Do you know “Anonymous”?
I think many people have this impression.
Anonymous has been in the spotlight for declaring war on the Russian government, which is currently invading Ukraine.
However, its true identity is unknown, and reactions to the existence of Anonymous vary from person to person.
Therefore, this time, we will explain the history and characteristics of Anonymous in an easy-to-understand manner.
Additionally, we will introduce basic terminology related to hackers.
What is Anonymous?
Anonymous is a group that protests against political, human rights, and environmental issues.
It is commonly known as the “international hacker group” because it mainly uses hacking to protest around the world.
However, as there are now a wide variety of methods of protest, some say that the term “hacker group” is inappropriate.
Anonymous has its background in the American anonymous bulletin board “4ch”, which was created in 2003.
Anonymous is a Japanese word that means “anonymous” or “anonymous.”
It all started when some people who had been posting anonymously on bulletin boards colluded and started a movement to protest against a specific organization, calling themselves Anonymous.
As a result, groups that carry out such protest activities have come to be called “Anonymous.”
History of Anonymous
Anonymous is said to have been born around 2006, three years after 4ch was created.
At first, he was treated like a fun criminal and did not attract much attention, but his political activities gradually became more prominent and were even reported on the news.
In 2008, the name Anonymous became famous due to demonstrations against the religious group Scientology.
At this time, the name “Anonymous” (anonymous) became established because people wore masks during demonstrations to prevent their faces from being identified.
Around 2010, we will move our activity base from “4ch” to “IRC (dedicated chat).”
We will move from Anonymous, which was a thread on the bulletin board, to a dedicated chat where only Anonymous can gather, and deepen communication.
It is said that there are hundreds to thousands of people in this chat, but the truth is unknown.
In addition, around 2011, the American security company “Gary Federal” will begin investigating Anonymous.
Angered by this, Anonymous launched an attack on Gary Federal and caused major damage, including the leaking of personal information.
The result was a demonstration of the power of Anonymous, but it was controversial because it was an attack to protect themselves, unlike traditional protests.
 (1).jpg)
Characteristics of Anonymous
Anonymous has the following three characteristics.
I will explain each one.
Leaderless and fluid member structure
The biggest feature of Anonymous is that there is no leader and the members are fluid.
Anonymous has its origins as an anonymous bulletin board, and the beginning of its activities is similar to the image of “flaming”.
In other words, a protest does not start because of someone, but as the number of supporters increases, it expands in scale and develops into a huge movement.
Therefore, anyone who agrees with Anonymous and cooperates with protest activities can become Anonymous and at the same time can quit Anonymous at any time.
Anonymous gathers for each protest and disbands once its objective is achieved.
Deciding whether or not to support a protest is a personal decision, so some people participate every time and some only occasionally.
In addition, new anonymous groups that support the protest activities will be born.
Therefore, Anonymous can be described as a loose organization with no leader and an unknown number of members.
white mask
The symbol of Anonymous is the presence of a white mask.
Since the aforementioned 2008 demonstrations against Scientology, Anonymous groups around the world have started using it during demonstrations and media appearances.
This mask is called the “Guy Fawkes Mask” worn by the main character in the British comic “V for Vendetta” in the 1980s.
In Japan, Anonymous picked up trash in Shibuya in 2012 as a protest against the revised Copyright Law.
Reference:
Asahi Shimbun “Anonymous masked group picks up trash in protest in Shibuya”
freedom of information
Anonymous operates under the banner of “freedom of information.”
Although it is a loose cause of protecting freedom of information without being bound by anyone or anything, it has become a strength and has given rise to a certain sense of solidarity.
People come together in the name of this cause and work to achieve their goals through a variety of legal and illegal means.
Because they are basically uncoordinated, they run the risk of taking too extreme actions, but they also have the potential to become a valuable protest group that never collapses.
Anonymous attack (protest) method
Anonymous’s two main attack (protest) methods are “DDOS attacks” and “Leak attacks.” I will explain each one.
DDoS attack
A DDoS (Distributed Denial of Service) attack is a type of cyber attack that sends large amounts of data all at once to websites and servers from multiple computers (IPs).
By the way, attacks carried out from a single computer are called “DoS attacks.”
Websites and servers that receive large amounts of data are subject to heavy loads, which can cause system failures and system failures.
As a result, websites and servers experience access restrictions and network failures, resulting in large losses.
It may be easier to understand if you imagine a situation where it is difficult to access the site when purchasing a premium ticket for a product that has just been introduced in the media.
DDoS attacks maliciously create this situation and cause damage to websites and servers.
Leak attack
A leak attack is a type of cyber attack that aims to leak confidential information by attacking a specific server.
Leak attacks mainly use a method called “SQL injection.”
To put it simply, this is an attack that targets application vulnerabilities and sends unauthorized database access language into input forms, etc.
By abusing the access language, they illegally manipulate databases and steal, modify, or delete data.
The true identity of Anonymous
The true identity of Anonymous is shrouded in mystery, and no one knows the details.
