Experiment: How easy it was for me to influence Anonymous hacktivists

To say that we are living in a volatile time would be a brazen understatement. Since the onset of #OpRussia and successive operations, arguably the entire landscape of hacktivism has changed.

On February 25th, 2022, Anonymous officially declared war on Russia in response to the Russian-Ukrainian war. What I witnessed in the aftermath is disturbing.

When the declaration was published, hackers around the world united under the flag of Anonymous, knowing that what was about to take place would be big. We all sat from our respective anonymized corners of cyberspace and watched, or participated in, the aftermath of that declaration of war.

But what some people on the scene might not be privy to, is that we weren’t the only ones watching and participating. I don’t refer to governments in particular – on the contrary, there have been unknown actors secretly guiding the hand of Anonymous in its cyberwar efforts, and that is cause for alarm.

Unseen hands shaping a movement?

Think about it. World powers are not in a position to make overt declarations of war against nuclear-capable countries without having to come to terms with the consequences of issuing such a statement.

But when you consider the power wielded by stateless and decentralized hacktivists who choose to operate on their own accord, albeit ideally for the greater good, this can pose a new challenge. If state powers or private actors can’t always overtly instigate acts of war, is it possible that they can influence others to facilitate their needs?

With the right influence and choice of words, catering to the right audience, unknown actors can weaponize a movement like Anonymous, and do so seamlessly, simply because there is no vetting process among hacktivists.

Furthermore, since volunteeers for Anonymous are eager to play their hand in influencing geopolitics and world events, it doesn’t take much imagination to see how hackers could be vulnerable to being manipulated.

A couple of months ago, I was invited into several group chats discussing tactical operations by a small handful of Anonymous sub-groups, seemingly working independently towards the goals of OpRussia. Generally speaking, I like observing these operations to learn which tactics are trending and which targets these groups find relevant.

However, I learned that a couple of groups I was observing were no longer being guided by their leadership, but by individuals claiming to be either Ukrainian diplomats or soldiers, or individuals working in some military intelligence capacity.

I have friends in the cybersecurity community who have worked as subcontractors for government agencies around the world. Whenever they take on contracts of this nature, they go dark to ensure months, if not years, of radio silence, until the contract is over. The nature of their work is never discussed, even if I make an attempt to pry.

But in these chatrooms, that is not the case. These so-called “political diplomats” or “intelligence personnel” and “soldiers” seemingly disclose “national security” matters liberally with hackers who are otherwise complete strangers.

This includes information about troop movements, the types of vehicles being used, the type of weapons at their disposal, areas Ukrainian soldiers are attempting to gain in order to halt Russian troop advancement, and, most importantly, which cyberattack vectors Ukrainian troops are requesting in order to gain technological superiority over a hostile zone.

If Russian military parties likewise spied on these groups, the lack of secure communication and gross transparency would severely jeopardize and possibly hamstring Ukrainian operational security.

I found myself sitting in these chats, realizing that these actors could literally say anything, and the entire group would be eagerly waiting to facilitate whatever they needed, whether it be sabotaging space satellites, attempting to blow up industrial controls, or hacking IP cameras in what were described as “key strategic areas.”

I realized that as long as someone could cast the illusion that they were with the Ukrainian government or military, people would eat out of their hands. So, I went to work attempting to replicate this cunning social engineering campaign to see how many hacktivists would jump to the occasion, and unwittingly be guided by “Ukrainian intelligence personnel.”

The social experiment

The change that has occurred in the dynamic of these hacktivist operations since they began is quite clear: hacktivists have largely ceased to attack targets across cyberspace under their own independent direction, but are operating at the behest of outsiders.

Aside from this viral theater of war across the World Wide Web, these kinds of auxiliary attacks that are directed and invariably influenced by outsiders aren’t uncommon in the culture of the internet. I commonly receive direct messages from individuals wanting to leverage my skills against their enemies: for instance, from malicious antagonists who deceptively portray themselves as victims of cyberbullying, in the hope that they can use me to further harass and humiliate people that they in fact are themselves persecuting.

The reason for this phenomenon in hacktivism is because much of it operates in a reactionary fashion, and not intelligently.

For this reason, other groups or individuals seek to exploit it, twisting individuals with good intentions into becoming unwitting participants in wrongdoing: just one emotional knee-jerk reaction is all it takes for an outsider to provoke the desired response from the hacker they are hoping to exploit.

I devised an experiment to test my hypothesis. I joined a hacktivism group on Telegram, posing as an intelligence agent working with the Ukrainian military. The goal wasn’t to get them to actually attack a target, but rather to see if they would express the desire to do so – and how many would offer to participate.

In the span of an hour, I managed to get three strangers under my influence. Discreetly, I identified myself as a Ukrainian intelligence analyst. It wasn’t difficult to recruit them. I imagine they felt like they were experiencing something out of a Hollywood film.

My cover story ran as follows: Ukrainian soldiers had lost control of the rural village of Urozhaine and were pinned down by Russian 240mm mortars and bombed by unmanned aerial vehicles or drones. We were taking heavy casualties, couldn’t move, and worst of all, couldn’t call for air support because our radio had been damaged.

We needed eyes on the ground, which meant hacking local IP cameras to get a better view of the surroundings and hopefully find a way to use that to our advantage.

The hackers were more than eager to begin hunting for such cameras, but struggled to enumerate a list of them within the designated region. Regardless of their success or lack of it, they were unquestioningly at my command and hence confirmed my hypothesis and what I expected to see in the future: they didn’t fact-check my information.

Truly, they did not suspect any foul play on my behalf.

So, I’ve established that it is indeed possible for unknown actors to influence and control eager hacktivists. And that’s what I was afraid of. Even though these actors appear to share the same goals as the hacktivists they’re influencing, who are they, really?

Moreover, despite hacktivists supposedly being a hive-mind of so-called “critical freethinkers,” it occurred to me with startling clarity that impressionable minds super-charged with ego, passion, or idealism can be used as a personal army guided by unseen hands.

On the day that these “unseen hands” direct others to launch attacks that result in loss of life or physical damage to critical infrastructure, it’s possible the world will enter into a new era.

Perhaps the machinations of bad actors who manipulate human weapons will become commonplace. Arguably, it will do so on account of the inherent absence of any structure or checks and balances within the decentralized collective, known invariably as Anonymous.