Anon Analytics: OSINT/LEAKING Analysis Of Corporate Corruption
It seems that Anonymous has begun to understand that to change the world they may have to play within the rules somewhat. In the panel discussion at Defcon, we discussed how Anonymous should channel their efforts to have greater effect without all the blowback and collateral damage that they had been creating with their antics. This week Anonymous came up with a new splinter org that claims to be an analysis wing looking into corporate wrongdoing. This group is called Anonymous Analytics and claims that they are using open source information as well as soliciting leaks/whistleblowers to provide them with data to show corporate malfeasance.
The claim has been made that the idea came from the “OpOccupyWallStreet and OpEmpireStateRebellion” by the new group and that the take away was that if you directly affect the stock price of a company you get quick attention and potentially, corrections in behavior. At the very least I would say, is that this would cause waves either way. The problem is yet again, verification of actual malfeasance or corruption.
When asked by the Financial Times, if the anon’s involved had CFA qualifications, the Anonymous representative said “That’s entirely possible. Our backgrounds vary, but it’s not something we discuss” Which is really just a way of saying “no” So, once again we have the greater potential for more dumps of data from Anonymous that turns out to be nothing to write home about and is not verified in any way. This will ultimately fail as the other efforts have failed to make a change unless they do get bone fide people with credentials to verify the data that they claim to have AND it can be proven that the data is not manufactured.
Both of these things are hard and more likely to happen if they actually get someone from the inside to give them the data. Like another organization we all know, Wikileaks. So, to their credit, Anon Analytics did set up a dead drop of sorts (at time of writing here, it was not working) as well as a Hushmail acct was offered as a means of contact for encrypted and secure communications. So, the intent is there to gather the data from sources instead of just hacking into places and taking whatever they can get their hands on and puking it out on the internet.
Which is good.
Now to the bad… While I appreciate the effort they are making, they have to have the following things in place to have a real affect.
- Fix the drop site and insure it is secure
- Drop the Hushmail acct, the FBI and the USGOV have deals with Hushmail (check Google kids). They can access the data through warrants served to Canada and the corporation… It’s not as safe as you think
- Obtain the expertise of real CFA’s and others as you mention on your site but cannot verify. If you don’t have the expertise, then you should turn over anything that comes to you to those who are experts and let them tell the media.. Or just give it to the media to start
- Verify Verify Verify BEFORE you post stuff! You have looked like fools and no one trusts you thus far
- Speaking of trust.. Until you prove yourselves with some good intel, you are considered fabricators so do it right
- IF you start trying to just hit companies bottom lines (stock prices) through FUD, then you will be marked only as problem children and when they catch up to you, the price will be steep legally
- Do not make this a weapon wielded by incompetents it will only go badly
This is pretty much the kind of thing we were talking about at Defcon, but, it has to be done right or nothing good will come of it. I laud your intention, now tighten it up and show us you can do something productive.