Morning Barrett,

Thanks again for taking the time to speak yesterday. As discussed, here's the sidebar I've submitted - if there are any obvious mistakes in there, or if I've misrepresented you or inaccurately reported your comments, please let me know asap and I'll get it amended before it goes to press.

By the way, here's a piece I had in the latest (indeed, final) edition of Defense Technology International, which I think might be interesting from a Project PM perspective: http://www.aviationweek.com/Article.aspx?id=/article-xml/DT_06_01_2012_p22-458237.xml

Cheers,

AB

-----

Among the threats to the defence industry and law-enforcement computer networks, few entities have generated as much attention as the hackers aligned with the Anonymous movement. Under guises including AnonOps, Lulzsec and Antisec, hackers associated with Anonymous succeeded in taking down the websites of the CIA and SOCA (the UK's Serious and Organised Crime Agency), and released over 800,000 email addresses and passwords belonging to users of the Texas-based geopolitical analysis company Stratfor. In July 2011, members of Lulzsec managed to gain access to NHS computers, though ddid no damage, instead emailing officials to alert them to the vulnerability.
   But in March of this year, the leader of the Antisec group, a hacker using the alias Sabu - Hector Xavier Monsegur, of New York - was revealed to have been acting as an FBI informant, and a series of arrests of the core Lulzsec/Antisec members followed: one in Chicago, two in Ireland and two in the UK. One of the Britons arrested in March - 19-year-old Jake Davis, accused of being Lulzsec/Antisec member Topiary - had already been arrested on computer misuse and conspiracy charges the previous July. (Davis and three other hacking suspects were due in court as DB went to press.)
   The hackers' methodology was deliberately overt: the aim was to shame their targets rather than to simply penetrate their systems. They publicised their hacks using social media, particularly Twitter, which does not require users to prove their real-world identity before signing up for an account.
   Anonymous, though, is not an organisation with a membership structure and hierarchy: it is an idea. And, like malware, it spreads virally. The expectation had been that, even with the most prominent hackers under arrest, others would soon take their place.
   Yet since Sabu was revealed as a mole, the hacktivist landscape appears all but deserted. At least 80 heavily used Twitter accounts associated with Anonymous hacking operations have either been deleted or not been updated in the period following the arrests. This is unlikely to signal a move to a stealthier mode of operations, according to a source close to the Antisec hacking team, who suggests the era of big Anonymous-inspired attacks may be over.
   'Most of the major operations were done by people who've been arrested, and there is very little talent out there beyond the core Antisec people,' said Barrett Brown, a Texas-based author and activist authorised by some of the hackers to speak to the media on their behalf, in a telephone interview with DB. 'As far as I can tell, people who worked with Sabu are nervous, and others don't see Anonymous as an entity worth identifying with anymore.'
   Brown argues that there were issues inherent in Anonymous's decentralised, leaderless (non-) structure that made organisation and planning problematic.
   'We were dynamic - now we're not,' he said. 'Mundane things can have a huge disruptive effect and prevent productive things happening. A lot of what got done [by Anonymous-related hackers] was done in smaller groups. Little dictatorships are superior in some ways to these experimental ideals.'
   Brown expects future online activism to rely more on analysing and publicising open-source material - as he does with Project PM, a crowd-sourced investigation into aspects of the cyber-defence and information-security industries based around the collaborative website www.echelon2.org. While Project PM was a recipient of information obtained during hacks - most notably a cache of emails published after Lulzsec penetrated the servers of the American security company HB Gary - Brown argues that understanding data already in the public domain is now the most pressing task, and notes that the law-enforcement and security entities the hackers targeted have made significant progress in countering any future hacktivist attacks.
   'In terms of larger-scale hacks you're not seeing the same dynamics in play,' he said. 'I'm more interested in what can be achieved in smaller groups with specific agendas and goals. The most important thing is that lessons are learned on our side - because the police and security companies have learned theirs.'