Anonymous has always fascinated me. It was with great interest that I heard of Operation India being "engaged". I liked it that they were picking up on censorship to protest. I thought that DDoS attacks were a lot of trouble for little result beyond the time of the attack and illegal as well. Sites being defaced were outright scary illegal. But I liked the reasons. I realized that most people had no idea of Anonymous in any factual sense. I decided to find out. Yesterday, I went on their IRC channel to interview whoever was there to get an idea of the thinking and actions of Anonymous for India.
The first message on entering is automated.
Lulzboat- [#opIndia] "The Department of Telecom has ordered all internet service providers to block all file sharing websites, it's time for you to stand up and show that the corrupt government cannot stop you!"
I introduced myself on the #OpIndia channel and was immediately asked to return with a fake ID. I explained that i was not there to participate, but as a real person, blogger with a real identity wanting to find out more about them. I was quickly directed to another channel called #AnonymousINDIA - #OpIndia was not for chatting. Presenting snapshot quotes and answers gathered for some questions I asked them.
Operation India was started by NetCak3 and Vlad. BitMentor is an experienced and active Anon,and consented to speak with me. Participating in it is strictly individual choice. Anons themselves as individuals under a collective identity and there is no leader deciding for everyone. More like whoever wants to lead starts walking and everyone finding it interesting walk along. I was interested in what made BitMentor start Operation India and other anons join in. Corruption, censorship, illegal silencing that powerful entities get away with and such seemed recurring themes. The block on websites which also were extensively used in legal ways. Examples included VIMEO being used for sharing videos that were owned by the uploader or "open licence" or softwares like OpenOffice having official torrents for distributing. "we would not have cared if they had found the unloaders and arrested them [on piracy, illegal content]"
They spoke of three kinds of blocks. The first was a block of sites that could potentially pirate content. The second was to block sites that can allow anonymous sharing of content - Pastebin, for example. The third was specific targets. A list of blocked sites they got off the Reliance servers had a lot of urls containing "Satish Seth", which they say they investigated because it seemed curious and found no court order for (it is possible that there may be one that is not online). Satish Seth was an employee of Reliance arrested in the course of the 2G scam investigations. Pages including those on major news sites like telegraphindia and moneycontrol were on the list. Blogs on blogspot, tumblr, profiles on twitter, linkedIn. These pages open without any problem for me from an MTNL connection, which would not have been the case if this was a ban from a court order or DOT.
At first sight, I thought the sites were spoofs or insulting in some way. Possibly some may have been, but others seemed to be fairly innocuous. For example, the page on moneycontrol.com is the fourth page of the search results for the term satish seth. This page would be changing with news being added. Also, why not the first, second or third? Very strange.
In #OpIndia, the blocking of 400+ sites is something that is cause for alarm about the state of free speech. It indicates presumption of guilt unless proved innocent. And they are fighting to force such blocks back. However, the question in my mind was "by what means?" What plans does Operation India have? Answers ranged from DDoS attacks and defacements to protests on the ground. There was a whole range of alternatives ranging from the fairly straightforward to the illegal.
I asked them what justified the breaking of laws as a method of protest. Some answers I got, I don't buy. Defacements being peaceful protests in the sense of them not harming the server beyond replacing the front page or that DDoS attacks were the equivalent of thousands of people walking into a restaurant with a capacity for only hundred. Still others asked "where is the proof that we did it?" or that they were fighting things that were illegal or oppressive to begin with. In my eyes, this doesn't wash. You take thousands into a restaurant with a capacity for a hundred people with the sole purpose of paralyzing it? Entering a privately owned server without authorization and through bypassing security or exploiting vulnerabilities? It would be the real life equivalent of a person breaking into a home or office saying he did no harm, only painted all doors and windows black.
They know the risks. Indeed, the top of the page makes it clear "Anonymous Is no game, You must be aware of the risks and yet be brave, because this is a revolution. Some may fall but oure cause wont." The confidence as well as the outrage is clear. "We create every technology they use, and they expect to use it to control us. That is an idea of fighting the creator with his creation."
There are blurred boundaries. "soon we will hack computer of all corrupt Indians" said one. Some thought he was over reaching. Yet, there was a question a reader wanted asked about if anonymous would hack and get details of corrupt politicians with money in Swiss banks. Inside Anonymous or outside, disillusioned, angry minds think similar. But there is always the question of actual ability as well as the difficulty balancing what is right and wrong. For example, not all politicians are necessarily corrupt.
