Abstract—Little attention has been paid to non-state actors conducting cyberwars against each other and the disruptive effects these wars can have on nation-states. This article explores the online clash between the hacker group, Anonymous, and the Mexican drug cartel, Los Zetas. This type of cyberwar was unique: it was an incident where two clandestine non-state groups used the digital domain to attack each other and it was largely a private affair. Yet the incident had public consequences that left the Mexican government as a bystander. Such criminal activity beyond the reach of government intervention blurs the line between public safety and national security.
In the fall of 2011, two clandestine non-state groups—a hacktivist collective and a Mexican drug cartel—stared each other down in the digital domain, with potentially fatal real world consequences for both sides. Los Zetas, a Mexican drug trafficking organization composed of former members of Mexico’s Special Forces, kidnapped a member of Anonymous, the global hacking group, in Veracruz on October 6th. In retaliation, Anonymous threatened to publicize online the personal information of Los Zetas and their associates, from taxi drivers to high-ranking politicians, unless Los Zetas freed their abductee by November 5th. The release of this information on the Internet would have exposed members of Los Zetas to not only possible arrest by Mexican authorities, but also to assassination by rival cartels. Unconfirmed reports suggest that Los Zetas then attempted to “reverse hack” Anonymous to uncover some of its members and to threaten them with death. As a consequence, a few members of Anonymous sought to call off the operation and disavowed those members who wanted to go forward. With time running out and locked in a stalemate, Los Zetas released their kidnap victim on November 4th with an online warning that they would kill ten innocent people for each name that Anonymous might subsequently publicize. Anonymous called off its operation; each side appeared to step back from the brink.
This was a cyberwar of a different kind. Most of the theorizing about cyberwar has centered on cyber attacks that cripple the digital systems critical for military, political, social, and economic operations of nation-states or the use of cyberspace to attack the infrastructure of modern society like power grids, financial systems, and emergency services. However, according to James Bosworth, an expert on organized crime and cybercrime, neither Anonymous nor Los Zetas:
“. . . control big servers containing significant data that can be hacked. They don’t have critical infrastructure such as electrical grids or heavy machinery that could be vulnerable in a cyber attack . . .. While there are certainly targets (emails, police records, financial data, propaganda), it’s not the same as attacking a government or a corporation.” 1
Another portion of cyberwar theory discusses the conduct of virtual operations “to promote dissident or opposition movements across computer networks.” 2 Within this portion of the theory, labeled “social netwar,” political and social activism is enhanced by cyber-enabled social networking tools and sites.3 Here, the various dissident movements in some countries, such as those of the Arab Spring, are better able to link with each other via social media like Twitter and Facebook for greater effect. Once again, social netwar does not capture the dimensions of what occurred between Anonymous and Los Zetas because neither was a national dissident movement that sought to change the composition or structure of a particular government through the use of the digital domain. Not only did the cyberwar between Anonymous and Los Zetas expose gaps in cyberwar theory, but it also demonstrated how substantively unique this type of cyber war was. First, it was an incident where two clandestine non-state groups used the digital domain to attack each other. Clandestine non-state groups and individuals have attacked governments, private businesses, and individuals using cyberspace for a variety of political and non-political reasons. Activist groups and organized criminal groups have not, however, attacked each other through cyberspace in the way that unfolded in Mexico. Second, this incident occurred without the involvement or intervention of any government. In fact, even though each side was clearly engaged in illegal behavior—kidnapping, extortion, hacking—no government was able to intervene to end the standoff, leaving the parties involved to settle the dispute themselves. It was almost entirely a private affair, but with public consequences that left the Mexican government as a bystander caught in the crossfire. Mexican institutions, like the police and the military, could neither stop Los Zetas from acting to track down members of Anonymous nor prevent Anonymous from releasing the names of Los Zetas and their accomplices. In addition, the Mexican government would be responsible for dealing with the subsequent violence. Third, such criminal activity beyond the reach of law enforcement and government intervention blurs the line between public safety and national security. Indeed, this cyberwar could have had catastrophic consequences in Mexico and the United States. Had Anonymous released information on Los Zetas, parts of Mexico would have devolved into more lawlessness as cartel violence would escalate and as Los Zetas sought to exact revenge on members of Anonymous. With Anonymous and Los Zetas (and other Mexican cartels) both active in the United States, an escalation in violence may have spilled over the border, especially if Los Zetas carried through on their threat to kill ten people for each released name.
