4chan raids (2003–2007) Fox 11 investigative report on Anonymous. The report focused on what were then contemporary instances of Internet bullying by Anonymous. A tag of Anonymous is assigned to visitors who leave comments without identifying the originator of the posted content. Users of imageboards sometimes jokingly acted as if Anonymous was a single individual. The concept of the Anonymous entity advanced in 2004 when an administrator on the 4chan image board activated a "Forced_Anon" protocol that signed all posts as Anonymous. As the popularity of imageboards increased, the idea of Anonymous as a collective of unnamed individuals became an
Internet meme. Users of 4chan's /b/ board would occasionally join into mass pranks or raids.
Encyclopedia Dramatica (2004–present) Encyclopedia Dramatica was founded in 2004 by Sherrod DeGrippo, initially as a means of documenting gossip related to
LiveJournal, but it quickly was adopted as a major platform by Anonymous for parody and other purposes. The site also played a role in the anti-
Scientology campaign of
Project Chanology. On April 14, 2011, the original URL of the site was redirected to a new website named
Oh Internet that bore little resemblance to Encyclopedia Dramatica. Parts of the ED community harshly criticized the changes. In response, Anonymous launched "Operation Save ED" to rescue and restore the site's content. The Web Ecology Project made a downloadable archive of former Encyclopedia Dramatica content. The site's reincarnation was initially hosted at encyclopediadramatica.ch on servers owned by Ryan Cleary, who later was arrested in relation to attacks by LulzSec against Sony.
Project Chanology (2008) ", January 21, 2008 at the
Scientology area in Los Angeles Anonymous first became associated with
hacktivism in 2008 following a series of actions against the Church of Scientology known as Project Chanology. On January 15, 2008, the gossip blog
Gawker posted a video in which celebrity Scientologist
Tom Cruise praised the religion; and the Church responded with a
cease-and-desist letter for violation of copyright. 4chan users organized a raid against the Church in retaliation, prank-calling its hotline, sending
black faxes designed to waste ink cartridges, and launching
DDoS attacks against its websites. The DDoS attacks were at first carried out with the Gigaloader and
JMeter applications. Within a few days, these were supplanted by the
Low Orbit Ion Cannon (LOIC), a network stress-testing application allowing users to flood a server with
TCP or
UDP packets. The LOIC soon became a signature weapon in the Anonymous arsenal; however, it would also lead to a number of arrests of less experienced Anons who failed to conceal their
IP addresses. Some operators in Anonymous IRC channels incorrectly told or lied to new volunteers that using the LOIC carried no legal risk. center on February 10, 2008 During the DDoS attacks, a group of Anons uploaded a YouTube video in which a robotic voice speaks on behalf of Anonymous, telling the "leaders of Scientology" that "For the good of your followers, for the good of mankind—for the laughs—we shall expel you from the Internet." Within ten days, the video had attracted hundreds of thousands of views. The stylized Guy Fawkes masks soon became a popular symbol for Anonymous. In-person protests against the Church continued throughout the year, including "Operation Party Hard" on March 15 and "Operation Reconnect" on April 12. However, by mid-year, they were drawing far fewer protesters, and many of the organizers in IRC channels had begun to drift away from the project.
