It wasn’t too long ago that I was lurking in AnonOps’ IRC channel during Operation Payback, the Anonymous action that “took down” a few well-known financial companies’ landing pages, and generally stirred up a lot more media than they deserved. I remember the general chaos and script kiddie-like enthusiasm that pervaded the public chat areas and trying to make sense of the mystique and reverence that the channel operators enjoyed. I also remember a lot of people yelling about Amazon.com, that it was just as bad as the other financial companies that denied donations to Wikileaks, and that it should be “taken down” in turn.
Almost every time, someone a little more wizened and experienced would chime in and say that you don’t just “take down” Amazon.com; websites, especially the ones that are the veritable bastions of distributed cloud systems, scalability, and server infrastructure, aren’t really susceptible to script kiddies en masse. Distributed Denial of Service attacks are not new and it’s amusing to watch people drool over the piece of software that enables you participate in them (Low Orbit Ion Cannon) as if it’s some sophisticated and occult hacking device that magically “takes down websites.”
I keep putting “take down” in quotation marks for a reason. The most damaging wound that Anonymous has ever inflicted on a website is temporarily taking down its homepage, which simply bars visitors from viewing it. This isn’t “taking down” a company. All you’ve done is piss off some sysadmins and alienated some users who needed the site. Putting up an alternate message on the homepage, sometimes embarrassing the site, doesn’t constitute taking down very much. As I’ve seen one comic strip put it, it’s the equivalent of defacing a poster in the lobby.
This is in stark contrast to the recent doings of LulzSec and the Antisec movement as a whole. Those groups are determined to actually do some damage, and damage they certainly do. They have distributed troves of personal and confidential information, swiped maliciously from government and law enforcement websites. While not causing downtime per se, these actions are for more harmful to an organization than simply defacing its landing page.
This is why Anonymous will never attack Facebook. Aside from the numerous other circumstantial evidence that point to yesterday’s announcement being a hoax to begin with (new YouTube account, non-standard Twitter account, non-Pastebin distribution, and none of the usual chatter), you can’t just “take down” Facebook. Facebook is not a website. It isn’t staffed by a few starving sysadmins without the resources to plan for, preempt, and defend from this kind of decidedly primitive attack.
According to Alexa, 44% of global Internet users visited Facebook.com yesterday. In 2010, Facebook was running more than 60,000 servers. 3 billion photos are uploaded to Facebook every month. These numbers are constantly growing. Think about the scale of that number for a moment and it’s quite obvious to see that trying to “take down” Facebook is about as foolhardy a fantasy as simply walking into Mordor. Furthermore, just to add another layer of disbelief, Anonymous is warning Facebook months ahead of time that this is happening!
If the FacebookOp announcement is not a hoax (and it most certainly is), then this is obviously a desperate grasp at some kind of publicity. Anonymous has been rightfully overshadowed by the much more harmful and inflammatory AntiSec groups, and is probably looking for a way to get their hacktivist agenda back on the media’s radar screen. Suffice it to say that it worked; they have the media’s rapt attention. The other possibility, albeit highly unlikely, is that Anonymous actually has the firepower and wherewithal to bring Facebook to its knees. If this really is the case, and Anonymous has evolved from the chaotic and leaderless group we know it to be, we’re obviously dealing with something much larger than hacktivism, and it’s a scenario in which 600 million or so of the world’s population would be victims. While it’s an interesting plot for a bad sci-fi movie, I’m not ready to acknowledge that Anonymous has anywhere near the capabilities required to pull off something as huge and nefarious as “killing Facebook,” and I think Facebook sysadmins would agree.
Update: @Anonops, the usual source of information surrounding all things Anonymous has all but confirmed that this is indeed a hoax.