Understanding hacker collective Anonymous and Operation Ferguson
As tensions flared in a St. Louis suburb after the shooting of an unarmed black teenager, Michael Brown, by a police officer, hacker collective Anonymous stepped in. The group shared information online about the situation, and some attempted to identify the then-unknown shooter in the case. But while the group got some things right, it got others wrong — including the alleged name of the shooter, now identified by police as Officer Darren Wilson.
On Thursday, The Washington Post spoke to Gabriella Coleman, professor at McGill University in Montreal and perhaps the researcher most plugged in to the Anonymous community, about the different tactics at play in ‘‘OpFerguson.’’ Coleman’s book on the hacker group, ‘‘Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous,’’ is due out this fall. Excerpts:
Q: How do you see Operation Ferguson fitting the pattern of Anonymous related actions?
A: On the one hand, it really follows older patterns in a couple ways. First of all, the way that it came to be... It unfolded the way that often happens with operations. Someone who is involved in the issues or who cares about it outside Anonymous reaches out to Anonymous. In this case it was a local rap artist, Tef Poe. So he reaches out to someone on Twitter and says, ‘‘Hey, this is happening, can you get involved?’’ Then this person on Twitter reaches out to some of the big accounts and says, ‘‘Hey, can you create some viral memes and images and tweet about what’s happening?’’ And boom, that starts the fire.
That process has definitely happened before in many operations. What’s interesting in this case is that then a couple of people who were old-timers decided to come back and get involved. One of the people who got involved is a very talented video maker. He has made well over a hundred videos [on behalf of Anonymous] but had taken a long break. What was interesting was how older relationships teams came into being and became involved.
But I’ve also seen a lot of newcomers get involved in the operation — it’s been a long time since an IRC (internet relay chat) channel has been a kind of hub of activity because people were scared off and were using encrypted channels of communication. But in this case for some reason the IRC channel became extremely important for the operations. That was interesting because it felt very old school. But on the other hand, from a security question it raised eyebrows, as well.
Q: There have been a variety of security-related issues that came up around the OpFerguson situation — including an alleged honeypot where someone set up a fake website for the project and claimed he was going to be collecting IP addresses to hand over to the authorities.
A: Yes, there was someone who disliked Anon quite a bit and was very explicitly trying to harvest IP addresses. And then on top of that, similar to Operation BART [around, in part, the shooting death of Oscar Grant], which has a lot of similarities to this operation, there have been some of the kind of more controversial interventions by Anonymous.
One was when the Twitter account TheAnonMessage said they were going to release the name of the police chief’s daughter. People within Anonymous were kind of aghast at that, asking, ‘‘Is this false flag? What’s going on?’’ And they did retrench and say, ‘‘We’re not going to do that.’’ It’s also very possible that was a stunt, as well.
It was very interesting this morning [Thursday] when the public channel, when they were debating whether to release the name they went ahead and released — because there were some people who were advocating for a little bit more research and time. But then there were others who were saying: ‘‘No, no let’s do this now. Even though the evidence isn’t foolproof, it’s pretty strong, and we’re going to go for it.’’ Of course, then some people say, ‘‘Well is this again false flag operation? Because if this is wrong, it’s going to discredit Anonymous.’’ And then on the other hand there are others who say, ‘‘No, this is just how Anonymous acts — they’re very whimsical, experimental, and often act in the heat of the moment.’’
I think both are completely plausible. It’s definitely the case this morning, when they were debating whether to release the name and a lot of people admitted the evidence was strong but circumstantial — they still favored releasing it because it would force the police department to eventually release the real name.
Q: The police department has confirmed that the name they ID’d was incorrect.
A: I’m not surprised. I was really surprised that they released it — because again as they themselves said [on IRC], the evidence was not foolproof, but circumstantial. I looked through everything, and my assessment was there was a 50 percent chance, which is not very high, that [the shooter was] the very person who they ID’d. There was a very good chance he was at the scene, but very little evidence that he was the one who pulled the trigger. There was much better evidence that he was at the scene.
