I find it funny how the mainstream security community takes Anonymous so seriously because it doesn’t understand it. See this recent CNN article, for instance.
Anonymous did not only “start” with 4chan, Anonymous still easily can be regarded as the cyber army of 4chan and its immediate network. Its not as shadowy, distributed, or effective as it’s always made out to be. It really is mostly a bunch of children, and though a bunch of children should not be underestimated, their greatest power is quantity, not quality. The group is easily distracted and needs plenty of morale to keep going. Ideologically, it is fragile. It is more dependent on the directions of central figures than commonly thought. For instance, “moot” could halt 90% of the intensity of the attack overnight by issuing a statement. Moot, meanwhile, is already in the process of selling out and becoming part of the establishment.
The security experts being asked for commentary (Bruce Schneier, again and again) do not understand the group. Because he is relatively clueless about it, he just makes general comments on cyberwar which are only tangentially relevant to the current conflict. How can someone make comments on a war knowing so little about the army? Infiltrating the “army” to its core is not at all hard, but it requires days of messing around with the 4chan community, which adults that have day jobs don’t have the time to do. There are probably 13 year-olds far more qualified to comment on this “cyber war” than Mr. Schneier, and they are probably laughing at him and similar “experts” right now.
To even ask the United States if it has been involved in “cyberwar”, as CNN did, is somewhat stupid, because the only reported-on effects of the “army” (bunch of distractable children and adults with momentary time on their hands) have been simple DDoS attacks that operate based on quantity, not quality, and that any idiot (or bot) can participate in. This is in contrast to hackers that attack based on nationalist leanings (Russian and Chinese hackers), funded and led by the state — much more effective. A cyber army that would die if 4chan and Encyclopedia Dramatica were shut down, or if moot made a statement, is only a momentary nuisance, not anything serious.
You can predict the rough effects of any Anonymous “cyber war” by looking at past cases, such as the attack on Scientology. The attack is somewhat of a nuisance while it occurs, but as soon as the community loses interest, everything goes back to normal, and the financial damage is not significant because the “hackers” lack the social engineering skills to do any real damage or get any personal information. They can only harass with faxes, prank calls, protests, DDoS, and the like. In fact, the flood of amateur hacking only causes the targets to reinforce themselves and attain immunity from the possibility of more serious attacks. True “cyber warfare” will involve small groups of highly skilled attackers simultaneously taking actions that individually cause great damage before the target can respond.