The problem with Anonymous.. it doesn’t know who it is

The problem with Anonymous.. it doesn't know who it is

Anonymity can have its drawbacks.

If your movement has no defined leadership, no structure, no way for people to officially become members, and tries to make a positive about the fact that anyone can claim to be a part of it.. then it’s very hard to define what’s done in the name of the movement and what isn’t.

I’ve spoken to countless journalists and security commentators who have a nightmare trying to report anything to do with Anonymous, because.. well.. how do you know that something was really done by Anonymous, and not just someone who has chosen to wave that flag?

Take last week’s hack of Britain’s largest single abortion provider, for instance, by a hacker who identified himself as being part of “Anonymous”.

BPAS defaced website

As we reported news of the hacker’s arrest and subsequent confession in court, we were inundated with messages claiming that the hack had nothing to do with Anonymous.

But as reader “Mrs W” commented, it’s not easy to be so cut and dry about that:

If an organization has no membership roles and no leader, then anyone can claim to be part of them. You can’t arbitrarily decide they’re acting independently just because you want to distance the group from the act that was committed.

It doesn’t take a village to hack a website. No doubt other hacks in the name of Anonymous were perpetrated in similar solitary fashion.

This guy has ties to Anonymous, and he claims to be Anonymous. Isn’t that about all you can say of any of them? And if that’s not enough, what would someone need to do to prove they are acting on behalf of the group?

My hunch is that the majority of Anonymous supporters wouldn’t have approved of the website hack, and certainly not the threat to release details of people who had contacted the British Pregnancy Advisory Service about terminating their pregnancies.

Tweets related to BPAS hack

Anonymous hackers have done some pretty nasty stuff in the past, putting innocent individuals at risk and not caring about their welfare in their desire to embarrass or expose businesses or government organisations, but the attack against the abortion service doesn’t seem to fit with the normal model.

Sign up to our free newsletter.
Security news, advice, and tips.

But a movement which embraces chaos and lack of structure can’t have it both ways.

If you’re going to let anyone wave the Anonymous flag, if you have no structure that allows an “official” view to be communicated, then you have to accept that you have no more right than the BPAS hacker to decide what can and cannot be done in the name of your movement.

In short, Anonymous doesn’t know who it is. And can’t know who it is. Because it’s made of countless different individuals, all of whom have their own opinions and beliefs about what Anonymous is and what it should be.

Sure, there are Twitter accounts and some websites that attempt to present themselves as semi-official channels for communication by the Anonymous collective, but ultimately they are controlled by a handful of individuals – and are unlikely to represent accurately the wide spectrum of viewpoints belonging to Anonymous participants.

Four chapsRight now, any spod can buy his “V for Vendetta” mask, make a video in his back bedroom announcing that they’re going to bring down Facebook in a month’s time, distort their voice and upload it to YouTube.

There are some in the media who will report this as a genuine threat from Anonymous, planning to do something bad. But, frankly, it can’t be taken seriously unless or until something actually happens.

Similarly, a tweet from an “official” Anonymous Twitter claiming a threatened attack isn’t officially sanctioned should be similarly treated with derision. After all, in an anonymous movement, how can a semi-official Twitter account possibly know or not – with absolute certainty – if other supporters don’t have such a plan.

Ultimately, you can’t believe anything when it comes to Anonymous.

And I think that’s something of a problem for the movement as it tries to communicate what it believes in, and what it wants to change about the world.

Image of four computer enthusiasts courtesy of Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.