Operation Payback (2010) By the start of 2009, Scientologists had stopped engaging with protesters and had improved online security, and actions against the group had largely ceased. A period of infighting followed between the politically engaged members (referred to as "moralfags" in the parlance of 4chan) and those seeking to provoke for entertainment (trolls). By September 2010, the group had received little publicity for a year and faced a corresponding drop in member interest; its raids diminished greatly in size and moved largely off of IRC channels, organizing again from the chan boards, particularly /b/. In September 2010, however, Anons became aware of Aiplex Software, an Indian software company that contracted with film studios to launch DDoS attacks on websites used by copyright infringers, such as
The Pirate Bay. Coordinating through IRC, Anons launched a DDoS attack on September 17 that shut down Aiplex's website for a day. Primarily using LOIC, the group then targeted the
Recording Industry Association of America (RIAA) and the
Motion Picture Association of America (MPAA), successfully bringing down both sites. On September 19, future LulzSec member Mustafa Al-Bassam (known as "Tflow") and other Anons hacked the website of Copyright Alliance, an anti-infringement group, and posted the name of the operation: "Payback Is A Bitch", or "Operation Payback" for short. Anons also issued a press release, stating: As IRC network operators were beginning to shut down networks involved in DDoS attacks, Anons organized a group of servers to host an independent IRC network, titled AnonOps. Operation Payback's targets rapidly expanded to include the British law firm
ACS:Law, the
Australian Federation Against Copyright Theft, the British nightclub
Ministry of Sound, the Spanish copyright society
Sociedad General de Autores y Editores, the
U.S. Copyright Office, and the website of
Gene Simmons of
Kiss. By October 7, 2010, total downtime for all websites attacked during Operation Payback was 537.55 hours. Operation Payback then expanded to include "Operation Avenge
Assange", and Anons issued a press release declaring PayPal a target. Launching DDoS attacks with the LOIC, Anons quickly brought down the websites of the PayPal blog;
PostFinance, a Swiss financial company denying service to WikiLeaks;
EveryDNS, a web-hosting company that had also denied service; and the website of U.S. Senator
Joe Lieberman, who had supported the push to cut off services. On December 8, Anons launched an attack against PayPal's main site. According to Topiary, who was in the command channel during the attack, the LOIC proved ineffective, and Anons were forced to rely on the
botnets of two hackers for the attack, marshaling hijacked computers for a concentrated assault. Security researcher Sean-Paul Correll also reported that the "zombie computers" of involuntary botnets had provided 90% of the attack. Topiary states that he and other Anons then "lied a bit to the press to give it that sense of abundance", exaggerating the role of the grassroots membership. However, this account was disputed. The attacks brought down PayPal.com for an hour on December 8 and for another brief period on December 9. Anonymous also disrupted the sites for Visa and MasterCard on December 8. Anons had announced an intention to bring down Amazon.com as well, but failed to do so, allegedly because of infighting with the hackers who controlled the botnets. PayPal estimated the damage to have cost the company US$5.5 million. It later provided the IP addresses of 1,000 of its attackers to the
FBI, leading to at least 14 arrests. On Thursday, December 5, 2013, 13 of the
PayPal 14 pleaded guilty to taking part in the attacks.
2011–2012 , a protest that the group actively supported, September 17, 2011 In the years following Operation Payback, targets of Anonymous protests, hacks, and DDoS attacks continued to diversify. Beginning in January 2011, Anons took a number of actions known initially as
Operation Tunisia in support of
Arab Spring movements. Tflow created a script that Tunisians could use to protect their web browsers from government surveillance, while fellow future LulzSec member
Hector Xavier Monsegur (alias "Sabu") and others allegedly hijacked servers from a London web-hosting company to launch a DDoS attack on Tunisian government websites, taking them offline. Sabu also used a Tunisian volunteer's computer to hack the website of Prime Minister
Mohamed Ghannouchi, replacing it with a message from Anonymous. Anons also helped Tunisian dissidents share videos online about the uprising. In Operation Egypt, Anons collaborated with the activist group
Telecomix to help dissidents access government-censored websites. After the church announced its intentions in December 2012 to picket the funerals of the
Sandy Hook Elementary School shooting victims, CosmoTheGod published the names, phone numbers, and e-mail and home addresses of church members and brought down GodHatesFags.com with a DDoS attack. In August 2012, Anons hacked the site of Ugandan Prime Minister
Amama Mbabazi in retaliation for the
Parliament of Uganda's consideration of
an anti-homosexuality law permitting capital punishment. In April 2011, Anons launched a series of attacks against Sony in retaliation for trying to stop hacks of the
