The Real Role Of Anonymous In Occupy Wall Street

So far, the hacker collective known as Anonymous–or those claiming the name–has failed to live up to threats made via YouTube and social media. But they have brought a lot of buzz to the Occupy Wall Street movement.


Anonymous has caught the attention of the media–and even Homeland Security–with its biggest contribution to Occupy Wall Street: hype. But, so far, the amorphous, leaderless hacktivist movement has disappointed anyone expecting full-on revolution from a Guy Fawkes-masked army or a massive cyber attack.

Anonymous does, however, have prominent members and often unites a large number of sympathizers. The gap between expectations and reality when it comes to Occupy Wall Street results from the disconnect between those dominant members and fringe elements who hit up the costume shop and start posting YouTube videos.


The story of how Anonymous and Occupy Wall Street intertwine dates back to February 2010, to the birth of “The 99 Percent Movement.”

The notion of “the 99 percent” most likely started with journalist David DeGraw in his 2010 book, The Economic Elite vs. The People of the United States. “The harsh truth is that 99% of the US population no longer has political representation,” DeGraw writes. As a follow-up, he formed the 99 Percent Movement, a social network soliciting ideas for a platform of economic and legal reform.

The Dreaded #refref

During the summer, the Internet was abuzz over about a new, potent attack tool called #refref. It could take down any type of unpatched online database (of which there are a great deal, according to several security experts we spoke to). Like other hacking tools, such as Low Orbit Ion Canon, #refref would be very user-friendly. People with no technical skill could download and run it.

Even the Department of Homeland Security believed that the tool, if it existed, would appear on Sept. 17 as part of the occupation. But it didn’t and still hasn’t.

At the Zucotti Park occupation, a self-identified hacker called “not_me” said that #refref was “a troll,” a bogus message. “#refref does not exist,” he said. Many Anonymous sympathizers agree on Twitter, including Sabu (@anonymousabu), who may have been the leader of this summer’s LulzSec hacks. 

In fact, it’s likely that #refref could not exist. “We had a lot of conversations about it and we thought, there just doesn’t seem to be anything there,” said Josh Shaul of Application Security, Inc. He was most skeptical of the claim that #refref was a single tool to attack any type of database: Oracle, IBM DB2, Sybase, My SQL. “They claimed it would work for any database. [But] what works for SQL doesn’t work for [others].” Further, Shaul says that when Anonymous announces an “exploit,” they publish the complete code of the tool.

A month after the due date, “We still haven’t seen anything resembling code,” says Shaul. “I’m calling bullshit on #refref.”

In January 2011, the movement’s host site,, was repeatedly taken down by unknown attackers. It was then that Anonymous hacktivists contacted DeGraw, offering to set up a more secure site. That grew into a collaboration called A99, which published a laundry list of demands in March. And on March 12, A99 announced Operation Empire State Rebellion (#OpESR) with the Arab-Spring-style demand of forcing a man from office–in this case, Federal Reserve Chairman Ben S. Bernanke. On June 1, A99 hastily called for multi-city occupations on the 14th. (In New York, it would have taken the same spot, Zuccotti Park, that is home to the present occupation.) But the OpESR action was a flop. Just 16 people showed up in Manhattan, and similarly feeble numbers in 22 other cities.


Meanwhile, organizers at activist magazine Adbusters had been developing their own occupation idea since February, which crystallized in a July 13 call to action. “Adbusters has never communicated directly with Anonymous,” said senior editor Micah White in an email.

But Anonymous spread the word vigorously, using Twitter, blogs, Internet Relay Chat (or IRC, their preferred discussion forum) and eventually YouTube videos. A sometime hacktivist named Robert whom I met at the September 17 protest in New York said that he knew about the campaign just two hours after the Adbusters page went live.

“The geek aspect is most important in the early days of a movement,” said Joseph Menn, a Financial Times security correspondent and author of the book Fatal System Error. “Once you get mainstream coverage, it’s self-perpetuating.”


August 23: First YouTube video

Most people learned about hacktivist involvement in the occupation–indeed about the occupation at all–from an August 23 YouTube video. Purporting to be from Anonymous (the most that can be said for any video), it announced plans to mobilize 20,000 people in lower Manhattan. The buzzword “Anonymous” garnered media attention from NPR to the Huffington Post to CNNMoney. And according to a September 2 article in Computerworld, it even spawned Department of Homeland Security alerts.

Here’s where the promises made in the name of “Anonymous” diverge from reality.


September 17: Poor Turnout


According to the YouTube video: “Anonymous will flood into lower Manhattan. We will set up tents, kitchens, peaceful barricades, and occupy Wall Street for a few months.” In reality, 700 activists, at most, assembled in Bowling Green Park near Wall Street. About two-dozen wore the signature Guy Fawkes masks associated with Anonymous. 

I spoke to some of them who said that they simply follow the movement online. People I found who did understand hacking and Anonymous reckoned that about “12 to 15” people at Zuccotti Park had any affiliation. One of them, who identified himself by his Twitter handle, “not_me,” said of Anonymous “I don’t think there was a whole lot organized for this.”


