A panel at Defcon that focused on the hacktivist groups Anonymous and LulzSec was as confusing, chaotic and free-wheeling as the organizations themselves. The panel included a masked man, introduced as Baron von Arrr, who spoke with authority about Anonymous, but, upon a request from the audience, he unmasked himself as a security expert and blogger who wasn’t speaking for Anonymous.
The debate was itself a theatrical microcosm of the whole problem of identifying members of Anonymous, or LulzSec, and prosecuting them for committing various hacking crimes such as shutting down web sites. Law enforcers, some who were presumably in the audience, are faced with the question of whom to arrest as the “leadership” of a groups, which have (reportedly) attacked everyone from the Church of Scientology to Sony. No one can admit to being a leader of Anonymous, since he or she would be subject to arrest for bringing down the web sites of so many companies this year. That makes the idea of putting a “leader” of Anonymous on a panel a little problematic.
The discussion focused on whether the cyber vigilantism of the groups was justified or not, particularly when the group attacked Aaron Barr, the (former) chief executive of the law firm HBGary Federal, whose actions raised the ire of the hacktivist groups. Barr himself, who was described by comedian Stephen Colbert as finding a hornet’s nest and “sticking his penis in it,” was in the audience. Barr was slated to be on the panel, but HBGary Federal lawyers threatened to sue him and he dropped out. After Barr, the star panelist, dropped out, the panel decided to put a masked man (pictured above and unmasked below as blogging and security expert Kryptia, who was not speaking for Anonymous) on the stage to draw more attention.
The discussion and the Q&A that followed were heated. Josh Corman, research director of the enterprise security practice at the 451 Group (market analyst firm) and a member of the panel, said he looked at the sometimes juvenile, sometimes ineffective actions of Anonymous and said he wanted to see the group “build a better Anonymous,” one that, for instance, could take down child exploitation web sites.
“We could all get behind that,” Corman said. “Whistleblowing can be an important part of our culture. But who is Anonymous? It was hijacked.”
But then some members of the audience felt that Corman and fellow panelist “Jericho,” a hacker at Attrition.org, were encouraging vigilantism that would lead to a decline of freedom of speech, rather than a defense of it.
Jericho said,”I did not say that I wanted to limit freedom of speech.” Some of the attacks actually produce greater transparency, rather than censorship, because they expose data that the public should know about. Kryptia said, “One man’s terrorist is another man’s freedom fighter.” Jericho, on the other hand, definitely said that HBGary Federal should be “taught another lesson” for trying to keep Barr off the panel — a statement that some said advocated an attack on them.
Kryptia noted that the cost of hacker insurance has gone up and that might lead executives to enforce better security practices at their companies when it comes to handling private information for people. That might be a good thing. On the other hand, the exposure of the private information of people such as criminal investigators could put their lives in danger.
The discussion about Barr ranged from critical to sympathic because he was attacked and had his private information exposed and because he lost his job from the clash with Anonymous. The hacking group targeted him and HBGary Federal earlier this year, exposing thousands of confidential company documents. The group was angered after Barr told the Financial Times his plans to divulge the identities of the leadership of Anonymous. The attack also exposed HBGary Federal’s plans to collaborate with the U.S. Chamber of Commerce to target progressive groups with a misinformation campaign. Barr resigned after that, but he was apparently willing to talk at the panel until he was threatened with the suit.
The room included hundreds of hackers as well as federal agents (one who said he was from the Department of Defense). And a number of times, people said there were many members of Anonymous in the audience. When I thought about it, there was no way to verify any of that.
Paul Roberts, moderator of the panel and editor of Kaspersky Labs’ ThreatPost.com, said, “It is all nebulous.”