PlayStation 3 game console. More than 100 million Sony accounts were compromised, and the Sony services
Qriocity and
PlayStation Network were taken down for a month apiece by cyberattacks. In July 2011, Anonymous announced the launch of its social media platform
Anonplus. This came after Anonymous' presence was removed from
Google+. The site was later hacked by a Turkish hackers group who placed a message on the front page and replaced its logo with a picture of a dog. In August 2011, Anons launched an attack against
BART in San Francisco, which they dubbed #OpBart. The attack, made in response to the killing of Charles Hill a month prior, resulted in customers' personal information leaked onto the group's website. , Brussels, January 2012 When the
Occupy Wall Street protests began in New York City in September 2011, Anons were early participants and helped spread the movement to other cities such as
Boston. In October, some Anons attacked the website of the
New York Stock Exchange while other Anons publicly opposed the action via Twitter. Some Anons also helped organize an Occupy protest outside the
London Stock Exchange on May 1, 2012. Anons launched Operation Darknet in October 2011, targeting websites hosting
child pornography. In particular, the group hacked a child pornography site called "
Lolita City" hosted by
Freedom Hosting, releasing 1,589 usernames from the site. Anons also said that they had disabled forty image-swapping pedophile websites that employed the anonymity network
Tor. In 2012, Anons leaked the names of users of a suspected child porn site in OpDarknetV2. Anonymous launched the #OpPedoChat campaign on Twitter in 2012 as a continuation of Operation Darknet. In attempt to eliminate child pornography from the internet, the group posted the emails and IP addresses of suspected pedophiles on the online forum PasteBin. In 2011, the
Koch Industries website was attacked following their attack upon union members, resulting in their website being made inaccessible for 15 minutes. In 2013, one member, a 38-year-old truck driver, pleaded guilty when accused of participating in the attack for a period of one minute, and received a sentence of two years federal probation, and ordered to pay $183,000 restitution, the amount Koch stated they paid a consultancy organization, despite this being only a denial of service attack. On January 19, 2012, the U.S.
Department of Justice shut down the file-sharing site
Megaupload on allegations of copyright infringement. Anons responded with a wave of DDoS attacks on U.S. government and copyright organizations, shutting down the sites for the RIAA, MPAA,
Broadcast Music, Inc., and the FBI. In April 2012, Anonymous hacked 485
Chinese government websites, some more than once, to protest the treatment of their citizens. They urged people to "fight for justice, fight for freedom, [and] fight for democracy". protest in the Czech Republic with a bisected
anarchist flag and an Anonymous logo In 2012, Anonymous launched Operation Anti-Bully: Operation Hunt Hunter in retaliation to
Hunter Moore's revenge porn site, "
Is Anyone Up?" Anonymous crashed Moore's servers and publicized much of his personal information online, including his social security number. The organization also published the personal information of Andrew Myers, the proprietor of "Is Anyone Back", a copycat site of Moore's "Is Anyone Up?" In response to
Operation Pillar of Defense, a November 2012 Israeli military operation in the
Gaza Strip, Anons took down hundreds of Israeli websites with DDoS attacks. Anons pledged another "
massive cyberassault" against Israel in April 2013 in retaliation for its actions in
Gaza, promising to "wipe Israel off the map of the Internet". However, its DDoS attacks caused only temporary disruptions, leading cyberwarfare experts to suggest that the group had been unable to recruit or hire botnet operators for the attack.
2013 On November 5, 2013, Anonymous protesters gathered around the world for the Million Mask March. Demonstrations were held in 400 cities around the world to coincide with
Guy Fawkes Night. Operation Safe Winter was an effort to raise awareness about homelessness through the collection, collation, and redistribution of resources. This program began on November 7, 2013 after an online call to action from Anonymous UK. Three missions using a charity framework were suggested in the original global spawning a variety of direct actions from used clothing drives to pitch in community potlucks feeding events in the UK, US and Turkey. The #OpSafeWinter call to action quickly spread through the mutual aid communities like Occupy Wall Street and its offshoot groups like the
open-source-based OccuWeather. With the addition of the long-term mutual aid communities of New York City and online hacktivists in the US, it took on an additional three suggested missions. Encouraging participation from the general public, this operation has raised questions of
privacy and the changing nature of the Anonymous community's use of monikers. The project to support those living on the streets while causing division in its own online network has been able to partner with many efforts and organizations not traditionally associated with Anonymous or online activists.