The occupation has endured, for a month already, with no signs of ending, and the numbers swell perhaps as high as 10,000 or more during rallies. But members of the General Assembly–the de-facto organizers–say they know nothing about Anonymous and are not coordinating with any of them.

September 17: A Hacker Superweapon Fails To Materialize


(See, “The Dreaded #refref.”)

September 19th: The Black Faxes


Anonymous promised to flood the New York Stock Exchange, the Federal Reserve, Goldman Sachs, and the NASDAQ with all-black fax pages to burn through their paper and toner cartridges. Though it’s possible that some were sent, it was far from a severely punitive maneuver.

Hacktivist member “WolfgangAnon” told me that he had issued the call and posted instructions on a popular hacker site called pastebin. I saw the post, and daily tweets encouraging participants but not much effect. A friend inside Goldman said she had seen nothing, but maybe it was just too small to attract attention. (An inquiry Fast Company sent to the NYSE did not receive a reply.)


September 23: Take Down The NYPD Communications

A dark, blurry YouTube clip with muffled audio called on hacktivists to “cripple” the communications systems of the NYPD. Nothing happened.


September 25: War On The Cops

Following violence, including liberal use of pepper spray, during a September 24 march, an Anonymous video announced, “We will constitute a declaration of war against the NYPD if the brutality does not stop. If we hear of brutality in the next 36 hours, then we will take you down from the Internet.”


In reality, the NYPD stayed online, but a cop was taken down.

Anonymous issued a YouTube video (which they claim was removed but is available here) giving details on one of the pepper-spraying NYPD officers, Anthony Bologna, including his title, precinct, phone number, names of relatives, and a legal case he was involved in.

The officer was actually identified by photographer David Stam. He matched his pictures to a slow-motion video of the altercation and zoomed in for a close-up of Bologna’s badge. He sent the information to Occupy Wall Street organizers, and somehow it was made public. A web search by anyone could have surfaced the rest of Bologna’s info.

On the Tumblr blog C@b!nCr3w, Anonymous has been publishing as many details as it can about members of the NYPD as well as targeted Wall Street bankers, a practice known as “D0x’ing.”

October 2: #InvadeWallStreet Attack On The New York Stock Exchange

An October 2nd YouTube video announces “… We declare our war against the New York Stock Exchange…On October 10th, NYSE shall be erased from the Internet.”

In reality, on the 10th, a short distributed denial of service (DDoS) attack slowed down the NYSE site for about a half hour and took it offline for a couple minutes.

“If the site was down for two minutes, that’s not much of a protest,” said Josh Shaul, CTO of Application Security, Inc. and an expert in database vulnerabilities. “It shows that the big guns of Anonymous certainly didn’t come out for this event.“

In fact, many prominent sites and Twitter accounts denounced it ahead of time, in part because the DDoS tools to be used are easy to trace back to the hacker. “Many of our brothers and sisters have gone down in the fight for using such tactics, like the Wikileaks defendants who took down Visa, Paypal, and Mastercard [sic],” said a communiqué. “We do not want history to repeat itself, and are sincerely worried.”

Some even claimed it was a troll–a hoax–designed to lure Anonymous members into breaking the law, possibly by a federal agent. I got an indication of that back on October 4 when “not_me” sent an email saying “It’s not coming through usual channels and they’re convinced it’s government.”

“I think that the time for DDoS and Anonymous has passed,” said Shaul. “I think Anonymous has suffered too many casualties from DDoS.”

But that doesn’t mean no more hacking in hacktivism. Shaul instead expects efforts to break into databases and publicize private information such as email addresses or account numbers–proof that they have “owned” a company’s network and shown its weaknesses.

It’s a slow process of probing networks with automated tools, perhaps for weeks, until vulnerabilities appear. But they will. Some discovered a decade or more ago remain unpatched on many networks. Even banks aren’t totally secure. For example, Bryan Sartin, director of investigative response at Verizon Business, says that they are often investigating 20 or more possible financial-institution break-ins at once.

But whatever Anonymous does, most members won’t want to piss off supporters, say, by disrupting the actual NYSE, not just its inconsequential website. “That affects everybody–people’s pensions and savings and stuff,” said Dave DeGraw. “At least the people that I’ve had contact with before, they don’t want to do anything that is going to be a really bad PR.”

More A Messenger Than A Shooter

To this day, the real role of anonymous is the same as it has been from the beginning: Publicize the Occupy Wall Street protests as much as possible.

For example, AnonOps Communications, billing itself as “only dedicated to reporting news about Anonymous,” has been covering nothing but the protests since September 16.

The protests also dominate the site YourAnonNews

And it continues to be a major conversation topic. On IRC, the discussion group #occupywallstreet (not to be confused with the Twitter hashtag) hangs in as the third most popular according to ranking by online IRC service

It’s also the obsession of Anonymous members on Twitter.

For now, at least, the majority of Anonymous seems to believe that the virtual pen is mightier than the virtual sword.

Follow @seancaptain.


About the author

Sean Captain is a business, technology, and science journalist based in North Carolina. Follow him on Twitter @seancaptain.