search the site

Friday, June 24, 2011

Forcing Transparency Through Anonymity

 Change all of your passwords right now, make them all unique, a mixture of letters, numbers and symbols, and actually follow all of the recommendations that you have been ignoring for years about how to secure your data.  This is not just a friendly reminder, but a serious warning, because right now the utter failings of the current state of internet and database security are being exposed, and anyone could be potential collateral.  If you have any semblance of an ear to the ground when it comes to the internet, especially security, you have by now heard, and most likely become well versed in the exploits of LulzSec (a.k.a. Lulz Security), a group that has hacked and exploited sites as diverse as Sony, Nintendo, the CIA, the FBI, PBS, and various online games.  They have gone after targets big and small, some strategic, some at the suggestion of callers to their (surprisingly successful) anonymized call center, and have in the process released info ranging from internal network infrastructures, conversations exposing the corruptness of government employed “white hat” hackers, to the email and passwords of individuals.  Their actions are being met with a mixture of rage and support, with the cries of both sides reaching a higher and higher pitch as the situation escalates, and everyone waits to see what they do next, and how long they will remain anonymous, and therefore avoid prosecution.  And now, with LulzSec teaming up with Anonymous and declaring Open War on all governments and the companies/agencies that support them, dubbed #AntiSec (Anti Security), and encouraging people to expose and release classified documents, there is an international movement to force government transparency by using the power of being anonymous.  First though, a little background.


If you have not seen the work of Next Media Animation TV before, do not mistakenly dismiss it because of its comical use of 3D animation, when it comes to news involving the web, it is a lot more accurate than many conventional media outlets.  Compare how a CBS affilate attempt to explain a recent rash of #AntiSec graffiti, as opposed to NMA’s explanation of the recent joining of forces between LulzSec and Anonymous.


For the uninitiated, Anonymous is not a group, per se, but is decentralized, leaderless, and is connected purely by the fact that the people involved remain anonymous, and grew out of various online communities that allowed people to interact without revealing their identities.  This seems to be the first major point of confusion when most media attempts to explain Anonymous or their actions, especially in light of the attacks on MasterCard and PayPal, claimed by Anonymous in support of Wikileaks.  There is inherent tension in these statements though, because by definition Anonymous is not a cohesive, unified body, and no one that claims to represent or speak for Anonymous can actually have that authority.  This is why news organizations latch on to people like Barrett Brown, who as a self identified member of Anonymous, is someone tangible to latch on to, even as he tries to explain the contradiction of him being viewed as Anonymous’s PR person, even as he takes that theoretical role.  There of course is the question of whether he has even been involved with Anonymous in the first place, a fact difficult to prove either way.  What is known for sure is that he wrote an article for the Huffington Post in February of last year, before revealing himself as a member of Anonymous, where he predicted the use of Anonymous’s tactics to destabilize governments and change how people organize themselves.
Having taken a long interest in the subculture from which Anonymous is derived and the new communicative structures that make it possible, I am now certain that this phenomenon is among the most important and under-reported social developments to have occurred in decades, and that the development in question promises to threaten the institution of the nation-state and perhaps even someday replace it as the world’s most fundamental and relevant method of human organization.
He was then subsequently proven right, as the world watch the revolutions in Tunisia, Egypt, and other countries, organized through the internet, aided by Anonymous, using technological tricks to circumvent blockades and avoid detection, spreading information and transparency in a fashion impossible ten years prior.  All of this led to Anonymous developing a reputation of hacktivism, using the techniques and tools of hackers to perform social good.  This runs contrary to the older stereotype of Anonymous, of 15 year olds messing with peons for the lulz.  What are lulz you ask?  Peter Sobot summed it up quite well recently on Twitter.
Lulz is having a laugh at the misfortune of others, especially if that misfortune is of your doing (and yes, if you were wondering, it is a bastardization of lol).  So how do you reconcile these two seemingly incompatible personas that are both referred to as Anonymous?  LulzSec seems to be that hybrid, the group that exposes the flaws in internet security and the corruptness of government affiliated organizations in a manner than could easily result in a grandmother being sent boxes of sex toys from her Amazon account, because to them, this is an entertainment bonus.  Any question of the dual nature of their organization was washed away when they released their manifesto in celebration of their 1000th tweet.
While we’ve gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…
Do you think every hacker announces everything they’ve hacked? We certainly haven’t, and we’re damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly. We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach.
Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
Most of you reading this love the idea of wrecking someone else’s online experience anonymously. It’s appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend’s recently stolen MSN account, and there’s certainly no limit to the lulz lizardry that we all partake in on some level.
They are rejecting the overly serious veneer of the hacktivist Anonymous, instead being as sarcastic and irreverent as they choose, all while taunting some of the most powerful entities in the world.  Their increasingly popular Twitter stream does not read like paranoid, conspiracy theorist ramblings, but the boisterous shouts of people embarrassing those in power, who are having a hell of a good time doing it.
 
They are hacking into such high profile sites as Senate.gov, and posting the internal infrastructure, using methodologies both advanced and so basic that can be learned through watching Youtube.  That is the power of their declaration of war, the mobilizing of online forces to attack targets that should be much more secure than they are, and turning the whole thing into an entertaining circus that can be followed by a simple hashtag.
Welcome to Operation Anti-Security (#AntiSec) -- we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.
Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.
The governments of the world are being attacked under the rally cry spawned by a group of (supposedly) six people, who represent themselves as a top hatted man, with mustache and monocle, drinking a glass of lizard blood (do not mistake it for wine), who have given every bored 15 year old with antiauthoritarian impulses (read: every 15 year old) a battle cry and a set of tools that they can use to prove the institutions of the world fallible.  This is the DIY ethic, the Maker’s Bill of Rights approach to government, that if you can not open it up, take it apart, and make it your own, it is not your government.  It is not about them being an elite team of hackers (which they very well could be), but about how simple it is to create this level of havoc with basic tools, and how unprepared people, companies, and governments are for this very real threat.  They are doing it while mocking detractors, posting links to absurd videos, answering phones with fake french accents, getting donations through Bitcoin, and laughing as their enemies get arrested instead of them.  They are doing it while the US government allows increased FBI surveillance while funding projects to undermine the security of other countries.  They are doing it while releasing the email addresses and passwords of 62 thousand innocent people.  Love them or loathe them, LulzSec is propelling a movement that they know is much bigger than their “lone ship.”  The biggest mistake that people could make is to think that this a fluke, a media frenzy that will end when the people behind LulzSec and their supporters are brought to justice.  This is the new nature of our connected and information rich society, where a group of people that have likely never met in person, have no centralization or traditional hierarchy, whose numbers and goals can fluctuate by the second, can bring the informational backbone of a country to its knees.  The only way that a government can become truly invulnerable to attack is to become completely transparent, to have nothing to hide, nothing to leak, to function in a manner fundamentally opposite of how we have experienced government so far in history.  LulzSec knows that they are just a part of a larger puzzle, and in the long run, that what they do will not be important.
Nobody is truly causing the Internet to slip one way or the other, it’s an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that’s yummier. We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be. But you know, we just don’t give a living fuck at this point -- you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.
This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There’s losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we’re fully aware that every single person that reached this final sentence just wasted a few moments of their time.
Thank you, bitches.
Lulz Security

Via: http://d-build.org/blog/?p=2579

No comments: