It was July 2010 and I was attending a conference called Hackers on Planet Earth (also known as HOPE), held every other year in New York City’s charmingly historic (and, in its resemblance to the hotel in The Shining, creepily historical) Hotel Pennsylvania. Done with my talk, I was ready to soak up the conference’s truly extraordinary, politically charged atmosphere of drama, intrigue, and suspense. The charged mood at HOPE wasn’t the result of Anonymous. At the time, while Anonymous could already be described as politically quirky, the group was—geopolitically speaking—of little real significance. Anonymous activists had started to engage in other arenas (like Iran’s Green Revolution) but were still primarily focused on Chanology, doggedly exposing Scientology’s human rights abuses and protesting every month in cities across North America, Australia, Europe, and a few other countries. A sizeable number of trolls still claimed the Anonymous moniker, but this stream of ultracoordinated motherfuckery was clearly on the wane.
No, the intrigue saturating the conference was due to another player in town: the whistleblowing sensation WikiLeaks. More specifically, interest coalesced around the recent trove of documents and footage leaked by a young army private named Chelsea Manning (formerly Bradley Manning) and laid at the feet of the world by WikiLeaks. Founded in 2006, the driving concept behind WikiLeaks had been simple: provide both a safe house and clearinghouse for leaks. It’d been at it for years, circulating countless leaks but failing to draw significant attention from established media institutions like the New York Times. This lack of attention was not due to unworthiness. In fact, some of these leaks—like the news that the multinational company Trafigura had illegally dumped toxic waste off the Ivory Coast—were both shocking and shockingly absent from the mainstream news media. It also wasn’t for want of trying—at least not exclusively. The British government gagged the left-leaning newspaper the Guardian from covering the Trafigura story. As the editors noted at the time, “The Guardian is also forbidden from telling its readers why the paper is prevented—for the first time in memory—from reporting parliament. Legal obstacles, which cannot be identified, involve proceedings, which cannot be mentioned, on behalf of a client who must remain secret.”1
And so, by April 2010, WikiLeaks had dramatically switched public relations strategies. When they released video footage of a Baghdad air strike under the title “Collateral Murder,” WikiLeaks left nothing to chance—packaging the already shocking material in a way that delivered an extra punch. They edited the video for maximum effect and added simple but powerful editorial commentary at the beginning. Julian Assange, the Australian hacker who founded WikiLeaks, was then known in the media as an “international man of mystery.” Now he broke with his previous disavowal of the spotlight. To coincide with the publication of the video, he hosted a press conference in Washington, DC, and followed it with a high-profile media tour.
The journalistic and public response was nothing short of explosive. Media scholar Christian Christensen argues the video is “one of the best known and most widely recognized results of the ongoing WikiLeaks project,” because it provides “visual evidence of the gross abuse of state and military power.”2 The black-and-white footage is captured from the perspective of a soldier in an Apache attack helicopter as he mows down civilians in a Baghdad suburb. The video, shot in 2007, provoked questions. Why had we not seen the footage earlier? Two of the men killed in the attack were journalists working for the Reuters news service and the organization had been trying, in the years since the attack, to get its hands on the footage via a Freedom of Information ACT request. They suspected foul play, and their suspicions were not unfounded. The video was an embarrassing reminder of how the mainstream media had failed in its mission to inform the public by turning its back on the direct and gruesome style of war reportage it had practiced in the final years of the Vietnam War.
More than anything, though, it was the pilots’ banal tone of voice during their discussions with command about whether to attack—they were calm to the point of psychosis—that really sent waves of horror over you. One member of the crew laughs upon discovering that one of the victims is a young girl. “Well, it’s their fault for bringing their kids to a battle,” he remarks nonchalantly.
As we all now know, Chelsea Manning chose to leak the video, along with other vital documents, and a hacker named Adrian Lamo ratted her out. On May 22, 2010, Manning confessed to Lamo during a chat conversation that she’d gifted WikiLeaks the footage that was used to create “Collateral Murder.” Early in the conversation, Lamo earned Manning’s trust by misrepresenting himself:
I’m a journalist and a minister. You can pick either, and treat this as a confession or an interview (never to be published) & enjoy a modicum of legal protection.3
Manning subsequently spilled her guts to a person she had never met and whose claims of being a journalist and a priest were tenuous as best.4 Lamo turned the log over to both the FBI and Wired magazine. The FBI arrested Manning, ultimately leading to her admission that she had provided WikiLeaks with not only the video footage seen in “Collateral Murder,” but also the diplomatic cables WikiLeaks would release over the next two years. Manning was sentenced by a military judge to thirty-five years in prison, and is now at Fort Leavenworth, following a year in solitary confinement before being sentenced.5
At the 2010 HOPE conference, there was palpable tension in the air. Rumors swirled that Julian Assange was going to give the keynote. In a last-minute switch-up, it was not Assange who stepped out on stage, but American hacker Jacob Appelbaum. His riveting talk effectively outed him, in front of everyone in attendance (including the inevitable federal agents), as an affiliate of the embattled organization. It was a bold move, given the tactics of silencing, prosecution, and intimidation leveled against the organization by US authorities. His talk contextualized WikiLeaks historically into what is now commonly called “the fifth estate”: the hackers, leakers, independent journalists, and bloggers who serve the critical role that once fell to “the fourth estate,” the mainstream media. Or as Appelbaum put it, “When the media is gagged, we refuse to be gagged. We refuse to be silent”—a declaration that was met with thunderous applause. (The most glaring example of media silence in the past decade was when the New York Times refused, at the request of the government, to publish a story on the NSA’s illegal, warrantless wiretaps. The Times eventually ran the story—only because the author, James Risen, was about to scoop the paper by publishing a book on the topic. The article which they tried so hard to withhold ended up winning a Pulitzer Prize.)
