“The supreme art of war is to subdue the enemy without fighting,” — Sun Tzu, The Art of War
Cyber wars are a battle in the shadows and — in the case of Anonymous hackers — at a café or the kitchen table with Twitter doubling as an unofficial press office. When Ukraine’s government called for a volunteer ‘IT Army’ to launch cyberattacks against Russia, an estimated 50 groups — 400,000 hackers — heeded Ukraine’s call. Anonymous was the first to pledge their solidarity on Twitter.
“It should be worrisome to the Russians for sure,” said Kevin McDonald, a SPYEX consultant and expert in cybersecurity. “Anonymous is a self-defined group, loosely formed and not under the control of any central authority. This decentralization, their anonymity, unknown numbers, and some seriously talented and well-connected operators are what makes them potentially dangerous.”
How Anonymous works
An Anonymous spokesperson describes the collective of online vigilantes as: “An amorphous idea. It flows like air, like water, like everything.” The head of Russia’s Space Agency calls them “scammers and petty swindlers”.
Anonymous is a global hacking collective that states it is everyone and no one. Legion. A hive mind. A disparate group located in the US and abroad that undertake cyber ‘operations’ against individuals, companies, and governments they consider hostile and offer ‘support’ to those they favor including WikiLeaks founder Julian Assange, Taiwan in its struggle with China, and Ukraine in its battle with Russia.
It’s best to think of Anonymous as a series of hacking operations such as Op Egypt, Op Payback, and Op Newblood rather than as a group that shares one philosophy or goal.
‘Anons’, as they’re known, don’t often reveal their identities, although court convictions over the years have ripped off the smirking masks of several members including New Yorker Hector Xavier Monsegur — known as ‘Sabu’ — who was part of Operation Payback, a major attack that disrupted PayPal, MasterCard, and Visa among others. The hacks cost banks and the British music industry $5.6m.
Monsegur, viewed online as the sly mastermind of audacious attacks, was arrested in his Manhattan housing authority apartment where he dabbled in drug sales. The New York Times dubbed him ‘the party boy of the projects’. Facing more than 25 years in prison, he turned FBI informant, identified other ‘Anons’, and laid out the collective’s inner workings. He was sentenced to seven months’ time served.
Master hacker ‘Sabu’ targeted the US Senate and governments of Yemen & Zimbabwe
Chicago’s Jeremy Hammond, aka ‘Anarchaos’ was a member of Anonymous offshoot AntiSec and, at one point, the FBI’s most-wanted cybercriminal. He was sentenced to 10 years for hacking a company whose clients included Homeland Security and the US Department of Defense.
Matthew Keys, a former Reuters social media editor, was sentenced to two years in 2016 for helping Anonymous break into The Los Angeles Times. He was back in court in 2021 and sentenced to another six months for hacking into and deleting the YouTube account of the Sacramento business magazine where he worked.
Jake ‘Topiary’ Davis, a high-school drop-out at 13, lived alone in the Shetland Islands off Scotland. He ran the Anonymous Twitter account and defaced websites during the 2011 Arab Spring: “I went from just lurking to cracking jokes, to writing and I ended up accidentally writing ‘deface’ pages for the Libyan, Egyptian, and Zimbabwean governments.” Davis pleaded guilty at age 19 for attacks on Web sites run by Sony and the Arizona State Police, among others, and was sentenced to two years.
The rise of Anonymous
The international hacktivists coalition grew out of the chaotic 4chan online messaging board in 2003 with the goal of internet transparency and boasts about brazen hacks on governments, companies, and spy agencies.
Anonymous members claim to have temporarily shut down the CIA website, hacked a phone call about cybercrime between the FBI and Britain’s Scotland Yard, and taken down Russia’s Federal Security Service (FSB) website at the start of the 2022 Ukraine conflict. The coalition has posted documents apparently stolen from NATO computers and may have been behind the crash of Interpol’s website after it announced the arrest of 25 Anonymous members in Argentina, Spain, and beyond.
Some thought that the FBI had crushed Anonymous after Monsegur’s conviction in 2014 and cooperation with the Bureau — the number of hacking operations dropped from 75 Anonymous ops between 2011–13 to only three ops in 2014 — but, like Whac-A-Moles, Anonymous hackers keep popping up.
