• Post author:
  • Post category:Security
  • Post comments:6 Comments
  • Reading time:10 mins read

Last Updated on July 6, 2011

Update 07 July 2011: Updated content with the Italian Anonymous Press Release in English.

Today the front pages of Italian newspapers dedicate ample space to raids carried out by the Italian police against the local cell of Anonymous.

The group started a campaign against AGCOM (the Italian Authority For The Communications) that is discussing a draft law concerning new regulations in defense of Copyright against piracy, which provide, in case a violation of copyright is reported, the removal of the indicted content through administrative and the eventual obscuration of the site, bypassing the ordinary laws.

The detractors consider these new regulations as a potential form of censorship and most of all a way for the government to maintain the control about the content of web sites with the possibility to remove unwelcome information.

On the wake of the protests following the draft law, the Italian Anonymous group, with the labels of #antisec (does it remind anything to you?), #opitaly, #freeweb, #nowebcensure, has performed, in the last two weeks, several DDoS attacks targeted against different Italian sites, not only related to the government (for instance against the same AGCOM or the Senate), but also belonging to other institutions such as Telcos (Telecom Italia), Utilities (energy firm ENI, defence firm Finmeccanica), and financial institution (UniCredit).

Yesterday the Italian Police carried out 32 dawn raids across the Italian peninsula (and Switzerland), which led to the arrest of 15 people, including the alleged leader of the organization, an Italian 26 years old guy, residing in Switzerland, which used to sign his actions with the Nick of “Phre” (which sounds like Frey his surname).

The raids follow similar police action in Spain last month, which saw another three suspects arrested and quite curiously they happened in the same day in which Sabu, the leader of the LulzSec group declared he has hit the point of no return.

If I look at the events from an information security perspective, I cannot help noticing that the actions performed by Anonymous and LulzSec on the Web Sites all over the world, have probably risen a kind of “desire to emulate” which has led to the involvement (enrollment) in the cause of individuals, who probably lack the necessary skills to perform hacking activities. I nearly would say, paraphrasing an abused term, that the desire to emulate the actions by LulzSec and Anonymous has led to a kind of “consumerization of hacking”, which not only is really dangerous, but also risks to downplay a subject that requires skill and know-how far above average, and not only the availability of hacking tools on the shelf.

As a matter of fact, from the early exploits, the group’s activities were widely publicized on social media, used to gather followers, hold virtual meetings in chat rooms, and share the results of the campaigns under the well known motto  “Tango Down” brought in the spotlight by the LulzSec group in its 50 days of fun (Lulz).

But yet even then, I think there was something wrong….

  • Regardless of any style considerations (the DDoS is not really considered an elegant weapon to hack), hackers (whether for the purpose of cybercrime or hactivism) are not too willing to publicize their actions, especially during the execution phase. It is not a coincidence that the excessive echo on their actions was probably one of the reasons who originated the haunt to LulzSec by other Hackers Group (an hacker called Warv0x even decided to hack again PBS after LulzSec just to show that the latter were not “as goodas they think they are”). The understatement has not been so far a prerogative for the Italian Anonymous who have immediately pointed to broaden their horizons (and followers) making wide use of Social Media.
  • There are mainly two groups leading the protests on Twitter: @anonitaly, and @LulzSecITALY. The first group, despite re-appearing on Twitter on April, the 6th, has begun to heavily tweet by June, the 21st, that is during the “hot days” (and not for the arrival of the Summer) of the Lulz Boat. The second one has officially twitted for the first time on June, the 25th, on the trail of the LulzSec group which at that time was sowing the seeds of havoc (real or alleged), and attracting on itself the interest of FBI and others hunters. Well, does the date of June, the 25th remind nothing to you? Exactly! few hours later LulzSec would have announced its own dissolution, leaving the “Italian chapter” orphan. For sure the sequence of the events has not given the impression of a strict coordination between the groups;
  • As of June 28, both groups have begun to tweet in unison, posting the same information, searching for new followers and sharing targets and tools. I do not question on “the weapons” deployed for the campaign, but the impression given out, has been that being an hacker and taking down a web site was a simple job (on June, the 24th @anonitaly also provided publicly the link to LOIC, the tool used to take down the targets). The impression that using LOIC and being an hacker was something apparently simple, was further reinforced by an @Anon_central  tweet on using LOIC, which stated, among the other things:

[FYI] No One has ever been ‘arrested’ for using LOIC.

(maybe not in Italy I would comment).

Actually Anonymous has released the “OpNewBlood Super Secret Security Handbook” in an effort to recruit more would-be hacktivist types to further their cause. This is a tutorial-style guide which aims to instructs users on multiple subjects, particularly how to set up secure Internet Relay Chat (IRC) access for group discussion participation. Maybe, but this is a mere speculation, due to the short time taken to set up the groups for the Italian Chapter, many individuals without the necessary skills have been embarked on the boat, ignoring the indications contained on the book.

It is not a coincidence that, suddenly after the so called “Secure Italy” Operation, the Italian Police released a statement, which apparently downplays Anonymous’ hacking skills.

Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address.

It is even more curious that I only found it in foreign reports, since this statement was not quoted in any newspaper I read.

Is this really the end for @anonitaly? Yesterday, suddenly after the raids, the group released a statement denying the dismantling of the Italian Anonymous Network (since there is no leader) and announcing “consequences” for the actions of the Italian Police.

The original Press Release is as follows (typos and misspellings included):

A few hours ago, the Italian police announced complaints, arrests and raids against a number of members of Italian anonymous.
The media has spread the news that the entire Italian network of anonymous has been dismantled and the “leader’s” of Italian anonymous was arrested.

Anonymous denies these media reports an reiterates that this is impossible: Anonymous is not been dismantled. Anonymous has no leaders, no structure. All anonymous members operate at the same level. Those arrested are not “dangerous hackers”as the media calls them, but people like you. They have been arrested while peacefully protesting for there and your rights. Our protest will continue louder than ever.

The Italian Anonymous have not fallen because of this cowardly attempt to dismantle them and announce consequences for there actions taken by the police, to demonstrate that anonymous is present and fights on, like it did in the past and will in the future, for the freedom of the internet. Italy anonymous calls all citizens of the internet and the international anonymous: We need you! Let them have it, stronger than ever.

We are Anonymous
We are Legion
We do Not forget
We do not Forgive
Expect Us

Today, after a silence of approximately 20 hours, both groups restarted to tweet and @LulzSecITALY has just released the Italian Universities’ dump database…

This Post Has 6 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.