While WikiLeaks, “Collateral Murder,” and Manning had found pride of place in talks among politically minded hackers and transparency advocates, a fourth figure dominated most conversations at HOPE: Lamo, the hacker traitor. He was on the tip of every tongue for one simple reason: he was, like them, a hacker himself—and present at the conference, no less. People were completely pissed off. Appelbaum, during his talk on WikiLeaks, promised not to utter a word about Lamo. As he said this, he unbuttoned his shirt to reveal a T-shirt that said “Stop Snitching.” The crowd went wild. Flyers bearing Lamo’s face subsequently popped up throughout the venue. Lamo was “WANTED// Dead or Alive// for bein’ a low-down good for nuthin’ rat bastard.”
As I stood staring at the flyer, a hacker friend of mine darted up from behind me to say hello. Shaking his head in Lamo-evoked disgust, my friend explained that Assange was “the real deal”—rare high praise from a fellow hacker. He had known him back in the 1990s when the hacker underground was in full force and roaming free, before the crackdowns against them in the late 1990s. This class of hacker would routinely disregard the law in his or her explorations of private networks and computer systems—not motivated by profit or malice, but instead by an insatiable curiosity: a desire to know how things worked. While the transgression itself offered a form of pleasure, back then only a small class of hackers was explicitly inclined toward activist-oriented politics. Julian Assange was one of them. He was a thoroughly conscientious hacker who even penned ethical manifestos explaining his actions. Assange was part of a small team of “International Subversives” who abided by a creed: “Don’t damage computer systems you break into (including crashing them); don’t change the information in those systems (except for altering logs to cover your tracks); and share information.”6
Wrapping up our discussion on Assange, my friend and I heard some exciting news. HOPE’s main organizer, Eric Corley—better known by his famous hacker handle “Emmanuel Goldstein”—had announced an impromptu panel on snitching and snitches, featuring none other than Lamo. Lamo was slated to sit alongside some of the most famous underground phone phreaks and hackers of all time: Bernie S., Mark Abene (aka Phiber Optik), and Kevin Mitnick. A couple had served jail time as the result of snitching. They themselves, in their own trials and travails, had all refused to “cooperate,” paying dearly with extended jail time for staying silent and not ratting out their peers.
In all my years of attending hacker conferences, this panel remains the most extraordinary I have witnessed. Imagine 2,600 hackers sitting before a single despised traitor as he looks out at them from the stage and attempts to justify his actions.
The hackers opened the panel by recounting riveting stories of their exploits, eventual capture, and betrayal at the hands of trusted peers. The first to speak was Goldstein, who highlighted a truism I would see in action a little later with Anonymous. When cops or Feds show up (usually at daybreak and knocking loudly while pointing guns), Goldstein reminded the audience, “People panic … and the authorities count on this. The authorities live for this kind of thing so that they get as much information—they get all of us telling other people about other people.”
When Lamo climbed on stage and ambled slowly toward his chair, well … The circles under his eyes were deep brown, and when he blinked it was done in slow motion and with great difficulty, as if he had to force his eyelids down each time. It wasn’t that he seemed nervous—he just seemed genuinely zonked; it is quite possible that he was, along with being very tired, also medicated. Lamo had once been lauded as a black hat hacker, and listening to him justify his actions was spellbinding. He felt “compelled,” he explained, to hand over the logs in the interest of national defense. Bernie S., wanting details, respectfully interrupted: “In what way did you feel people were put at risk?” Lamo gave a rambling response: “The State Department is involved in a number of intelligence operations throughout the world, um, they are not supposed to be, but they are looking out for the interests of Americans.” This triggered immediate hisses from the crowd, and an audience member yelled, “The State Department activities put other people at risk!”
Goldstein sensed the crowd might turn into a lynch mob, sharpening their pitchforks and lighting their torches, ready to run Lamo out of town. He calmed the audience down, reminding them, “You will have your say”—but not before Phiber Optik first chortled, “We will be handing out darts and bows and arrows, so don’t worry.” The comic relief released some steam, but the tense atmosphere simply returned until the end. Time and again, Lamo’s attempts to rationalize his actions were met with angry boos. After Lamo defended the government and described his interactions with its agents as a “surprisingly pleasant undertaking,” even Goldstein couldn’t help himself; he interrupted Lamo before the Q and A period to ask how he felt about the possibility that Manning might spend the rest of her life in jail (someone in the crowd also lobbed out “Torture!”). Without missing a beat, Lamo intonated slowly: “We don’t do that to our citizens.” Some of the loudest hisses and boos of the day rustled through the audience, and someone yelled: “Guantanamo!” No matter what Lamo said, it was apparent that he was digging himself into a deeper hole—and it was also apparent that nearly the entire auditorium was ready to fill in the dirt on top of him.
At the time, however engrossing the panel was, I could not see its relevance to my project on Anonymous. WikiLeaks and Anonymous were, back then, residing on different planets (even if they were, admittedly, part of the same geeky galaxy by way of their respective fights against censorship and Scientology).7 And yet, one year after the conference, on July 4, 2011, I had my very first private IRC chat with Anonymous’s most famous snitch: Hector Monsegur, who had previously been known only as “Sabu.” By then he had already been arrested and was secretly working with the FBI—though this fact was lost both on myself and many others at time (in spite of a litany of now obvious clues). Monsegur’s charisma—and his adeptness in psychological warfare tactics, like displacing suspicion by accusing others of snitching—blinded many to the hints he dropped in plain text a few months after his covert arrest: “Stick to yourselves,” he wrote on reddit. “If you are in a crew—keep your opsec up 24/7. Friends will try to take you down if they have to.”8 This echoed a lesson which Manning had learned first hand a year earlier.
But the mutual problem of snitches is the most tenuous of the emergent connections between WikiLeaks and Anonymous. We can trace a more direct coupling by looking at the trajectory of AnonOps.
AnonOps emerged in 2010, just a few months after HOPE ended. It began as a new Anonymous node and eventually grew into a full-blown IRC network. The network would take the world by storm thanks to its experiments—and I do mean, quite literally, experiments, as the group never carefully thought through anything until much later—with a slew of direct action political tactics. Many of these were straight up illegal, so it was only a matter of time before they drew the attention of the FBI.
