The hacker collective known as “Anonymous” has always been controversial. With the massive effort to retaliate for the takedown of file-sharing site MegaUpload.com, though, it may have cross the line from “hacktivist” to common cyber criminal.
In response to the United States government takedown of MegaUpload.com, Anonymous has joined the cause with distributed denial of service (DDoS) attacks aimed at knocking sites like the FBI, DOJ, White House, Universal Music, MPAA, RIAA, and others offline. In and of itself, the activity is not unusual for Anonymous.
One of the redeeming qualities of Anonymous has always been that it is a volunteer army of hacktivists -- emphasis on the word “volunteer”. There there are signs, though, suggesting that Anonymous may have crossed the line and turned to forced conscription to enlist new recruits in the DDoS attacks to retaliate for the MegaUpload.com takedown.
According to a story being reported on Gawker.com, Anonymous is resorting to phishing attack style trickery to dupe people into unwittingly joining the cause. A link being shared across Twitter and in Anonymous chat rooms is allegedly loading the Anonymous DDoS tool LOIC (Low Orbit Ion Cannon), and commandeering PCs to flood the target sites with traffic.
Whatever you may think of the strategy and tactics of Anonymous, it has always had a sort of “Robin Hood-esque” appeal on some level. A group of skilled hackers putting their knowledge and resources to use for a cause -- generally launching attacks to make a statement, or coming to the aid of some site or individual lacking the ability to defend themselves.
I can think of two reasons that Anonymous might resort to this sort of subterfuge. First, it may be purely a matter of need. The MegaUpload retaliation effort is massive, and Anonymous may have felt like its volunteer army was simply not sufficient. Duping users with a link is a means to an end to quickly escalate the amount of DDoS traffic being generated far beyond what Anonymous might be capable of on its own.
The second reason may be CYA (Cover Your Ass…ets). Governments around the world have been more aggressive -- and seemingly more successful -- lately at tracking down and arresting Anonymous members. The DDoS phishing attack significantly muddies the waters in terms of hunting down the true source, and it gives any member some degree of plausible deniability if the authorities do find them.
Whatever the rationale, if Anonymous did cross the line and resort to a phishing attack to dupe users, it loses whatever shred of nobility it may have had.