alt

As 2012 begins, we are watching a phenomenon of groups outside of the conventional organizational structure of 501(c) nonprofits taking actions that one would think of as nonprofit-ish (like the social policy protests of the Occupy Wall Street movement) or as directly impacting nonprofits. In the latter category is Anonymous, the collection of incognito hackers, which apparently hacked—or at least some people who claimed to be associated with Anonymous hacked—their way into the military security think tank called “Stratfor,” and grabbed a ton of confidential information, including thousands of credit card numbers that they used to make charitable donations. There is a nonprofit dimension to the story involving very traditional charities, such as the American Red Cross, that might have received these unauthorized charitable donations. The bigger issue isn’t how the Red Cross and others deal with the unexpected donations but rather what Anonymous’s purported Christmas Eve hack attack on Stratfor means for the potential trajectory of this movement, and perhaps for other leaderless and structureless political movements, like Occupy Wall Street.

Here are some questions and answers regarding this distinctive and increasingly common phenomenon of loosely organized internet hackers invading the websites of for-profit and government entities to make a political point:

Who or what is Anonymous?

Anonymous is increasingly well known for hacking into various government and business sites, sometimes in retaliation for the firms’ (such as MasterCard, Visa, and PayPal) denial of services to Wikileaks (an organized campaign called “Operation Payback”), in other instances as part of the group’s opposition to public- and private-sector efforts to restrict free speech or other causes (for example, its Project Chanology, against the Church of Scientology, its denial of service attacks against government websites in Egypt, Tunisia, and elsewhere during the Arab Spring uprisings, and, recently, its “Operation BART,” in protest against the Bay Area Rapid Transit system’s plan to shut down cellphone service on its lines in order to disable planned demonstrations protesting shootings of passengers by transit security officers).

While there are a number of sites that seem to regularly post information from or statements attributed to Anonymous activists,  Anonymous isn’t an organization, per se. The activists or “hacktivists” identifying themselves as Anonymous are more like a loose collective, but even that sounds too organizationally rigid for this very fluid group. Although people move in and out of being a part of Anonymous, the group is organized enough to pull off invasions of the websites of major government entities, penetrating complex Internet security barriers. How these loosely knit members accomplish such feats remains a mystery, as their technological know-how appears to supersede that of even the higher level database security experts companies and organizations depend on for their online protection.

Who or what are the other organizations—if they really are organizations—associated with Anonymous in this story?

The other name in the story of the hack attack on Stratfor is AntiSec, which PC Magazine has described as “a joint effort between Anonymous and the now-defunct LulzSec that targets governments with which they disagree.” The two linked up this past summer in Operation Anti-Security, during which time LulzSec posted the following statement of purpose:

Welcome to Operation Anti-Security (#AntiSec)—we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships. Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security. Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.

What exactly does AntiSec do? If AntiSec purloins the credit card information of tens of thousands of people to use (ostensibly) for charitable donations, who chooses the charities that will benefit? Who is in place to ensure that AntiSec doesn’t take a processing fee of sorts to keep its Robin Hood activities alive? (As some commentators have observed, AntiSec gets to play the roles of both well-intentioned thief Robin Hood and enforcer of the law Sheriff of Nottingham.)

What did Anonymous/AntiSec do with—or to—Stratfor?

Apparently, Anonymous hackers have invaded the Stratfor site and revealed the names and credit card information of as many as 75,000 people who have purchased Stratfor research products or other services, and hundreds of thousands of other usernames and passwords of people who have ever logged onto Stratfor’s website. Anonymous activists say that they have used the purloined information to make between $500,000 and $1,000,000 in charitable donations charged to the credit cards.

What is Stratfor, and why would it be targeted by Anonymous?

Stratfor is variously described in news reports as a “think tank” on security issues and as a “private security company.” The Austin-based organization is not just any think tank or any security company. One news report said it is sometimes called “the shadow CIA.” Stratfor is actually Stratfor Global Intelligence, with a number of government agencies and private businesses as customers, many names of people who are “members,” and, to the delight of the Anonymous/AntiSec hack, the credit card information of thousands of people who have purchased Stratfor publications or services. Names appearing in the Anonymous revelations include Goldman Sachs, Lockheed Martin, and Bank of America, but in many cases such smaller players as the organizational affiliations or employers of individuals who happen to have purchased documents on the Stratfor website have also been named.

It seems that this particular Anonymous hack attack was an expression of the hackers’ support for Bradley Manning, the U.S. soldier who is standing trial for having allegedly leaked huge stocks of confidential U.S. government documents to Wikileaks. One published statement attributed to the hackers promised to desist if Manning were given “a holiday feast . . . at a fancy restaurant of his choosing.” One Anonymous account suggested that Stratfor wasn’t the only intended target that week, promising that “#Antisec has enough targets lined up to extend the fun fun fun of #LulzXmas throught [sic] the entire next week.

How did the Anonymous/AntiSec attack on Stratfor directly affect nonprofits?

