The British and US governments have just jointly sanctioned two Russian intelligence operatives for their attempts to derail the democratic process through a series of coordinated cyber attacks. The US State Department is also offering a reward of up to $10M for information on the Russian hackers responsible for the coordinated cyber espionage attack, which is international and spans several years. Targets even included the former MI6 director Richard Dearlove, and more recently scientists at several nuclear facilities in the United States. But what distinguishes this recent wave of Russian cyberattacks is that they are not just targeting governments or politicians.
Civil society became a significant target for Russia’s state backed hackers, including “universities, journalists, public sector, non-government organisations and other civil society organisations”. Paul Mason, a former BBC and Channel 4 journalist, has put out a statement confirming he was targeted by these hackers. At the time his private accounts were hacked, I had been helping Mason work on an article challenging Russian propaganda narratives that were spreading during the Bucha massacre in Ukraine. Overnight we were turned into the latest circulating ‘deep state’ conspiracy theory.
The Mason hack
As we worked, I received an urgent message from Mason saying his emails with me may have been compromised. He published a statement saying he had been “targeted by a Russian hack-and-leak operation”. I then received an email from a Grayzone writer who has also written for Russian state media (Sputnik/RT), saying, “Been going over various emails and DMs of yours. Very interesting…” The writer said he thought my employer and “the academics you’re trying to target are likely to be very unhappy indeed when they hear about all this. I think we’d better talk.”
The writer said the email was not a threat. But it was clear to me I was facing an impending reputational attack to harm my career and relationships. This email didn’t resemble the right to reply that journalists usually send posing questions prior to reporting, and it made no mention of an article or outlet.
Within hours the first article hit Grayzone, a website with a pro-Kremlin stance on world events. A series of stories followed linking me to activities of which I had no knowledge and suggested that Mason and I could be part of a nefarious plot to silence critics of NATO in Russia’s war on Ukraine.
The author of the Grayzone articles apparently told Politico in 2022 that the emails at the centre of these claims were sent to the organisation anonymously via burner email accounts. The Grayzone has argued that “there is not even hard evidence that Russian hackers were the source of the leaks.”
But this week the UK and US governments issued sanctions against the individuals from hacking group Cold River (also known as Star Blizzard, SEABORGIUM, and the Callisto Group) which was reported to be behind this series of hacks. Cold River, they say, is operated by the Russian intelligence entity, the Federal Security Bureau (FSB), and “selectively leaked and amplified the release of information in line with Russian confrontation goals.”
Hacking freedom of expression
Hacking is normally discussed as a security issue. But this new form of cyber attack significantly threatens freedom of expression as I explain in my recent academic writing. Joe Burton, a professor at Lancaster University, has described this phenomenon as cyber intimidation, “a form of intentional bullying and intimidation that affects how individuals, groups and states act, including the things they do and the things they do not do. This includes the ability to express themselves free of fear of persecution or retribution.”
The UK Foreign Secretary David Cameron said the hackers had “failed”. But some impacts can be difficult to track rendering them invisible, particularly where they silence and suppress activism. And new research indicates cyberattacks cause “equally high levels of psychological distress as conventional terrorism and political violence,” driving political pressure that can escalate conflicts.
Today, aggressive cyber tools are increasingly available for authoritarian regimes wishing to target civil society actors. We ordinary people, not just governments are targeted with lawfare, spyware, social engineering and hacking. Russian hackers, for example, last year also reportedly doxed (malicious publication of personal information) those defending Ukraine. As Citizen Lab has shown, emails hacked from journalists and civil society are also often doctored before they are published, a phenomenon they called “tainted leaks”. Where it is hard for the Kremlin to defeat truth with lies, we see these chilling efforts deployed against researchers and journalists, eroding trust in those delivering any message counter to its interests. The ease at which this can now happen should terrify democracy defenders everywhere.
The hacking of journalists and their sources in particular undermines the ability to privately discuss, research and develop journalism. It also threatens free expression by closing down one side: Rather than contributing to debate, a pre-emptive hack against a journalist halts it.
In the case of Mason’s journalism and my efforts to contribute to it last year, the hack occurred before critical work on those defending Putin’s bloody invasion could occur. For the Kremlin’s hackers and their support alternative credible counter-perspectives cannot be allowed to rise on the left.