The hackers have used DDoS attacks and doxing to disable government sites, vandalize commercial websites, and target high-profile political figures — all without leaving the house.
Their symbol is the Guy Fawkes mask, a nod to anarchy as Fawkes tried to blow up the British Houses of Parliament in 1605. The mask was also worn by a character in the comic strip V for Vendetta, and has a symbolic as well as a practical purpose.
Anonymous published a list of protest instructions for a march, including: “Cover your face. This will prevent your identification from videos taken by hostiles, other protesters or security”.
The power of Anonymous
Anonymous operations have often had political ties ranging from an attack on the Mexican Army website in 2013 to Operation Hong Kong in 2014, and pro-Taiwan hacks in 2020 when Anonymous claimed responsibility for a hack on the UN’s website. Hackers created a page for Taiwan — which has not had a UN seat since 1971 — and, for 12 hours, the page featured a Republic of China flag, a Taiwan Independence flag, the Anonymous logo, and YouTube videos.
The merging of Anonymous cyberattacks with a ground war in Ukraine has thrust the group into unchartered territory, waging a cyber war against a nuclear superpower.
The collective announced it had hacked Russian-controlled TV to show Ukraine war footage; disrupted streaming services Wink and Ivi (Russian versions of Netflix); and that an affiliated group had shut down Russia’s space agency so Putin ‘no longer has control over spy satellites’.
The head of Roscosmos Control Center, where the space agency server was allegedly shut down, fired back on Twitter to deny Anonymous’ claim: “The information of these scammers and petty swindlers is not true.”
Who’s right? Who knows. It seems that in cyber war, as in real-life boots-on-the-ground conflicts, the first casualty of war is often truth.
Can Anonymous International hack the Russian state and get away with it?
On 14 August 2014, at around ten in the morning, a man walked into a cafe near Tishinskaya Square in Moscow. He ordered a coffee, sat down in the cafe’s far corner, and opened up a cheap laptop. Next, he launched a few applications: a text editor, an app for encrypted chat, and a web browser. Then he connected to the free wi-fi and accessed the internet through a VPN using his own private server, in order to make tracking his actions impossible. He opened Twitter in the web browser and entered the login and password that were saved in a separate document. His first tweet read, “I’m resigning. I am ashamed of this government’s actions. Forgive me.” The note immediately appeared on Prime Minister Dmitry Medvedev’s official Twitter account, visible to his 2.5 million subscribers.
Taking a sip of his coffee, the man in the cafe wrote a few more tweets: I will become a free photographer. I’ve dreamed about it for some time. I’ve wanted to say this for the longest time: Vova [Putin]! You are wrong!; and I like reading @Navalny [prominent opposition figure Alexei Navalny].
The man didn’t think anything unusual or extraordinary about his task. He hadn’t even planned on coming to the cafe that day to write on the Prime Minister’s account. It just so happened then that he was the only one not at work among the members of the group Anonymous International, better known as Shaltay Boltay. The programmers at Shaltay had gained access to Medvedev’s Twitter account long before, when downloading from iCloud copies of three of Medvedev’s smartphones (the Prime Minister kept his social media passwords in a note on one of his iPhones). “We monitored Medvedev for two years, but nothing interesting ever happened, so we decided we’d just troll him instead,” one of Anonymous International’s members told me, explaining the reason for the Twitter hack.
“Fly to Bangkok. Buy a local SIM card, and email us the number”
Thirty minutes after the first phony tweet, Vladimir Putin’s press secretary, Dmitry Peskov, announced to reporters, “I can say with high probability that we’re looking at a hacker attack.” The government soon confirmed it: “The Prime Minister’s Twitter account has been hacked. The last few messages posted to his micro-blog are untrue.” Medvedev’s press service started deleting some of the tweets, but the man in the cafe managed to publish a few more: We might be returning to the 1980s. It’s depressing. If this is what my colleagues in the Kremlin are after, they might soon get their wish; and Russians shouldn’t have to suffer because the country’s leadership has problems grasping common sense. Additionally, the man in the cafe retweeted Anonymous International’s Twitter account, @b0ltai (blocked inside Russia since April 2014): “The circus has ended and the clowns have scattered. Ban electricity! 😊.”