Taken together, the unique features of this confrontation reveal the contours of an overlooked aspect of cyberwar, namely a conflict between two shadowy, non-state groups with differing motives and agendas that have the capacity to go online and create significant instability and disorder in the society of a nation. This episode demonstrates the limits of government in not just “securing cyberspace,” but also in securing citizens from effects of conflicts that spill out from cyberspace. Although there were unique features to this confrontation, had each side not relented, the cost to Mexico in terms of lives lost would likely have been high, while the potential cascading effects on civil society would have been significant and damaging. The episode was brief, but exploring the composition and motivation of Anonymous and Los Zetas and how they came to clash with each other provides invaluable lessons for developing a richer understanding of the concept of cyberwar.
Understanding the Belligerents
Both Anonymous and Los Zetas prefer to operate with a high degree of anonymity and autonomy making cyberspace a useful domain for the continued success of each group. Cyberspace offers both groups the abil- ity to conduct their operations with little detection of their members and with little outside interference by governments or any other outside group. In addition, both use cyberspace to communicate with their respec- tive members and constituents and to coerce people and institutions to do their will.
The confrontation between Anonymous and Los Zetas was largely the product of the different lenses of organizational logic through which each group views cyberspace. Although the two groups use cyberspace for similar purposes, their respective understanding and value of this domain stand in opposition to one another. The members of Anonymous see cyberspace as a type of commons that should be accessible to all. The freedom of the digital domain is thus central to the ethos of the collective. Los Zetas, on the other hand, do not view cyberspace through an ideological lens but through an operational lens. As a drug trafficking organization, Los Zetas sees cyberspace as a tool to further their core profit-making criminal activities and as a means to shield its membership and its operations from detection, interdiction, and elimination. They also view it as a way to expand their criminal schemes by using cyberspace to launder money, commit identity fraud, and engage in extortion and blackmail. Thus, it is the information in cyberspace and the access it provides for their operations, rather than cyberspace itself, that is most relevant to Los Zetas. The cartel’s desire to suppress and control this information clashes directly with the cyber-culture ethos of Anonymous that seeks to push organizations toward full online transparency.4 With both groups having an active presence in cyberspace, but given their different and competing visions of access and use of the cyber domain, Anonymous and Los Zetas were bound to clash.
Anonymous is believed to have originated in 2003; its group cohesion is largely based on the hacktivist creed that the internet should be accessible to all, without external control by governments or businesses, and that the concentration of information in the hands of a few is dangerous and contrary to the nature of the internet. Anonymous generally adheres to the “hacker ethos” that 1) all information should be free; 2) people should distrust the centralization of information; 3) and therefore people should promote its decentralization.5 Rather than selecting their actions along a political spectrum of left versus right, Anonymous adheres to the hacktivist tradition of viewing disputes as being “individual versus institution.” 6 The members of the collective see Anonymous as a type of immune system for the Internet, striking enemies of online freedom.7
Anonymous’ operations reflect its ethos. Although there were smaller operations near the year of the group’s creation, Anonymous gained notoriety for its 2008 operations against the Church of Scientology. In that year, the Church pressured YouTube to remove a leaked video of church member and actor Tom Cruise. Such pressure exerted by the Church of Scientology ran counter to the Anonymous ethos of transparency. In response, Anonymous launched an operation that combined distributed denial of service (DDOS), attacks to bring down the Church’s website with pranks such as phone calls with repetitive music, constant faxing of black paper to drain printer cartridges and ordering unwanted pizza deliveries and taxi service.8 Operations against other targets have included the release of personal and financial information of individuals associated with financial institutions as well as governments, political movements, and corporations that are engaged in activities and practices that Anonymous deems as antithetical to its mission. The group has found common cause with WikiLeaks founder Julian Assange, the Occupy movements, and accused leaker Bradley Manning; several of Anonymous’ operations have been aimed at agencies and institutions such as PayPal, Mastercard, and Visa, which refused to process payments for websites that were raising funds for the legal defense of Assange, Manning, and those associated with Occupy Movements.