Which brought me to the question of how they decided targets. By consensus/vote - as expected. By now, I understood a little of this band of virtual Merry Men. But what happens when some Anons go converse to the interests of others? An example being the #OpKashmir that ran a few days ago, targeting Indian sites. It claims to represent the people of Kashmir independently of either India or Pakistan, yet the Operation targets onlyIndian sites - specifically those of the J&K government and the Army. While OpKashmir seems to be announced from an Anonymous website, the operation itself is claimed by The Hackers Army and their earlier post makes no mention of Anonymous. They had also launched #OPfreePalestine in which they hacked thousands of Israeli websites.
Vidyut, you never know who is behind #opkashmir
Some people use name of Anonymous just for personal grudges
We will not only not hit it [Army website] we will do what it takes to protect it if required
While, to put it in their own words, they cannot stop anyone from being Anonymous, people on the #OpIndia were one voice on this. They see this as a political agenda which is not really what Anonymous is about. They have developed guidelines. They never target infrastructure. Which is how the websites for irctc, banks, BSE and media may up as suggestions, but are quickly negated as targets. This last - media - was particularly surprising, considering that there is a lot of bitterness about paid media (more on this in a bit), but they see the flow of information to people as infrastructure. However, these nuances (or eccentricities) are not very clear. For example, today, all day the RBI website has been solidly down. Is that because the common man doesn't interact with the RBI website? I don't know. We don't interact with the Army website either.
"Are the people on #OpIndia Indians?" Anonymous claims no nationality. However to "Are Indians on this channel?" the answer was a resounding yes. Actually, it was an unnecessary question by then. It was also clear from the chatter on the channel. This was a surprise when I first entered, because from all my reading of Anonymous, it had never occured to me that Indians were active in Anonymous. It had always seemed a Western phenomenon. But they operate as Anonymous and beyond nationality too and vice versa. Anons from Venezula defaced goodgov.in in support of Operation India. Still, "Many Indians are there on most Ops world wide." took me completely by surprise.
We also talked about security. The lack of reporting of the defacing of the Big Cinemas Website ("if people suffer from these attacks, and they can't see movie 1 weekend, they would understand") was something that raised anger on behalf of people. As proof, the "hacktivists" had copied ticket booking details. According to BitMentor, this is a serious security breach. This ought to have been reported. While he says that their team did not take any Credit Card information, the fact that the vulnerability is there makes it within the realm of possibility that someone else could [or already did]. "BlackHats who wanted the data would have found it years ago." I don't know how easy or possible it is to retrieve or hack such information or to use it once they get it. I am simply reporting the conversation.
Anonymous had been bringing down government sites for a week without a word from the government - either acknowledgment or admonishment. However, the day after the attack on the Reliance website, the accounts for Operation India on both Facebook and Twitter were deleted. This cannot be an action by the social media service providers themselves because hundreds of anonymous accounts exist on both without any problem unless they are reported for child pornography or such from a very small and specific list of reasons. Incidentally, this would do nothing to secure the sites that got hacked.
Another thing that came up was the quality of CERTand Cyber Cell:
BitMentor: Then we have CERT - Computer Emergency Response Team and the Cyber Cell - both these in India are over glorified. The reason they could solve many crimes is because the criminals were not good at it. Not because they were Shelock and Watson.
Me: What exactly would you say is wrong with them?
BitMentor: The problem with this idea is that you are never safe. Nothing wrong with them, the truth is that no one can do better, but that better is useless.
Me: So what should they do? There are cyber crimes happening
BitMentor: Educate people, and make laws to control the companies and not the internet. Eg: if law exist that a company can't store Credit Card data, no one can take it easily.
Had Anonymous been able to change policy or governments before? "SOPA and PIPA have been dropped". The government in Egypt changed. What did they plan for India? They want to get the blocks on sharing sites reversed to earlier method of blocking urls instead of entire sites used by millions of people - many of whom didn't even watch films of the type being protected from piracy. However, there were idealistic long term visions too. The resolve was firm that any eroding of human freedoms would be fought with all means at their disposal.
When I shared the supportive messages and appreciation for their fight for freedoms, their reply was simple. "Tell them they are our power, help us fight". I remarked that while many may be angry over the same things they were fighting, most people would hesitate to cross legal lines or lack technical knowledge. "All of us are not techies. Ask them to spread message, to organize protests." "Speak up." "Tell them to do it before protesting is banned too" "They need to wake up, No country or place was ever saved by the government while the people slept."
They have a date - 9th June - by which they expect the government to reverse the blocks, or they have protests planned on the ground. Beyond that? It is anybody's guess. What is clear is that the Anonymous are in India and they are here to stay.