Story

Fighting Anonymous: Dover cybersecurity specialist studying hacker group

Looking back at the checkered history of the Internet hacker collective Anonymous, Dover resident Joshua Corman believes people who identify with the group are facing a crucial juncture.

Few people have devoted as much time to researching the actions of Anonymous members as Corman, an Internet security specialist for the tech giant Akamai Technologies.

Anonymous, which began as an Internet meme in the early 2000s, is the name used by some computer hackers and Internet activists who have waged campaigns against a variety of targets, including banks, governments and the Church of Scientology.

Working with a partner, Corman has been posting his analysis about Anonymous and his predictions about the trajectory of the group on his blog, called Cognitive Dissidents.

The pair are co-authoring a series called "Building a Better Anonymous," which features insights and suggestions for how to shape the future of the online phenomenon.

"I see this is a kind of powder keg," Corman said during a recent interview, explaining that Anonymous is among a handful of unpredictable and chaotic entities operating online.

Others range from organized crime groups — which have developed a track record of attacking gambling sites — to foreign governments, some of which could be operating falsely under the name of Anonymous to avoid being linked with attacks.

As the Internet has grown more complex, individual users have gained significant personal power, but Corman fears that some lack the humility, compassion and restraint necessary to use that power responsibly.

Corman fears reckless behavior by those who identify with Anonymous could provoke the kind of response from governments and Internet providers that will throttle the free flow of ideas online.

"I knew early, I felt in my bones, that Anonymous is our Black Hand," he said, comparing Anonymous to the group responsible for the assassination that sparked World War I.

Eventually, Corman said, Anonymous will face a fork in the road, and members will need to decide whether the group will be painted as cyber-terrorists or as a form of organized chaos that operates by an underlying social contract.

"They're not trying to cause this," he said. "They're just frustrated. They're disenfranchised."

Corman spent the majority of his youth in New England, and has been living in New Hampshire since he was in elementary school. He moved to Dover while he was attending the University of New Hampshire, where he studied marine biology before earning a degree in philosophy.

While he was in school, he worked at Cabletron to help pay tuition bills, and started learning about computer software and networking.

He left the company in 2001 to start working for a firm that studied malicious computer software and created tools to detect and remove it.

As someone who spent his undergraduate years studying philosophy, Corman has approached his work with an interest in the psychological factors that lie behind actions online. He became an independent cybersecurity analyst in the mid-2000s, and started his own firm, called The 451 Group, before taking a position as a security researcher with the Mass. company Akamai.

Corman said he views himself as the cybersecurity equivalent of an FBI profiler, studying not just the technical aspects of a cyber attack, but also the motivations. He attempts to predict future trends, and publishes papers that examine changes in the threat landscape.

And given the new flurry of activity being conducted in the name of Anonymous, Corman said he was naturally drawn to begin learning more about the group.

"I could see that this had broader social implications, and I saw nobody else stepping up," he said.

The rise of the chaotic actor

Corman believes there is no single group that can be labeled Anonymous. It's more of a franchise than a cohesive unit, he said, and there are several different Anonymous sects, which all seem to be rooted in the Internet message board and web forum 4chan.

Anonymous emerged in 2003 as an online collective whose primary purpose was to operate in complete anonymity and carry out random acts across the web for their collective amusement, according to a cybersecurity bulletin published by the U.S. Department of Homeland Security.

At its core, Anonymous represents "the concept of many online community users simultaneously existing as an anarchic, digitized global brain," according to the bulletin.

Corman said Anonymous members also share in common a penchant to invoke the movie Fight Club, in which middle-aged men express feelings of disenfranchisement and powerlessness through violence.

Some of the tactics used by Anonymous include defacing websites, replacing websites with parodies and targeting them with web attacks intended to make them crash.

The virtual sabotage is often achieved using shared software tools. Corman said he believes there are actually relatively few Anonymous members with strong backgrounds in computer hacking, so attacks often involve the use of a piece of software called the Low Orbit Ion Cannon.

Users who don't necessarily have the ability to write computer code or wage digital attacks on their own can use the software to participate in so-called distributed denial of service (DDOS) attacks.

The attacks are intended to crash a target website by flooding it with traffic or resource-intensive requests.

In their earlier years, Anonymous' acts seemed to be somewhat random, the Homeland Security bulletin states, and it wasn't until 2008 that Anonymous became associated with so-called "hacktivist" activities.

The bulletin defines hacktivism as the nonviolent use of illegal or "legally ambiguous" digital tools to achieve political ends.

In 2008, people identifying as members of the group staged a public campaign against the Church of Scientology, attacking its website as a response to what Anonymous viewed as anti-free speech initiatives by the church.

The following year, people claiming affiliation with Anonymous responded to the disputed results in the Iranian presidential election by partnering with the Bit Torrent site The Pirate Bay to set up a pro-Iranian Green Party website.

Anonymous also conducted DDOS attacks targeting the Governments of Germany and Australia in 2009, according to the Homeland Security Department.

Anonymous' activities increased throughout 2011, according to the Homeland Security bulletin, with a number of high-profile attacks targeting both public and private sector entities.

Anonymous has justified nearly all of the attacks conducted during the last two years by citing social or political aims, the bulletin states.

Corman said he believes sometimes Anonymous members are just blowing off steam when they perform one-off hacking operations. Some operations have also had benevolent aims. For example, the group Anonymous Analytics has a released a report alleging the discovery of fraud by a Chinese agriculture company.

But Anonymous members have launched some operations that Corman said are "more anarchic." On July 12, 2011, Anonymous released personally identifiable information of approximately 2,500 employees of U.S. Agricultural Company Monsanto, and claimed to have taken down corporate web assets and mail servers, the bulletin states.

According to the Homeland Security Department, Anonymous has declared an intention to attack several oil companies working to mine oil sands in western Canada, including Exxon Mobil and ConocoPhillips.

On Oct. 10, 2011, through Operation Invade Wall Street, groups tied with Anonymous tried to completely erase Wall Street from the Internet.

They failed, but Corman said the effort has shown policy-makers how "aggressive" and "abrasive" they have become.

In addition, Corman said "false flag" operations are now being conducted more frequently online, and state-sponsored actors and organized crime groups have been carrying out malicious operations claiming the sponsorship of Anonymous.

Asked what he hopes to accomplish by studying Anonymous, Corman said he's seeking to open a dialogue about the group to help analyze its future. Analysis drives insight and improvement, Corman said, and thus far, thoughtful analysis of Anonymous has not been taking place.

"We're trying to force forward that continuous discussion and approximation of insight," he said.

Not all who have expressed their observations about Anonymous have been greeted with thanks, and for Corman, who came out publicly in his effort to study the group for the first time last month, the decision to enter the affray is a significant one.

Corman said one friend who blogged about Anonymous wound up receiving an ominous threat over the telephone. After long conversations with his wife, Corman said he decided to try to engage in a respectful and thoughtful discussion with members of the group through his blog.

Corman said he's been emphasizing that he doesn't work with any law enforcement agencies, and he's trying to be an asset to the group rather than a threat.

"That's an awful lot of power they're wielding, and they're not thinking about it," he said. "It's a bull in a China shop."