Although the history of AnonOps would come to intersect with WikiLeaks in December 2010, these two entities could not be more different when judged from the perspective of organizational mechanics. WikiLeaks was built up as a carefully sculpted life’s work. Assange, as founder and spokesperson, controlled—too tightly, many would come to say—most aspects, and his personality and identity became hopelessly intertwined with the WikiLeaks name. When his personal reputation was sullied, it tarnished the organization as a whole. On the other hand, the constitution of AnonOps was a happenstance affair, like Project Chanology before it: born in the contingent convergence of timing, and media attention, each element contributed to its meteoritic rise and rapid success—a reminder again of how tricksters, like Anonymous, are perfectly poised to exploit the accidents gifted to them and sometimes benefit from acting on a whim.
It was late August 2010, about two and a half years after hackers had first adopted the name Anonymous to venture into activism. By this time, Chanology had organized street protests, forged tight alliances and friendships with ex-Scientologists, dabbled in Iran’s unsuccessful Green Revolution, and branched out into other areas of Internet activism. In February 2010, after Australia’s Telecommunication Minister proposed regulation to filter Internet pornography, some Anons rolled out “Operation Titstorm” and successfully overwhelmed government servers with a barrage of traffic requests. This op, proclaimed as part of the Operation Freedom Movement, was a harbinger of what was soon to come.
A number of Anons relaunched the Operation Freedom Movement, rebranded the Internet Freedom Movement (IFM)—on July 5, eleven days before HOPE.9 Those involved in the IFM, along with the geek world at large, had set their sights on protesting the Anti-Counterfeiting Trade Agreement (ACTA). ACTA sought, among other things, to introduce sweeping regulations which would criminalize copyright infringement and encourage Internet service providers to profile, track, and monitor their users. Opposition was fierce, and nearly every group involved in the politics of access—Electronic Frontier Foundation, the Free Software Foundation, Public Knowledge, La Quadrature du Net—criticized the secrecy under which the treaty was being negotiated, and categorically opposed its ratification.
The proposed methodology of the IFM was to lobby politicians and raise public awareness using propaganda materials and websites. As part of these efforts, advocates created a dedicated chat room called “#antiactaplanning” on the IRC server OccultusTerra. In late August 2010, an Anon activist going by the nickname “golum” (not his usual pseudonym) entered the chat room and boldly declared his intent to move things forward by DDoSing the Office of the US Trade Representative (USTR) website, ustr.gov, at 9 pm EST on September 19, 2010. The USTR’s office was a natural choice given that ACTA was a US-led trade agreement and the USTR had the muscle to levy sanctions against nations that violated trade treaties.
But many people in the chat room had concerns: First, Chanology had already set a political precedent by disavowing the use of illegal tactics like DDoS. And second, no one could understand why that particular date had been chosen. It struck many as completely arbitrary, and it (mostly) was; the one connection was that September 19 is Talk Like a Pirate Day. golum faced vehement opposition, at least from those who were paying attention to their screens (all pseudonyms have been changed):
<matty>: why before it is signed?
<golum>: Because it’s a Sunday and everyone likes Sundays
<matty>: again … why before it is signed?
<golum>: And because I threw a dice
<golum>: And it said 19th
[…]
<golum>: My prediction is by September 19th people will become more aware.
<golum>: Trust me on this. September 19th.
<fatalbert>: trust me on a random dice day
Although everyone on the channel savaged golum’s proposal, he remained unmoved:
<golum>: Whatever, listen. I’ve heard all the arguments for NOT ddosing. But the truth is we need to wake them up.
[…]
<golum>: I understand that ddosing could potentially harm our cause.
<golum>: But I think the risk is worth it.
<fatalbert>: well i as for myself disagree therefore im not helping with ddos
<golum>: We need attention
<+void>: OMG ITS THE ANONYMOUS, THE ONLY THING THEY DO IS DDOS, OMGOMGOMOGMOMG LETS MAKE ACTA PASS ON POSITIVE
<golum>: No.
<golum>: matty—how did contacting the politicians go?
<BamBam>: Yeah I’ve always kinda hated ddos
<golum>: Look. i’ve heard the arguments I just wanted to say, we should do this.
<golum>: We are NOT ddosing now. This will be in 20 days.
<golum>: 20 days is a lot of time.
A few Anons, conveying the legal risks, highlighted the difference between targeting the US government and targeting other entities, and then considered the conversation over. (Note also that the risk assessment about arrests was accurate—over twenty-seven individuals have been since indicted for the ensuing spate of DDoS actions—and in the United States you can still get in deep trouble for targeting anyone famous):
<matty>: this is not justin beiber, this is the us govt ffs
[…]
<golum>: Everyone please, listen to me, when I speak
<AnonLaw>: I’ll be laughing as you go to jail
<matty>: i am not here for the fuckin lulz
[…]
<golum>: It’s official. Start preparing.
If you are wondering about just what “official” means in Anonymous: well, yes, something can be deemed “official” if someone declares it as such and, crucially, if enough people also support it. But at the time, support for militant direct action tactics on this IRC channel were lacking. Although someone had initiated an IRC channel called “#ddos” with the mandate of discussing the possible use of the tactic, the freewheeling aspect of Anonymous IRC chat only goes so far before bumping up against norms and rules:
<Lola>: What happened to #DDoS?
<Fred>: Take that to off topic please.
<Fred>: This is strictly for ACTA planing.
<Fred>: Not for a chit chat
<Lola>: #ddos was an ACTA planning channel.
<Lola>: I want to know what happened to it
<Fred>: Questions about #ddos is off topic.
<Fred>: This is for planing.
<Yagermister>: #DDoS is BAD
The next day Lola appeared again—this time to discuss botnets (networks of remotely controlled computers which can be used to strengthen a DDoS assault):
<Lola>: do you have a botnet?