Recently, some members have sought to reorient the group’s ethos toward “morals- motivated” attacks against groups, organizations, and institutions that not only suppress freedom online, but that also suppress freedom offline by abusing individual liberties and committing crimes. This became apparent with Operation Tunisia when members of Anonymous attacked the government of Tunisia’s websites and aided Tunisian hackers during the government’s crackdown against the popular uprisings of the 2011 Arab Spring.
These morals-motivated attacks, or “cyber-vigilantism,” were an essential part of the group’s efforts in Mexico. In August 2011, Anonymous launched Operation Paperstorm in the Mexican state of Veracruz where portions of the collective felt that local government authorities were actively cooperating and shielding Los Zetas while prosecuting those who posted kidnapping reports on Twitter. Initially, the operation began as a leaflet campaign, denouncing the state government for its collusion with Los Zetas while the state of Veracruz proceeded to prosecute those who were freely sharing information online about the cartel’s crimes. Following Los Zetas’ murder of an Internet blogger in another Mexican state, Anonymous launched a DDOS attack against the websites of the state government of Veracruz as a form of protest. In choosing to go after Los Zetas, an informal spokesperson for Anonymous, Barrett Brown, provided an interview that not only summed up the group’s reasons but also provided a glimpse into its ethos:
“The idea that one should not even criticize or bring attention to oneself in the face of some organization is poison to me; I don’t think it’s the right kind of thinking in general. [People] should give some thought to whether or not what we are doing is more or less responsible, more or less necessary than those things done by any number of governments, any number of private groups around the world every day.” 9
The structure of the collective is also a reflection of its ethos. As a loosely affiliated group of online social activ- ists, Anonymous takes pride in being unstructured with- out a hierarchy or central authority. A former member described how it was organized: “Anonymous is a group, in the sense that a flock of birds is a group. How do you know they’re a group? Because they’re traveling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely.” 10 Thus, one member or a small group of members can decide to engage in an online action that is derived from the Anony- mous ethos; others in the collective are then free to join the action or not.
The group’s loose structure complicates many of its opera- tions, as was evident during its attack on Los Zetas. The collective is susceptible to being hijacked by anyone who has a particular grievance against another group. There are “wannabes” and copycats who seek to build their reputation, credibility, and legitimacy by adopting the name of Anonymous for their actions. Indeed, a substantial portion of the group has disavowed some operations that have been claimed by Anonymous. As a collective, Anonymous is also vulnerable to internal splits and schisms that can break out into the public and hamper the collective’s goals. Such division within the ranks of the collective mired the proposed action against Los Zetas, with many members arguing that it was far too dangerous and not worth the potential cost in lives. Others became more determined and adamant that the campaign must continue in spite of Los Zetas threats.11 This loose structure with an ethos that included the free flow of digital information and imbued with a desire to stop abuses of human rights led Anonymous to target Los Zetas. However, this same structure was rife with schisms and competing interests, leaving Anonymous vulnerable to Los Zetas’ ethos and its form of cyber counter-attack.
Los Zetas were originally recruited by the Gulf cartel in 1999 from the Grupo Aeromovil de Fuerzas Especiales (GAFE) of the elite Mexican counterinsurgency forces. Los Zetas were used by the Gulf cartel to “collect debts, secure new drug trafficking routes at the expense of other cartels, discourage defections from other parts of the cartel organization, and track down particularly ‘worrisome’ rival cartel and gang leaders across Mexico and Central America.”12 They very rapidly became one of the “most technologically advanced, sophisticated, and violent of the paramilitary enforcement groups.” 13 After their split from the Gulf cartel in 2010, Los Zetas continued to structure themselves like a military force, by dividing themselves into operational divisions in a number of Mexican states, cities, and towns. It was the Veracruz operational division that kidnapped a member of Anonymous, sparking the cyberwar.
Los Zetas combine their military prowess with operations aimed at the government and society, making them unlike other cartels. With their Special Forces background, they have a reflexive need to control information about themselves and their criminal activities. For the group, operating clandestinely is in its organizational DNA. This need to operate covertly, combined with the cartel’s special operations background, has meant that it is particularly skilled at using information warfare; the result has been attacks against the media to reduce the coverage of the group to prevent a public outcry against many of its violent attacks.14
Controlling information allows the group to act more freely and with more impunity. In 2011, leading up to their clash with Anonymous, Los Zetas had expanded their war against information about them to include social media. Before the kidnapping of the Anonymous member in Veracruz, Los Zetas killed several online bloggers who reported on their acts. In Nuevo Laredo, a man who helped moderate a website that posted news of shootouts and other cartel activities was murdered and left mutilated at an intersection. A message was left on his corpse saying, “this happened to me for not understanding that I shouldn’t report on the social networks.” 15 A female blogger known as Laredo Girl was decapitated in late September of 2011, and the brutalized bodies of a man and woman were hung from an overpass earlier that month with a sign saying they had been killed for their online activity.