A crisis of trust
Conspiracy theories like these proliferate due to a deep crisis of trust in our media and political system. This has its roots in real injustices. But it is also exacerbated by the crisis facing traditional journalism that feeds a rising popularity of news ‘alternatives’. Social media’s engagement-based algorithms then tailor our feed of content to maximize popularity, which of course increases the politically divisive or fear-driven framing of content we see. This business model monetises the most misleading and toxic content, then social media companies are not consistent in responding to the content violating their policies against hacked material. Where cyberattacks are used to intimidate and silence civil society, victims may have limited power to respond. State-backed cyberattacks steal content that can be selectively used to create distrust in reliable journalists, researchers and NGO’s, or to drive anti-government conspiracy theories. Hacks also provoke government reactions that extend secrecy, roll back citizen rights or restrict vital journalism, which can be exploited by Russia to further fuel distrust of government and appetite for hacks – I call this a spiral of “secrecy hacking”. Ironically, increasing efforts by the British government to control information disclosure on national security have fed an information vacuum that provides fertile ground for misleading hacks to spread.
While I welcome sanctions against the Russian hackers, and urge all activists, journalists and scholars to be aware of their technical methods – in the long-term the solutions to Russian hacks lie in tackling our deepening crisis of trust.
Chinese communist party newspaper The People’s Daily has today denied allegations that China hacked into the computer systems of various US media outlets. The state-run newspaper denied that officials had hacked The New York Times and The Wall Street Journal, also refuting claims from The Washington Post that it had been targeted. The People’s Daily said that the national security allegations from the US were a cover-up for imposing economic sanctions on China. The Obama administration will reportedly address the attacks as an economic threat in a National Intelligence Estimate report, meaning the US can impose sanctions in China in response. Concern has been mounting in America that China has been responsible for a series of sustained cyber attacks on government agencies, US companies and media outlets — a US congressional report last year named China “the most threatening actor in cyberspace”.
A french journalist researching prostitution and human trafficking in Cambodia has had a seven year jail sentence in absentia upheld under prostitution charges. Daniel Lainé was charged by Phnom Penh City Court on 29 January for soliciting prostitutes and issued with a “red notice” by Interpol following a request from the court, banning him from reporting anywhere outside of France. Lainé had originally been sentenced in 2010 after being caught secretly filming a prostitute without permission, a charge the journalist denies. The charges are thought to be linked to Lainé’s 2003 documentary exposing sex tourism in Cambodia and are allegedly supported by a written witness statement from someone who never appeared in court during the case. Lainé is a filmmaker for Tony Comiti Productions and was winner of a World Press Photo award in 1991.
These crisps have caused offence amongst the Catholic community
On 1 February, a film maker accused the Italian government of censorship for calling off the screening of his film for being too political. Bill Emmott, former editor of the Economist, was due to show his documentary Girlfriend in a Coma on 13 February at the National Museum of the 21st Century Arts, but the organisers were contacted on 1 February to say that the ministry of culture had ordered the event to be postponed ahead of the parliamentary elections on 24 February. Emmott, who’s film takes a critical look at Italy and the problems it faces, said there is a culture of denial in the country. The film has already been screened in several European countries and the US and is expected to remain postponed until the elections are over.
An appeals court in the Philippines has upheld a decision to pursue a libel case and issue of arrest warrants against a minor and five other people for online defamation charges made on 13 March 2012. A teenage blogger was accused of posting defamatory comments on Celine Quanico’s blog on 6 April 2008, along with Justine Dimaano, Francesa Vanessa Fugen, Anthony Jay Foronda, Roberto Armando Hidalgo and Danielle Vicaldo. Quanico said that Dimaano had posted a Yahoo messenger conversation titled “meet my backstabber friend”, but had changed the alleged victim’s name — who was 16 at the time of the alleged offence. Other insults posted on the site included “bitch”, “ugly”, “loser” and “liar”. The Cyber Crime Prevention Act went into effect on 3 October in the Philippines, after it was suspended following calls to remove the law from constitution.
Chain sandwich store Pret A Manger has withdrawn a new “Virgin Mary” brand of crisps from shelves following religious complaints. The bloody mary cocktail flavoured crisps had been introduced last week, but prompted complaints, including from Catholic groups that the brand was offensive to Jesus’ mother. The company said it removed the product to avoid further offence after noting the “strength of feeling” behind the few complaints they received. The unsold crisps will be donated to homeless charities across the country. Among the complainants was The Reverend Nick Donnelly, deacon of the Diocese of Lancaster, who said after Pret removed the product that the incident taught the Catholic community how to defend their faith in the future.
