The mysterious group of hackers who go by the name "Anonymous" have threatened to take down the Internet on Saturday. Or not.
The confusion comes from the very nature of the group, which is amorphous and has no identifiable leadership. Several weeks ago, a group identifying itself as Anonymous announced "Operation Global Blackout," the effect of which would be to bring Web surfing to a halt.
Cybersecurity experts doubt the operation would have more than a limited effect, given the layers of protection built into the Internet architecture.
The Anonymous group itself, meanwhile, appeared divided over the plan. A Twitter account normally associated with Anonymous included several statements on Friday denying any effort to shut down the Internet.
"For the billionth time: #Anonymous will not shut down the Internet on 31 March," said one.
"What is this #OperationGlobalBlackout nonsense?" said another. "Stop asking us about it!"
The contradictions highlighted the difficulty of assessing whether a hacking threat should be attributed to Anonymous or to hackers merely posing as Anonymous
"They [may] declare that they're part of this group and then say that they are going to do something serious to the Internet or act out in some other way," said Richard Bejtlich, chief security officer at Mandiant, a computer security firm. "That's what's difficult about being a group that doesn't have any real membership or named leadership."
Looking For Suspicious Activity
Despite the uncertainty around Anonymous' intentions, cybersecurity experts were on the lookout Friday for suspicious hacking activity.
"I take them seriously all the time," said Bejtlich. "They are motivated, and they have skills."
Bejtlich and others were doubtful, however, that any hacktivist group would have much success disrupting Internet operations.
The plan announced by the Anonymous group was to go after the Domain Name System (DNS) that serves as the Internet backbone.
Internet websites are identified by numerical addresses, not names, so when a user types in a website name, the computer has to query a domain name server to find the corresponding Internet address number.
If Anonymous could overload the domain name servers with queries via a Distributed Denial of Service — DDoS — attack, the servers might not be able to respond correctly.
Cybersecurity experts say the number and dispersion of domain name servers would make it virtually impossible for hackers to take down the entire Internet, though they could not rule out the hackers' having a limited impact.
"If they were able to gather a lot of digital firepower and direct a lot of bogus traffic at one part of the DNS infrastructure, [they] could have an effect," said Bejtlich.
Hacktivists Become More Ambitious
Respect for the Anonymous hacking capability has grown significantly in recent months. Once known primarily for largely symbolic actions, such as temporarily taking down the CIA public website, the Anonymous hackers have moved on to more ambitious activity.
In December, the group announced it had managed to gain access to the computer files at Stratfor, a private intelligence firm, stealing credit card data and private emails. It was one of the final intrusions of a banner year for hacktivism.
A recently released study of data breaches by Verizon, the telecommunications company, reported that Anonymous and other hacktivist groups in 2011 accounted for 58 percent of all compromised records reported to investigators that year, a big increase over earlier years.
"In this past year, hacktivism is on the map in a big way," said Bryan Sartin, one of the co-authors of Verizon's Data Breach Investigations Report. "We see a different threat, a different adversary, and a broader range of attack techniques."
Cyber-intrusions by hacktivist groups are easy to distinguish, Sartin said, because the perpetrators, unlike most cybercriminals, are not motivated by a simple desire for financial gain.
"In a hacktivist attack, there are literally hundreds of ways you can hurt the victim," he said, "and in the end that's what hacktivism is about. It's about damaging a brand, it's about retaliation, it's about the public perception that an entity has been hacked. Hacktivism is the place where you see the most complexity, the most innovation and the most ingenuity on the part of the perpetrators."
ROBERT SIEGEL, HOST:
From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.
AUDIE CORNISH, HOST:
And I'm Audie Cornish.
The mysterious hackers known as Anonymous says its members will take down the Internet tomorrow, or maybe they won't. No one really knows who speaks for Anonymous, and taking down the Internet is no easy feat.
Still, security experts are paying attention because, as NPR's Tom Gjelten reports, Anonymous has shown it's capable of sophisticated cyber attacks.
TOM GJELTEN, BYLINE: To the extent Anonymous has an identity, it's political - anti-government, anti-business, anti-power. But pro-technology. These folks live and do battle online.
UNIDENTIFIED MAN: Hello, Citizen of World. We are Anonymous. The greatest enemy of freedom is a happy slave. To protest...
GJELTEN: Ironically, the latest Anonymous threat was aimed at the Internet itself.
UNIDENTIFIED MAN: On March 31st, the Internet will go black.
GJELTEN: A digitized announcement released on the Web several weeks ago said the blackout plan was prompted in part by concerns about Internet censorship.
UNIDENTIFIED MAN: Remember, this is a protest. We are not trying to kill the Internet. We are only temporarily shutting it down where it hurts the most.
GJELTEN: But could hackers really take down the Internet? The apparent plan is to go after what's called the domain name servers. When you type in a website name, your computer has to query a domain name server to find the corresponding Internet address number. In theory, if the domain name servers get overloaded, they can't respond correctly.
RICHARD BEJTLICH: If they were able to gather a lot of digital firepower, direct a lot of bogus traffic at one part of the DNS infrastructure, you could have an effect.
GJELTEN: That's Richard Bejtlich, chief security officer at Mandiant, a computer security firm. But he says it's hypothetical. The effect would probably be limited and may not even be noticeable. Plus, Bejtlich points out, anytime there's a threat allegedly from Anonymous, you have to wonder if it's just people posing as Anonymous.
BEJTLICH: They declare that they're part of this group and then say that they going to do something serious to the Internet, or act out in some other way. That's what's kind of difficult about being a group that doesn't have any real membership or named leadership.
GJELTEN: In fact, one of the Twitter accounts associated with Anonymous today included several tweets denying any Internet blackout plan. What is this nonsense, said one. Stop asking us about it.
That won't stop cybersecurity experts from paying close attention to the Internet tomorrow. Anonymous and similar hacktivist groups are no longer a laughing matter. In the past, they got attention mostly for symbolic actions; temporarily taking down the CIA website, for example. But that's changing.
BRYAN SARTIN: Suddenly in this past year, hacktivism is on the map in a big way.
GJELTEN: Bryan Sartin is one of the authors of a massive study of computer data breaches released this month by Verizon. The headline: In 2011 cyber attacks by hacktivist groups accounted for the largest quantity of stolen or compromised records, far eclipsing what organized criminal groups managed to take.
Cyber intrusions by hacktivist groups are easy to distinguish, Sartin says, because the perpetrators are not motivated by a simple desire for financial gain.
SARTIN: Hacktivism is the place where you see the most complexity, the most innovation and the most ingenuity on the part of the perpetrators.
GJELTEN: The motivation, Sartin says, is to inflict damage on a brand or an institution.
The Internet probably will not be noticeably affected tomorrow. But no cybersecurity expert these days is underestimating the capability of groups like Anonymous to hurt what they really want to hurt.
Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.