The 13 Best Hacker Attacks Against Military Security Companies, the FBI, the Kochs ... and Arizona
"Anonymous" is a nebulous collective of hackers who, for several months, have been waging a campaign against institutions and governments that seek to censor the web and hinder free expression. Their brand of cyber activism—"hacktivism," as it were—has engaged in various types of protest and civil disobedience; they have pulled down websites, unleashed documents, and challenged the security of various sites. And, since brother group "LulzSec" launched its politically minded "AntiSec" initiative in June, their targets have been increasingly purposeful, and often executed in solidarity with real-life protesters on the ground and in the streets.
For instance, on July 12, in what Anonymous called “Military Meltdown Monday,” they released documents obtained by hacking into Booz Allen Hamilton, a company providing apparently pallid web security for major government and military agencies—a breach that resulted in its stock dropping 2.3 percent. After unleashing 90,000 logins and passwords from the Army, the Navy, the Department of Justice and NASA,
Anonymous tweeted out their caveat: “We are not your enemy. Here is just a fraction of what we decided to not publish: http://imagebin.org/162370 | Silent No More. #Antisec.”
Anonymous tweets and public statements are generally rife with mischief, often ribbing their targets for failing to provide the super-tight security they promise their high-level clients. But the bigger picture is that, even though most of Anonymous’ leaks over the past month have consisted of passwords and email addresses, as they’ve run with the now-defunct LulzSec’s #AntiSec torch, their actions and public statements are increasingly conscientious and pointed. As #AntiSec was initially spurred by WikiLeaks—mirroring their hero Bradley Manning’s concept that “Information Should be Free”—so too they’ve picked up that site’s original moral mission.
Here, possibly the most explosive and/or useful hacks since Anonymous and LulzSec became "hacktivists."
1. HBGary’s WikiLeaks Target Document For Bank of America
As the Atlantic pointed out in its solid timeline of the current hacktivist generation, Anonymous’ hacking into web security group HBGary was a turning point. In their hack of nearly 70,000 emails—made in retaliation for a staff member who threatened to go public with their identities to the FBI and others—they discovered a Powerpoint file that explored various ways of countering and discrediting WikiLeaks. The document was compiled for Bank of America, which feared a large dump of potentially incriminating cables, though as of last month, Wikileaks still hadn’t loosed the information and BoA was still reportedly in the dark as to what the leaks might be.
But it was proof-positive that major corporations were looking into ways to discredit and take down WikiLeaks and Julian Assange. In conjunction with Palantir Technologies and Berico Technologies, analytics companies with government clients and counter-terrorism pedigrees, HBGary proposed to “combat the WikiLeaks threat” and to profile journalists supportive of WikiLeaks. Salon’s Glenn Greenwald, BradBlog's Brad Friedman, the New York Times’ Jenny 8. Lee, and the Guardian’s James Ball were categorized on the Powerpoint as WikiLeaks “volunteers,” and were apparently monitored, as detailed in Friedman's piece on AlterNet here.
Greenwald, in particular, was a target; on his own dedicated slide, the firms pointed out that “without the support of people like Glenn, WikiLeaks would fold.” This was, of course, the idea behind it, and the strategists seemed to believe that, given the choice of career vs. personal cause, the journalists would preserve their careers. From an internal email: “it is this level of support we need to attack.”
As for the general public, ironically, one of the HBGary strategies mirrors those of hackers: creating “doubt about their security”—the prime pressure point hacktivists use against web-censoring governments.
(And for the patient observer willing to trawl through 3,500 pages of emails, there were still plenty of cheap laffs.)
2. Koch Brothers
In late February, at the height of the tug-of-war between the people of Wisconsin vs. Scott Walker, Anonymous decided to aim for the big guns: the Koch brothers, who were not only found to have put money and love into Walker’s anti-union agenda, but who were setting up counter-camps in Madison in order to squelch the public protest. In Operation Wisconsin, they knocked down the website of Americans for Prosperity, and beseeched all followers to not only explore vulnerabilities in Koch security, but also to physically boycott all of its products.