A woman who said she was raped by state security forces and the journalist who interviewed her were charged by police on 29 January in Somalia. Journalist Abdiaziz Abdinur Ibrahim could face four years imprisonment for insulting a government body and two years for inducing false evidence. Abdiaziz has been charged with insulting a government body, simulating a criminal offence and making a false accusation. The alleged rape victim’s husband and two others who introduced her to the journalist were charged with assisting her to secure a profit for the rape allegation and assisting her to evade investigation. The sentences are five and four year terms respectively. The next hearing will be held on 2 February. Abdiazizhad interviewed the woman on 8 January after she said she was raped by soldiers at a displaced persons camp in Mogadishu. He was detained by the Central Investigations Department of the police two days later.
Non-thinker (2012) by Aida Makoto – A less controversial piece from the Japanese artist
The New York Times has claimed it was hacked by Chinese officials over a period of four months. The attacks are thought to have come from hackers connected to the military in a possible retaliation to a series of stories run by the newspaper — alluding to the vast wealth accumulated by premier of the state council Wen Jiabao. The hackers entered into the Times’s systems, accessing information on the personal computers of 53 employees, including China correspondents. Mandiant, an internet security company hired by the newspaper on 7 November, said the attacks were likely to have been part of a spy campaign, after discovering that the computers used for the attacks were the same used for Chinese military attacks on US military contractors in the past. Hackers began attacking the Times on 13 September, around the time the Wen Jiabao story was in its final pre-publishing stages.
A former policeman in the Ukraine has been sentenced to life in prison for the murder of an investigative journalist, it was reported on 30 January. Oleksiy Pukache was the fourth person to be charged with the murder of Georgiy Gongadze, after his dismembered body was discovered in 2000. The other three were sentenced to 12 and 13 years. As Pukache was sentenced, he announced that equal blame for the murder should be placed on the country’s former president Leonid Kuchma and then presidential chief of staff Volodymyr Lytvyn.
Gongadze’s headless body was found in the woods six weeks after he was kidnapped in Kiev — a case which caused huge demonstrations and helped prompt the 2004 Orange Revolution. A lawsuit taken out against Kuchma in March 2011 was dismissed when prosecutors deemed it unlawful.
A Chinese man who was sent to a labour camp for making a joke about politician Bo Xilai has received minor damages after his compensation appeal was rejected. Fang Hong was sentenced to re-education for a year in 2011 for posting a poem online mocking the disgraced politician and his then police chief Wang Lijun. Chongqing’s Dianjiang county court rejected Fang’s request for around £37,400 in psychological damages, instead offering him just over £5,800, as well as rejecting his appeal for a public apology. This was the first known case of officials compensating for Bo-era abuses. Fang said he would ask his lawyers about appealing the ruling, but critics said his initial appeal was rejected to prevent a stream of further claims. Fang was freed in 2012 following the fall of Bo — whose wife Gu Kailai was convicted of the murder of British Businessman Neil Heywood in November 2011.
An art exhibition in Japan depicting cannibalism and Sadomasochism has prompted a debate over artistic freedom of expression. Aida Makoto’s Monument for Nothing exhibition at the Mori Art Museum in Tokyo on 29 January caused protests from Japanese organisation People Against Pornography and Sexual Violence, who wrote to museum director Nanjo Fumio to demand Makoto’s work be removed. Some of the artists pieces, depicted a giant blender filled with naked women, as well as Japanese pensioners playing croquet with severed heads. Makoto is said to use pornography to prompt people to look beneath Japan’s calm exterior and examine the darker elements of Japanese culture.
It’s late January 2012. Governments all over the world are considering signing up to a new US-led trade proposal intended to curtail copyright violation, the Anti-Copyright Trade Agreement (ACTA). There have been widespread protests, on and offline: the loose-knit collective of activists, hackers and internet denizens of all stripes known as ‘Anonymous’ believe ACTA represents an attempt by governments to limit and control the core freedoms of the internet, in particular the massive cultural exchange of ideas and information made possible by file-sharing online.
In Poland, the agreement has already been signed off; all that is needed for it to be adopted into law is a majority vote in parliament. The government website is offline, taken down by a distributed denial of service (DDoS) attack launched by Anonymous, which sends a message to politicians who are considering voting in favour. By the final week of January, over 10,000 people gather in Krakow in a last-ditch protest to influence the vote.
