimes Anonymous’ motives are far from genuine.
Take the example I gave earlier – DDOSing was not only expected but also understandable. The harvesting of the e-mails was perhaps forgivable as well given the potential personal threat they held. However (and if they’re to be believed) the remote wiping of Barr’s iPhone and the 1TB of erased data seems a little more vindictive than protest or even “self-defence”.
Sometimes I feel like Anonymous treat this like a game rather than them taking a reasoned political stand.
Whether that is just due my interpretation of their use of language (eg them using internet memes to express a point) or whether my point is true, I haven’t a clue. I’m not even sure anyone really knows.
We see it time and time again throughout history where some individuals use the pretence of political protest to exercise their own destructive traits. A current example is how – in the UK – recent Uni fee protests were often over-shadowed by individuals using said protests as an excuse to cause a trail of destruction. Kids like that are “in it for a laugh” rather than standing up for what they believe in.
So I prefer to sit on the fence. I agree with some of Anonymous’ actions – many of them in fact. I also agree with the general motives behind their protests. I just don’t trust their motives.
Bah, standard silly-kids script-kiddie bragging.
Come back when you can do something constructive with your talents Anonymous, presuming you have any (which is very much in doubt).
I’d prefer effective mature actions. DDoS is really not an acceptable and effective response. It’ll only end in tears and won’t further the activist goals claimed under the name of the attack.
Those two are not mutually exclusive.
Arguably good intentions are no excuse for the crap they pull. We don’t need virtual Robin Hoods running around waging a war of public opinions, we need accountable individuals to step up to the plate and do things the proper way. Leaders, not puerile punks hiding in the shadows and spin doctoring their mischief into some sort of quasi political statement when it’s convenient
…came out of this than just a childish prank. The emails stolen and published by Anonymous have yielded some interesting information. Check out:
http://www.securecomputing.net.au/News/247706,secret-plan-to-kill-w…
It seems that HBGary where involved with two other security firms in an attempt to discredit wikileaks, a campaign that has met with some success.
Aaron has just scored an own goal. That has got to hurt!
I can’t refrain to think that if I was an Hollywood novelist, the story will be more funny if Barr was in fact an Anonymous infiltred at HGBary!
Because the whole end result of his actions make only sense that way.
Or he was just underestimating them or overestimating himself? Not “or” but “and”?
Nah, this version won’t sale in movie theaters.
I am surprised at the support the group are still generating considering how unscrupulous their tactics are.
How would you like Your personal details and correspondence distributed?
In the UK at the moment there is a ‘scandal’ going on where newspapers hacked politicians mobile phones to snoop on conversations. This is being followed up by the EU and UK legal systems as breach of human rights.
I see the actions of anonymous as no different.
I dunno. Barr was claiming he could “expose” people that, according to Anonymous, are innocent. He was also planning to meet with the FBI, and was doing this for money, when his own coder told him that he lacked certainty of what he was doing.
If Barr was merely doing this as a research exercise, and wanted money to support the research, I’d be more sympathetic. Once he starts making exaggerated claims about his success, and tries to exploit the willingness of the FBI and/or the military to throw money at any fast-talking snake-oil salesman, I’m not inclined to sympathy.
In fact, it’s possible that Anonymous just saved taxpayers like myself a boatload of wasted money.
There is blame on both sides so I don’t intent to defend Barr as some white knight.
If it had been his coder or another whistle blower leaking the details related to Barr’s findings and lack of substantiating evidence then all is good. I could respect that.
The issue is that there is an effective response to a threat/attack/event and there is an excessive response. They shot far past an effective response.
As much as you are right from the moral perspective, how many villages have the US leveled in Afghanistan? You think EVERY person, men, women, children in the village were combatants? We harm innocent people all the time in the name of what we think is right. You can’t very well blame Anonymous for doing the same.
Actually, we SHOULD blame them (both) for exactly that!
(but comparing what a group of “crackers” is doing to a war is just nonsense. Can I read the digital version of the Geneva convention please?)
oh, thats ok then. We have done it before so we shouldnt say its wrong in the future.
So, Anonymous should be held down to the same standards as it’s targets rather than held up to the standard they demand from targets then?
Bob slapped Alice once so it must be perfectly ok for John to slap Bob right? There couldn’t possibly be a more productive and effective way to respond to the initial violence and stop it’s happening in the future?