The “creative technician,” as he’s called at Anonymous International, was able to scribble as many tweets as he pleased — nobody was able to kick him out of the account. To stop what was happening, Medvedev’s press office would have needed to ask Twitter’s administrators to block the account. Instead, after an hour, the man wrote to his colleagues over chat, saying, “I’m bored. I’m getting out of here.” He closed his netbook and walked out of the cafe.
One of Anonymous International’s heads told me this story in the city of Bangkok, in early January 2015. He didn’t tell me his name, he refuses to let me describe his appearance, and he forbade me from recording our conversation. For the sake of convenience, I’ll call him Lewis. (After all, Lewis Carroll’s Alice in Wonderland, with its inside-out logic, most accurately captures the world of Russian politics, Shaltay’s members have said). It took three months of emailing to arrange a meeting with Lewis. At first, the meeting was supposed to take place in Istanbul, then in Kiev, and later, in November 2014, Anonymous International’s representative informed me that they could only meet in the Thai capital, where “it’s warm and the booze and women are cheap 😊 😊 😊.”
The final instructions regarding our meeting arrived in my inbox just a day before they expected to meet: “Fly [to Bangkok]. Buy a local SIM card, and email us the number. You’ll be called back within a few hours, and we’ll agree about the meeting.” A day later, after doing this, Lewis himself was the one to call me. He said the meeting would take place a few hours later on Khao San Road, the most crowded area of the city.
“We don’t do this thing because it’s permitted. We do it because we’re compelled”
A little more than a year before this meeting, on 12 December 2013, Anonymous International registered its website on Wordpress.com (its newer site, b0ltai.org, appeared later, in the summer of 2014). On 31 December 2013, these online activists published the full text of Putin’s New Year’s national address — several hours before it aired on television. Over the next 12 months, Anonymous International released what was mainly correspondence lifted from email accounts and mobile phones belonging to Russian politicians of varying degrees of influence.
In the spring of 2014, Shaltay leaked documents about several high-profile people and events in Russia and Ukraine: the state’s gameplan for a supposedly grassroots mass demonstration in Moscow in support of Russia’s actions in Crimea, documents about how the Kremlin prepared Crimea’s secessionist referendum.
On 27 July 2014, acting on orders from Roskomnadzor, Russia’s federal agency for media oversight, Russian ISPs blocked access to the domain b0ltai.org. The group’s main Twitter account, @b0ltai, was also blocked. Today, Shaltay’s website is accessible in Russia only via VPN or a mirror site. The group also runs @b0ltai2, a duplicate Twitter account, still unblocked in Russia, that reproduces all the first account’s posts, down to its retweets.
“To get information, sometimes you need to persuade people”
In August 2014, Anonymous International released archives from three different email accounts allegedly belonging to Dmitry Medvedev, as well as correspondence from Duma deputy and United Russia member Robert Schlegel about an organized “troll” attack on the websites of major American and British news media (including The New York Times, CNN, the BBC, USA Today, and The Huffington Post).
In December, Shaltay posted a photograph of Kristina Potupchik, the former press secretary of the pro-Kremlin youth group Nashi, apparently depicting her sitting in an office inside the Kremlin beside a bag full of cash.
The photo of Potupchik was meant as a tease, Shaltay implied, and two weeks later they leaked emails (about an orchestrated media campaign against opposition leader Alexei Navalny) and SMS records supposedly belonging to Timur Prokopenko, a former head of the pro-Putin youth group Molodaya Gvardiya (Young Guard), and now an official in the Kremlin.
“We have a small circle of regular clients. Our prices start at $30,000. I won’t say how high they go”
In an interview conducted over encrypted chat, Anonymous International’s press secretary asserted that the group publishes leaks because it is “dissatisfied with the restrictions on free speech online and with Russia’s aggressive foreign policy”. It has complaints about Russian domestic policy, too: “They only let the convenient candidates participate in elections,” and it’s “impossible to work peacefully in a small or medium business”. Shaltay’s stated mission is “to change the world for the better, helping to bring greater freedom and social awareness”.
One of the group’s members even quoted the 2009 film Watchmen, saying, “We don’t do this thing because it’s permitted. We do it because we have to. We do it because we’re compelled. Once a man has seen society’s black underbelly, he can never turn his back on it.”
