There has been a tremendous amount of talk about Anonymous. It’s millions of people. No, wait, it’s over 9,000. No, wait it’s …
One really smart hacker, a handful of cohorts, and a couple of Gawker guys outed the whole bunch.
Great, easy, it’s just a few people, round ‘em up and prosecute ‘em? Not so fast … think about how this is like Bradley Manning’s situation.
Bradley Manning. One kid, scared, mad, bored, confused, and alone in a SCIF (Secure Compartmentalized Information Facility) in Iraq. Walks up, stick a CD-R labeled “Lady Gaga” into a drive, walks away with the crown jewels of SIPRnet.
Sabu, real name not known yet. Sees HBGary mouthing off about Anonymous. Looks at their stuff, sees they’re just as incompetent as who ever is responsible for SIPRnet, kicks in the door, and gives us the 21st century equivalent of the Pentagon Papers.
There is a CIA monograph called Curing Analytical Pathologies that I keep rereading, because it keeps telling me new things about handling our rapidly changing world. One off the key tidbits is this: everything we have was built to deal with a slow moving, monolithic enigma of the Soviet Union. Today instead of denied areas we are dealing with denied minds. Minds that, with the proper talent, can project their will across the globe in a timeframe measured in milliseconds.
Two other datapoints for you:
An entity that claims to be a single Iranian hacker with a prodigious talent for cryptography knocked the wheels off the thing that secures web transactions a few weeks ago. The Comodo Hack has sent security professionals scrambling to deal with a problem for which there appears to be no solution. SSL has been owned at a conceptual level.
A decade ago nineteen young men boarded airplanes for domestic flights in the U.S. and did this:
Common threads: Two lone individuals. Two small groups. One group kills three thousand people and starts and endless war. One group reveals corporate war aimed at American citizens. One individual knocks the wheels off America’s war efforts and triggers a variety of revolutions. One individual knocks the foundation from beneath electronic commerce.
Twenty six of them by my count, not even a full sized school bus worth of mostly kids, and they have arguably changed our world as much as Leonidas and 300 Spartans at Thermopylae.
Leonidas stopped the Persians cold by protecting a single bottleneck. These kids may have just stopped the advance of imperial and corporate power by proving that there aren’t any defensible bottlenecks in a networked economy.
There is no military asset that could have stopped any of these four events. No Stryker Brigade. No F-22 squadron. No AEGIS cruiser. No spy satellite.
And definitely not CYBERCOM, not without restrictions on our freedoms of association and an impingement to the tattered shreds of our economy that will set off a populace lulled to complacency by a mix of lies and entertainment.
And even if we applied CYBERCOM I highly doubt they can actually accomplish anything. I’ve been looking at the HBGary email dump and the stuff that was being offered? It’s laughable.
They’re pushing for an online ID system because they are terrified of what small groups of Anonymi can do. This won’t work. Ask any designer if you can retrofit security into a simple system. You can’t. And the global internet as we use it today is not simple.
They hang hopes on the ability of the conversion from IPv4 to IPv6 as a means to enforce all sorts of things. This isn’t going to work – we’re in an economic downturn, perhaps a permanent slide due to oil production peaking. People are not going to rip out functional IPv4 infrastructure and replace it until they absolutely must. Pushing the issue will wipe out all of the small ISPs and hosting companies. The majors won’t play in rural areas without massive subsidies. The consequences for trying this are dire.
Policy wise this is a mess. We can no more stop it than we can put the SIPRnet leak genie back in the bottle by torturing Bradley Manning. And that's precisely what they are trying to do - the powers that be hope that by executing him they'll kill the potential for another to follow in his footsteps. They misread the situation - that will make such an outcome inevitable
We need a hard, cold assessment of the situation provided by people who understand network and system security, not military men stuck in the previous century. We will not like what we hear.
They Are Anonymous.
They Are Legion.
They Do Not Forgive.
They Do Not Forget.
Expect Them.