<Lola>: without one you can’t do much
<Lola>: you can get like $10 for 100 these days
<Lola>: from some skiddie forums
Lola is told, again, to stop “discussing illegal activities.”
This is, perhaps, an opportune moment to discuss botnets in more detail—especially since they became increasingly important to the Anonymous DDoS operations we will consider a little later. There is a Wild West cattle rustling aspect to the whole affair. A botnet is essentially just a collection of computers connected to the Internet, allowing a single entity extra processing power or network connections toward the performance of various tasks including (but not limited to) DDoSing and spam bombing. A botnet is a very powerful tool, involving (as it does) computers that are connected across various parts of the world and capable of distributing tasks. Participants whose computers are tapped for membership in a botnet usually have no idea that their computer is being used for these purposes. Have you ever wondered why your computer worked so slowly, or strangely? Well, you might have unwittingly participated in a DDoS.
A computer most often becomes a member of a botnet by getting infected by malware. This can happen through a number of different methods—that hilarious cat video you downloaded, the malicious link in an email from your aunt, a phishing attack you didn’t even know about, or a virus piggybacking on some software you downloaded from the Internet. Once infected, the computer runs a small program, usually hidden in the process table so it is not easily found, which mediates its involvement in the botnet.
Although there are many different ways for a botnet to work, one classic method involves connecting it to a pre-configured IRC server and channel. Once this connection is made, the computer will wait patiently—unbeknownst to their owners—awaiting orders from the botnet herder (yeehaw!). The herder is the individual capable of directing the computers that make up the botnet. Typically, this is the person who infected the computers in the first place. Usually he or she is waiting in the designated IRC channel, grinning from ear-to-ear as more and more infected computers join the channel, like zombies awaiting orders. This is known as the command-and-control channel (C&C). A typical scenario might see a herder tabbing back and forth between regular chat channels and the hidden C&C channel as it grows more powerful by the moment.
A typical botnet might boast around twenty thousand computers, but larger botnets have been tracked to upwards of thirty million. (Though most botnets have a bad rap—and for good reason—some botnets are voluntary and participatory. The most famous of these is probably SETI@ home, the three-million-strong string of computers searching for alien life in outer space.) They hover on this C&C channel until the botnet herder gives them an order—usually authenticated—to perform some task. So for example, the botnet herder might simply say, “ddos 172.16.44.1,” and then all the connected bots will begin to attack that specified IP address.10
Another common task for botnets is to send mass amounts of unwanted email. Spam is often stopped by an algorithm which determines its unwanted nature and blocks the sending address—but when tens of thousands of different machines with different addresses are sending the spam, it is much harder to track down and stop. Often botnet herders assemble their network not for their own purposes, but in order to sell the services of their bots to a spammer.
To be able to control tens of thousands of computers from a central location is a powerful feeling. By simply issuing commands you can make thousands of computers do something for you, and the larger the number of computers participating, the more powerful those commands are. In the botnet world there is an ongoing struggle over who has the most bots, the most bandwidth, and the best-infected machines (university, corporate, and government computers tend to be on better bandwidth).
This competition is so fierce that botnet herders will often try to take over other botnets. On the other side of the fence, law enforcement agencies and individual organizations that are fighting spam also struggle to take over botnets in order to neutralize them. This is not a trivial thing to do. One has to first identify the C&C. If you can figure out where the bots get their commands from, you can join the IRC channel, masquerading as a compromised machine, and wait to receive a command from the botnet herder. If the botnet herder sends an authentication alongside the command, you may have the password necessary to issue commands to the entire botnet yourself.11
But, as Lola indicated, you can also access all that fun and power for a cheap “subscription fee.” People on the IRC server were not happy with all this talk of the underworld of botnets and DDoS. The IRC operators booted the pro-DDoS contingent from the server. They left undeterred, becoming Anonymous nomads.
It is perhaps ironic that golum, as one participant explained it to me, “was a central figure in the IFM movement, if not THE central figure.” golum may have spearheaded the initiative, but his influence waned as he clamored for the types of digital tactics firmly rejected by the majority of Anons driving Chanology. Effectively, this majority managed “to change the direction of the operation” so as to keep it entirely legal. Those wanting to use direct action techniques found themselves increasingly marginalized. But while golum’s random dice day vision may have seemed to them nothing more than, well, random, golum was actually an adept organizer with a keen feel for media dynamics. I had seen in him action many times, and he was one of the finest propagandists and organizers in all of Anonymous. golum left the IFM to form a new direct action–oriented wing, taking some Anons with him. One participant in the new militant enterprise, which would come to be known as AnonOps, described golum as having “a very, very good antenna for PR and propaganda, and he realized the (at the time) immense psychological impact of declaring that a website would vanish, and then taking it down.”
golum took his tactics, and his supporters, elsewhere. Strangely, given his announcement of random dice day, he had in fact erected a website with an ACTA protest timeline that differed from the one he had announced on the IRC channel. The site designated the crescendo of activities for November 5, the worldwide day of protests known as Guy Fawkes Day. golum had conceived of different groups divided by chat rooms (#bump, #newor, #op), each with distinct roles and responsibilities.
Confusion loomed large over the DDoS campaign’s start date—but in the end, thanks to the initiative of some unknown actors, it was, as golum predicted, to fall in the middle of September. A stunning and spectacular avalanche of DDoS attacks attracted over seven hundred individuals into the splinter group’s chatroom and continued for over two months. In the end, they did not target the Office of the US Trade Representative. Instead, in a defense of file sharing, they DDoSed the heck out of a number of pro-copyright associations, such as the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA). The media attention was significant and the new crew was hooked. Displaying the Pirate Bay’s ship logo—also adopted by Anons as their campaign symbol—the BBC reported: “Piracy activists have carried out coordinated attacks on websites owned by the music and film industry.”12 Anonymous listed every news story written about “Operation Payback”—as the group called it—on tieve.tk, which also became the go-to hub for information as Anonymous migrated from IRC server to IRC server before establishing one of its own in late October.
