In the last blogs I mentioned Lulzsec, Anonymous and also Anti-Sec. Let me first clarify a bit what they are before we go into the details and see what Anti-Sec has to do with cyber criminals and why or why not they are different from them.
Anonymous is a group of people who share similar in beliefs how the world and the Internet should be. If they get hold of it, they will also publish information and documents gathered by other hackers about their own targets. They are known for attacking Visa and Master card websites (among a lot of others) with Distributed Denial of Service (DDoS) attacks especially in the aftermath of the non-processing of payments deposited from various people to the account of Wikileaks after Wikileaks released the American diplomatic cables. LulzSec on the other hand is/was a small group of hackers who hacked into systems of comparatively similar organizations that have been attacked by Anonymous. But instead of only denying service they tried to grab data and documents (Sony, NATO etc.). These documents then were made available to the public. LulzSec kind of terminated itself last week in a statement that they reached what they want to reach. At the same time, Anonymous and LulzSec kind of renamed their movement into Anti-Sec which now serves as an umbrella of all these activities. Basically, this group is composed of hacktivists which can be regarded as cyber libertarians or cyber leftists (please correct me if I am wrong … without hacking this site please 
). What they do is attacking companies or states which try to enforce web-censorship, strict (or nonsense) copyright laws and these-alike. Pressure is put in these companies by revealing their unsecured websites (that is why it is Anti-Sec) and exposing data. The latter can be regarded as putting pressure on these companies because Anti-Sec knows that hacking their system will not have any effect as long as the clients do not care about it. But if your name, address, social security number among other details are revealed because the institutions you entrusted with these information did not even bother to encrypt them but save them in plain text…. then pressure it is.
Why are they not criminals? Or are they? Well, what they do is illegal. If they deny access or if they hack into systems, it is illegal. The distribution of the information then does not really matter anymore because how they got these information has already been an illegal act. However, what they do not do is to sell these information on the black market. So, they are no criminals in the common sense. Or in general. They are more kind of cyber anarchists. They vandalize, they have no clear intentions other then changing the system and they target institutions which do something wrong in their mindset. It is more of a movement then a bunch of criminals trying to make money out of it. Therefore, we should not treat them as criminals. What they do is illegal – and I do not say wrong because I support a certain amount of things they do. However, we should and we do treat criminals different to the way we treat social movements. Maybe at some point we should stop arresting them and start asking them why they are doing it. What there point is in all of that. And then, maybe we should ask ourselves if not something of what they have to say holds true.
View full post on ProjectX Blog – Information Security Redefined
View full post on National Cyber Security » Computer Hacking