Members of the Palikot Movement Party protest against the ratification of the Anti-Counterfeiting Trade Agreement
And then something unexpected happens: on 26 January 2012, while casting their votes in parliament, some members of the Polish government conceal their faces with paper Guy Fawkes masks. The mask, by now the signature icon for Anonymous, has become common protest regalia among rabble-rousers across the globe, from Egypt’s Tahrir Square to London’s Occupy protests. But this is the first case of public servants adopting the symbol. The image is circulated far and wide on social media platforms. Although Polish politicians used it to launch a specific protest against ACTA, the gesture and its photographic memorialisation worked in a much broader capacity to legitimate Anonymous. ‘These parliamentarians were wearing Anonymous Guy Fawkes masks,’ one Anonymous activist blogged, ‘while the parliament’s website was down due to DDoS by Anonymous. We can’t emphasise that point enough – this is a game-changer.’
Less than a month later a very different image of Anonymous was circulated. On 21 February 2012, the Wall Street Journal reported that General Keith Alexander, the director of the United States National Security Agency (NSA), had briefed officials at the White House in secret meetings, claiming Anonymous ‘could have the ability within the next year or two to bring about a limited power outage through a cyberattack’. So only weeks after the ‘game changer’, the group was described as an imminent and credible threat.
The ‘ability’ to bring about a power outage was undefined. Could it mean that hackers had already acquired passwords that would give them access to power facilities? Or was the warning based on information supplied by an informant who had been working with Anonymous? Either way, General Alexander’s claims were frightening and bold, as well as vague. An attack on the power grid systems would cause havoc and potentially even threaten lives.
It is unlikely that we will ever find out whether the NSA assessment was based on credible intelligence or whether it was simply meant to smear and discredit Anonymous. Further news reports quoted activists and security experts and dismissed NSA claims as ‘fear-mongering’. The group, for all its varied tactics, both legal and illegal, has to date never been known to publicly call for such an attack – and there is no evidence to suggest that it would so much as consider it. A tactic like this would be very out of character for the collective, which, though often subversive, generally conforms to ethical norms and defends civil liberties.
While Anonymous has never occupied a controversy-free place on the world stage, by February 2012 it began to be portrayed as an open source brand of radical protest politics and not necessarily as hooligans hell-bent on unleashing extremist, chaotic acts like taking down power grids. More significantly, while the name has been used to pull together a range of unrelated causes, from environmental rights to snuffing out paedophilia rings, Anonymous activists are most effective and forceful when fighting censorship.
With campaigns like Operation Payback, which targeted corporations like MasterCard when it stopped providing services to WikiLeaks, OpTunisia, which responded to Tunisian government tactics against protesters and journalists, and OpJapan and OpMegaupload, launched in response to proposed copyright legislation, it is when Anonymous activists defend the internet’s core freedoms and expose the shadowy workings of state and corporate surveillance that it has the most impact. The NSA news story about the exigent threat from Anonymous failed to gain traction in the public consciousness. Perhaps it would have if it had come earlier, for instance between May and July 2011, at the height of attacks led by Lulzsec.
Anonymous launched Operation Megaupload
In contrast to most Anonymous actions, Lulzsec, a break-away hacker group, acted whimsically, its hacks not always tethered to a political issue. Lulzsec sometimes hacked to make a political statement and, in other instances, for lulz, internet slang for laughs. During this period, media attention, which was colossal, was most heavily focused on Anonymous as hackers rather than as a general protest group. Activities under the Anonymous banner, such as those of Lulzsec, show that even though Anonymous has gained a measure of respect because it champions free speech and privacy causes, it is also notorious for its irreverent and controversial approach to dissent.
To be sure, most of its activities are legal, but a small subset of tactics – such as DDoS attacks and hacking – are illegal, a criminal offence under all circumstances. These tactics also score the most headlines. Some, like ‘doxing’ (the leaking of personal, sensitive information, such as social security numbers and home addresses), reside in a legal grey zone because mined information is found on publicly accessible websites. During the course of a single operation different participants might deploy all three modes – legal, illegal and legally grey tactics.
Take Operation Bart, in August 2011. Anonymous focused on getting the word out when San Francisco Bay Area Rapid Transit (BART) officials disabled mobile phone reception on station platforms to thwart planned anti-police brutality protests. Soon after, Anonymous helped organise street demonstrations. But a couple of individuals also hacked into BART’s computers and released customer data in order to garner media attention – at least that’s how one participant explained the incident to Amy Goodman on television and radio programme Democracy Now. Someone also found a racy, semi-nude photo of BART’s official spokesperson Linton Johnson on his personal website, which was then republished on the ‘bartlulz’ website with considerable fanfare, along with the brazen rationalisation: ‘if you are going to be a dick to the public, then I’m sure you don’t mind showing your dick to the public.’