Shaltay Boltay, if Lewis is to be believed, is only a “side project”. The group’s main work is getting hired to dig up information about private and public individuals. The whole company consists of a dozen people. Apart from the technical staff, there are Shaltay and Boltay, who manage communications with the outside world, two co-founders (one of whom is Lewis), and a woman named Alice. “She’s a field officer doing extremely important work. For instance, when needed, she follows Prokopenko to a cafe and sits down behind him, to see what he types on his computer,” Lewis explains.
“We have about two terabytes of data. A lot of those files are about people close to Vladimir Putin”
The company’s structure, Lewis says, resembles an “online gaming clan”: the staff don’t know each other in person, but they spend hours chatting together every day. No one collects a regular salary, and the size of one’s earnings depends on how much he or she contributes to an operation. They pay these fees in cash, and sometimes in bitcoins. They’ve hired no new staff since they started publishing documents under the Anonymous International brand.
Lewis says all the group’s employees, except for Shaltay and Boltay (who are based in Bangkok), live inside Russia. Lewis himself moves between Moscow, St Petersburg, and Kazan (though he never explains why he goes to Kazan specifically).
Every time before crossing the Russian border, Lewis wipes his hard drive of all its files. He came to Bangkok for just one day, arriving from a neighbouring Asian country.
Lewis confuses the subway stations, and we have to get out of our car and backtrack on the next train. Leaving the subway, we head for a European-style cafe because he “doesn’t like Asian food”. Lewis suggests walking there through a back alley, where, in almost total darkness, among the shacks and puddles, we find no passage and turn around. Finally, we sit down at the first cafe we can find.
Lewis is quiet. When he speaks, he doesn’t make eye contact. Talking to him isn’t easy. When I ask him questions about specific people and situations, he smiles and usually says, “Let’s leave that without any comment.”
You understand, Anonymous International isn’t my main job — it’s not our main job. We don’t do it all the time. Shaltay Boltay is a byproduct of other games. We do information technology security and … what’s the word?
Yes, that’s it. Information technology danger.
That’s an inaccurate way of putting it. Our work is gaining access [to information]. It doesn’t have to be through hacks.
But you’re capable of hacking people?
Of course. But more often access and information can be obtained by other means. For example, you can go to a cafe and watch what a person does [on his or her laptop]. To get information, sometimes you need to persuade people. Sometimes it’s with a kind word; sometimes it’s with another kind of word. Sometimes it’s with money, and sometimes you’ve got to trade one kind of information for another. We often take on work that’s tied to the Kremlin. After the main work is done, there’s always some information we’ve collected, but never used. That is what makes it to Anonymous International.
Do you have many clients?
We have a small circle of regular clients. It’s enough for us. Our prices start at around $30,000. I won’t say how high they go. We earn enough to live comfortably and to travel.
Who are your clients? To whom do you sell this information?
We’re hired by private individuals and groups within the state, and we never work with anyone tied to the drug trade. But we maintain that we’re an independent team. It’s just that it’s often impossible to tell who our clients are. Sometimes we hand over information to intermediaries, without ever knowing the client.
So, your main work is collecting damaging information on people?
No. Our job is changing the current reality. Sometimes our work is more than collecting information. Some of our work has resulted in the resignation of a governor. We handed over a file to someone who needed it. I won’t name names. Generally, we only release information that’s socially useful. We never share personal data.
So, the only thing you won’t publish is personal data?
And we’ll never publish state secrets.
What if you had data like Snowden’s? Would you leak that?
Most likely not. Not everything needs to be released.
What if the data revealed crimes by the state?
Then we’d release it.
But that’s exactly what Snowden released.
Any specialist in his field was already well aware of what he released.
Whom will you target in your next leaks?
We have about two terabytes of data. A lot of those files are about people close to Vladimir Putin.
We leave the cafe.
I ask him if I can photograph his laptop or his hat. Lewis hangs his hat on a fence, so that none of the signs in the picture’s background are visible. “It would be easy to come here later, pay someone some money, and get the camera footage from this area,” Lewis explains, as he buys some orange juice from a street vendor. He takes out a small bottle of gin from his bag and has a sip. Then he fishes out from his pocket the disposable phone he used to call me. With a handkerchief, he rubs off the fingerprints and removes the SIM card and battery, tossing them in different trash bins.
