WikiLeaks “Cyberwar” Nonsense from “Security Experts” Who Don’t Understand 4chan or Anonymous

I find it funny how the mainstream security community takes Anonymous so seriously because it doesn’t understand it. See this recent CNN article, for instance.

Anonymous did not only “start” with 4chan, Anonymous still easily can be regarded as the cyber army of 4chan and its immediate network. Its not as shadowy, distributed, or effective as it’s always made out to be. It really is mostly a bunch of children, and though a bunch of children should not be underestimated, their greatest power is quantity, not quality. The group is easily distracted and needs plenty of morale to keep going. Ideologically, it is fragile. It is more dependent on the directions of central figures than commonly thought.

The security experts being asked for commentary (Bruce Schneier, again and again) do not understand the group. Because he is relatively clueless about it, he just makes general comments on cyberwar which are only tangentially relevant to the current conflict. How can someone make comments on a war knowing so little about the army? Infiltrating the “army” to its core is not at all hard, but it requires days of messing around with the 4chan community, which adults who have day jobs don’t have the time to do. There are probably 13 year-olds far more qualified to comment on this “cyber war” than Mr. Schneier, and they are laughing at him and similar “experts” right now.

To even ask the United States if it has been involved in “cyberwar”, as CNN did, is somewhat foolish, because the only reported-on effects of the “army” (bunch of distractable children and adults with momentary time on their hands) have been simple DDoS attacks that operate based on quantity, not quality, and that any idiot (or bot) can participate in. This is in contrast to hackers that attack based on nationalist leanings (Russian and Chinese hackers), funded and led by the state — much more effective. A cyber army that would die if 4chan and Encyclopedia Dramatica were shut down, or if moot made a statement, is only a momentary nuisance, not anything serious.

You can predict the rough effects of any Anonymous “cyber war” by looking at past cases, such as the attack on Scientology. The attack is somewhat of a nuisance while it occurs, but as soon as the community loses interest, everything goes back to normal, and the financial damage is not significant because the “hackers” lack the social engineering skills to do any real damage or get any personal information. They can only harass with faxes, prank calls, protests, DDoS, and the like. In fact, the flood of amateur hacking only causes the targets to reinforce themselves and attain immunity from the possibility of more serious attacks. True “cyber warfare” will involve small groups of highly skilled attackers simultaneously taking actions that individually cause great damage before the target can respond.

Comments

  1. Matt

    Ironically for all your complaining about “expert”s’ ignorance in this article, you come off as very ignorant yourself. Anonymous started at 4chan, yes, and they’d be harmed by shutting 4chan down, but saying that moot could control them with a statement is utterly laughable. You seriously can’t know that much about 4chan if you think he has much (or hardly any, really) influence over them or their sentiments. Seriously, if you’re going to claim the experts know nothing, try not to come off as foolish yourself.

    • Michael Anissimov

      If 4chan were put at risk, and moot made a statement that 4chan would be shut down if the attacks didn’t stop, the vast majority would halt immediately. It’s already technically against the rules to organize raids there. But where do you think the primary mobilization source for raids are? It has to be somewhere a lot of people visit. Every time, it’s the same thing — calls for raids begin there, then links are supplied to external websites where the raids are organized. Then, calls to continue the raid and links to external websites are constantly spammed on /b/. No attack has been sustained without /b/. When Project Chanology stopped being a cause on /b/, it died very quickly.

      I DO know what I’m talking about.

  2. mightygoose

    i would agree with matt, having delved into various IRC channels and metaphorically walked among anonymous,i would say that they are fully aware that they have no head, no leadership, and while you can lambast their efforts as temporary nuisance, couldnt the same be said for any form of protest (UK students for example) and the effective running of government. The media will sensationalise everything, and i can find you sources that claim Assange is spearheading a global anarchistic movement and could bring about the fall of the west. while i agree that this is no cyberwar, or that there is an army as such, but a quarter of a million people who are miffed at companies getting involved in political disputes will express themselves any way they can.

    • Michael Anissimov

      They are dependent on tools and infrastructure provided by a small, elite group. If it weren’t for this infrastructure, 99% of them wouldn’t even have a clue about how to even launch a DDoS attack,

  3. Ben

    “… the financial damage is not significant because the “hackers” lack the social engineering skills to do any real damage or get any personal information.”

    I’m not sure that’s true – Anon-affiliated individuals have often found private and personal information: what about the Sarah Palin email hack (of a personal email address, but one which she had been alleged to use to conduct official business), the ACS law attack (which admittedly only resulted in an email leak because of a mistake by the server admin in responding to a simple DOS attack, but still destroyed the company), or Anon’s general ability to find real names and contact details from small details online?

    Admittedly, the kind of targets Anon goes up against are usually small companies or naive teenagers rather than government officials. They may not be able to hack a Senator’s BlackBerry, but they might be able to get embarrassing information from the online accounts of children/spouses.

    • Michael Anissimov

      /b/ is only effective at getting the personal info of small, defenseless targets. The Palin thing was the only counterexample, and the information gained was not even used to any noticeable effect.

  4. 4chan alone is very very likely to be No serious security threat! Most of these “hackers” lack commertial experience and funds and those that dont are already enslaved by maggies farm and mostly dont risk their credibility. But it is the idea that you are underestimating! International support is building up. Is the world really better off with poeple working for maggies farm hiding coruption!
    Its poeple like yourself that should anonymously help us to improve maggies farm.

    When there’s a connection
    there is a way…..

    out of Africa

  5. Hi. I really like the design of your site. What template are you currently using?

  6. float pneumonia dignity townscape comeback inference eggcup

Trackbacks for this post

  1. Wikileaks war: Is this the first cyber war | Mirror's voice
  2. Accelerating Future » Confirmed: Key Anonymous Activities Masterminded by Small Groups of Decision-Makers

Leave a Comment

Awesome! You've decided to leave a comment. Please keep in mind that comments are moderated.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>