Following the high-profile arrest of Sabu (aka Hector Xavier Monsegur), analysts have attacked both Anonymous and the FBI, suggesting the two's ongoing "OpAntiSec" war is hurting the very people they claim to be helping.
Hurting Not Helping
Speaking to the International Business Times UK, F-Secure security expert Sean Sullivan attacked OpAntiSec and suggested it did little but prove an inherent truth in the security industry - that no system is unhackable.
OpAntiSec is an Anonymous and LulzSec operation that has seen the collective and hacker group mount numerous cyber attacks against high-profile targets such as the FBI, the UK Serious Organised Crime Agency and NATO.
"Here at F-Secure, we don't sell security, we sell antivirus software and 'security as a service' to ISP partners. Our antivirus is a layer of security. It isn't some kind of magic shield," commented Sullivan.
"When a police officer is given a bullet proof vest, does he become invulnerable to harm? I pray that he doesn't think so. A bullet proof vest is a layer of security, it doesn't make the police officer 'secure', it only makes him more secure than he is without it. He would still do well to avoid running into harm's way."
"So what does OpAntiSec do metaphorically? They egg the cop, they harass him, they kick him. And the more dangerous among them use a sniper rifle to wound him. And somehow... that sniper hit is supposed to prove how pointless the vest is. Why should you wear the vest at all? But that's the straw man, we already know that a vest doesn't protect against a dedicated attacker with a sniper rifle."
Citing this inherent truth, Sullivan went on to suggest that the Anonymous-led OpAntiSec only served to build an air of hysteria that helped the security industry increase its profits.
"Since September 11, 2001, there's been incredible amounts of growth in the 'intelligence' industry, and now OpAntiSec is providing everything it needs to become a digital intelligence, surveillance and security industry. Everybody involved, FBI and Anons alike, have done the world at large a huge disservice."
AntiSec and OpAntiSec
Moving on, mirroring prior comments from Trend Micro's Rik Ferguson, Sullivan was quick to separate OpAntiSec from the much older Ant-Security (AntiSec) movement.
"On one side of things there's an Antisec/full disclosure/responsible disclosure debate that's existed within security research circles for ages. And then there's OpAntiSec," commented Sullivan.
Specifically, Sullivan highlighted that the AntiSec movement is a part of a much wider and older debate within the security industry about full disclosure.
"The Antisec movement argues that disclosure of vulnerabilities provided the computer security industry the means by which it could justify its existence. And then, the vulnerabilities and exploits get hyped, turned into marketing FUD, and that fuels the 'security industry'," said Sullivan.
"Full disclosure/responsible disclosure argues the opposite, and that disclosing vulnerabilities makes folks safer because vendors are forced to fix flaws, and then things get better. Unfortunately (or not), we keep inventing new devices/OSs and the cycle has repeated itself again and again."
By contrast, as pointed out by Sullivan, OpAntiSec is a hacker movement that seeks to prove there is no such thing as security by hacking and flaunting data stolen from companies and agencies.
"The idea of OpAntiSec seems to be to be tilting at windmills. OpAntiSec wants to demonstrate that the Emperor has no clothes. OpAntiSec hacks computer security companies and law enforcement to prove that there is no such thing as 'security'."