“Anonymous hears the voice of the downtrodden American people,” said a press release, “whose rights and liberties are being systematically removed one by one, even when their own government refuses to listen or worse -- is complicit in these attacks. We are actively seeking vulnerabilities, but in the mean time we are calling for all supporters of true Democracy, and Freedom of The People, to boycott all Koch Industries' paper products. We welcome unions across the globe to join us in this boycott to show that you will not allow big business to dictate your freedom.”
As Gawker pointed out at the time, this was one of the first instances in which hackers under the Anonymous umbrella really put forth such a blatantly political agenda, and in retrospect it marked a turning point that was further ignited by LulzSec, and continues to this moment.
Agricultural giant Monsanto is well known as one of the world’s biggest providers of genetically modified organisms (GMOs), and has a history of stamping out small farms in order to cheaply manufacture environmentally destructive frankenfoods. Most recently, ethical seed retailer FedCo was forced to find alternative seed sources after Monsanto gobbled up one of its largest suppliers. Anonymous was on the case; in an action called #OpMonsanto, last month it hacked into Monsanto’s computer system and unleased 2,500 employee email addresses and passwords, a move acknowledged by the company last week. And #OpMonsanto was in fact part of a bigger operation: Project Tarmageddon, an action spearheaded by Anonymous subgroup Operation Green Rights, which in a release also promised to go after big oil companies like Exxon and Conoco.
Another branch of Project Tarmageddon: the protest of Montana governor Brian Schweitzer’s corruption of greenspace with concessions to big oil. Anonymous’ Tarmageddon press release: “This week, activists are gathering along U.S. Highway 12 in Montana to protest the transformation of a serene wilderness into an industrial shipping route, bringing "megaloads" of refinery equipment to the Alberta Tar Sands in Canada... Anonymous now joins the struggle against ‘Big Oil’ in the heartland of the US. We stand in solidarity with any citizen willing to protest corporate abuse. Anonymous will not stand by idly and let these environmental atrocities continue. This is not the clean energy of the future that we are being promised.” As Anonymous launched its own cause, Abhaxas—a high-profile hacker in the #AntiSec movement—unleashed databases from Montana’s state website, MT.gov, and appeared exasperated at how easy it was, tweeting, “Coders, please stop exposing your databases it’s not even fun anymore.”
Abhaxas was also responsible for hacking into Florida’s voting database—twice—in an effort to show how easily votes can be compromised. The first time he posted his efforts to Paste2, writing, “So, this is a little ironic. Here is inside details of florida voting systems. Now.. who still believes voting isn't rigged? If the United States Government can't even keep their ballot systems secure, why trust them at all?”
Voting officials assured citizens they were on top of it:
“Altering ballots, changing ballots, or anything like that — right off the bat is a third-degree felony with prison time,” [Collier County Chief Department Supervisor of Elections Tim] Durham explained.
Officials say they’re now getting law enforcement involved.
Meanwhile, state and county election workers say Florida elections are now more secure than ever.
But... Abhaxas proved they’ve still got a way to go before completely securing voter info, after he hacked the "more secure" database for a second time on July 7. S/he posted a file directory of the database on Pastebin and wrote, “Glad you cleaned things up, pretty secure now guys.” Ouch.
6. Westboro Baptist Church
In February, the vile, self-proclaimed “God Hates Fags” Westboro Baptist Church claimed to have been threatened by Anonymous in what was widely regarded as a hoax the congregation crafted for PR purposes. Anonymous denied the statement, so after they refused to respond to the “threat,” the publicity-hungry WBC released a typically inflammatory statement essentially challenging Anonymous to actually hack them, saying if they didn’t, they were cowards. So you could almost hear the hackers’ collective yawn when the Westboro Baptist Church website was pulled down during a live debate, replaced with an Anonymous symbol and a statement that read, “your continued biting of the Anonymous hand has earned you a swift and emotionless bitchslap... The world (including Anonymous) disagrees with your hateful messages, but you have the right to voice them. This does not mean you can jump onto Anonymous for attention... Gods hates fags: assumption. Anonymous hates leeches: fact.” The simple hack was later attributed to a single person going by the name of th3J35t3r (The Jester). Touche.