2014 In the wake of the
fatal police shooting of unarmed African-American Michael Brown in
Ferguson, Missouri, "Operation Ferguson"—a
hacktivist organization that claimed to be associated with Anonymous—organized cyberprotests against police, setting up a website and a Twitter account to do so. The group promised that if any protesters were harassed or harmed, they would attack the city's servers and computers, taking them offline. Prior to August 15, members of Anonymous corresponding with
Mother Jones said that they were working on confirming the identity of the undisclosed police officer who shot Brown and would release his name as soon as they did. On August 14, Anonymous posted on its Twitter feed what it claimed was the name of the officer involved in the shooting. However, police said the identity released by Anonymous was incorrect. Twitter subsequently suspended the Anonymous account from its service. It was reported on November 19, 2014, that Anonymous had declared
cyber war on the
Ku Klux Klan (KKK) the previous week, after the KKK had made death threats following the Ferguson riots. They hacked the KKK's Twitter account, attacked servers hosting KKK sites, and started to release the personal details of members. On November 24, 2014, Anonymous shut down the
Cleveland city website and posted a video after
Tamir Rice, a twelve-year-old boy armed only with a BB gun, was shot to death by a police officer in a Cleveland park. Anonymous also used
BeenVerified to uncover the phone number and address of a police officer involved in the shooting.
2015 In January 2015, Anonymous released a video and a statement via Twitter condemning
the attack on
Charlie Hebdo, in which 12 people, including eight journalists, were fatally shot. The video, claiming that it is "a message for
al-Qaeda, the
Islamic State and other terrorists", was uploaded to the group's Belgian account. The announcement stated that "We, Anonymous around the world, have decided to declare war on you, the terrorists" and promises to avenge the killings by "shut[ting] down your accounts on all social networks." On January 12, they brought down a website that was suspected to belong to one of these groups. Critics of the action warned that taking down extremists' websites would make them harder to monitor. On June 17, 2015, Anonymous claimed responsibility for a Denial of Service attack against Canadian government websites in protest of the passage of bill
C-51—an anti-terror legislation that grants additional powers to Canadian intelligence agencies. The attack temporarily affected the websites of several federal agencies. On October 28, 2015, Anonymous announced that it would reveal the names of up to 1,000 members of the
Ku Klux Klan and other affiliated groups, stating in a press release, "You are terrorists that hide your identities beneath sheets and infiltrate society on every level. The privacy of the Ku Klux Klan no longer exists in cyberspace." On November 2, a list of 57 phone numbers and 23 email addresses (that allegedly belong to KKK members) was reportedly published and received media attention. However, a tweet from the "@Operation_KKK" Twitter account the same day denied it had released that information. The group stated it planned to, and later did, reveal the names on
November 5. Since 2013, Saudi Arabian
hacktivists have been targeting government websites protesting the actions of the regime. These actions have seen attacks supported by the possibly Iranian backed
Yemen Cyber Army. An offshoot of Anonymous self-described as
Ghost Security or GhostSec started targeting
Islamic State-affiliated websites and social media handles. In November 2015, Anonymous announced a major, sustained operation against ISIS following the
November 2015 Paris attacks, declaring: "Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go." ISIS responded on
Telegram by calling them "idiots", and asking "What they hack?" By the next day, however, Anonymous claimed to have taken down 3,824 pro-ISIS Twitter accounts, and by the third day more than 5,000, and to have
doxxed ISIS recruiters. A week later, Anonymous increased their claim to 20,000 pro-ISIS accounts and released a list of the accounts. The list included the Twitter accounts of
Barack Obama,
Hillary Clinton,
The New York Times, and
BBC News. The BBC reported that most of the accounts on the list appeared to be still active. A spokesman for Twitter told
The Daily Dot that the company is not using the lists of accounts being reported by Anonymous, as they have been found to be "wildly inaccurate" and include accounts used by academics and journalists. In 2015, a group that claimed to be affiliated with Anonymous, calling themselves as AnonSec, claimed to have hacked and gathered almost 276 GB of data from NASA servers including NASA flight and radar logs and videos, and also multiple documents related to ongoing research. AnonSec group also claimed gaining access of a Global Hawk Drone of NASA, and released some video footage purportedly from the drone's cameras. A part of the data was released by AnonSec on Pastebin service, as an Anon Zine. NASA has denied the hack, asserting that the control of the drones were never compromised, but has acknowledged that the photos released along with the content are real photographs of its employees, but that most of these data are already available in the
public domain.