Then he runs off to catch a train to the airport.
Text: Daniil Turovsky for Meduza
A longer version of this article was originally published on Meduza English
Hacktivist group Anonymous is using six top techniques to ‘embarrass’ Russia
- Anonymous uses many strategies in its digital fight against Russia, the most effective being hacking into databases and leaking the information online, according to cybersecurity specialist Jeremiah Fowler.
- The size of the leaked data will take years to process.
- The hacks have also exposed Russia’s cybersecurity defenses to be far weaker than previously believed, say cybersecurity researchers.
- Ongoing efforts by the underground hacktivists known as Anonymous are “embarrassing” Russia and its cybersecurity technology.
- That’s according to Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, who has been monitoring the hacker collective since it declared a “cyber war” on Russia for invading Ukraine.
- “Anonymous has made Russia’s governmental and civilian cyber defenses appear weak,” he told CNBC. “The group has demystified Russia’s cyber capabilities and successfully embarrassed Russian companies, government agencies, energy companies and others.”
- “The country may have been the ‘Iron Curtain,‘” he said, “but with the scale of these attacks by a hacker army online, it appears more to be a ‘paper curtain.’”
- The Russian embassies in Singapore and London did not immediately respond to CNBC’s request for comment.
Ranking Anonymous’ claims
Though missile strikes are making more headlines these days, Anonymous and its affiliate groups aren’t losing steam, said Fowler, who summarized many of the collective’s claims against Russia in a report published Friday.
CNBC grouped Anonymous’ claims into six categories, which Fowler helped rank in order of effectiveness:
1. Hacking into databases
- Posting leaked information about Russian military members, the Central Bank of Russia, the space agency Roscosmos, oil and gas companies (Gazregion, Gazprom, Technotec), the property management company Sawatzky, the broadcaster VGTRK, the IT company NPO VS, law firms and more
- Defacing and deleting hacked files
Anonymous has claimed to have hacked over 2,500 Russian and Belarusian sites, said Fowler. In some instances, stolen data was leaked online, he said, in amounts so large it will take years to review.
“The biggest development would be the overall massive number of records taken, encrypted or dumped online,” said Fowler.
Shmuel Gihon, a security researcher at the threat intelligence company Cyberint, agreed that amount of leaked data is “massive.”
“We currently don’t even know what to do with all this information, because it’s something that we haven’t expected to have in such a short period of time,” he said.
2. Targeting companies that continue to do business in Russia
- Blocking websites of companies identified as continuing to do business in Russia
- Dumping 10GB of emails, passwords and other data belonging to the Swiss food company Nestle. Nestle said these claims have “no foundation.”
In late March, a Twitter account named @YourAnonTV began posting logos of companies that were purportedly still doing business in Russia, with one post issuing an ultimatum to pull out of Russia in 48 hours “or else you will be under our target.”
By targeting these companies, the hacktivists are upping the financial stakes of continuing to operate in Russia.
“By going after their data or causing disruption to their business, [companies] risk much more than the loss of sales and some negative PR,” said Fowler.
3. Blocking websites
- Blocking Russian and Belarusian websites
- Disrupting internet connectivity at the St. Petersburg International Economic Forum which delayed Vladimir Putin’s keynote speech by some 100 minutes
Distributed denial of service (DDoS) attacks work by flooding a website with enough traffic to knock it offline. A basic way to defend against them is by “geolocation blocking” of foreign IP addresses. By hacking into Russian servers, Anonymous purportedly circumvented those defense mechanisms, said Fowler.
“The owners of the hacked servers often have no idea their resources are being used to launch attacks on other servers [and] websites,” he said.
Contrary to popular opinion, DDoS attacks are more than minor inconveniences, said Fowler.
“During the attack, critical applications become unavailable [and] operations and productivity come to a complete stop,” he said. “There is a financial and operational impact when services that government and the general public rely on are unavailable.”
4. Training new recruits
- Training people how to launch DDoS attacks and mask their identities
- Providing cybersecurity assistance to Ukraine
Training new recruits allowed Anonymous to expand its reach, brand name and capabilities, said Fowler.