Los Zetas were able to track down these activists because, during this same period, they were working to increase their proficiency in using the cyber domain. Los Zetas and other Mexican trafficking groups have routinely kidnapped computer engineers and university students in the information technology sector to diversify their criminal activities to include cybercrime, like identity theft and document forgery.16 In time, these professionals and students, aided by access to sophisticated tracking technology used by the Mexican government, military, and law enforcement, allowed Los Zetas to track down the Internet users who they subsequently killed. These techniques also played a crucial role in the cyberwar against Anonymous.
Due to their professional military expertise, Los Zetas maintain an ethos that takes slights against their honor very seriously. They have a “criminal brand” that is used as a way “to exert control over their opponents by sparking fear in them.” 17 Their acts are designed to convince people in an area that local politicians, local police, federal authorities, and other cartels are weak and that the real power lies in the hands of Los Zetas.18 The threat by Anonymous to release the names of Los Zetas members was an affront to the group that exposed their inability to control all information about them and, in their eyes, weakened their criminal brand. Los Zetas’ attempts to reverse hack Anonymous and their threat to kill ten people for each name released by the collective were designed to counter these affronts.
Moreover, Los Zetas’ need for secrecy and their fear of exposure represented a key vulnerability for the cartel. Like other organized crime groups, Los Zetas relies on a network of corruption to circumvent the state. Police officers, soldiers, judges, and politicians have been bribed and coerced to act on behalf of the interests of Los Zetas. This collusion exposed Los Zetas to a hacking group like Anonymous. One member of Anonymous claimed that the group had garnered their information on Los Zetas by hacking nearly 200,000 emails from Mexican police agencies and analyzing their contents over a six-month period prior to the group’s run-in with the cartel.19
The Revelations and Mysteries in the Aftermath
This clash reveals that non-state groups have vulnerabilities that can be exploited via cyberspace and that a conflict in this domain has unique aspects that have been overlooked in the ongoing debate over cyberwar. Organized criminal groups, like Los Zetas, have a critical infrastructure that is susceptible to a form of cyber attack. Unlike the servers, equipment, and machinery of a government or private company, the critical infrastructure of a drug trafficking organization consists of a network of smugglers, enforcers, messengers, look-outs, and corrupt officials; their anonymity is essential to the group’s survival. Anonymous placed this network in jeopardy by threatening to publicly release information and expose those individuals who form this critical infrastructure. The gravity of the threat ensured that Los Zetas could not merely ignore Anonymous. With the ultimate release of the Anonymous hostage, it also demonstrates that this form of coercion can be successful.
Anonymous also has its share of weaknesses that Los Zetas were able to exploit in a limited degree. It has been assumed that Anonymous’ geographically dispersed mem- bership and nebulous structure have been strategic advantages for the collective. But operationally, these characteristics have proven to be troublesome. Due to Anonymous’ loose structure, any operation can move forward or be cancelled in a capricious man- ner. Furthermore, as a collective, members can do more than just dissent against a planned operation and opt out; they can actively work against the operation by launch- ing counterattacks against factions with whom they disagree. They can also prevent members from accessing online fora, where many members find each other. Internal schisms and “civil wars” have occurred among Anonymous members who wanted to undertake operations in accordance with the hacker ethos, others who wanted to take on morals-motivated attacks, and yet others who were purely interested in hacking for “spite and fun.” 20 By attempting to reverse hack Anonymous and by threatening to kill ten innocent people in the event of any subsequent release of information about the cartel, Los Zetas took advantage of these divisions by significantly raising the stakes. It quickly became the first Anonymous operation where there was the potential for significant loss of life. As previously discussed, several Anonymous members had seri- ous misgivings about moving forward with the threat against Los Zetas because of the danger while others wanted to move forward.