7. Chinga La Migra (Arizona)
In late June, LulzSec launched “Chinga La Migra,” an attack on Arizona government (specifically, police) websites in retaliation for “SB1070 and the racial profiling anti-immigrant police state that is Arizona.” LulzSec released email addresses and passwords of employees of the Arizona Department of Public Safety for their first dump, and when the group disbanded after 50 days, Chinga La Migra continued under the leadership of Anonymous. In “Part Dos,” the group leaked the emails of 12 Arizona state police, which included “seductive girlfriend pictures... internal police reports, cops forwarding racist chain emails, K9 drug unit cops who use Percocets, and a convicted sex offender who was part of the FOP Maricopa Lodge Five.”
This is where the morality of the actions get a little sticky. Releasing email addresses to prove a website is vulnerable is one thing, but unleashing employees' personal emails is another... even if they're locating damning and potentially illegal activities of state employees, more of which they found in part three of Chinga La Migra, launched July 1, targeting the Arizona Fraternal Order of Police. “We found more racist email chain emails,” read the release, “including Springerville's police chief Mike Nuttal forwarding jokes about torturing 'ragheads.' FOP president Brandon L Musgrave was also forwarding anti-muslim emails while also purchasing large amounts of guns, so we're dumping his paypal and credit card information as well.”
With Anonymous’ strong stance against SB1070 and racism in Arizona (let this ”third and crushing blow against Arizona police send a strong message to the ruling class around the world”), they aren’t likely to stop there.
8. Military Meltdown Monday
The aforementioned Booz Allen hack, and the concept of military emails and passwords, may seem vaguely innocuous—there’s always the chance someone will try to falsely use a military email to gain other information or use them for nefarious means, but there’s an equal chance that that person will have changed their password by the time they’ve tried. More damning is the fact that the security company the military used was so easily breached—ironically, Booz Allen is the same company that provides online firewalls for the Department of Homeland Security, the Department of Defense and the “intelligence community,” among other branches of government.
Said Anonymous’ statement on the Pirate Bay, "In this line of work, you'd expect them (to have a) state-of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge. We infiltrated a server on their network that basically had no security measures in place." It was this specific breach that lead Senator John McCain to appeal Congress for a special Committee on web security:
"As you know, cyber security legislation has been drafted by at least three committees and at least seven committees claim some jurisdiction over the issue," McCain wrote in a letter to Senate leaders. "The White House put forward a legislative proposal in May and the Department of Energy put forth requirements and responsibilities for a cyber security program that same month. Earlier this month, the Department of Commerce sought comment on its proposal to establish voluntary codes of behavior to improve cyber security and the Department of Defense issued its strategy for operating in cyberspace. "With so many agencies and the White House moving forward with cyber security proposals, we must provide congressional leadership on this pressing issue of national security." In short, there are too many cooks in the kitchen.
"I write to renew my request that the Senate create a temporary Select Committee on Cyber Security and Electronic Intelligence Leaks. I feel this Select Committee is necessary in order to develop comprehensive cyber security legislation and adequately address the continuing risk of insider threats that caused thousands of documents to be posted on the website Wikileaks," McCain wrote.
The first real government hack in the #AntiSec movement occurred in early June, when now-defunct collective LulzSec brought down FBI-hired agency Infragard in protest of the Pentagon’s then-imminent decision to classify hacks as an act of war—and more specifically, to launch LulzSec’s “war” on government institutions they viewed as hostile to a free society. Infragard, “a partnership between the FBI and the private sector to share security information,” brought down its own website after the hack as a “safety precaution,” but the real damage was already done. LulzSec fired off a warning to government employees everywhere: “Stop aiding the corporations and a government which uses unethical means to corner vast amounts of wealth and proceed to flagrantly abuse their power. Together, we have the power to change this world for the better.” They followed it with an admin password and a Martin Luther King quote: “He who passively accepts evil is as much involved in it as he who helps to perpetuate it.”
