CSOC Assessment of the Activities of Anonymous in Australia

1. Overview
2. Anonymous first emerged in 2003 on internet imageboards as a group of individuals who carried out coordinated
3. operations termed ‘raids’ against random targets for their own amusement. In their early years,
4. Anonymous relied primarily on virtual sit-ins and distributed denial of service attacks.
5. Anonymous claims to be a leaderless collective of individuals who work towards a common interest,
6. however, monitoring by international intelligence agencies has shown that Anonymous has a clearly
7. defined structure (see below). Leaders of the group tell its members it is an organic organisation, “like a
8. suit without a head” (from which its logo is derived).
9. Since 2008, Anonymous’ operations have become more coherent, organised, frequent and damaging.
10. Anonymous’ justifies its activities as pursuing justice, human rights and freedom of speech.
11. Up until 2011, Anonymous maintained the mentality of embarrassing its targets rather than causing
12. major damage, taking websites offline and leaking unimportant confidential information. Since 2011
13. and the emergence of the ‘LulzSec’ subgroup, Anonymous’ activities have become more focused on
14. leaking confidential information and attacking governments. It credits itself with being responsible for the
15. overthrow of governments during the Arab Spring, although it is believed that Anonymous’ claims in that
16. regard are entirely overstated.
17. In the United States, Anonymous is viewed by the Department of Homeland Security and Federal Bureau
18. of Investigation to be a risk to United States national security. Internationally, Anonymous’ release of
19. confidential information is a concern, with no discretion given to what is released. In Australia operatives
20. seem far more restrained in this area.
21.  
22. Structure and Culture
23. Anonymous presents itself as a unified ‘digital brain’ with no clearly defined leadership structure.
24. Members are expected to act in the name of the group according to the group’s own norms. The group
25. claims that anyone can act in the name of Anonymous, but those who announce operations without the
26. approval of Anonymous leadership are denounced on social media sites such as Facebook and Twitter.
27. Leadership of Anonymous consists of a core group of individuals known as Sabu, Topiary (captured in
28. the UK), Owen, CommanderX, EleChe, Kayla, JoePie91 and Tflow who are heavily supported by a large
29. group of around 150 commanders who lead operatives in a particular region or on a particular operation.
30. Beneath the commanders are lieutenants who are responsible for recruiting and training new members,
31. research computer system vulnerabilities, conduct reconnaissance on potential targets and co-ordinating
32. attacks. The lieutenants appear to be the most active of the group.
33. Below the lieutenants are operatives which are the most diverse of the group. It is estimated that there
34. are around 15,000 operatives globally, with at least 2,000 in Australia. These are the foot soldiers
35. of Anonymous and range from those who join in on attacks using tools provided by Anonymous to
36. professional hackers. Since 2008, an increasing number of operatives operate offline distributing fliers
37. and participating in protests.
38. Tools and methods
39. Anonymous makes extensive use of the internet to conduct its operations. When carrying out these operations, Anonymous personnel hide their identities using open proxies, the onion routing network and
40. the invisible internet project network. Anonymous’ online activities include recruitment, reconnaissance,
41. exploitation of systems, website defacement, theft of confidential data and denial of service.
42. Primarily, Anonymous relies on tools developed by others for penetration testing. It’s primary toolset
43. includes the Backtrack Linux distribution and Low Orbit Ion Canon (LOIC) on Windows. The use
44. of LOIC by inexperienced operatives has allowed the intelligence community and law enforcement
45. to identify a number of individuals through Microsoft’s Windows Error Reporting platform. Senior
46. leadership of the organisation leave junior operatives vulnerable, considering them to be chumps and
47. easily replaceable.
48. Australian targets
49. It is believed that Anonymous has had operatives in Australia since at least 2003-2004. Their operations
50. had been minor within Australian borders up until the commencement of ‘Project Chanology’ in 2008.
51. Project Chanology
52. Project Chanology was Anonymous’ campaign against the Church of Scientology following the removal
53. of a video from video sharing website YouTube. Anonymous began an international campaign against
54. the church and through the media’s coverage recruited massive numbers of persons in the 14-25 year old
55. age group. Authorities believe that Project Chanology was a stunt organised by Anonymous leadership to
56. recruit more members to the organisation.
57. On February 10, 2008, large numbers of protesters turned out in Melbourne, Adelaide and Sydney to
58. protest against the Church coinciding with protests around the world.
59. On March 15, 2008 protesters turned out in Melbourne, Brisbane, Adelaide, Perth and Sydney.
60. On April 12, 2008 the only major Australian protest occurred in Sydney.
61. At these protests, people hid their identities using masks. Anonymous leadership claimed this was to
62. show the world that Anonymous was “united as one”, however authorities understand that it was to avoid
63. Police attention as many of the hackers were in attendance at the protests.
64. These masks led to the call by Police to be given powers to force the removal of attire covering a person’s
65. face known as ‘burqa laws’.
66. During the protests, electronic attacks were carried out by what Anonymous terms ‘online operatives’
67. against Church of Scientology’s telecommunications infrastructure.
68. Operation Didgeridie
69. Australian authorities began monitoring Anonymous more closely in September 2009 after the Federal
70. Bureau of Investigation contacted the AFP’s High Tech Crime Operations Unit and warned them that
71. attacks on Australian targets were being planned by Anonymous operatives in Australia and abroad.
