What was once a small group of pranksters has become a potential national security threat, federal officials say.
The FBI has carried out more than 75 raids and arrested 16 people this year in connection with illegal hacking claimed by Anonymous.
Since June, Homeland Security has issued three “bulletins” warning cybersecurity professionals of hacking successes and future threats by Anonymous and related groups — including a call in Manhattan to physically occupy Wall Street on Sept. 17 to protest various U.S. government policies.
San Francisco police arrested more than 40 protesters last month during a rowdy demonstration organized by Anonymous that disrupted the evening commute. The group called for the demonstration after the Bay Area Rapid Transit system blocked cellphone service in San Francisco stations to quell a planned protest over a police shooting on a subway platform.
“Anonymous’ activities increased throughout 2011 with a number of high-profile attacks targeting both public- and private-sector entities,” one of the bulletins issued last month said.
Some members of the group have called for shutting down Facebook in November over privacy issues, though other Anonymous followers are disavowing such an attack, underscoring just how loosely organized the group is and how problematic it is to police.
“Anonymous insist they have no centralized operational leadership, which has been a significant hurdle for government and law enforcement entities attempting to curb their actions,” an Aug. 1 Homeland Security bulletin noted. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available Web servers, Web sites, computer networks and other digital information mediums for the foreseeable future.”
Followers posting to Twitter and conversing on Internet Relay Chat insist there are no defined leaders of Anonymous and that it’s more of a philosophy than a formal club, though a small group of members do the most organizing online.
“Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country,” wrote one of the more vocal members who asked not to be identified.
“Anything can be a threat to National Security, really,” the member said in an e-mail interview. “Any hacker group can be.”
Some members ‘dangerous’
The member said that the group as a whole is not a national security threat but conceded that some individuals acting under Anonynous’s banner may be considered dangerous.
DHS’s latest bulletin, issued Sept. 3, warned that the group has been using social-media networks to urge followers working in the financial industry to sabotage their employers’ computer systems.
The DHS warning comes on the heels of several Anonymous-led protests of the San Francisco Bay area’s transit agency that led to FBI raids of 35 homes and dozens of arrests, as well as to the indictment of 14 followers in July on felony computer hacking charges in connection with a coordinated “denial-of-service attack” against PayPal’s Web site last year.
Security officials said the “DoS” attacks occur when a Web site is overwhelmed by malicious messages from thousands of followers, usually with easily downloadable software.
“Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDoS [distributed denial of service] activities,” the August DHS bulletin said.
Anonymous orchestrated the crashing of PayPal late last year after the online financial service suspended WikiLeaks’ account after the Web site published confidential diplomatic cables and other sensitive U.S. government intelligence. The group also targeted Visa, MasterCard and others for the same reason and has carried out several other hacks during the year. Last month, for example, the group claimed responsibility for hacking a Web site belonging to the Bay Area Rapid Transit agency and releasing the personal information of 2,000 passengers.
Investigators suspect a splinter Anonymous group known as LulzSec was responsible for a June 15 denial of service attack on the CIA’s public Web site.
This summer, Anonymous claimed credit for hacking into a Booz Allen Hamilton Web site and leaking the e-mail addresses of 90,000 U.S. military personnel and hacking a Monsanto Web site and releasing the personal data of 2,500 employees.
On July 19, the FBI fanned out across the United States and raided more than 35 homes, seizing dozens of computers and arresting 16 on charges that they participated in the PayPal attack.
In response, Anonymous said it hacked a Web site on Sept. 1 belonging to police chiefs in Texas. The group posted personal information such as e-mails about internal investigations before the site was shut down.
FBI investigators in court filings said that the raids and arrests were made from a list of 1,000 computer users that PayPal cybersecurity workers identified as the most active attackers. The 14 who appeared in San Jose federal court pleaded not guilty and were released on bail after promising not to access Twitter, Facebook or other social-media sites.
— Associated Press