10. Fuck FBI Friday
As with Booz Allen and Infragard, the Anonymous action July 8 entitled “Fuck FBI Friday” begs the question, Why is the FBI’s hired security company, IRC Federal, so easily breached? However, this dump was slightly more serious than emails and passwords. In a statement posted on Pastebin following a rather cheeky type graphic of a mushroom cloud, Anonymous wrote, “In their emails we found various contracts, development schematics, and internal documents for various government institutions including a proposal of the FBI to develop a ‘Special Identities Modernization (SIM) Project’ to ‘reduce terrorist and criminal activity by protecting all records associated with trusted individuals and revealing the identities of those individuals who may pose serious risk to the United States and its allies.’ We also found fingerprinting contracts for the DOJ, biometrics development for the military, and strategy contracts for the ‘National Nuclear Security Administration Nuclear Weapons Complex.’”
11. Oregon Tea Party
Last year, Anonymous attacked the Oregon Tea Party Facebook Page, but not necessarily for political reasons. At that time, the group was upset the Tea Party was using the slogan “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us,” which is 1) scary; and 2) a slogan Anonymous invented upon its inception. This year, though, with the surprising amount of organization among a nebulous, leaderless group, it looks like the national Tea Party might be in for some strikes. In February, a message was posted to the Tea Party Patriots site that included the following warning:
“The time for us to be idle spectators in your inhumane treatment of fellow Man has reached its apex, and we shall now be moved to action. Thus, we give you a warning: Cease & desist your protest campaign in the year 2011, return to your homes & close your public Web sites. Should you ignore this warning, you will meet with the vicious retaliatory arm of ANONYMOUS: We will target your public Websites, and the propaganda & detestable doctrine that you promote will be eradicated; the damage incurred will be irreversible, and neither your institution nor your activists will ever be able to fully recover. It is in your best interest to comply now, while the option to do so is still being offered, because we will not relent until you cease the conduction & promotion of all your bigoted operations & doctrines.”
So far no dice, but we’re curious to see what happens as we near the election.
12. Viacom and Universal Music
They might seem like soft targets in comparison to, say, the Department of Defense, but the Anonymous dump of email addresses and passwords gleaned from Viacom and Universal Music represents a crucial element to the agenda: that information should be free. Of course this includes the concept of “piracy,” but one wonders if Anonymous would have set these companies in its targets if their lawyers had not been so aggressive in prosecuting “little guys” who engage in low-level downloading. In their “Open Letter to Viacom,” they decry what they call “falsely claimed copyright infringements” and “totalitarian-like actions”:
After Viacom lost their lawsuit against YouTube, they continued to exploit YouTube for money. Viacom's justification of "creator's rights" seems only to mean making money for the sake of money. Their hypocritical action of uploading fake videos to YouTube in order to furnish their own court case is transparent...
Anonymous demands from Viacom a public press release to admit and apologize for the fraud and crimes that they have commited. Anonymous also demands that Viacom allows everyone thoughout the internet full rights to be able to express themselves. Lastly, we, the citizens of the world, demand that Viacom stops their attempts to gather personally identifying information such as IPs, which are of no relevance to them.
13. The Church of Scientology
While ostensibly Scientology hadn’t committed any major crimes in 2008 (that we know about), one of Anonymous’ earliest actions was directed toward the mysterious religious organization, in response to its “propaganda.” In late January of that year, the Church was attempting to censor YouTube videos of Tom Cruise going off about the evils of psychiatry, which prompted Anonymous to release an equally creepy, though more righteous video in protest of their “campaigns of misinformation, suppression of dissent, and litigious nature.” (It’s worth a peek, if only for the shadowy robot voice and clouds footage.)
They then proceeded to launch a series of small-scale attacks against the site, including Google bombing, spreading anti-Scientology information across the web, and pulling down their sites. Scientology classified the attacks as “hate crimes,” but the action served to solidify Anonymous as a viable coalition in the media, and was the first organized attack alluding to what would come.
As for what’s next? AnonNews, a site compiling press releases and news about the group, is calling for solidarity with Turkey, actions against Indiana to “overturn Barnes v. Indiana” (the ruling that basically overturned the Second Amendment in that state), more WikiLeaks solidarity, and a coalition with artists doing work in support of #AntiSec. We wait with bated breath. Even if you don’t agree with their actions, you can surely agree that they’re making things way more interesting in the cyberuniverse.