Three tips for a better Anonymous

Security experts offer advice for how the hacker group can grow up

Has the Anonymous movement reached a midlife crisis?

There's no question that the loosely confederated collective has gained members and attention over the past year, for computer attacks on PayPal, Sony, and government contractor HB Gary Federal, and for the erratic cyber-rampage carried out by its sister group, LulzSec. But maybe the group needs to grow up a bit in order to get its message across.

At the Defcon hacking conference in Las Vegas Saturday, cyber experts had some tips for building a better Anonymous.

1. Look out for your new members.

Following a December, 2010, denial of service attack on the PayPal website, the company handed the U.S. Federal Bureau of Investigation about 1,000 IP addresses linked to the attack. Those people may have thought they were downloading software -- Anonymous uses a program called the LOIC, (Low Orbit Ion Cannon) in its attacks -- and joining a movement, not committing a federal crime.

"Anonymous has this idea moving forward that anyone can join us and take up arms, but they're not educating the people who are using these tools," said Jericho, the pseudonymous security expert who founded, a Web site that compiles information on the computer security industry. "Anonymous needs to educate their people as much as the public on their goals."

According to Gregg Housh, an Anonymous spokesman, he was overwhelmed with emails during the December attacks from neophytes looking to join in. "The emails were all, 'I don't know what you guys are doing, but I'd like to help'," he said Saturday. "I was getting anywhere from 100 to 150 of those an hour for a week-and-a-half period." He couldn't respond to the emails, he said, because that would have meant participating in criminal activity.

Housh noted that there is an IRC (Internet relay chat) room channel called "New Blood" where Anonymous members will help.

2. Vet what you release.

Anonymous exposed HB Gary Federal's proposed disinformation campaigns against organizations such as Wikileaks, but the disgraced security firm is far from the only company involved in such operations, according to Krypt3ia, anonther pseudonymous security blogger. "It's been going on for a very long time in the private sector," he said. "It's nothing new. It's just somebody got... caught."

That means that there's a pretty good chance that Anonymous could be the target of such a campaign. There's nothing to stop any hacker from leaving a file with Anonymous's tagline, "We are legion" on a hacked computer to direct blame toward the group.

"How do you know that you're getting the real dirt? How do you know you're not getting disinformation?" Krypt3ia said.

3. Look out for collateral damage.

When LulzSec published thousands of usernames and passwords two months ago, it didn't take long for some innocent bystanders to get hurt. People had their Web mail accounts compromised and fraudulent Amazon orders placed from their accounts. Anonymous says it wants to take on hypocritical corporations and corrupt governments. Exposing the personal information of regular people doesn't help that cause.

Anonymous brought the HB Gary emails to light, but historically the best information has come from insiders such as Watergate's Deep Throat (FBI agent Mark Felt) and a member of the military, Bradley Manning, who supplied documents to Wikileaks -- not hackers, Krypt3ia said. "The real dirt has only come from insiders."

Jericho and Krypt3ia were speaking at a Defcon discussion that was supposed to include the former Federal CEO of HB Gary, Aaron Barr, but legal threats from Barr's former employer kept him offstage, hidden somewhere in the audience. HB Gary has tried to distance itself from Barr, but moving to prevent him from speaking about this experience is probably not going to sit well with the hackers who support Anonymous, said Joshua Corman, a security researcher who was also on the panel.

HB Gary "just put a big target on themselves," he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags AnonymoussecuritylegalHB Gary Federalcybercrime

More about Amazon Web ServicesAttrition.orgFBIFederal Bureau of InvestigationIDGPayPalSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts