A new hactivist group emerges in the wake of March LulzSec arrests
By Kevin Carson
April 28, 2012, 12:10 am TWN
Like many supporters of the ongoing global wave of networked resistance against the corporate state — The Pirate Bay, Wikileaks, Anonymous and its subsidiaries' doxing attacks on corporate and government villains, the Arab Spring, M15 and Syntagma, Occupy — I was disheartened by the early March arrest of Sabu and other hackers from LulzSec.
My reaction, though, was one of guarded optimism. I doubted the arrestees had a monopoly on the hacking skills needed for attacks like those on HBGary, BART, Texas law enforcement or Stratfor, or that the FBI had permanently disrupted Anonymous's human capital. I figured — hoped, anyway — that surviving members loosely associated with AntiSec or LulzSec would eventually regroup and renew the attacks on an even larger scale.
If the FBI wasn't dead certain they'd captured or cowed most of those capable of waging cyber warfare, they had reason to be very afraid. The FBI's aging and unevenly secured computer networks would be quite vulnerable if some successor organization emerged with a vendetta. Imagine the success hackers could have with doxing attacks involving (say) participants in the Witness Protection Program.
So for the past several weeks, I've been watching hopefully to see if a successor organization to AntiSec and LulzSec would emerge. And here it is.
Malicious Security (MalSec) announced itself on April 11. After the arrest of Sabu and his circle, Anonymous was paralyzed by fear that the movement was riddled with informers and its communications networks were compromised. Some members, accordingly, spun off to a new chat network as their communications platform. MalSec emerged from this group.
MalSec departs from the practices of AntiSec and LulzSec in two ways. First of all, it disavows attacks that harm innocent people. MalSec promises to protect the free speech rights of even the bad guys, by not destroying original data even when they deface websites. And it promises an end to indiscriminate distribution of personal credit and other information in ways that may hurt ordinary people not associated with the leadership of targeted institutions.
Regarding this first departure, I had some personal misgivings about such things as the release of Stratfor subscriber credit information, because such extreme attacks included people who may have been following Stratfor's analysis for any number of reasons. I just hope MalSec doesn't go too far in the other direction and fail to thoroughly expose all damning corporate emails and other internal documents. I dare to hope again, as I did before, that there will eventually be an HBGary- or Stratfor-scale doxing of a Fortune 500 corporation or government agency every week.
Fortunately, it seems unlikely that MalSec will be deterred from effective action by misguided scruples. They've been carrying out attacks since mid-February (long before their announcement) involving SQL injections and leaking information about targets including banks, a police department in New Jersey and Chinese government entities.
The corporate state and its jackboots had better savor their recent victory over LulzSec while they can — which won't be for long. The authoritarian institutions of the old world present an extremely target-rich environment. And in the words of MalSec's announcement, they'd do well to expect us.
Kevin Carson is a senior fellow of the Center for a Stateless Society (c4ss.org) and holds the Center's Karl Hess Chair in Social Theory.