What has the hacktivist activist group Anonymous achieved?

Who are Anonymous? And what do you want?

Tuesday afternoon last week: Around a dozen users are registered in the chat channel of the hacking group Anonymous, department #austria, there is a lot to discuss: Pizza services, breasts, the Federal Office for the Protection of the Constitution and Counter-Terrorism ("does the bvt also bring pizza?" ), the business practices of banks, cell phone tracking, the situation at Austrian HTLs. One asks, not entirely unjustified: "Am I the only one here who no longer goes to school?" No answer. After all, you want to remain anonymous.

Last weekend, the internationally active hacker collective Anonymous also appeared in Austria for the first time: the SPÖ and FPÖ homepages could not be reached for hours after cyber attacks, the Anonymous logo was emblazoned on the social democratic homepage, next to it a toy rainbow pony called Rainbow Dash, including a list with the private access data and passwords of hundreds of SPÖ users. Compared to the previous victims of the anonymous collective, including the Church of Scientology, MasterCard or Amazon, the action only hit semi-prominent opponents, but the attack caused quite a stir, at least in Austria. The Office for the Protection of the Constitution is investigating, Anonymous let himself be carried away to a press release via Twitter: "Dear media representatives. As we heard in the news that morning, you are wondering why we have paralyzed the FPÖ's website and beautified the SPÖ's. That does We are, to be honest, a little sad, since we had expected some research from you in the meantime. But of course we are happy to help you: Welcome to #AntiSec (Anti Security). Hackers from all over the world have united to unite against corruption and abuse power. "

In the interview with profil, an Anonymous becomes more specific: "The SPÖ and FPÖ became the target because we are currently fighting with Operation #AntiSec against parties that are either right-wing, corrupt or, in our opinion, have simply lost their closeness to the people." Anonymous goals, in principle: "Protection of the press and freedom of expression, human rights, freedom of information, protection of privacy."

Anonymous, which gained international prominence in the wake of the WikiLeaks affair last December, represent a new kind of hacking. The old-school hacker, the clichéd pimple-faced and ready-to-eat pizza-addicted computer nerd who tries to divert NASA rockets or crack the CIA database for the fun of it may still exist here and there. The mafia-like spam fraudsters and the online credit card thief anyway. The hacktivists are currently exercising much greater media fascination according to the Anonymous model.

A criminal background is initially alien to the hacktivists. Nevertheless, their attacks are in any case beyond legality. What they describe as a kind of digital demonstration, those affected and the authorities see as damage to property and trespassing. Media scientist Jana Herwig from the University of Vienna describes the dichotomy of Anonymous: "It's not primarily about hacking, but about an internet-based form of activism in which hacking also plays a role. Hacking still has a criminal connotation on the one hand, on the other Anonymous also receives a large number of public expressions of sympathy, which is also due to the fact that the concerns they represent have a majority. It is a complicated mixture of public intervention, which on the one hand is highly valued and on the other hand can also serve criminal purposes. "In In the past few months Anonymous has also participated in the Arab revolutions and attacked government sides in Tunisia and Egypt.

Tuesday afternoon, in anonymous chat, the next steps are discussed between ordering pizza and debating: "The Nazi groups that support the FP would also be a nice goal" - "give links" - "fpö.at" - "that was cheap: P"

Who are the people in the chat? Who is Anonymous?
First of all, Anonymous is an extremely heterogeneous collective that developed about four years ago on the 4chan image exchange platform. Gradually, political concerns also came into play, became more present and more concrete. When credit card companies like Visa or MasterCard blocked the donation accounts of the detection platform WikiLeaks after the "Cablegate" affair last autumn, Anonymous attacked the card operator's websites. DDoS attacks were used as a means to an end. The acronym stands for Distributed Denial of Service and describes the overload of a web server through massive simultaneous requests from thousands of networked computers from all over the world - including Austria.