That what happened when the Law Order camp don’t respect their own laws to fight against a threat without having first made the proof that 1) wikileaks was criminal (AFAIK Wikileaks and its founder don’t fall under US laws scope) and 2) the threat is so huge there is no option but to *not* fight it lawfully.
One can’t play with laws limits without consequence.
That’s *also* true for governments.
While I agree two wrongs don’t make a right, the “right” side can’t expect to convince anyone to join when he’s jumping himself on the wrong side…
since you obviously poses superior brains… explain this to me.
how else can you fight and respect the law, when other side makes it? remember that barr was in contact with fbi and anonymous are in contact with wikileaks. additionally, barr also exposed names and information (as said… wrong one) as the first shot in this war.
i guess… in the start… instead of posting documents on web wikileaks should turn them over to fbi and say “we found these, please let public know”
i’m all for fair fight, but when one side breaks and creates laws… how can you fight fair?
Governments and companies should fear the people…
ABSOLUTELY NOT. Fear is a very bad motivator, leading to very bad consequences. Governments and companies should RESPECT the people.
Edited 2011-02-11 00:02 UTC
The proper statement probably should have been: “Corrupt governments and companies should fear the people”
I do not remember who said that, but there is a saying like this: “if you do the first attack do not count on a proportional/equivalent response.”
I also like very much the old “The Art of War” and its lessons. You must know your enemy and you must know yourself. Seems to me that the poor guy did not know both.
As an old friend and once co-worker used to say at the end of meetings with our boss (after he leaves): there are people that know a little; there are people that pretend they know and there are people that do not know that they do not know.
The DDoS of various websites could be considered protests, as there was no circumventing of digital security, it was not a computer crime. They installed programs on THEIR OWN computers that started multiple transactions with the websites, as defined by HTTP.
The transactions were never followed through, but the websites spent some resources waiting for the rest of the transaction, until the time to die was reached.
It can be compared to a sit-in, which was used as a form of nonviolent protest during the civil rights era.
The hacking of HBGary Federal was a crime though, as they did circumvent digital security.
I feel no pity for HBGary though. They went about their business in a totally retarded fashion.
The law in question: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
The DDoS can at best, satisfy one of the second parts of part 5: the loss > $5,000.
However, it does not cause damage nor access a computer without permission, and therefore does not apply.
Edited 2011-02-11 05:42 UTC
Nobody has commented about the coder so I’ll pay him some respect.
Although some of his reticence might have been caused by “fear of Anonymous” as put in the article, I think he’s taken a more than reasonable stance, I could even say “laudable”.
Honestly, given the experience I’ve had in the workplace, I would have never thought that he would question requests made to him; that’s some courage that I’ve not seen in real life and that reminds me of those moments when I too questioned the relevancy of workloads, pointed out the stupidity and ignorance in some particularly inept client requests. I’m not saying I’m courageous as I ended up doing what was asked, which, most of the time, turned out to be just as wrong or ineffective as I had warned. I left that job out of frustration and lack of support from co-workers and the hierarchy.
I’m sorry to be such a bad heartless human being but I find the whole story both laughable and funny. A picture-perfect example of what a mix of cockiness, ego and vanity can bring to a person’s world.
Wait, are you talking about that moron Barr or the other ones?
Of course I’m talking about that quasar-brilliant highest-IQ-in-mankind-history Barr character.
Seriously, I almost fell off my chair reading the 3 or 4 pages, especially the exchange between him and the programmer about his gut feelings and how often they turned out wrong rather than right. Typical example of “I want life to be like this so it will be”. But no, sorry to tell the plain truth: most often, a human being’s will is not enough to twist and bend their world, life, whatever (hey, nobody but Steve has a distortion field powerful enough!). And yes, the coder is right about gut feelings… they’re unreliable at best and sure as hell, I wouldn’t wager even a pint of beer based upon mine. I guess my pal Aaron learnt it the hard way. But all of a sudden I’m wondering, do people that arrogant learn? I’d speculate that they just feel jinxed, reject responsibility and move on.
Dear Aaron, I love you for having made my day. Truly. You deserve a Darwin award. In a few days I will have forgotten about you though.
Anyway, the story felt incomplete to me as I still don’t know whether he’s been fired or not and how the selling of the company went. I hope we’ll find out.
Give this an a medal.
Cheap platitudes about freedom and the innate EEEEEVILLLL!! of governments and corporations aside, these people are still nothing more than a group of adults who have failed to mature, creating a self-sustaining mob culture.
Maybe the reason Anonymous is so harsh on Objectivism and Scientology is because they’re trying to weed out the competition?