General security

A history of anonymous

Infosec Institute
October 25, 2011 by
Infosec Institute

Anonymous is the most famous 'hacktivist' group in the world. The informal nature of the group makes its mechanics difficult to define. Subsequently, without a formal organizational hierarchy, it's difficult to explain Anonymous to the general public and the media. In this article, I'll explain the history of the group, and offer some clarity on what's misunderstood about them.

'Hacktivist' is a portmanteau of 'hacker' and 'activist'. When people have technical skills, have access to the Internet, and understand how network infrastructure and servers work, it can be tempting to put that knowledge into having some effect on the world. The 'activist' part of 'hacktivist' means that they don't do their hacking and cracking without a cause. The various people behind Anonymous worldwide are united in a belief that corporations and organizations they consider to be corrupt should be attacked. If you're an administrator for a network that has little reason to be a target for social activists, your network and servers are unlikely to become a target for Anonymous. If for some reason you believe your network might become a target, I recommend testing it for handling DDoS attacks, as that's the most common method Anonymous uses to bring down web servers.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Not all of Anonymous' activities involve attacking networks or websites. Anonymous has also been active in initiating public protests. But the web and IRC channels are the lifeblood of the group. If it weren't for the Internet, Anonymous would've never existed.

2003: 4chan

4chan (, an image-based bulletin board website, was publicly launched on October 1st. The site was inspired by 2channel (, a massive Internet forum, with seemingly random content, which is especially popular in Japan. 2channel debuted in 1999. It has over 600 boards which cover wide ranging subject matters, such as cooking, social news, and computers. Visitors to 2channel usually post anonymously, but the vast majority of content on the site is in Japanese.

The creator and administrator of 4chan goes by the handle 'moot'. Raspberry Heaven is an IRC community that originally consisted of members of the 'Anime Death Tentacle Rape Whorehouse' sub-forum of, and 'moot' is from the Raspberry Heaven community.

In the spirit of 2channel, 4chan allows people to post anonymously as well. Unlike 2channel, the vast majority of 4chan is in English. Well, it's mainly English and slang based on various Internet memes, really. Any poster who doesn't post text in the name field automatically gets credited as 'Anonymous'. Most of the various forums on 4chan are based on Japanese pop culture, but their most popular forum is /b/.

/b/ has a fascinating culture onto itself. A lot of the user created graphical memes you may see circulating around the Internet, like LOLcats, 'All your base are belong to us', and Pedobear, originated in the /b/ forum. As it is an image board, most of the postings are user generated graphics. Usually, they're intended to amuse, offend, or do both at the same time. The majority of the postings are 'Anonymous'.

2008: Project chanology

On January 14th, a video from the Church of Scientology was leaked onto YouTube. It was a propaganda video featuring Tom Cruise laughing hysterically. I assume the video was mocked in the 4chan /b/ forum and related IRC channels. As the clip is arguably unflattering to Scientology, the cult tried to get YouTube to remove the video due to 'copyright infringement'. In response, on January 21st, a video was posted on YouTube credited to Anonymous titled 'Message to Scientology'. Thus began Project Chanology.

A press release was written explaining the intentions behind Anonymous' Project Chanology. The release covers why Scientology is a dangerous organization, and how the cult's attempt to have the Tom Cruise video removed from YouTube was a violation of freedom of speech. Scientology has a reputation for financially exploiting its members, engaging in threatening blackmail against people who try to leave the cult, and various other abuses. 'Call to Action' was posted to YouTube on January 28th, also credited to Anonymous, calling for protests outside of Church of Scientology centres around the world on February 10th. At some point in January, a DDoS attack was also launched on the cult's website.

During the various Anonymous protests against Scientology that year, many protestors wore Guy Fawkes masks, in the spirit of the popular film V for Vendetta, and also to protect their identities from the cult, which is known for attacking dissenters Scientology calls 'Suppressive Persons'.

International protests outside of Scientology centres were orchestrated on February 10th, March 15th, and April 12th, attracting thousands of people.

