The mysterious group of hackers who go by the name "Anonymous" have threatened to take down the Internet on Saturday. Or not.
The confusion comes from the very nature of the group, which is amorphous and has no identifiable leadership. Several weeks ago, a group identifying itself as Anonymous announced "Operation Global Blackout," the effect of which would be to bring Web surfing to a halt.
Cybersecurity experts doubt the operation would have more than a limited effect, given the layers of protection built into the Internet architecture.
The Anonymous group itself, meanwhile, appeared divided over the plan. A Twitter account normally associated with Anonymous included several statements on Friday denying any effort to shut down the Internet.
"For the billionth time: #Anonymous will not shut down the Internet on 31 March," said one.
"What is this #OperationGlobalBlackout nonsense?" said another. "Stop asking us about it!"
The contradictions highlighted the difficulty of assessing whether a hacking threat should be attributed to Anonymous or to hackers merely posing as Anonymous
"They [may] declare that they're part of this group and then say that they are going to do something serious to the Internet or act out in some other way," said Richard Bejtlich, chief security officer at Mandiant, a computer security firm. "That's what's difficult about being a group that doesn't have any real membership or named leadership."
Looking For Suspicious Activity
Despite the uncertainty around Anonymous' intentions, cybersecurity experts were on the lookout Friday for suspicious hacking activity.
"I take them seriously all the time," said Bejtlich. "They are motivated, and they have skills."
Bejtlich and others were doubtful, however, that any hacktivist group would have much success disrupting Internet operations.
The plan announced by the Anonymous group was to go after the Domain Name System (DNS) that serves as the Internet backbone.
Internet websites are identified by numerical addresses, not names, so when a user types in a website name, the computer has to query a domain name server to find the corresponding Internet address number.
If Anonymous could overload the domain name servers with queries via a Distributed Denial of Service — DDoS — attack, the servers might not be able to respond correctly.
Cybersecurity experts say the number and dispersion of domain name servers would make it virtually impossible for hackers to take down the entire Internet, though they could not rule out the hackers' having a limited impact.
"If they were able to gather a lot of digital firepower and direct a lot of bogus traffic at one part of the DNS infrastructure, [they] could have an effect," said Bejtlich.
Hacktivists Become More Ambitious
Respect for the Anonymous hacking capability has grown significantly in recent months. Once known primarily for largely symbolic actions, such as temporarily taking down the CIA public website, the Anonymous hackers have moved on to more ambitious activity.
In December, the group announced it had managed to gain access to the computer files at Stratfor, a private intelligence firm, stealing credit card data and private emails. It was one of the final intrusions of a banner year for hacktivism.
A recently released study of data breaches by Verizon, the telecommunications company, reported that Anonymous and other hacktivist groups in 2011 accounted for 58 percent of all compromised records reported to investigators that year, a big increase over earlier years.
"In this past year, hacktivism is on the map in a big way," said Bryan Sartin, one of the co-authors of Verizon's Data Breach Investigations Report. "We see a different threat, a different adversary, and a broader range of attack techniques."
Cyber-intrusions by hacktivist groups are easy to distinguish, Sartin said, because the perpetrators, unlike most cybercriminals, are not motivated by a simple desire for financial gain.
"In a hacktivist attack, there are literally hundreds of ways you can hurt the victim," he said, "and in the end that's what hacktivism is about. It's about damaging a brand, it's about retaliation, it's about the public perception that an entity has been hacked. Hacktivism is the place where you see the most complexity, the most innovation and the most ingenuity on the part of the perpetrators."