Drawing upon my experiences with Anonymous, I can confidently declare that had golum’s breakaway group simply rallied troops around a slogan like “ACTA sucks,” the unprecedented waves of support would never have materialized. Fortunately, the spirit of Puck delivered a delightful accident to this nascent Anonymous crew. It was as if the trickster of crossroads, Eshu, then appeared, urging them to make a decision. And, as we will see, their choice allowed the pod to sprout into one of the Internet’s biggest political sensations.
The game-changing piece of information first appeared in a technical news article published by an Indian media outlet on September 5, 2010. It took a full week for Western journalists to pick up the story, at which point it circulated along the boutique technical press. The story quotes the managing director of Aiplex, an Indian software firm purportedly hired by corporations to DDoS file sharing sites like the Pirate Bay:
The problem is with torrent sites, which usually do not oblige [when served with a written legal request to take down a movie]. In such cases, we flood the website with lots of requests, which results in database error, causing denial of service as each server has a fixed bandwidth capacity. At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further.13
Ironically, given the target, that admission essentially provided evidence of a contemporary practice analogous to the privateering of yesteryear. Until outlawed in 1856, European powers routinely hired pirates to operate as their agents on the high seas—with the added advantage of being able to obscure their own involvement in whatever unsavory business they might require the pirates to perform. This was not the first time evidence surfaced that the copyright industries hired technologists to do their (illegal) dirty work. In 2005, the MPAA employed a hacker to break into the servers of TorrentSpy, a search engine for file sharing material, and search for confidential information they hoped would provide evidence of law breaking. During an exclusive interview with Wired.com, this hacker explained how the MPAA attempted to lure him with cash and other luxury goods: “We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed … if you save Hollywood for us you can become rich and powerful.”14
But with Aiplex, it was the first time the admission was so frank and forthcoming.
The reaction from Anonymous and many other geeky quarters of the Internet was predictably swift and biting. For well over a decade, the copyright industry/lobby/trade associations poured millions of dollars into aggressively hunting down, and suing, file-sharers and hackers who ran peer-to-peer sites, like the Pirate Bay, which coordinate access to troves of copyrighted material. Now segments of the copyright industry were going the “extra mile” by hiring hackers to engage in illegal tactics of their own to curb illegal file sharing.
Geeks criticized Aiplex’s technical methods (it is common for geeks to take any and all opportunity to debate the merits of any piece of technology). They made fun of Aiplex’s terrible and asinine criminal-confession-as-PR strategy. And on TorrentFreak, a popular website dedicated to reporting news on file sharing, one commentator noted: “AiPlex is just asking … strike that I meant; _begging_ for trouble.”15
The writer was spot on. Revenge arrived in the form of—did you guess it?—a DDoS campaign. Someone took the initiative to take down Aiplex, almost certainly using a botnet. golum and the other Anons who had set their sights on protesting ACTA through the use of DDoS campaigns exploited this opportunity to shift their energies and attention toward this event. It is perhaps no wonder that golum and his followers had no qualms about ditching ACTA, switching targets, and finding a new start date thanks to another bit of opportunistic chance—just like that initial rolling of the dice.
In one of the first propaganda posters for Operation Payback, this new Anonymous cell admitted that the DDoS campaign was “ahead of schedule,” thanks to an unexpected strike made by a single individual. The activists then predicted, “This will be a calm, coordinated display of blood. We will not be merciful.” Anonymous boldly signed off: “GOOD HUNTING.”
So was the “hunting,” as the poster claimed, a calm, coordinated, tactical incision in which Anonymous would show no mercy? Sort of. But, as we will see in a moment, the first few weeks of the campaign were rather chaotic—partially because the influx of supporters was hefty, at least for standards of the time. With so many people, proceeding in a calm and coordinated fashion was difficult. The first campaign launched September 17, 2010, targeting the MPAA’s website and taking it offline for roughly eighteen hours.16 Over the next four days Anonymous hit, among other targets, the International Federation of the Phonographic Industry, Aiplex (naturally), the RIAA, and ACS:Law, a law firm in the UK that worked on behalf of the copyright industry. From the perspective of these renegade Anons, Operation Payback was a resounding, glorious success, and the media were squeezed for many articles.
One of the remarkable feats of Operation Payback was how AnonOps managed, using propaganda material alone, to convince both the media (and many of their own members!) that the MPAA had hired Aiplex; there is no evidence to support this claim. Instead it is now widely believed that Aiplex had been hired by the Bollywood movie industry. And yet on September 20, 2010, scores of reputable news outfits, including Reuters, published statements in the following vein, despite flimsy—nonexistent, really—evidence: “MPAA.org and the Web site of Aiplex Software, a company the MPAA hired to target sites where piracy was rampant, were incapacitated for much of the day, according to the piracy blog TorrentFreak.”17 Because it was covered extensively in the media, I myself repeated this fib on countless occasions. To this day I still cannot ascertain who first proposed it, and whether it was borne from honest confusion (so many of the core participants truly believed it) or conniving duplicity. Whatever the case, Anonymous would seize upon this new-found specialty in the art of duping the media.
After a few days of the operation, AnonOps found itself on the verge of its most successful attacks of the season—where it would, in fact, show no mercy. The targeted organization, ACS:Law, would be shamed into oblivion thanks to Anonymous’s first major leak.
For the ragtag team assembled under the auspices of Operation Payback, the MPAA became the obvious target of preference. But by September 21, Anonymous could no longer effectively take down the organization’s site—the MPAA had implemented sturdy DDoS protection by employing an outside firm. And so, on September 21, 2010, following vigorous internal debate, Anonymous set its sights on ACS:Law, a British law firm notorious for sending threatening letters at the behest of copyright owners to thousands of alleged file-sharers, demanding money and the cessation of ostensibly illegal downloading. It took Anonymous much more time to choose ACS:Law as its target (two hours) than it did to take down the law firm’s website (two minutes). After the hit, the firm’s head solicitor, Andrew Crossley, was so unimpressed by the attack that he hastily volleyed back with the following statement: “It was only down for a few hours. I have far more concern over the fact of my train turning up ten minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish.”18
But, it turned out, these few hours of website downtime might have cost him his firm. ACS:Law’s web team was so incompetent that in restoring the site they accidentally made an entire backup, replete with emails and passwords, available for anyone with a modicum of technical ability to see and take. Anonymous noticed it, snatched it, and promptly threw all the emails on the Pirate Bay. It was the first in a string of stunning, Anonymous-led leaks that provided evidence of grave corporate misconduct.