This might seem strange for a group with such an anti-establishment image, but over the holidays Anonymous said that it would use the purloined credit card information to make what it called “Christmas donations” to charities such as the American Red Cross, Save the Children, and CARE (Anonymous wished everyone a “Merry LulzXmas” when making the unauthorized donations). Some of the charitable donations may have been charged to company credit cards, such as a $250 donation that was reposted online by Anonymous with the caption, “Thank you! Defense Intelligence Agency.” Another reported donation was $700 to the American Red Cross under the name of Allen Barr, a former Texas Department of Banking official. The full extent of charitable donations and charitable recipients will become known over time as Stratfor customers receive their credit card statements.

A statement by Anonymous explained that the objective was to make $1 million in charitable donations from the credit card information. The benefiting nonprofits aren’t happy about receiving the unsolicited assistance of the Anonymous hackers. In pledging to return the unauthorized donations, they have indicated that they are the losers in the process, incurring not only staff time to identify and track the donations but also fees and charges for returning the funds to the unwitting donors’ credit cards. A statement attributed to someone within AntiSec suggested that they either don’t care much that a behemoth charity like the Red Cross might have to incur some fees from credit card companies or that they expect the credit card companies to eat the fees that would normally be charged to entities returning unauthorized donations. As for the unwitting smaller donors caught up in the net, in some cases there was little sympathy. In response to an individual who was unhappy about his information’s having been hacked, an Anonymous activist posted, “Well, since you feel so strongly about it Victor, we went ahead and ran your card up a bit. Hope you don’t mind. Really guys, cry us a river.” Note: Stratfor immediately warned its customers to avoid making online complaints about Anonymous for fear of sparking similar reactions.

Is there Anonymous mission drift?

At a minimum, there is some dissensus within the Anonymous community. One news release said that the Stratfor hacking had nothing to do with Anonymous, and described those behind the attack as “nothing more than opportunistic attention whores.” One of the problems for Anonymous—like the strategic vagueness of some of the Occupy groups—is that when organizational structure and leadership are loose or nonexistent, the actions of some members or groups of members might not garner the uncritical support of others within the collective. In this instance, was the motive of the hackers to disrupt Stratfor and its government and business supporters or to grab the credit card information of Statfor users and “play Robin Hood” with the charities? The credit card hacking didn’t capture just the cards of business and government entities but also those of individuals working for agencies and other types of organizations that might not be seen as logical AntiSec targets, such as Doctors Without Borders and the United Nations, and has made some $500,000 in donations in the name of such unexpected marks.

However, an Anonymous spokesperson said that the purpose was to obtain the 2.7 million e-mails on Stratfor’s server (a number that Anonymous has since raised to 3.3 million), not take on the role of an Internet Robin Hood. There is of course even the question of whether Anonymous really did make $500,000 or more in charitable donations, having posted information on only a handful of the donations made. One might even question whether a protest to give Bradley Manning a fancy dinner constitutes the kind of political statement warranting a hack attack on Stratfor.

The nearly ubiquitous Guy Fawkes masks worn by many Occupy protest participants have long been one of the calling cards of Anonymous activists, perhaps traceable to the anti-Scientology protests (some participants donned the masks because they feared retribution against them and their families by the Church of Scientology). The organizational and stylistic compatibility of the Anonymous hacktivists and the Occupy protest participants is not hard to discern. If, however, there are cracks in the Anonymous structure, a debate within the obscure and impenetrable movement of political hacktivists, might this also not happen to the Occupy movement? In New York, the Occupy Wall Street group makes decisions through assemblies that are as porous as the Anonymous collective where membership is concerned. On the one hand, Anonymous and Occupy might favor the small “d” democratic, almost anarchic processes they have designed for decision making and action, but without more structure and leadership they are as subject to “invasion” as the websites that Anonymous has so spectacularly attacked.

Social and political movements are emerging, cresting, changing, flaming out, and re-emerging at a rapid pace. The Tea Party movement, for example, became a political force not all that long after a TV commentator called for protests against policies that would help homeowners fend off bank foreclosures. The Occupy movement changed the public policy context, making politicians of all stripes aware of the 1 percent versus the 99 percent, in an even shorter period of time. Although the history of Anonymous stretches back to last year’s penultimate decade, its explosion into the public’s consciousness occurred in the wake of its Internet-based defense of Wikileaks. The timeframe for gestation and maturation of social movements has shrunk, due, in particular, to the ease with which one can sign up without much challenge to one’s bona fides as a legitimate Tea Partier, Occupier, Anonymous/AntiSec hacktivist, or other such activist.

For sure, Anonymous and Occupy make the nonprofit sector’s decision-making dynamics look positively leaden. Perhaps, however, these movements could benefit from a dollop or more of nonprofit sector structure, mission clarification, strategic analysis, and formality. Otherwise, strategic decisions could be hijacked by interlopers viewing the lack of structure as an opportunity to pursue their narrow agendas rather than seeking to understand the groups’ broader consensus.