Anonymous in decline? Don’t bet on it

Readers know by now that I hate security predictions. Vendors simply use them to express wishful thinking about the death of a competitor’s technology or make painfully self-evident observations. But McAfee’s prediction that Anonymous will suffer a steep decline in 2013 is worth a look. Not that I necessarily agree with the authors.

Also see:

• Infosec predictions for 2013? Shoot me, please
• Anonymous and LulzSec: 10 greatest hits

On page 14 of the 2013 Threat Predictions report from McAfee Labs, the authors say, among other things:

Sympathizers of Anonymous are suffering. Too many uncoordinated and unclear operations have been detrimental to its reputation. Added to this, the disinformation, false claims, and pure hacking actions will lead to the movement’s being less politically visible than in the past. Because Anonymous’ level of technical sophistication has stagnated and its tactics are better understood by its potential victims, the group’s level of success will decline.

The writers are not declaring a decline of hacktivism itself. They just believe other groups will take center stage, specifically patriot groups self-organized into cyber armies. And, to be fair, they’re not declaring Anonymous dead. But I think the suggestion that it’s in decline is premature. Instead, I think we’re seeing a metamorphosis. To put it another way, Anonymous may simply be going through puberty, acting in irrational, disorganized ways as it struggles to find its true calling.

I say this because its most recent operations have targeted groups and individuals known for hate. Sure, they engaged in plenty of the usual attacks against big corporations and federal agencies in 2012. There were the November attacks against Israeli government and corporate websites in retaliation for airstrikes in the Gaza Strip, and the threats against the International Telecommunications Union. But in recent months, we’ve also seen Anonymous out the man accused of sparking a torrent of bullying that drove 15-year-old Amanda Todd to suicide, and attack the site of Westboro Baptist Church (WBC), the gay-hating group known for protesting outside funerals of U.S. service members.

I’ve never been a fan of Anonymous and groups like it. I’ve written several posts comparing what they do to bullying and terrorism. I still feel that way, even though my views have moderated somewhat over time because I’ve seen that some of those involved are capable of doing good. The question is how to “build a better Anonymous,” as infosec practitioners Josh Corman and Brian Martin wrote in a series of articles last year.

Also see: SOURCEBoston: Corman, Jericho and Anonymous

I’m thinking attacks like the one against WBC — which threatened to protest outside the funerals of children murdered by a gunman three weeks ago inside Sandy Hook Elementary School in Newtown, CT. — are a sign that a conversion may be taking place. We could be seeing a shift from darkness to light.

Their tactics are still an issue. One infosec practitioner I respect noted that two wrongs don’t make a right, that Anonymous as a vigilante crusader against evil is still breaking laws and leaving collateral damage in its wake.

But in targeting hate groups and bullies, Anonymous might attract fresh blood — more sophisticated people who never would have helped out in the typical corporate hacks but might sign on for anti-hate missions.

I may be way off the mark, but it’s something to consider.

McAfee has done a lot of good work on the research front, and this latest report is full of useful content. But I don’t think we should count Anonymous out just yet.