"A total of around 3,000 people were involved in Operation Payback (the action directed against MasterCard, Visa and PayPal, note)," explains blogger and social media entrepreneur Gerald Bäck. "Including some from Austria. However, of the 3,000 more than 2,000 did not know exactly what they were actually involved in. “Anonymous works without hierarchies and without central control, operations are discussed in open chat forums and refined in conspiratorial channels. If you want to take part, take part, if you don't, let it go. There are no leaders. Hackers don't form gangs, they form swarms. Because of this ambiguity, one can only speculate about the size and composition of the hacktivist scene in Austria. Even members do not overlook this. Bäck considers the people behind the SPÖ and FPÖ attacks (and most of them are men, at least that much is certain) to be a relatively marginal group. "Basically, these actions do not fit Anonymous at all. The focus is far too narrow. What's next? The homepage of the Meidling section?" Nevertheless, the activists are undoubtedly Anonymous. Because Anonymous means: Everyone can participate. And everybody can do what he wants to do.

No special technical know-how is required for this. Simon K. (name changed by the editors), IT specialist and scene connoisseur, sits in his bright apartment in an old building on the outskirts of Vienna. There is a pram in the anteroom, the children sleep, K. presents a basic course in hacking. "All you need for a DDoS attack is the IP address of the web server that you want to attack. You enter this in a program that is freely available on the network, regulate how massive the attack should be and press It's as simple as that. And that's how fast you can be a criminal. ”In fact, several suspected Internet criminals were arrested in Great Britain who had participated in the Anonymous operation Payback in this way and probably without much thought. Real professionals would of course use so-called proxy servers for this, ideally even several third-party computers connected one behind the other, which cover the trail of the attacker. Among hackers - as a synonym for fairly high security - the common saying is: you should be behind seven proxies.

Of course, such server blockades no longer have much to do with real hacking. The challenge is mainly limited to coordinating as many co-blockers as possible or, depending on the budget, renting a botnet, a network of virus-infected computers that can be remotely controlled - unnoticed by their users. There are also relevant internet forums and specialized providers for this. In addition to botnets, online black markets offer a multitude of semi-legal or non-legal services such as spam orders or freely available servers in countries "where the authorities may not ask exactly who the server belongs to and what it is used for," explains K . "But you can no longer find that on Google. To do this, you have to build up a certain level of credibility in hacker forums before you are offered something like this. "

How does someone actually move on the Internet who knows as much about the possibilities of cyber crime as K. does? Well, be careful: "I've never given my credit card details online. Automatic logins are completely taboo. I don't even use Internet Explorer." a misunderstanding: "Apple devices are also infected with viruses. But hardly anyone notices because most malware is programmed for Windows. The hacker works according to a tough calculation: There are many times more Windows computers than Apple computers around the world. This means that his return on investment with a Windows virus is many times higher. "

Not only, but especially on the Internet, the basic rule applies: ignorance does not protect against harm. Matthias Hudler, head of the IT security competence center at the FH Campus Wien, and his colleague Manuel Koschuch are on the other side of the firewall. They identify two growing security risks in connection with Internet crime: "On the one hand, digital technology is becoming more and more complex and networked. And complexity is the worst enemy of security," explains Koschuch. "I cannot build a system that is one hundred percent secure today. To do this, I would have to wall my server in a bunker and cut off any connection to the outside. ”This does not apply to the common company database or to such sensitive systems as telecommunications or power supply: digital technology is everywhere in the background and thus a potential point of attack for cyber attacks . IT security technicians can live and work with it.

The second problem is even more difficult: "With increasing digitalization, computer technology is also being used by more and more people. And people are prone to errors. The best IT security cannot prevent human error. Increasing networking through smartphones and other mobile devices will do so Increase the problem even more in the future. ”Not for nothing is a special discipline of hacking called“ social engineering ”. It is less about nifty programming work than simply about tricking users into giving themselves into the hands of fraudsters. Well-known examples: fake shops that accept prepayment but do not send any products; or phishing, in which users are tricked into disclosing their credit card details with fake prompts.

From the point of view of IT security, the human factor also plays a further role, especially when it comes to hacktivism à la Anonymous. Koschuch: "We can of course still further increase security using technical means. But the social problems that are often behind hacktivist attacks cannot be overcome with algorithms." These can also be found in the age of digital resistance, in the era from Anonymous, LulzSec and WikiLeaks, only solve in a relatively old-fashioned way: with the good old politics.

Collaboration: Stephanie Schüller