he super-yacht Graceful has almost everything a rich bon viveur could need: an indoor swimming pool, six gold-trimmed cabins, teak decking and, of course, a helipad. It is reportedly owned by Vladimir Putin. So it came as a big surprise on 26 February at around 2am UK time, when marine tracking websites showed this 80-metre floating hotel suddenly change its call sign to FCKPTN and crash itself into Snake Island, a rocky dot of land about 20 miles off the Ukrainian coast.
In reality, none of this happened. The yacht was safely berthed at Kaliningrad in Russia the whole time (handily beyond the reach of the international sanctions currently jeopardising wealthy Russians’ trinkets). But online, members of the Anonymous group had manipulated the automated identification system that ships use to log their positions publicly, making the Graceful appear to have gone on a suicide mission.
It was a classic Anonymous hack: headline-grabbing, highly politicised and with a heavy dose of Barnum-esque mischief. And it was just one of dozens of high-profile attacks carried out under the banner of this secretive and unpredictable movement, which has inserted itself into the digital battleground in the war in Ukraine. Some of its members see themselves as an online manifestation of the fighters taking up arms to defend the country against Russia. But others fear they are pouring oil on a fire that’s already raging out of control.
Anonymous started life on the discussion forum 4chan. By default, anyone posting on 4chan was given the username ‘Anon’. Soon the forum was sprawling with Anons, and after a while they started being referred to as a single entity (‘Anon is taking over this thread and needs to shut up,’ for example). Under the cover of this collective alias the Anons began to feel braver, attacking people whose views they disagreed with and eventually turning into what one news programme memorably branded ‘an internet hate machine’.
Politics was always part of the game. When some payment companies stopped accepting donations to the WikiLeaks website following its exposés of sensitive government data, the Anons hit back, overwhelming the firms’ computer servers and bringing some services to a halt.
These ‘denial of service’ tactics are now being used against Russian government websites, but Anonymous’s activity doesn’t stop there. They claim to have hacked into the country’s Ministry of Defence, allegedly leaking details of officials’ email addresses and passwords. A group affiliated to Anonymous claims to have interfered with rail networks in Russia’s ally Belarus, hoping to hobble movement of troops and equipment. With thousands of Russian troops in Ukraine, some fear these aggressive online actions could have catastrophic real-world consequences.
‘If a hacktivist does get lucky on a target, there is potential for their actions to have a dangerous escalatory effect or simply provide the pretext for one,’ says Rafe Pilling, senior security researcher for tech security company Secureworks.
How does the Anonymous movement respond to such criticisms? It’s hard to know who to ask because the group vehemently disavows any kind of leadership. In fact, it doesn’t even consider itself a group. A video shared on some of its online forums features the now-familiar figure clad in a Guy Fawkes mask. The words are spoken through a voice simulator, but the irritation behind them is palpable: ‘How many times do we need to make it clear to you? Anonymous is not a group, it is not an organisation, there is no sign up, there is no recruitment, there is no leadership, there is no spokesperson, there is no official website, Facebook page, Twitter account or YouTube channel.’
‘Theoretically, no one is in charge of Anonymous,’ says Parmy Olson, author of We Are Anonymous. ‘That’s what makes them so potentially powerful and long-lasting. Often, supporters would refer to themselves as being like a hydra, you cut one head off then three more grow back. But when it came to the big hacks and stunts there was definitely a small core group of operators who were spending hours of their day co-ordinating in chat rooms and giving directions to people, which you could describe as leadership even though they wouldn’t say they were leaders.’
You can see this when you visit one of the Anonymous discussions on Discord, an online messaging and sharing service where some of the group’s activity is being co-ordinated. The chat room claims almost 40,000 members and there are hundreds of users all typing at once. The chat is so frenetic that Discord’s software often engages ‘slow mode’, limiting users to typing one message every 15 seconds. Much of it is general talk about the unfolding catastrophe, but it’s possible to spot the few members who hint at technical skill. The forum administrators promote these people to join private chats, which is almost certainly where the real attack planning goes on.
If a hacktivist does get lucky on a target, there is potential for their actions to have a dangerous escalatory effect
It’s from this discussion that I end up chatting online to someone with the username Reo. He’s an active member of the forum and claims to be in Slovenia. I ask what he makes of accusations Anonymous may be exacerbating the conflict. ‘People are helping Ukraine with weapons, so if that doesn’t escalate the situation more than a cyber attack on Russia I think we are safe to say Anonymous is not risking anything enormous,’ he responds.
Reo claims he’s taken part in denial of service attacks attempting to take Russian government sites offline. I ask him if part of the appeal is being able to feel like an active participant, even if physically far away via the internet. ‘Definitely,’ he replies.
The UK’s National Cyber Security Centre disagrees. Its spokesman said: ‘The UK is focused on the responsible and legal use of cyber capabilities. We do not support activity which falls outside this framework.’
In the wider world of professional tech security, opinion is divided. One contact I spoke with told me: ‘It’s all hands to the pumps, if they want to weigh in, that’s fine’. Others, like Pilling, are concerned about unintended consequences. Still others have a more prosaic take. ‘Do these actions have any impact?’ asked one security source. ‘Even if they’re leaking Russian government details, does that actually change anything on the ground?’
Adding to the scepticism about Anonymous’s effectiveness is the fact that it’s often hard to verify the true impact of the group’s actions. Russian government websites may appear offline to those outside the country, but that may be due to the government restricting access from outside Russia, rather than as a result of a successful denial of service attack.
If you have a computer and internet connection then you are in the fight
And it’s worth remembering that Anonymous is only one of dozens of groups battling it out, from both sides of the conflict. A Twitter account called Cyberknow20 is trying to keep track of them all: GhostSec, Hydra UG, Blue Hornet, Crystal MSF and so on — a whole cacophony of enigmatic names. ‘I am adding at least five a day,’ the account owner tells me. ‘It’s never been easier. There are [denial of service attack] websites. All you have to do is have it open on your browser and it will become part of an attack. If you have a computer and internet connection then you are in the fight.’
He didn’t want to give me his name. Like many I communicated with, he has a day job in tech and doesn’t want his bosses to know of his involvement in the online battle. ‘I have been at my computer since 6am and it’s almost 1am,’ he writes. This is part of the problem with the digital side of the war in Ukraine: many of those involved are operating on too much caffeine and too little sleep, a situation that breeds over-reaction and obsession.
Anonymous’s attacks may be having only limited effect on the physical conflict, but few can doubt their impact in the information war. And as nations struggle to react to Russia’s aggression, the age-old battle for hearts and minds is an increasingly important flank.