Anonymous “taking a long hard look” at South Africa: SAPS hacker
“We (Anonymous) [are] taking a long hard look at the corruption that is taking place in South Africa and that corruption goes up to the very top of the South African Government.”
These were the words of the hacker going by “Domainer”, who recently took responsibility for data leaked from the website of the South African Police Service (SAPS) containing thousands of ID numbers, phone numbers, and other personal details.
Domainer’s statement comes after the “Project Sunrise” data dump by Team GhostShell earlier this year, who also claimed to be Anonymous.
The Project Sunrise release coincided with a plea from someone calling themselves Anonymous OpSouthAfrica, who posted a video on YouTube appealing to “the legion” to “expose the corruption” in South Africa.
Now, I ask the anonymous legion to help support this change in a region that needs it desperately. Show the world what is happening here. Let us lift the millions of downtrodden people in this country out of poverty, by exposing the corruption.
OpSouthAfrica later condemned the Project Sunrise hacks, which seemed to contradict GhostShell’s claim that they are affiliated with Anonymous South Africa.
Prior to this the “windsofchangersa” YouTube channel posted videos on behalf of Anonymous in which it stated: “This is a promise to the South African government: In 2011 we the people are taking our country back!”
These contradictions and empty threats cast doubts on the credibility of Anonymous, but only if you make the mistake of regarding Anonymous as a single organisation, and assume that only a single South African “chapter” of Anonymous can exist.
The thing is, anyone can call themselves a member of Anonymous. There is no form you need to fill in or membership roll you have to be on before you can take responsibility for a hack in the name of Anonymous.
Everyone is Anonymous
With such a disparate group, what does it then mean if you claim to be “part of” Anonymous?
“At most, all it means is they are loosely claiming to hold the ideals of the ‘anonymous’ movement,” explained Dominic White, security expert with Sensepost. “Given that these aren’t concrete or universally accepted by all anons, it’s more akin to the ‘primal scream’ of the Occupy movement, than the 10 commandments.”
This leaves the public (and journalists) with a quandary: how do you establish the credibility of someone claiming to be an anon? In short: consider the deeds, not the source.
White explained that if they’ve done their job properly, you shouldn’t be able to identify them anyway.
“The idea is they are a faceless mass,” White said. “In reality, the operational security (opsec) of these guys varies pretty dramatically and they are sometimes trivially unmasked.”
Given how easy it is for someone to claim to be an anon and have achieved a hack (and the history of some media organisations publishing based on that alone), White said that it should be more about determining the credibility of their claims than their loose affiliation.
“The best way would be to look at the technical proof they have provided,” White said. “Even then, sometimes this stuff needs careful validation.”
Referring to the attack by GhostShell, White said that it was initially pinned as a hack of the banks, but on investigation it was a stock exchange news service shared server that got taken.
“So this stuff can be complicated,” White said. “The main point is to look at the proof and evaluate that, rather than any bombastic claims that may come from the anon themselves.”
More on information security in South Africa
ADSL router security concern in SA
Beware: SA Facebook profiles clones, used for fraud
SAPS website still vulnerable: hacker
Slow ADSL? It could be a cyber-attack
Internet bank fraud affects few: Absa
Anonymous SA denies link to GhostShell hackers