By this time, Crossley’s firm was already under government scrutiny. Months earlier, technology journalist Nate Anderson reported on what he described as a “spirited debate” among members of the House of Lords. As they discussed an amendment called “Remedy for groundless threats of copyright infringement proceedings,” many lords were critical of ACS:Law’s methods.19 Lord Lucas, who had proposed the amendment, offered particularly harsh words to ACS:Law: “We must also do something about the quantum of damages that is being sought. In a civil procedure on a technical matter, it amounts to blackmail; the cost of defending one of these things is reckoned to be £210,000.”20
The emails obtained by Anonymous simply helped confirm, with a far more granular and damning level of detail, the firm’s relentless targeting of alleged copyright violators on behalf of copyright associations.21 One tactic involved writing married men with allegations that they had downloaded gay porn; many of these men paid five hundred to six hundred pounds to make ACS:Law go away.22 The leaked emails were a final decisive blow, and by February 2011, ACS:Law had closed down.23
It bears noting, again, that AnonOps’ decision to target ACS:Law was, like many of its decisions, made in the heat of the (chaotic) moment. Had the group voted otherwise, the operation would have never transpired. It’s worth looking into just how these voting mechanisms work, and the targeting of ACS:Law provides a prime example.
The public channel #savetpb (i.e., Save the Pirate Bay—later to become #operationpayback) hosted, at its peak, over one thousand participants. Many of them had come from 4chan, where news about Aiplex’s methods spread and roiled many into action. Those on the public channels were encouraged to use a tool called the “Low Orbit Ion Cannon” (LOIC for short), subtitled “When harpoons, air strikes, and nukes fail.” LOIC is an open-source application that allows users to individually contribute to a DDoS campaign from the comfort of their home by simply entering the target address and clicking the temptingly giant button marked “IMMA CHARGIN MAH LAZER.” By entering an IP address identified within a channel users could direct their computers to join a chorus of protesters in sending requests to a target. Alternatively, participants could set LOIC to “hive mode,” which allows computers to automatically contribute to the voluntary botnet.
Meanwhile, in the private channel first named #savetpbmods and soon after renamed #command, others were engaged in deep, often heated, and utterly confusing debate regarding strategy and targets. Most in the public channel were unaware of the existence of this private channel, unless they were one of the few eventually tapped to join. During an interview, one of the founders of the secret channel explained the selection criteria as follows: “You’re invited by another member of #command if you’ve proved yourself productive/ useful or trustworthy.”
Presented below are only a tiny number of excerpts from a truly convoluted—yet still semi-coherent—two-hour conversation that occurred in #command as participants decided to target ACS:Law. Decision-making often follows a liquid path. It opened with the participants noting the impressive number of individuals gathered on the public channel—awaiting, as it were, their orders:
<Anon2>: 660+ people
<Anon5>: eh oh
<Anon5>: the fan is hitting the shit
<Anon6>: yeah
[…]
<Anon4>: the fan blew up from shit
<Anon7>: their [MPAA’s] ddos protection is working
<Anon7>: i suggest we migrate targets?
<Anon7>: bpi? [British Phonographic Industry]
<Anon8>: why not riaa? [Recording Industry Association of America]
<Anon7>: because we failed with bpi last time due to small numbers
As they conversed, numbers continued to climb, and they started to worry about momentum and morale:
<Anon1>: in the meanwhile, there are a number of news articles popping up saying we did at least a lot of damage
<Anon8>: what has BPI done?
<Anon7>: Well
<Anon9>: Guys, do not discuss any drama in the main chat.
<Anon9>: We are here for propaganda. Lifting spirits.
[…]
<Anon9>: If we even INDICATE our efforts are “useless,” people will leave en-masse.
<Anon9>: It has always been about morale.
<Anon9>: We don’t have like 800 people because we tell the truth.
<Anon9>: we have 800 people that BELIEVE they are doing something.
<Anon7>: Guys, I do NOT want us to fail in the eyes of the public or make our troops go to waste. We need to migrate targets, soon
Disagreement over targets grew, and someone pointed out that the financial hit against MPAA was negligible since the organization paid a lump sum for its DDoS protection. Eventually, people agreed to stop hammering the MPAA and shift targets. Someone highlighted the nature of this endeavor: “but consider it an experiment either way. Prove me wrong.” Just when participants thought they reached a consensus, someone yelped and insisted on a vote; as is often the case with any IRC-based meeting (only magnified with a group like Anonymous), conversation became even more tangled:
<Anon7>: Nooo
<Anon7>: Wait
<Anon7>: Let’s vote.
<Anon8>: We have public opinion now because we do not target random sites
<Anon7>: First, let’s nominate sites.
<Anon7>: So far riaa and bpi has been nominated.
<Anon9>: I think I have the perfect idea
<Anon7>: we can vote here.
<Anon16>: Hello.
<Anon1>: let Anon9 speak
<Anon9>: I think I agree with Anon13 here. ACS:Law.
<Anon9>: Full go.
<Anon9>: Paste their shit website, post the news articles on them, etc.
<Anon9>: If we divert now they will have NO time to prepare.
<Anon1>: well, /b/ a new poster with tomorrow’s target, same time?
<Anon10>: I’m in for acs:law too
<Anon4>: me too
<Anon13>: Shall we change the topic in the main chat and divert the lazers now, so losing almost nobody, or attack tomorrow, potentially losing hundreds?
<Anon8>: someone give me an equally good motivation for a target
[…]
<Anon7>: let’s vote?