72. Plans to attack Australian infrastructure were made in response to the Rudd Government’s planned
73. internet filtering which would block access to Anonymous imageboards and forums.
74. On 9 September 2009, the Prime Minister’s website was taken down through the use of a distributed
75. denial of service attack orchastrated by Anonymous. The attack only lasted an hour and was seen by
76. many in Anonymous to be a failure.
77. Operation Titstorm
78. Monitoring of Anonymous by the CSOC indicated on 5 February, 2010 that an attack on government
79. websites by Anonymous was imminent. Anonymous leadership had been planning attacks since
80. September 2009 in response to the Rudd Government’s internet filtering. Anonymous leaked a list of sites
81. proposed to be in the filter to Wikileaks.
82. On 8 February, 2010, Anonymous operative ‘jordotube’ posted a video message to the Australian
83. government on YouTube telling it that nobody messes with the Internet. They demanded that plans to
84. filter the internet be abandoned and for the resignation of Minister for Broadband, Communications and
85. the Digital Economy, Stephen Conroy. They threatened that failure to meet their demands would result in
86. Anonymous’ ‘full-fledged wrath’.
87. Attacks on the website of the Australian Parliament commenced on 10 February, 2010 at 8:00PM and
88. continued for two days. Government offices were flooded with spam, black faxes and prank phone calls.
89. The amount of bandwidth required to disrupt the website was small at 17Mbps and measures have since
90. been put in place to avoid such a low-scale attack causing disruption in the future. Current testing shows
91. that all Ausralian government websites can withstand at least 25Mbps before services are disrupted.
92. Small protests occurred in Brisbane, Sydney, Adelaide and Melbourne on 20 February, 2010 under the
93. banner Project Freeweb.
94. Australian Federal Police arrested Matthew George, 22 from Newcastle for taking part in the 10 February
95. attacks.
96. Operation AntiSec
97. Operation AntiSec was an international operation targeting government agencies and information security
98. contractors. On 28 June, 2011, Mosman Council’s website was hacked by Anonymous as part of the
99. operation. Four website databases were leaked to the internet.
100. Operation Ability
101. Anonymous ‘declared war’ on the NSW Department of Education and Communities on 25 July, 2011.
102. The operation’s commander appears to be an individual using the name ‘anon2790’ who appeared on
103. the day of the declaration. Initial assessments by CSOC believed the operation to have been carried out
104. as a means of intimidation of staff of Carenne School, Bathurst by persons associated with the Carenne
105. Gate Affair blog, however monitoring of Twitter and Anonymous websites indicate that the operation is
106. endorsed by Anonymous leadership.
107. Operation Ability has involved hacking of the NSW Department of Education and Communities, NSW
108. Police Force, Facebook and Blogger.
109. Structure and Organisation
110. While Anonymous claims it has no formal leadership structure, assessments by the international
111. intelligence community have discovered that it has a clear leadership structure.
112. Persons of Interest
113. auanon
114. Forums: Twitter, Facebook
115. Activities: Commander of Anonymous in Australia, facilitates communication among Australian
116. operatives using Twitter and Facebook.
117. Involved in Project Chanology, Operation Didgeridie, Operation Titstorm and Operation AntiSec.
118. Profile:
119. ‘auanon’ is likely a 19-22 year old female university student studying public relations or journalism. Their
120. writings are always concise and designed to grab attention.
121. ‘auanon’ is buoyed by their support on Twitter, having over 300 followers, mostly Anonymous members.
122. belladonna
123. Forums: whyweprotest.net
124. Activities: Organiser of Project Freeweb
125. Profile:
126. ‘belladonna’ is most likely a male aged between 16-22 based upon postings on whyweprotest.net and
127. conversations on IRC. He often speaks of topics involving beastiality, small-breasted women and anal
128. sex. He organised the Operation Titstorm.
129. anon2790
130. Forums: Twitter, opability.blogspot.com
131. Activities: Organiser of Operation Ability
132. Profile:
133. ‘anon2790’ claims to be in the Lithgow-Bathurst-Orange region of NSW, however analysis of their
134. writings indicate that they are from the North-East of the United States. Most leaks related to Operation
135. Ability are placed on the internet by ‘anon2790’. They are most likely male, aged 24-30.
136. fred_lowry
137. Forums: Twitter, opability.blogspot.com
138. Activities: Involved in the dissemination of information obtained under Operation Ability
139. Profile:
140. ‘fred_lowry’ appears to be a middle-aged Australian male, most likely from Northern Queensland. Their
141. writings are blunt, to the point and sometimes ocular.
142. Assessment
143. Anonymous presents a real threat to the security and stability of Australia due to its alliance with
144. Wikileaks and its willingness to post confidential information on the internet without consideration to the
145. potential implications of such postings.
146. Anonymous also presents a threat to government agencies, corporations and individuals through its denial
147. of service and telecommunications interruptions.
148. As time goes on, Anonymous has become far more brazen in its approach and is generally considered to
149. be ‘out of control’. This general cockiness will lead to the downfall of its leadership who strongly hold
150. the belief they cannot be found.
151. Recommendations
152. Further monitoring and penetration of Anonymous cells needs to be carried out by the law enforcement
153. community. It is recommended that the law enforcement community conduct investigations into
154. Anonymous by gaining the trust of Anonymous members and joining in their activities.