People wanted to be involved, but didn’t know how, he said. Anonymous filled the gap by training low-level actors to do basic tasks, he said.
This allowed skilled hackers to launch more advanced attacks, like those of NB65, a hacking group affiliated with Anonymous which claimed this month on Twitter to have used “Russian ransomware” to take control of the domain, email servers and workstations of a manufacturing plant operated by the Russian power company Leningradsky Metallichesky Zavod.
LMZ did not immediately respond to CNBC’s request for comment.
“Just like in sports,” said Fowler, “the pros get the World Cup and the amateurs get the smaller fields, but everyone plays.”
5. Hijacking media and streaming services
- Showing censored images and messages on television broadcasts, such as Russia-24, Channel One, Moscow 24, Wink and Ivi
- Heightened attacks on national holidays, including hacking into Russian video platform RuTube and smart TV channel listings on Russia’s “Victory Day” (May 9) and Russia’s real estate federal agency Rosreestr on Ukraine’s “Constitution Day” (June 28)
This tactic aims to directly undermine Russian censorship of the war, but Fowler said the messages only resonate with “those that want to hear it.”
Those Russian citizens may already be using VPNs to bypass Russian censors; others have been imprisoned or are choosing to leave Russia.
Among those leaving Russia are the “uber rich” — some of whom are departing for Dubai — along with professionals working in journalism, tech, legal and consulting.
6. Directly reaching out to Russians
- Hacking into printers and altering grocery store receipts to print anti-war and pro-Ukrainian messages
- Sending millions of calls, emails and text messages to Russian citizens
- Sending messages to users on the Russian social networking site VK
Of all the strategies, “this one sticks out as the most creative,” said Fowler, though he said he believes these efforts are winding down.
Fowler said his research has not uncovered any reason to doubt Anonymous’ claims thus far.
How effective is Anonymous?
“The methods Anonymous have used against Russia have not only been highly disruptive and effective, they have also rewritten the rules of how a crowdsourced modern cyberwar is conducted,” said Fowler.
Information collected from the database breaches may show criminal activity as well as “who pulls the strings and where the money goes,” he said.
However, most of the information is in Russian, said Gihon. He said cyber specialists, governments, hacktivists and everyday enthusiasts will likely pore through the data, but it won’t be as many people as one might think.
Gihon also said he doesn’t believe criminal prosecutions are likely.
“A lot of the people that they’ve compromised are sponsored by the Russian government,” he said. “I don’t see how these people are going to be arrested anytime soon.”
However, leaks do build on one another, said Gihon.
Fowler echoed that sentiment, saying that once a network is infiltrated, systems can “fall like dominoes.”
Hackers often piggyback off one another’s leaks too, a situation Gihon called “the bread and butter” of the way they work.
“This might be a beginning of massive campaigns that will come later on,” he said.
The more immediate outcome of the hacks, Fowler and Gihon agreed, is that Russia’s cybersecurity defenses have been revealed as being far weaker than previously thought. However, Gihon added that Russia’s offensive cyber capabilities are strong.
“We expected to see more strength from the Russian government,” said Gihon, “at least when it comes to their strategic assets, such as banks and TV channels, and especially the government entities.”
Anonymous pulled the veil off Russia’s cybersecurity practices, said Fowler, which is “both embarrassing and demoralizing for the Kremlin.”
[Anonymous: Who Are the Shadowy Hackers Taking on Russia?
Cyber wars are a battle in the shadows and - in the case of Anonymous hackers - at a café or the kitchen table with…spyscape.com](https://spyscape.com/article/anonymous-the-return-of-the-shadowy-hackers-taking-on-russia "spyscape.com/article/anonymous-the-return-o..")
[Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia
Ongoing efforts by the underground hacktivists known as Anonymous are "embarrassing" Russia and its cybersecurity…cnbc.com](https://www.cnbc.com/2022/07/28/how-is-anonymous-attacking-russia-the-top-six-ways-ranked-.html "cnbc.com/2022/07/28/how-is-anonymous-attack..")
Wanna say Hi to me ? Here is my linkedin .
Did you find this article valuable?
Support Cyber Aeronautycs Ltd. Blog by becoming a sponsor. Any amount is appreciated!