<Anon13>: I vote for ACS.
<Anon7>: DDoS ACS:LAW. 1 = yes, 2 = no
As some voted, others continued to broadly debate the choice of targets, arguing, “Attacking anti-piracy agencies at random isn’t helping our cause.” This prompted another long, tedious round of voting. Finally, two hours later, they seemed to have inched closer to an agreement, but in the middle of debating, guess what happened?
<Anon7>: www.acs-law.org.uk
<Anon12>: Give me the info I said.
<Anon7>: www.acs-law.org.uk is down ALREADY!
[…]
<Anon12>: the feck
<Anon12>: ?
<Anon1>: OMG?
<Anon1>: how long did it take us to vote again? XD
<Anon14>: Longer then it took for it to go down
Someone must have felt that there was enough of a consensus to move forward and fired up the botnets.
Two hours of planning, two minutes of DDoS’ing, and not long after the firm closed. A little over a year after Anonymous’s email leak, Crossley—who had been more worried about queuing for a coffee—was tried in the Solicitors Disciplinary Tribunal for an array of charges. He conceded to six of the seven allegations, including the following two: “acting in a way that was likely to diminish the trust the public places in him or in the legal profession” and “using his position as a solicitor to take unfair advantage of the recipients of the letters for his own benefit.”24 He was ordered to pay £76,000 in fines and had his license suspended for two years. Even though he challenged the claim that he had not taken proper measures to protect client data, he was found guilty as charged and the Information Commissioner’s Office also fined him for the data breach.25
Although many of Anonymous’s actions seek simply to attract media attention for the sake of airing an issue, sometimes fate gave them more than they bargain for—like an incidental opportunity to curb corruption.
By the end of fall 2010, with the constant deployment of digital direct action techniques, AnonOps had breathed new life into the still nascent idea that Anonymous could be a banner for activism; the name, once exclusively tied to the most abject forms of trolling, was slowly, but steadily, becoming associated with an irreverent brand of dissent. Regardless, those behind the September and October campaigns, like golum and the numbered Anons above, did not expect to exist as a team, much less as a network, for more than a few weeks. But, in a mirroring of the events that aggregated Chanology into a discrete entity, media validation helped solidify this new team as well. In a rare interview with TorrentFreak, one core organizer explained why:
The operation’s command was “pleasantly” surprised by the overwhelming media coverage and attention, but wondered where to go from there. They became the center of attention but really had no plan going forward. Eventually they decided to continue down the road that brought them there in the first place—more DDoS attacks … The media attention was indeed part of what fuelled the operation to go forward.26
With AnonOps here to stay, there were also clear signs of a cleavage emerging between different nodes within the activist branches of Anonymous. Chanology and AnonOps, the two most active wings, could not be more different in terms of tactics. One usually stayed within the bounds of the law and the other avidly, and enthusiastically, experimented with law breaking. By way of acknowledging these internal feuds and sectarian impulses, Anonymous would eventually adopt the refrain “Anonymous is not unanimous.”27
It was around this time that I started to grasp the overarching significance of these disparate and divergent geeks and hackers—Anonymous (Chanology vs. AnonOps), Assange, Manning, the Pirate Bay, and others—all entering the political arena and in much greater numbers than ever before. In orchestrating protests across a range of issues—in particular civil liberties—they transformed policy, law, media representations, and public opinion. While certainly unique in its bombast and capriciousness, Anonymous was clearly part of a wellspring of hackers and geeks who were taking political matters into their own hands and making their voices heard.
Anonymous signaled the growing importance of what I call “weapons of the geek,” in contrast to “weapons of the weak,” a term anthropologist James Scott used in his 1985 book of the same name to capture the unique clandestine nature of peasant politics. While Weapons of the Weak describes the tactics of economically marginalized populations who engage in small-scale illicit acts—such as foot dragging and vandalism—that don’t appear on their surface to be political, weapons of the geek is a modality of politics exercised by a class of privileged and visible actors who often lie at the center of economic life.
Technology does not simplistically determine the politics of hacking, even if technological experiences usually inform its expression. Just as there are many ways to hack, there are many ways for hackers to enter the political arena. From policy making to engagements with Pirate Parties, from reinventing the law through free software to performing risky acts of civil disobedience, the geek and hacker are not bound to a single political sentiment, such as libertarianism, and they certainly don’t agree on how social change should proceed.
What they all have in common is that their political tools, and to a lesser degree their political sensibilities, emerge from the concrete experiences of their craft, like administering a server or editing videos. Often, these skills are channeled into activities in order to bolster civil liberties, such as privacy. Unlike peasants who seek to remain inconspicuous and anonymous even as a group, geeks and hackers—even the anonymous Anonymous—explicitly call attention to themselves via their volatile, usually controversial, political acts. By fall 2010, AnonOps was at the forefront of the tests and experiments that sought to probe the new possibilities and legal limitations of digital civil disobedience.
And while some would count these experiments as a success, others—even those aligned on the same side of the struggle for civil liberties—were wary of the tactics employed. The Pirate Party in particular was less than enthused about the political use of DDoS. The Pirate Party is a political party which has made inroads in both Europe and Australia (and claims a very weak base in North America). Swedish free-culture advocate Rickard Falkvinge first chartered it in 2006, and now its platform is built on copyright reform, demands for Internet freedoms and civil liberties, and the building of tools to support direct democracy. The Pirate Parties in the UK and US wrote a letter to AnonOps requesting an immediate cessation of DDoS activity. (It should be noted that the letter prompted not only a vigorous debate among AnonOps participants—but also among Pirate Party members themselves):28
Operation: Payback needs to end. While it is certainly an indication that an increasing number of people are becoming frustrated with the way laws are being constantly re-written to kill our creative culture in the name of preserving profitability, its methods do more harm than good to the global effort.