On March 28th, JavaScript code was maliciously injected into the Epilepsy Foundation of America's web forums, to generate animations that can trigger epileptic seizures. People from (another website inspired by 2channel and 4chan) and subequently Anonymous were blamed for the attack. But the administrators of 7chan believed the attack was done by the Church of Scientology, making it look like it was done by Anonymous to harm their reputation. I believe Scientology did frame Anonymous. The cult has a reputation for condoning and initiating malicious actions against dissenters under their 'fair game' policy.

2009: Project skynet and operation didgeridie

In June, President Mahmoud Ahmadinejad was elected in Iran, which triggered protests across the country. In response, Anonymous Iran was formed, an online project between Anonymous and The Pirate Bay, a popular but persecuted torrent search engine site. Anonymous Iran offered Iranians a forum to the world which was kept safe amidst the Iranian government's crackdowns on online news about the riots. Project Skynet was launched by Anonymous the same month, to fight Internet censorship worldwide.

Operation Didgeridie started in September. The Australian government had plans to censor the Internet at the ISP level. On the 9th, an Anonymous initiated DDoS attack on Prime Minister Kevin Rudd's website brought it down for about an hour.

2010: Operation titstorm, operation payback and wikiLeaks

In February, the Australian government was in the process of passing legislation that would make pornography featuring female ejaculation and small breasted women illegal. A porn star with small breasts must be underage, apparently. In response, on the 10th, Anonymous engaged in Operation Titstorm, using DDoS attacks to bring down various Australian government websites.

Operation Payback commenced in September. The MPAA (Motion Picture Association of America) and the RIAA (Recording Industry Association of America) hired Indian software firm AIPLEX to launch DDoS attacks on The Pirate Bay and other websites related to file sharing. In retaliation, Anonymous posted the following:


"Operation:Payback is a bitch.

DATE September 19, 2010

To whom it may concern,

This is to inform you that we, Anonymous, are organizing an Operation called "Payback is a bitch". Anonymous will be attacking the RIAA (Recording Industry Association of America), the MPAA (Motion Pictures Association of America), and their hired gun AIPLEX for attacks against the popular torrent and file sharing site, the Piratebay ( We will prevent users to access said enemy sites and we will keep them down for as long as we can. But why, you ask? Anonymous is tired of corporate interests controlling the internet and silencing the people's rights to spread information, but more importantly, the right to SHARE with one another.The RIAA and the MPAA feign to aid the artists and their cause; yet they do no such thing. In their eyes is not hope, only dollar signs. Anonymous will not stand this any longer.We wish you the best of luck.



We are legion."

Anonymous executed DDoS attacks of their own, targeting websites linked to all three organizations, the MPAA, the RIAA and AIPLEX.

Operation Payback continued in December, but this time the targets were Mastercard, Visa Paypal, the Bank of America and Amazon. WikiLeaks is a website for whistleblowers to post insider information about corrupt government activities around the world. Those corporations were targeted for blocking charitable donations for the WikiLeaks website. By the 8th, websites for Mastercard and Visa were brought down, once again by DDoS attacks.

On the weekend of December 11th and 12th, crackers broke into Gawker Media's network. The online media company, known for popular blogs like, and, uses Campfire, a corporate network chat application. The administrative logins used on the Gawker network were cracked, perhaps by brute force, dictionary or rainbow attacks. From Campfire chat, the crackers were able to obtain more administrative login credentials, and eventually the usernames and passwords for thousands of Gawker network users were obtained.

One of Gawker's official Twitter accounts was also broken into. The cracker tweeted under the Gizmodo account:

" hacked, 1.5 million usernames/emails/passwords taken".

Anonymous were blamed for the attacks, they were seen as revenge for Gawker blogs posting negative stories about 4chan. But on the 12th, an e-mail was sent to tech blog The Next Web saying:

"It has come to our attention that you are reporting about being hacked by Anonymous and Operation Payback in the war against the wikileaks drama that is currently taking place. While we feel for Wikileaks plight, and encourage everyone to donate and mirror the site, we are not related to Operation Payback or engaged in their activities. We have compromised all their email accounts and databases, and a significant portion of the passwords have been unhashed into plaintext."