During the course of an operation, vulnerability and weakness is often identified and exploited. These sorts of actions provoke controversy (even within Anonymous) and also find their way into headlines, boosting the group’s public profile. At times, members of the loose collective are purposely deceitful and propagate false information about their activities. This can be a tactic for self-protection in some cases, and in other cases an antic to coax headlines out of the media, which can be somewhat enamoured with hacking.
Antisec, one of the more well-known hacker groups affiliated with Anonymous, might claim an exploit without having actually been involved in the activity. Hackers will often rely on botnets – networks of compromised computers – to momentarily knock a website offline, but won’t advertise this fact in press releases. Between 10 and 11 September 2012, for instance, Antisec claimed to have procured 12 million unique device identification numbers from Apple iOS devices by hacking into an FBI agent’s laptop computer. As it turns out, while the identification numbers were verified, the source turned out to be an iPhone and iPad app developer, Blue Toad. Because tactics range from the frivolous to the controversial to the illegal and because it has been known to generate hype around its own activities, it can be easily targeted itself. Obfuscation and deceit contributes to Anonymous’s mystique and its power, but also makes it vulnerable to misinformation campaigns spread by others.
Antisec – One of the more well-known hacker groups affiliated with Anonymous
The biggest lesson that can be learned from Anonymous is that the internet will judge – often quite swiftly – the actions of individuals, corporations and governments. And by the internet I mean the countless hackers and geeks from São Paulo to Sydney who understand how the web works, a smaller class who know how to subvert routers and protocols, and a larger number who will rally when the internet and values associated with it are in danger.
This is not to say that every geek and hacker supports Anonymous. In fact, many rather dislike it or its controversial tactics, such as DDoS; some hackers are resolute and unyielding in their view that DDoS is a species of censorship in itself. There are also many different ways to defend the internet, such as writing open source software or joining the Pirate Party. Anonymous is a distinct, emerging part of this diverse and burgeoning political landscape. Its real threat may lie not so much in its ability to organise cyberattacks but in the way it has become a beacon, a unified front against censorship and surveillance.
It might be best thought of as the irascible and provocative protest wing of the internet’s nascent free speech and privacy movement. Though it works to publicise specific issues at the most inconvenient time for the individual, group or company being exposed, it also brings into sharp focus an important trend, dramatising the value of privacy and anonymity in an era where both are rapidly eroding.
Anonymous, of course, champions anonymity, and this is echoed in both the iconography associated with it and its ethical codes. Seeking individual recognition and especially fame is taboo, for example; you are expected to do work for the team, not for one’s own personal benefit or status. The movement, therefore, provides a rare countermeasure in deeds, words and symbols against a world that encourages people to reveal their lives, where the internet remembers everything about us, where our histories are permanently stored in search indexes and government databases – and at a time when governments’ ability to surveil its citizens has grown exponentially thanks to low-cost, ubiquitous digital technologies and new public-private partnerships.
However explosive Anonymous is today, its continued presence on the world stage is certainly not guaranteed to last. It is plagued by infighting, fragmentation, as well as brand fatigue. Paranoia exploded in spring 2012 after the news broke that Hector Xavier Monsegur, known more commonly by his hacker handle ‘Sabu’, had been exposed as an FBI informant. Most troubling for its long-term survival is government crackdown: since summer 2011, over 100 alleged participants have been arrested around the globe, from Romania, Turkey, Italy, the UK, the US, Chile and Germany. But even if the loose-knit collective fades away, irreverent political protest on the internet is unlikely to end.
Since 2008, when individuals started to organise diverse collective actions under the banner of Anonymous, a living model was created, demonstrating to the world what a radical politics of dissent on the internet looks like. Even if Anonymous was to vanish, its history, exploits and propaganda material are here to stay; there will likely be others — in different forms and with distinct twists — who will take its place.
What is a little less clear is what will eventually become of freedom of expression online, given the increasing capabilities for surveillance, censorship and control all over the world. Is Anonymous merely the party at the funeral of online freedom? Or does it represent the irreverent clowns, rabble rousers, and tricksters who are keeping the reaper at bay and enabling others, from protesters on the street to elected representatives in parliament, to join the raucous political carnival and challenge threats to personal privacy and freedom?
Gabriella Coleman is Wolfe Chair in Scientific and Technological Literacy at the Department of Art History and Communication Studies at McGill University. She tweets from @BiellaColeman
