The party hackers

Sat, Jan 15, 2011, 00:00

Fine Gael’s website was hijacked last weekend, but was it – as claimed – the work of the international hacker network Anonymous? Yes and no

IT WAS EMBARRASSING, to say the least. Fine Gael’s shiny new website, the election–focused, with a discussion area where people could leave comments, was hacked. The news filtered out quickly on the evening of January 9th, as the attack was taking place, through discussion boards and social-network services. Before long it had its own searchable hashtag on Twitter: #fghack.

Replacing the home page was a message purporting to come from the hacker group Anonymous, best known for its recent shutdown of PayPal and several credit-card websites, in support of the whistleblower group Wikileaks.

Badged with the symbol of a globe and a headless, suited figure, underlined with the word Anonymous, the page carried a brief message: “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

The message was signed “owned by Raepsauce and Palladium” – “owned” being a hacker term for having taken control of a compromised website.

Later the hackers sent a file with data about 2,000 registered users of the site to an Evening Heraldjournalist.

But who – or what – is Anonymous? It is not, as various statements have implied, an organisation of “professional hackers”. It isn’t an organisation in any typical sense of the word. There is no formal spokesperson, no main website, no place to sign up.

Anonymous is as an anarchic, loose affiliation of individuals who sometimes share particular protest aims, which, as with its pro-Wikileaks protest, might take the form of a co-ordinated hacking attack, or “hacktivism”.

“Anonymous is a . . . nebulous collective,” says Michael Harris, director of IT services at Ernst & Young in Dublin, who focuses on IT security. “There’s no membership criteria and no leadership.”

The group seems to have emerged over the past half-decade and can be both unco-ordinated or co-ordinated, comprising many different subgroups, protest movements and individuals. Although it could be described as having its home on the internet, its activities are not solely internet-based. It has been associated with real-world street protests, often featuring masks or other disguises, in particular a number of protests against Scientology, including one rally against the Church of Scientology in Dublin in 2008.

The group has also claimed responsibility for tracking down an internet-based child predator, resulting in his arrest, and for crashing the website of a well-known white-supremacist radio-show host in the US.

Whether the group was behind the Fine Gael website hack is a topic of much debate, even on the discussion sites frequented by Anonymous members. Would real Anonymous hacktivists have posted a defacement page or downloaded personal data files and then sent them to a journalist?

This sort of defacement attack, in which a website is hacked and a place-marker message left behind to take credit for the exploit, is hardly evidence of “professional hacking”, says Harris. The hackers may simply have guessed the administrator username and password, given that many organisations do not choose particularly secure terms. He suspects it was a fairly simple hack, exploiting a web application using simple “scripts” of computer code that can be downloaded from the net.

“A defacement is rarely professional. It’s something someone with an interest in hacking, sitting in a bedroom, could do. It isn’t rocket science,” says Harris. “It’s also not consistent with the other stuff Anonymous do . . . It’s script kiddie stuff,” he says, using the term hackers dismissively apply to people learning how to hack using downloaded scripts.

On the other hand it is impossible to judge how difficult the hacking job was, says network engineer Donal Cunningham, a former director of the Irish Sysadmins Guild. He says there are many ways in which a site could have been left unsecured, either on the infrastructure or the application side, and how the hackers got in may never be known, if they were adept at covering their tracks.

But Cunningham too questions whether such an attack would have been made by anyone affiliated with Anonymous.

“It seems a little improbable, especially given that it was only one specific political party rather than all of them. Just because someone puts up a logo doesn’t mean that they are actually part of that group.”

In many ways the debate is moot. Anonymous is anarchic, decentralised and, well, anonymous. Anybody could claim to be associated with Anonymous – and, as there is no formal organisation or hierarchy making decisions about who is in or out, they’d be right.