What we do know is that anyone can become Anonymous if they support the loose cause of “freedom of information.”
And they are repeatedly gathering and disbanding due to protest activities.
However, there are said to be two major factions within Anonymous.
- Non-Anon Ops: Moderates, only engage in legitimate protests.
- Anon Ops: Extremists, comfortable with conducting DDOS attacks, etc., and will take whatever means necessary to achieve their goals.
However, although there are factions, Anonymous itself does not have a leader, so each group operates according to its own agenda and does not interfere with each other.
Neither one is stronger than the other.
To date, Anonymous has had a tremendous impact on the world.
Anonymous’ activities are a mix of legal and illegal activities, and some Anonymous members have been arrested.
Additionally, although cyberattacks such as DDOS attacks are basically criminal acts, there are a certain number of people who support protests against the invasion of Ukraine.
Everyone has different ideas about Anonymous, and it can be said that it is difficult to judge whether its existence is good or bad.
Examples of Anonymous activities
We have summarized some famous cases of Anonymous’s activities to date.
| Main activities of Anonymous | ||
| era | Target of attack (protest) | Attack (protest) details |
| Around 2010-2011 | Government sites of Tunisia and Egypt | Arab Spring protests |
| Around 2012 | Japanese government and Supreme Court sites | Protest against copyright law |
| Around 2015 | ISIS (Islamic State) member | Declaration of war on the declaration of responsibility for the September 11 terrorist attacks |
| Around 2015 | Turkish National Police | Protest against Türkiye’s support for ISIS |
| Around 2021 | Myanmar military and police website | protest against military coup |
| Around 2022 | Russian government agency site | Protest against the invasion of Ukraine |
Cases of damage have been reported in Japan since around 2015, and the Ministry of Health, Labor and Welfare and the Financial Services Agency have been attacked in the past.
Furthermore, after Russia invaded Ukraine, it has continued to carry out cyberattacks against Russia.
It has been announced that they hacked Russian state broadcasting and video distribution services, replaced the original footage, and broadcast a few seconds of the battle in Ukraine.
This video was reported in many media outlets, including Europe and America.
Basic terms related to hacking
A brief explanation of basic terms related to hacking. It is often used, especially in Anonymous-related news, so it is a good idea to remember it. Also, knowing the terms will deepen your understanding of news, etc.
| term | explanation |
| cyber attack | A general term for attacks that attempt to gain unauthorized access to computers and servers, altering, destroying, or leaking data. |
| hacker | A general term for people who are familiar with networks and computers and have advanced knowledge and skills. |
| cracker |
A general term for people who commit fraudulent acts by abusing networks and computers. They do not necessarily have advanced knowledge or skills because they can use tools to commit fraud. |
| hacking | Hackers work to solve technical problems such as analyzing programs and improving systems. Although acts performed for the purpose of fraud or abuse are not called hacking, the term is often used to mean these things. |
| cracking | Misusing networks or computers to commit fraudulent acts. Specifically, data tampering, unauthorized access, information theft, etc. |
| hacktivist |
An activist who uses hacking techniques to achieve political and social goals and make his own claims. It is a coined word created by combining the words hacker and activist. Anonymous is a typical hacktivist. |
| malware |
A generic term for malicious programs and software. If infected with malware, data may be tampered with or information may be leaked. |
| dark web | A highly anonymous website built with a special network. Although there is nothing illegal in its existence, the highly anonymous nature of the site makes it a hotbed for crime. Various goods such as illegal data and information are being traded. |
| wikileaks | Sites and organizations that allow you to confidentially disclose internal information of various organizations such as governments and private companies. It is often compared to Anonymous. |
Hacking groups around the world
Hacking groups other than Anonymous include:
kill net
Killnet is a pro-Russian hacker group that supports the Russian government and operates as a hacktivist.
“Hacktivist” is a coined word that combines “hack = unauthorized intrusion, hacking act” and “activism = proactive action.” Hacktivism = social and political ideological purpose. Activist refers to an activist who engages in active hacking activities.
Hacktivists, sometimes referred to as “hacktivism” in the Japanese-speaking world, are a group of ideological hackers who do not work for financial gain, but rather to make social and political claims. In other words, Anonymous is a hacker group that acts as a hacktivist.
Killnet attack on Japan
Killnet was responsible for the system failure of the Nagoya Port Management Association that occurred on September 6, 2022, as well as the malfunctions that occurred in the government’s electronic general counter “e-Gov” and the local portal system “eLTAX”. We are making a statement.
The website malfunctions of Tokyo Metro and Osaka Metro that occurred on the 7th were also caused by attacks by Killnet. This series of hacking acts is believed to be motivated by Japan’s declaration of support for Ukraine.
Ukraine IT Army
“Ukraine IT Army” is a “cyberwarfare organization against Russia” that was established just two days after Russia began its invasion of Ukraine in 2022. When it was first established, its members were domestic private companies brought together under the president’s “general mobilization order”.
However, following the President’s appeal on social media, citizens from all over the world who wanted to support Ukraine participated as volunteers, and by June 2022, the organization had more than 250,000 members.