Q: How often would you say Anonymous is wrong on these things?
A: I would say, actually, more rarely. Amanda Todd is another really good example — a young woman who committed suicide, and some random folks in Anonymous New Jersey identified someone involved and were completely wrong. It would be really interesting to compare the moments and methods from when they are right and they are wrong. I do know with the rape cases [like Steubenville, Ohio] there were really teams in operation who worked with just a handful of people and were in touch with people on the ground. They were also not willing to release things until they were pretty sure about things. It would be interesting to see if it’s that kind of public/private divide combined with a small [group] versus the situation this morning, which was like dozens of people debating, ‘‘What do you guys think? Oh, well my gut says this...’’
It was very different. But generally in a lot of instances, they’ve gotten right — they’ve either ID’d people or accessed information that turned out to be legitimate information, which is slightly different.
It’s not unique that there are different strands at the very same time in conversation and in conflict with each other. I would say it’s particularly intense with this one.
Q: What do you think it says for their credibility when they get things wrong?
A: I think it definitely hurts them, because already it’s a controversial act even when it’s right. So when it’s wrong, it’s doubly controversial. And again, it’s controversial even within Anonymous. There were some people in there saying, ‘‘Can we hold off on this until there’s more research?’’
Q: Can we talk about the mechanics of how they’re going out collecting this kind of information and what sort of vetting process is typically used?
A: With some of the past operations where they have gotten things correct or landed on some important data, such as with Operation Steubenville, where they were able to get screenshots of the evening of the sexual assault, that has proceeded with very small teams in private where people were working with others on the ground — other people on Facebook who went to the same high school as the Steubenville woman, for instance. It happened in a very slow fashion. It’s pretty precise, I would say.
What I saw Thursday morning was in some ways the opposite. It was on a public IRC channel, and people were posting images of the alleged police [shooter] on IRC, posting pictures of his Facebook page and comments. They were comparing this image of him to ... one on the street, and it did look like the same person.
Then the comments were what was used as the ‘‘proof’’: Because this person had changed his name, he was trying to hide — these sort of things they felt were the basis for him being the perpetrator. Again, this was happening on the public channel, and everyone knows there are probably government authorities on the channel, so I found it a little unusual.
It’s not completely out of the ordinary in so far as operations in the past — in 2010 and 2011, [it] would often proceed in this way. But after a lot of the arrests, people became a lot more careful. In this scenario you [either] have something where people have already forgotten and there are enough newcomers that they’ve already forgotten the lessons about security, or something more nefarious is going on.
Q: Something nefarious?
A: I have, of course, no proof of anything. But it is conceivable and very easy to have planted agents on these channels and offering this information to sort of push Anonymous to release incorrect information to discredit the group. That is within the realm of the possible, given what law enforcement does with any activist organization. So why would it be any different with Anonymous?
It’s always difficult, because in some scenarios it’s definitely the case and in others it’s definitely not the case. But it is just something that’s possible. And people do talk about this and think about this. They do so a little bit more privately, but it was very different with Operation BART, which was a big Anonymous operation in August 2011. It had huge support of those in Anonymous and outside, and the first interventions were just to organize protests and publicize the issue. Then a hacker came along and hacked BART and also the police group associated with BART, releasing a bunch of names of both customers and police officers.
This was one of the very first times when people involved were like: ‘‘Is this a false flag? Is this happening to discredit Anonymous?’’ In the end there was actually very little evidence that it was a false flag, and the person who did it wrote this justification about why she went and did it — she claimed to be a 13-year-old French hacker who was hacking for the first time, which I don’t think is quite true. But ever since then, many different operations that are controversial will spur Anonymous to ask that question, understandably.
