• United States



Anonymous meets its own insider threat

May 09, 20113 mins
Data and Information Security

When I was at RSA in February, people trembled with unease whenever the subject of Anonymous came up. One of the big stories that week was the vandalism of HBGary’s exhibit booth and that vendor’s hasty exit from the conference.

The fear was that members of Anonymous could be anywhere, even inside one of the world’s biggest annual security gatherings.

The unease is still there, but a few of you might take comfort in knowing that Anonymous has its own threats to deal with.

Postings by administrators of the group’s AnonOps Network suggest they are dealing with an insider attack.

The message reads:

Dear Users of the AnonOps Network,

We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named “Ryan”. He decided that he didn’t like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d’etat, with his “friends” at . Using the networks service bot “Zalgo” he scavenged the IP’s and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names (and possibly, we don’t know at this stage) so we are unable to continue using them. We however still have control over, and will continue to publish news there.

We would STRONGLY ADVISE all users to STAY AWAY from and, and they should be considered COMPROMISED. Using or connecting to any service on those addresses may put your computer, and by extension your person, at risk.

We will continue to update you on this story, as well as on how we proceed with the future of Anonops.

We are profoundly sorry for this drama, and we can’t give you a an estimate on when service will resume normally.

Alas, the IRC-network will probably remain down until we can sort this out.

We will try to keep you up to date you via our official channel (


The “Old” AnonOps netstaff.

“shitstorm”, “Nerdo”,”owen”,”blergh”, and “Power2All”

P.S: Further notices on will probably be posted to dispell this one, and any unavailablity of will only prove this message is true. THIS IS NOT A JOKE, THIS ISN’T A LIE, THIS IS THE TRUTH AND WE ARE SORRY FOR THAT.

P.P.S: The person behind this attack is also involved in the “new” Encyclopedia Dramatica ( . If you have previously signed up as a user with a legitimate email-address/password, you should take caution and consider that your account and password *might* be compromised.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

This probably doesn’t change the overall threat from Anonymous in the long run, but it goes to show that the corporate world isn’t alone in its struggle with malicious insiders.

–Bill Brenner