2016 The Blink Hacker Group, associating themselves with the Anonymous group, claimed to have hacked the Thailand prison websites and servers. The compromised data has been shared online, with the group claiming that they give the data back to Thailand Justice and the citizens of Thailand as well. The hack was done in response to news from Thailand about the mistreatment of prisoners in Thailand. A group calling themselves Anonymous Africa launched a number of DDoS attacks on websites associated with the controversial South African
Gupta family in mid-June 2016. Gupta-owned companies targeted included the websites of Oakbay Investments,
The New Age, and
ANN7. The websites of the
South African Broadcasting Corporation, the political party
Economic Freedom Fighters, and Zimbabwe's
Zanu-PF were also attacked for "politicising racism."
Late 2010s In late 2017, the
QAnon conspiracy theory first emerged on 4chan, and adherents used similar terminology and branding to Anonymous. In response, in 2018, anti-Trump members of Anonymous warned that QAnon was stealing the collective's branding and vowed to oppose the theory. and QAnon itself. The hacked page featured the
Flag of Taiwan, the
KMT emblem, a
Taiwan Independence flag, and the Anonymous logo along with a caption. The hacked server belonged to the
United Nations Department of Economic and Social Affairs. In the wake of protests across the U.S. following the
murder of George Floyd, Anonymous released a video on Facebook as well as sending it out to the Minneapolis Police Department on May 28, 2020, titled "Anonymous Message To The Minneapolis Police Department", in which they state that they are going to seek revenge on the
Minneapolis Police Department, and "expose their crimes to the world". According to
Bloomberg, the video was initially posted on an unconfirmed Anonymous Facebook page on May 28. According to BBC News, that same Facebook page had no notoriety and published videos of dubious content linked to UFOs and "China's plan to take over the world". It gained repercussions after the video about George Floyd was published and the Minneapolis police website, which is responsible for the police officer, was down. Later,
Minnesota Governor
Tim Walz said that every computer in the region suffered a sophisticated attack. According to BBC News, the attack on the police website using DDoS (Distributed Denial of Service) was unsophisticated. On June 19, 2020, Anonymous published
BlueLeaks, sometimes referred to by the
Twitter hashtag #BlueLeaks, 269.21
gigabytes of internal
U.S. law enforcement data through the activist group
Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies". The data — internal intelligence, bulletins, emails, and reports — was produced between August 1996 and June 2020 by more than 200 law enforcement agencies, which provided it to
fusion centers. It was obtained through a security breach of Netsential, a web developer that works with fusion centers and law enforcement. In Maine, legislators took interest in BlueLeaks thanks to details about the Maine Information and Analysis Center, which is under investigation. The leaks showed the fusion center was spying on and keeping records on people who had been legally protesting or had been "suspicious" but committed no crime. In 2020, Anonymous started cyber-attacks against the Nigerian government. They started the operation to support the
#EndSARS movement in Nigeria. The group's attacks were tweeted by a member of Anonymous called LiteMods. The websites of EFCC, INEC and various other Nigerian government websites were taken-down with DDoS attacks. The websites of some banks were compromised.