In Operation BART, I think Anonymous was central in transforming the issue from sort of a regional issue into sort of a national issue. [Ferguson] is one that became national almost right away. But then Anonymous hopped in there and definitely kind of amplified what was going on in terms of the media stories, but wasn’t necessarily essential in transforming it from kind of regional issue to national issue. But in many, many other similar operations they’ve gotten involved with in the past — with Steubenville, with BART — that was their really sort of unique and important role.
Q: Do you think that shift in how and when Anonymous came into this topic influenced who came on board — like the influx of newcomers who may be unfamiliar with their general methodology and security practices?
A: Absolutely. Also, I do think it’s really interesting to see that it’s one of the first times that we’ve seen large African-American populations on Twitter taking notice of Anonymous and starting to debate them. There’ve been some fascinating questions raised about how — because protests on the streets and marches don’t work anymore — not necessarily just in Ferguson, but in general. And of course, other people [were] being critical of what they’re doing, but it’s certainly the case that with something like Anonymous people outside the tech community seem to [notice]. Feminists came across them through the rape cases, and now the African-American population is coming across them through Ferguson. These different population come across Anonymous at very different moments, and their understanding is understandably colored by those specific operations.
Q: Can we talk about the different tactics being used here? It seems like there are almost two distinct, parallel tracks at play — a campaign to provide transparency and accountability, but also reports of people trying to hack the police department.
A: I would say that that has always been a kind of classic bifurcation in Anonymous where the great majority involved are simply wanting to publicize the issue — they’re not wanting to kind of engage in controversial actions that kind of contradict their mantra. So a lot of people in Anonymous are for privacy. But then obviously some people go ahead and hack and release people’s personal information, and that violates privacy, right?
This constantly recurs in Anonymous, where the great majority are for privacy and don’t want to see people’s privacy violated — then someone goes ahead and does that... It’s usually pretty controversial within Anonymous. That being said, I think many people wouldn’t mind having Anonymous release the name of the officer, if they got it right. And the reason for that is that they would say that the public has the right to know: He’s a public official, he did something that has grave political importance, and that name should be public. That would be uncontroversial.
Going ahead and doxing [releasing identifying information about] all sorts of other people... Some people would support that, a minority, for the purposes of getting media attention, period. It’s like, this is a mean that justifies the ends. Then there’s another kind of group that would say that it’s unnecessary — and this all exists within Anonymous. It’s always this cacophonous, discordant group where there’s some consensus on some issues and a lot of dissension on a number of the most controversial issues.
Q: You mentioned there that the great majority are really just interested in publicizing the issue. Can you go a little more into what you think the motivations are?
A: One of the things that’s really interesting and was surprising about my research was that once people started to be unveiled because of arrests and these sorts of things, Anonymous really attracts a diverse number of geeks and hackers whose motivations and political orientations are quite distinct.
For this operation, for example. Some people operating under the banner of Anonymous are classic anti-capitalist anarchists with a huge dislike of the police. Part of their reason for getting involved in this is part of that anarchist sensibility.
Many Anons are not anarchists. They have different political sensibility — from being Democrats and Social Democrats to liberals or progressive, or not identifying with any political orientation offline at all — [and] are involved because they see it as battling injustice and corruption. It’s certainly the case that with Anonymous, if one of their operations gets picked up by the media and it balloons and mushrooms, that alone seems to attract people, as well, to continue to participate in the operation. So there’s sort of a feedback loop, as well.
Q: What’s the general technical level of skill required for some of the hacking exploits being pursued by some in the group?
A: This is another interesting thing about Anonymous: It attracts those with some pretty deep technical skills to those with no technical skills — one can find a place and a home with Anonymous. Historically, and with Ferguson and OpBART and even LulzSec, many of the hacks were not rocket science, as I like to say — it’s more a reflection of the sorry state of security on the Web. That said, definitely a handful of people like Jeremy Hammond and Mustafa Al-Bassam are really, bright hackers — extremely bright. That’s, I think, the interesting thing about Anonymous — you definitely don’t need people with deep, deep skills.