Anonymous almost immediately advised internet users not to download the Ubuntu-based OS. YourAnonNews tweeted, “Seeing lots of news about just-released purported ‘Anonymous OS.’ BE CAREFUL! Remember the Zeus Trojan incident w/Slowloris recently!” A day later the OS was said to be riddled with malware.
The headline of this article is provocative, to be sure. But when I posed the question to a fellow D+T writer, the response was, “I’ve learned to never put anything past our government.” At the very least we must entertain the possibility of a false flag operation following the FBI’s infiltration of Antisec through Sabu.
Anonymous-OS, which comes loaded with hacking tools, was uploaded to Sourceforge and then downloaded over 26,000 times. Sourceforge took the OS down yesterday and issued an official statement:
“By taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old,” said Sourceforge’s spokesperson. “We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently. We’ll be in touch with the project admin, and let you know if and when we find out anything to contrary, but for now, that’s what we’re doing.”
Ars Technica’s Sean Gallagher believes it’s just a shoddily-designed variant of Ubuntu and, as such, not much of a worry unless the system is booby-trapped. That may well be the simple truth, but we might also consider the possibility that it was a bit of government-issued social engineering. That is, a false flag operation to paint Anonymous as malicious criminals who are more interested in corrupting personal computers than fighting economic, social or political injustice.
Consider the fact that the OS’s supposed malware was being discussed soon after it was posted to Sourceforge. The chatter is significant because government spooks know what advertisers, public relations gurus, or anyone with half a mind knows: to create a certain outcome, any message must be controlled and shaped at its inception. If you want to convince the public that Anonymous is not a digital protest movement but a “criminal” network, then you create the conditions to communicate that idea.
Anonymous can claim the OS was not their creation, and the OS itself might not be a real threat at all, but the symbolic association between Anonymous, the operating system, and malware has already bloomed in many people’s minds.
As Graham Cluley of Sophos Naked Security wrote, “If I were writing a cybercrime thriller, I might dream up a plot where the computer cops – desperate to know the identities of the hacktivists – concocted a plot where they made available software that promised to hide hackers’ identities.. but in fact secretly passed information back to the cops.”
Cluley doesn’t claim this is the case, but adds, “stranger things have happened.. (like the prominent leader of LulzSec turning out to have been secretly working for the FBI since the middle of last year..).”
In the final analysis, the truth may very well be that someone simply wanted to use the Anonymous name to publicize their Linux-based operating system, or deliver malware to dumb victims. I’m inclined to believe the former possibility myself, because infecting computers through a Linux-based OS (which is little known to the masses) isn’t exactly the most efficient means of creating bad press for Anonymous.
Never put anything past our government, though.