2021 The
Texas Heartbeat Act, a law which bans
abortions after six weeks of pregnancy, came into effect in
Texas on September 1, 2021. The law relies on private citizens to file
civil lawsuits against anyone who performs or induces an abortion, or aids and abets one, once "cardiac activity" in an
embryo can be detected via
transvaginal ultrasound, which is usually possible beginning at around six weeks of pregnancy. Shortly after the law came into effect, anti-abortion organizations set up websites to collect "whistleblower" reports of suspected violators of the bill. On September 3, Anonymous announced "Operation Jane", a campaign focused on stymying those who attempted to enforce the law by "exhaust[ing] the investigational resources of bounty hunters, their snitch sites, and online gathering spaces until no one is able to maintain data integrity". On September 13, Anonymous released a large quantity of private data belonging to
Epik, a domain registrar and web hosting company known for providing services to websites that host
far-right,
neo-Nazi, and other
extremist content. Epik had briefly provided services to an abortion "whistleblower" website run by the anti-abortion Texas Right to Life organization, but the reporting form went offline on September 4 after Epik told the group they had violated their terms of service by collecting private information about third parties. The data included domain purchase and transfer details, account credentials and logins, payment history, employee emails, and unidentified
private keys. The hackers claimed they had obtained "a decade's worth of data" which included all customers and all domains ever hosted or registered through the company, and which included poorly encrypted passwords and other sensitive data stored in
plaintext. Later on September 13, the
Distributed Denial of Secrets (DDoSecrets) organization said they were working to curate the allegedly leaked data for more accessible download, and said that it consisted of "180
gigabytes of user, registration, forwarding and other information". Publications including
The Daily Dot and
The Record by Recorded Future subsequently confirmed the veracity of the hack and the types of data that had been exposed. more disk images as well as some leaked documents from the Republican Party of Texas appeared on October 4.
2022 On February 25, 2022, Twitter accounts associated with Anonymous declared that they had launched a 'cyber operations' against the
Russian Federation, in retaliation for the
invasion of Ukraine ordered by Russian president
Vladimir Putin. The group later temporarily disabled websites such as
RT.com and the website of the
Defence Ministry along with other state owned websites. Anonymous also leaked 200 GB worth of emails from the Belarusian weapons manufacturer Tetraedr, which provided logistical support for Russia in the Russian invasion of Ukraine. Anonymous also hacked into Russian TV channels and played Ukrainian music through them and showed uncensored news of events in Ukraine.
Operation Russia On March 7, 2022, Anonymous actors DepaixPorteur and TheWarriorPoetz declared on Twitter that they hacked 400 Russian surveillance cameras and broadcast them on a website. They call this operation "Russian Camera Dump". Capital Legal Services,
All-Russia State Television and Radio Broadcasting Company (VGTRK), Aerogas,
Blagoveshchensk City Administration, Gazregion, GUOV i GS - General Dept. of Troops and Civil Construction, Accent Capital, ALET/АЛЕТ, CorpMSP,
Nikolai M. Knipovich Polar Research Institute of Marine Fisheries and Oceanography (PINRO), the
Achinsk City Government, SOCAR Energoresource, Metprom Group LLC, and the Vyberi Radio / Выбери Радио group, all of which were allegedly hacked by Anonymous and Anonymous aligned NB65. Anonymous launched a cyber operation against the Iranian government for the alleged murder of
Mahsa Amini. Anonymous launched
distributed denial of service (DDOS) attacks against Iran's government and state-owned websites. On September 23, 2022, a hacktivist named "Edaalate Ali" hacked Iran's state TV government channel during the middle of broadcast and released CCTV footage of Iran's prison facilities. On October 23, 2022, an Iranian hacker group known as "Black Reward" published confidential files and documents email system belonging to Iran's nuclear program. Black Reward announced on their Telegram channel that they have hacked into 324 emails which contained more than a hundred thousand messages and over 50 gigabytes of files. A hacktivist group by the name "Lab Dookhtegan" published the Microsoft Excel macros, PowerShell exploits
APT34 reportedly used to target organizations across the world.
Chinese protests In response to the
2022 COVID-19 protests in China, "Anonymous OpIran" launched
Operation White Paper, attacked and took down Chinese government controlled websites, and leaked some Chinese government officials' personal information. ==Arrests and trials==