On 7 June 2011, a 27-year-old school dropout called Hector Xavier Monsegur went offline for 24 hours. For most of us, this would indicate nothing more than a day spent enjoying the fresh air, but his closest online friends were immediately suspicious. They knew Monsegur only as “Sabu”, a fellow member of LulzSec, a splinter faction from the “hacktivist” group Anonymous. To them, being offline for a whole day was deeply odd behaviour.
Gabriella (Biella) Coleman, an anthropologist who has studied Anonymous for half a decade, describes what happened next. “They asked him to ‘open a box’ – hack into something. As proof.” Sabu did so and they took him back into their confidence.
It was a mistake that shattered the group, and has ended in several of them facing years in prison. Because, in that 24 hours offline, Sabu had been “flipped” and was now working as an informant for the FBI. The hack he used to prove his credentials was either faked or sanctioned by the federal authorities.
What happened with Sabu goes to the heart of an idea explored by Malcolm Gladwell in his influential New Yorker essay “Small Change”, which carried the provocative strapline “The revolution will not be tweeted”. Gladwell describes the sit-in protests in America of the 1960s. He notes that participation in the civil rights movement was dangerous: it could cost someone their university place or their job, or it could cost their life. Researchers have since found that what separated the committed activists from those who dropped out was their personal connection to the movement and how many friends they had who were also participating. “High-risk activism,” writes Gladwell, “is a ‘strong-tie’ phenomenon.”
In his thesis, this is why claims of Twitter revolutions or hashtags toppling dictators are so overblown. The weak ties created by social media are perfect for finding new ideas, spreading information or raising awareness, but who would risk their life for someone they know only as an avatar and a few 140-character bursts?
The rise and fall of LulzSec provides an intriguing coda to this idea. This group of computer hackers was responsible for a campaign called “50 days of Lulz”, during which they breached Sony customer security and defaced the websites of the CIA and the Sun newspaper, among others. Their mission statement was to expose the security flaws of global companies, spread mischief and put two fingers up to the authorities. One of LulzSec’s members, Tflow, also helped protesters in Tunisia to avoid restrictions on internet use. (He turned out to be a 16-year-old Iraqi immigrant to Britain called Mustafa al-Bassam, who is now a student at King’s College London. Other members came from Ireland, Shetland and Chicago. Sabu was a Puerto Rican American.)
The collective is discussed by Coleman in her new book, Hacker, Hoaxer, Whistleblower, Spy: the Many Faces of Anonymous, and, over a strong coffee in London earlier in November, I wanted to ask her one thing: how can you trust someone when you have no idea who they are?
“From a tactical perspective, it would behove them to work in teams for a very short period of time, then scatter. They don’t do that,” she told me. “Their nicknames – Sabu, Topiary – became important. They became very close. LulzSec spent 24/7 together for 50 days. Some considered themselves family. It was why Sabu, when he got caught, could command a lot of authority.”
In other words, LulzSec walked a very difficult line. They had strong ties in one sense – they spent hours together every day, for weeks on end – but those ties were not attached to a face or a real name, or embedded in a shared friendship group. Under such circumstances, becoming friends after the illegal activities started was a dangerous move. “There are teams that work together – and they are often very good friends,” Coleman says of hacker collectives. “In fact, too good friends. A number of people got caught precisely because of that. They were maybe Facebook friends and they shared stuff on Facebook; that was the case with the two Irish guys. Or [the LulzSec member] Jeremy Hammond – he shared a crucial detail that he had done prison time.”
In other words, what allowed LulzSec to flourish eventually destroyed it. The same dynamic is true of Anonymous, the broader hacking group that has now become associated with the Guy Fawkes mask used in Alan Moore’s comic V for Vendetta. It emerged from the anarchic bulletin board 4Chan, but soon left – because, as Coleman notes, “4Chan really is anonymous. You can’t accrue reputation and the technical architecture really enforces that.” Activism is utterly impossible if you have no way of keeping track of your fellow activists and of forming even weak ties with them.
Anonymous has since carried out many high-profile “ops”, or operations, but it is riven by constant tension. If anyone can be an “anon”, how do you form a coherent set of demands? Who gets to dictate the direction of a leaderless organisation? And there is another problem. “When Anonymous left 4Chan, the original ethic of not seeking fame and recognition for your name came with them,” says Coleman. “When people violated that ethic, they were chastised as a result.” It’s a version of that old Groucho Marx joke: anyone who would want to be a spokesman for Anonymous shouldn’t be allowed to be one.
What applies to LulzSec and Anonymous also goes for online activism more generally. Malcolm Gladwell was right: there is now enough evidence to say that social media and hacker groups are great at generating noise and gaining attention, but weak ties make for fragile activism. If you want real change, you need not to be Anonymous.