By continuing Operation: Payback attacks, you will hamper those who promote copyright reform and curtailment of abuses of copyright, but who do so within the bounds of the law. Instead of being able to argue for legislative reform of copyright on its own merits, they will be accused of defending criminals and promoting lawlessness. It will be easier for legislators and the media to ignore the clear benefits of fair copyrights and free speech, in favor of clamoring for harsher legislation to “stop those pirates and hackers.”29
Perhaps surprisingly, those Operation Payback participants sitting in #command, for a very brief period of time, took the Pirate Party’s call to heart and considered aborting the use of illegal tactics in favor of a more moderate, reformist style: the advancing of a list of demands. The Torrent Freak interview revealed, publicly, the existence of the secret #command channel, and affirmed participants’ new embrace of law-abiding tactics. Below are some key excerpts from the interview:
The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack. Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets …
Last week command decided to slow the DDoS attacks down and choose another strategy, mainly to regain the focus of attention. It was decided that they would make a list of demands for governments worldwide. In a move opposed to the desires of the anarchic influences, command decided to get involved in the political discussion.30
This dual news—that there was a secret channel, and that its members wanted to go “legit”—was received extremely poorly by the public-facing channel #operationpayback on AnonOps. The result was, in essence, a mutiny. “Gobo” (not his real pseudonym), one core participant active on the public channel—who would later become a member of another separate, secretive channel recatalyzed by the revelation—explained:
That article seriously pissed a lot of people in the main channel off. A huge amount of arguing broke out over Anonymous being leaderless and “who the fuck do they think they are.” Somehow #command didn’t really perceive how much controversy they were generating by overstepping the limits of their purpose (as defined by the main chan’s participant).31
Little did the Anons crying foul know there was also another, even more secretive channel by the name #internetfeds. Originally chartered for the purposes of executing ops—especially covert hacking—it had gone idle for a period. One of its members reached out to Gobo and invited him to join #internetfeds with a scheme to revive it; the public commitment to a cessation of DDoSing suddenly looked very dubious indeed:
Essentially the ethos was as follows: Operation Payback would publicly “stop all illegal activity” as per the letter to the pirate party. #internetfeds would carry on these activities privately and in the name of “Anonymous” but *not* in the name of Operation Payback, and its existence was to be kept sacredly secret so as not to jeopardize the new “legitimate protest” image #command wanted to cultivate for Operation Payback.32
So, a small crew in a small cabal was planning to rekindle another, even smaller, and more secretive cabal—committed only loosely to the guiding principle of, like Fight Club, keeping mum about its existence (the group may have operated in secret, but each of its defacements came with a logo that included its name: “Pwned by #internetfeds”).33 As it turned out, #internetfeds never had to carry out this proposed “sacredly secret” mission because participants in the main channel essentially told #command to bugger off—affirming their intention to continue to DDoS with or without them: “civil war” broke out on the public channel where, according to Gobo, most people
roundly condemned not just the idea of going legit, but specifically the fact that #command had so massively leader-fagged by agreeing to all this without even mentioning it to the main channel. There was an extremely bitter argument and following that, someone simply told people to forget about the #loic hive and hit the next target manually, with or without the support of #command.34
Those in #command listened to the angry IRC masses and “almost immediately backpedaled on the pledge to make the op go legitimate,” explained Gobo. Although #internetfeds was no longer technically needed for this particular DDoS (since #command was put back on the DDoSing track thanks to pressure exerted by those on the public channel), it persisted anyway, ultimately becoming “an extremely militant defacement and leaking channel,” as Gobo described it, which would really shine in the coming months. Peace had been restored, but barely.
In September 2010, when a new Anonymous node arose out of the righteous anger borne from the double dealing of the copyright industry, it seemed always on the brink of disorder. Action was often heated, messy, soulful, and spontaneous, compounding the thrills experienced by all. Increasingly, AnonOps, had become more deliberate in its decision-making process—the direct result of collective thinking on the subject of collectivity itself. Undoubtedly, the topic of organization was highlighted by many participants upset at the double standards in operation during the initial campaigns. One of the core hackers explained to me why he felt justified in forging forward with these illegal tactics, a sentiment that seemed to capture the collective mood of the time: “I saw it as a form of poetic justice in response to Aiplex DDoSing the Pirate Bay.” Gobo who had worked closely with golum highlighted how he always
spoke very passionately about the fact that people he’d known from Anonymous [had been arrested for taking part in trolling-based DDoS attacks] and yet here were major corporate people boasting about it and everyone knew 100 percent that no one would ever prosecute them. golum has a very strong ideological belief in the idea that there should be no double standards in politics, and so for him it was the “corporations getting away with crimes” ordinary people don’t get away with.35
By November, individual sentiments such as these were transformed into a collective political statement. Soon after AnonOps retracted its commitment to going legit, the group published a letter to the Pirate Party. It included a sophisticated justification for DDoS that focused on legitimacy over legality. Here is an excerpt:
Anonymous and Operation Payback share values and goals—i.e. freedom of information, expression, and sharing—with the Pirate Parties, but we are absolutely independent entities.
We are not concerned with legality, but with legitimacy. Those who decide our laws are the same people who decided that public copyright harassment, erosion of civil liberties and abominations of censorship such as COICA, ACTA, and the DEAct, are good and just things to enforce upon the populace. They do this whilst selectively enforcing their own laws when it comes to “official” organizations that take actions such as running a mass racketeering operation (knowingly suing thousands of individuals for infringement on bad evidence) or DDoSing sites that are contrary to their interests (AiPlex). We do not recognize their “authority” due to this rank hypocrisy.
Finally, we recognize and respect the work of Pirate Parties and wish them luck. We hope that you all continue your fight as we are continuing ours.36
As this letter signals, AnonOps became reflexive and unabashedly comfortable about stylizing its activities as civil disobedience. Soon after reaching an ethical consensus on DDoSing in November, the numbers on their IRC server dwindled precipitously. Only a smattering of secret cabals remained, tied up in their separate, clandestine channels. It was impossible to forecast that, just three weeks later, they would launch the largest DDoS civil disobedience campaign the world had ever witnessed.