As CNET (and virtually every other able bodied news outlet) reported a few days ago, the FBI has announced the arrest of 16 individuals who were allegedly linked to "Operation Payback". As you may recall, Operation Payback was an AnonOps DDOS response to Paypal's refusal to process donations to the online activist group Wikileaks which started at the end of last year.
In response AnonymousIRC and Lulzsec released a statement to the FBI today, making it clear how not seriously they are taking statements from deputy assistant FBI director Steve Chabinsky. I won't rehash what was said here, so just click through the links if you need to get up to speed on this.
The part of all of this I find amazing is how utterly this series of events and it's responses flies in the face of what is really happening.
First off, Operation Payback was organized under an entirely different effort than #Antisec. Secondly, did it really take the FBI half a year to track down a janitor and a pizza shop employee (two examples of the 16 arrested) using "script kiddy" tools to participate in a DDOS attack?
Operation Payback required little in the way of hacking skill, apart from the ability to click a mouse, and yet the timeliness of these indictments and the #Antisec response to them are both a clear reality distortion field that the press at large seems to have missed entirely. For those of you who haven't thought this entire situation through lets step back a bit and examine the situation.
The PayPal DDOS, which was just a part of the larger focus of "Operation Payback" was a DDOS, or Distributed Denial Of Service attack, one of the most basic of attacks. A successful DDOS is all about bandwidth and numbers, and requires (in the case of individuals utilizing their own bandwidth against a network behemoth) a LARGE NUMBER OF PEOPLE PARTICIPATING. Far larger than 16 to be successful against a network giant like PayPal. And yet here we are six months later and the FBI proudly announces its progress in arresting less than two dozen people, all of whom seem to possess about as much hacking skill as your average Farmville whore? This is akin to the FBI going after Pablo Escobar and coming back with an indictment of that cousin of yours who wouldn't stop smoking weed and living on your couch, six months after he entered rehab and started working at Denny's. Is the press really this dense?
Curiously enough the combined #Antisec response I linked above sort of just played along with this, so as to have a reason to respond, and I'm sure the above facts were not lost on those guys at all as they lulz their way to their next activity.
It is going to be an extremely unfortunate next few months for the 16 who have been arrested, as they are now the poster children for the FBI's effort at putting lipstick on a pig in it's "War on Cyberterrorism". They are the hacktivist equivalents of Jammie Thomas, the Minnesota mother who in 2007 was found liable and fined $1.5 million for allegedly using Kazaa to download 24 songs.
I interviewed Jammie Thomas in 2007 for a tech publication I worked for, and found her to be (after the fact) someone who was really on top of the ethical and legal morass she had found herself in. I only hope the victims of this latest legal farce will be able to come up to speed as quickly and effectively as she did. Nothing like being a scapegoat hunh?
The larger point I want to make is to those of us who might decide in future to participate in grassroots "hacktivism". Just be aware of the real risks before you decide to partake in a crusade of any kind. Most of the critical decisions in life are really just exercises in risk assessment, and it's best to do this with information, so that you're feelings are kept in check with reality.
As I've blogged about before on my personal blog, people are far more apt to do things that make them feel good about themselves regardless of whether or not what they are doing is actually doing any good. As one of my mentor's Penn Jillette said "If feeling good and wasting your time is a good idea, maybe heroin is for you."
That's not to say that I think people participating in grassroots hacktivism are stupid or wrong headed, not at all. It's just that I note over and over again in commentary how many of the participants in such endeavors are called "delusional", or accused of having "god complexes". The solution is simply to know, really know why you are a part of something. Be critical, skeptical, do the research, grow your awareness, and do so yourself outside of the influence of others (including me) before you "step aboard the lulzboat".