It is said that several Japanese people are also participating in this. However, the Ukrainian government is warning people to be aware that in many countries, participating in a cyber attack may be illegal and may result in arrest.
dark side
“Dark Side” is a Russian hacker group that performs hacking and extortion for financial purposes, in contrast to hacktivists who are not motivated by money.
Although the for-profit ransomware group is said to have no ties to Russian intelligence, it is said to have received tacit approval from Russian authorities, and its activities are tolerated as long as they target foreign countries. It is assumed that
Surprisingly, hospitals, schools, governments, etc. have been excluded from attacks, and the virus has openly stated that it will target companies with deep pockets.
Dark side apologizing
On May 7, 2021, there was an incident where the facilities of Colonial Pipeline, a major American fuel oil pipe company, were stopped due to a dark side ransomware attack. As a result, the approximately 8,800 km long pipeline was forced to temporarily suspend operations, and the Biden administration was forced to issue an emergency statement.
However, after this, Darkseid apologized, saying, “Our purpose was money, not causing problems in society.” He expressed his remorse, saying, “We are a non-political organization and will avoid situations that would have an impact on society in the future.”
Although Dark Side is a criminal group, it is known as a hacker group that behaves like these companies, highlighting the fact that cyber attacks have become an industry.
How to counter DDoS attacks
Countermeasures against DDoS attacks include the following:
Access restrictions for the same IP
Large-scale DDoS attacks are difficult to prevent, but small-scale attacks can be prevented using firewalls and IPS (Intrusion Prevention Systems). For example, we can handle the “SYN Flood attack,” which is a type of DDoS attack, and the “UDP Flood attack,” which is a type of DoS attack.
SYN Flood attack
A SYN flood attack (half-open attack) consumes all available server resources, making the server unavailable to legitimate traffic. It repeatedly sends “initial connection request = SYN” packets to overwhelm all ports and then delay or stop responding.
UDP flood attack
UDP flood attacks can make systems, servers, and bandwidth unavailable to users. It mainly sends very large packets to UDP ports.
When a large number of UDP packets are received, resources are quickly exhausted and normal traffic is denied.
UDP flood attacks require fewer resources to execute, making them a highly efficient and effective attack method.
Block access to specific countries
A simple and effective way to prevent DDoS attacks is to “block access from specific countries.” DDoS and DoS attacks, especially within Japan, are often carried out from overseas or via overseas servers.
In other words, if you limit access permissions to only within Japan, you will be less likely to become a target for most DDoS and DoS attacks. However, restricting overseas access may be inconvenient for global companies, so in such cases, it is necessary to consider other countermeasures.
Use of CDN
Using a CDN is also an effective way to avoid DDoS attacks. CDN stands for “Contents Delivery Network”, and in Japanese it is “Contents Delivery Network”. It is a system that uses a number of cache servers (proxy servers) installed around the world to quickly and efficiently deliver content on a website to users.
For example, when accessing a US website from Japan, the distance is very far, so there will naturally be communication delays. Therefore, by setting up a cache server in the United States in Japan, access can be completed only within Japan, eliminating delays. CDNs have this role, but because they use multiple cache servers, access is not concentrated in one place, so they are attracting attention as a countermeasure against DDoS attacks.
A DDoS attack, which relies on placing a huge load on a single target, becomes impossible if there are multiple cache servers that act as duplicates. For this reason, the use of CDN is one of the countermeasures that can neutralize DDoS attacks.
Introduction of tools to prevent DDoS attacks
We also recommend implementing tools to prevent DDoS attacks. The main tools are as follows.
| WAF | WAF stands for “Web Application Firewall” and prevents DDoS attacks and information leaks. |
| IDS/IPS | IDS stands for “Intrusion Detection System” and IPS stands for “Intrusion Prevention System”. IDS mainly has the function of monitoring unauthorized access and notifying the administrator if it is detected. On the other hand, IPS is a system that immediately blocks unauthorized access without notifying the administrator if it detects unauthorized access. Use them depending on the situation. |
| UTM | UTM stands for “Unified Threat Management”, which means “Unified Threat Management” in Japanese. UTM integrates various security functions such as anti-virus software, firewalls, and filtering into one, reducing costs. |
| Dedicated DDoS protection appliance | It boasts high defense capabilities with a dedicated appliance that specializes in DDoS attacks. It is highly capable, able to mitigate even the largest DDoS attacks, and can be further scaled out to match the size of the threat. |
summary
Anonymous is a group (also known as an international hacker group) that protests against politics, human rights, environmental issues, etc. Anonymous’s main attack (protest) methods are “DDoS attacks” and “Leak attacks”, which are characterized by a “leaderless and fluid membership structure,” “white mask,” and “freedom of information.” The true identity of Anonymous is unknown, but there are two factions: the moderate “Non-Anon Ops” and the extremist “Anon Ops.”
Anonymous operates anonymously, so its true identity is unknown, but it owns a Twitter account and occasionally appears in the media. If you are interested, why not check out these and more about Anonymous?