Because of Anonymous’ collective structure, much of its decision-making and control of information is murky and contradictory. The reasons it did not renege on its agreement are subject to speculation. After all, the collective was not bound by any agreement to retreat from its threat and the killings of random people at the hands of Los Zetas would not have affected the collective in a meaningful manner. Perhaps only a small cadre of Anonymous members had access to the information on Los Zetas which was not available to the rest of the collective and to which the rest of the collective was, ironically, denied access. Therefore, in fact, rather than in spirit, Anonymous does have a type of hierarchy when it comes to the possession of critical information and to making decisions about how to use it. Perhaps it was this cadre within Anonymous that felt threatened by Los Zetas attempts to reverse hack them, find them, and exact revenge or whose consciences would have been deeply affected by the deaths of innocent people had the collective put Los Zetas to the test.
This leads to a number of unanswered questions that need further exploration in order to understand the full dimensions of this sort of cyberwar. For example, is there a type of mutually assured destruction (MAD) in cyberspace for these groups? An escalation beyond threats may have led to significant harm to each group, which each side was not willing to accept. If there is a notion of MAD for these groups, is each side now deterred from attacking each other in the future? The nature of the collective means that a small group within Anonymous or an offshoot or a collection of “wannabes” can decide to begin another operation against Los Zetas, or any criminal group, without direction or permission. On the other hand, Los Zetas is increasing its proficiency in using cyberspace and may be able to uncover the identities of Anonymous members and others who decide to target them through the cyber domain in the future. Finally, it is not clear that any government can prevent, intervene, or respond in another similar clash. At best, the state may be able to find the perpetrators and arrest them before an escalation in a cyberwar. But a government’s attempt to track anonymous online users takes time, as do efforts to locate and detain them; any cyberwar among these groups may already escalate in the interim. The cyberwar between Anonymous and Los Zetas shows that there are a number of unconventional and multifaceted ways that non-state groups can use the digital domain to engage in conflict. Rather than using cyberspace to destroy, Anonymous and Los Zetas used it to coerce one another by threatening to damage the underlying anonymity that the Internet provides to each group. As Los Zetas and Anonymous indicate, cyberwar among non-state groups has the potential to rapidly cross the line, leading to more internal violence and greater erosion of the state’s authority and legitimacy.
The clash between Anonymous and Los Zetas demonstrates that cyberspace is the ultimate ungoverned territory. Government jurisdictions are weak while criminal groups have near free reign when it comes to the use and abuse of the online world. In countries like Mexico with its weak institutions, sophisticated organized criminal groups, and high levels of internal violence, the line between public safety and national security is already a fine one.
To combat these threats, more attention should be devoted to analyzing how these groups may evolve in their understanding of the coercive use of cyberspace to further their interests. For example, such groups may move to coerce individual members of the state like decision makers, politicians, military members, and law enforcement personnel by threatening to “dox” them by releasing their personal information online or electronically drain their financial holdings. This sort of “Wikiwar” of intimidation, in certain situations, could significantly impair a government’s capability to act.
Additionally, Anonymous’ operation against Los Zetas also shows the potential for the “crowd-sourcing of conflict” in the digital domain. The next outbreak of a cyberwar may begin with an online announcement of the targeting of another non-state group, the reasons it should be attacked, and a call for anyone to feed information about the group’s membership and activities to the collective. Anonymous may then choose to use the information in a coercive manner that is consistent with its ethos. Or, it may merely organize an online poll so that individuals can vote for who should be targeted by the group. This is a unique feature of Anonymous as a non-state group. “Anonymous is a classic ‘do-ocracy’ . . .. As the term implies, that means rule by sheer doing: Individuals propose actions, others join in (or not), and the Anonymous flag is flown over the result. There’s no one to grant permission, no promise of praise or credit, so every action must be its own reward.” 21
Intervention, Engagement and Response
An important first step in developing successful policies and strategies to counter new outbreaks of cyberwar in the underworld is for national decision makers to recognize that current conceptions of cyber security are incomplete. Building better firewalls, increasing resiliency, and maintaining redundancy of systems in the cyber domain have little application to illegal non-state groups who are more than agile in their capacity to circumvent such efforts and to gain information from a number of different sources. Additionally, there is little that can prevent the posting of personal information on the web to coerce another party; groups like Anonymous and Los Zetas do not have to abide by existing criminal laws or conventions. Therefore, policies aimed at suppression or prevention of the actions by these groups will be of limited utility. Nonetheless, the best tools for policy makers to tackle cyber- warfare in the underworld lie in the realm of law enforcement supported by robust intelligence capabilities. Policy makers should focus on approaches that stress intervention, engagement, and response. Rather than being sidelined by an outbreak of cyberwar in the underworld, governments should design structures that can more actively intervene and engage in the cyber domain to follow activities that might lead to its outbreak. Beyond merely having law enforcement agencies keeping up-to-date on the latest cyber-vigilante threats or acts as they pop-up on the web, special divisions and task forces should be created within government agencies. These entities should monitor and track cyber-vigilantism and morals-motivated operations, which could lead to widespread violence and disorder (much like those that follow terrorist groups’ and organized crime’s activities on the web). Task forces that are dedicated solely to investigating hacking must expand their scope to incorporate analysis units to assess how hacking activities may lead to operations with the potential to create significant social disorder.