The same day, received an e-mail from Gnosis, a hacker group unrelated to Anonymous.

"We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database.

We found an interesting quote in their Campfire logs:

Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After The Jump)

Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012

I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia "empire" needs to be brought down a peg or two. Our groups mission? We don't have one.

We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time."

So, Anonymous were wrongly blamed for the attack.

In mid-December, The Standard reported that the wife of Zimbabwean dictator Robert Mugabe, Grace Mugabe profited from illegal diamond mining. The information was revealed via a cable leak to WikiLeaks. Mrs. Mugabe sued The Standard for $15 million. By December 31st, Anonymous brought down Zimbabwean websites via DDoS attacks, as a response to Zimbabwean government corruption and Mrs. Mugabe's litigation.

2011: Arab spring, HBGary federal, GeoHot, and occupy wall street

Starting on January 2nd, websites for the Tunisian Stock Exchange and the Tunisian Ministry of Industry were brought down by more Anonymous DDoS attacks. It was a reaction to Tunisian government censorship. The Tunisian government had tried to restrict the Internet access of its citizens. By the 6th, Tunisia arrested many bloggers and cyberactivists who had been critical of its government.

By January 26th, the Egyptian government became the next target. Efforts started with the intention of removing Egyptian President Hosni Mubarak from power. Once the government blocked their citizens from accessing Twitter, Anonymous brought down Egyptian government websites with DDoS attacks by 3:00pm EST.

On February 5th, Aaron Barr of security firm HBGary Federal claimed to have infiltrated Anonymous and said he would release information in a press conference.

HBGary's website was powered by a CMS (content management system) that had several security loopholes. Because of those loopholes, Anonymous were able to access the site's databases via SQL injection. Usernames, e-mail addresses and password hashes were retrieved. The MD5 hash algorithms were cracked with rainbow tables, so eventually the entire database became accessible.

Eventually, the company that developed HBGary's CMS system was fired.

By April 2nd, Sony became the next Anonymous target. Sony's PlayStation Network banned user GeoHot for jailbreaking and modifying his PS3 console. GeoHot attracted Sony's attention by posting information about how to mod PS3s to the Internet.

Throughout April, the PlayStation Network and various Sony websites were brought down via organized DDoS attacks. This was Anonymous' way of coming to GeoHot's defense. It took a number of weeks until the PlayStation Network was operating normally.

Mid-July, people from Adbusters, the anti-consumerism magazine, started discussing what could be done in response to corporate corruption on Wall Street. The Occupy Wall Street movement was planned from there, for mass protests on Wall Street starting on September 17th.

On August 23rd, Anonymous expressed support of the Occupy Wall Street movement with a video post on YouTube.

From September 17th and onward, many thousands of people have been involved in the protest, which continues to be ongoing. Anonymous and Anonymous supporters have been covering the movement on Anonymous related blogs. Throughout September and into October, many cities around the world have joined the Occupy movement, such as Chicago, Toronto, London, Tokyo, Madrid, Milan and Stockholm.

The ubiquitous and now Anonymous related Guy Fawkes masks can often be seen on protestors. The now international movement has received a lot of coverage from the media, with no end in sight. I believe the Occupy movement is a mass social reaction to growing economic problems around the world.

'Hacktivism' is now a major phenomenon, and Anonymous is far from the only 'hacktivist' group. Networks, servers and databases which may become targets must audit for security. Harden networks from DDoS attacks, use virtualization and proxy servers when possible, and assure that passwords and hashes are difficult to crack. Special care must be applied to servers which contain encryption keys.

The Internet and the Information Age is accelerating the evolution of society and social activism. It's becoming more and more difficult to censor any information. I'm excited to watch how networking technology is changing the world, more often than not for the better.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.


Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.