Intelligence agencies have a role to play in intervention. They can work to infiltrate groups like Anonymous to gain insight into potential cyber coercion and to counter such operations. Covert cyber actions, operating within the parameters of the law, may be also viable in forestalling or misdirecting potential attacks. This was done previously in the case of the early founders of Anonymous. The FBI was able to track down, arrest, and turn one member of the group into an informant who worked with agents to thwart other operations. Such strategies can be used more extensively by a variety of government agencies, from federal to state to local.
A corollary to a policy of intervention besides covert intelligence operations is to find ways for law enforcement and intelligent agencies to engage those portions of clandestine cyber groups who are involved in morals-motivated and cyber-vigilante operations that dovetail with national policy. For example, Los Zetas is a known violent drug trafficking organization with a members that are wanted by U.S. and Mexican authorities; the DEA, FBI, and Mexican Federal Police should have sought avenues to reach out and work with Anonymous to gain the release of their captive member and to receive information on the cartel’s membership. Given the hacktivist collective’s misgivings about government power, this may appear far-fetched. However, the fragmented nature of the collective may enable law enforcement and intelligence to find inroads with some individual members who want to resolve a particular dispute without violence. In the future, with promises not to track down or reveal the identities of the members of the collective who are cooperating, law enforcement can cut deals to solve the dispute before it escalates. Essentially, such efforts mimic law enforcement efforts to persuade real world vigilantes to “let the police handle it.”
The United States and Mexico should also work to foster international multilateral cooperation to respond to future outbreaks of cyberwar from illegal non-state groups. There is already a degree of international cooperation in the area of combating cybercrime and many joint efforts in the realm of counternarcotics and counterterrorism. These multilateral relationships should be expanded and strengthened to include responding to cyberwarfare in the underworld. Policy makers should begin to craft cross-national agreements that include options to respond to cyber threats, particularly in the event that a cyberwar in the underworld begins to escalate. A fundamental aspect of this effort should be the development of a series of early warning signals—such as chat room conversations that discuss doing more than DDOS and defacement attacks—that task forces in various countries could use to recognize escalatory actions. Designing a type of cyber rapid response team nested within these task forces would be beneficial. Such a team would be composed of members who continue to track and monitor the cyber activities of belligerent groups, try to intervene in the cyber domain, act in the real world to mitigate outbreaks of violence, and keep decision makers up-to-date with the unfolding events related to escalation.
These policy approaches are by no means exhaustive, but they represent a limited template to begin the discussion of designing appropriate government policies to deal with an overlooked aspect of cyberwar. As seen in the case of Anonymous versus Los Zetas, the use of the digital domain by non-state groups for unanticipated forms of cyberwar is only limited by the human imagination. The next outbreak of cyberwar in the underworld may create significant disorder and instability, meaning that national security professionals must be equally creative in determining policies and strategies that can lessen these risks.
*Paul Rexton Kan is an Associate Professor of National Security Studies and the Henry L. Stimson Chair of Military Studies at the U.S. Army War College. He is the author of Drugs and Contemporary Warfare and the recent book, Cartels at War: Mexico’s Drug-Fueled Violence and the Challenge to US National Security.
– Judith Heistein Sabba served as Lead Editor for this article.