(Photo: Ramtin Amiri) Protesters wearing a Guy Fawkes mask and maybe a black hat or cape have been a common sight at Occupy protests across the country. On the street, they were just another group of protesters, but on the Internet, the Anonymous hacker movement they represent was seen as a serious security threat during the first few months of Occupy, according to internal Department of Homeland Security (DHS) documents and emails released to Truthout last week.

The Occupy Files reveal that DHS monitored Occupy Wall Street (OWS) and affiliated protests in the fall of 2011, but refrained from wholesale surveillance of the Occupy movement because of civil liberties concerns. The federal agency’s cyber wing did, however, investigate Anonymous, a highly visible faction of the Occupy movement, after several successful hacks made headlines.

When Anonymous first announced its support for the OWS protests forming in September 2011, DHS sent out three memos with intelligence gathered from media reports and web postings on the “partnership” between Anonymous and OWS organizers and warned that “malicious cyber activity” may accompany the peaceful protests. A few months prior, the DHS cyber security communications arm had issued an unclassified bulletin informing law enforcement agencies about how Anonymous operates, what its future targets could be and how to deal with a hacktivist attack.

For federal law enforcement, it’s clear that public protests are much different than online hacktivism – that’s something the First Amendment does not protect. In an internal communication obtained by Truthout, one DHS spokesman drew a line in the sand for activists using social media, writing, “I’m thinking we just make it clear that using social media [to] organize protests is well within constitutional rights; when it becomes our business [is] if social media used to plan cyber attacks.”

Read More: Homeland Security: The Occupy Files

Unlike prolonged public camping and sign holding, hacking is almost always illegal. The DHS has reason to be concerned: Anonymous affiliates and other hacktivists stole 100 million online records in 2011, according to a Verizon report based on investigations conducted by the United States and other governments. Hacktivists were responsible for only 3 percent of reported hacks in 2011, but they took 58 percent of the records that were stolen during the entire year. The report declared 2011 “the year of the hacktivist.”

Included in that long list of stolen records are thousands of names, addresses, personnel information, and other data taken from several law enforcement databases and sites on October 22, 2011. The Boston Patrolmen’s Association, The International Association of Chiefs of Police and local Alabama law enforcement agencies were all targeted in solidarity with the Occupy movement and a national day of protest against police brutality. The hacker group AntiSec, an Anonymous affiliate comprised of experienced hackers, claimed responsibility for defacing the web sites and publicly releasing the stolen information in an online communiqué bearing the rhetoric of serious Occupy class warriors:

We are attacking the police because they are the vicious boot boys of the 1 percent whose role in society is to protect the interests and assets of the rich ruling class. They are not part of the 99 percent – they are working class traitors who are paid to intimidate, harass, and repress political movements that would possibly stand a threat to the power structure of the 1 percent. We have no problem targeting police and releasing their information even if it puts them at risk because we want them to experience just a taste of the brutality and misery they serve us on an everyday basis.

The DHS cyber security division investigated the hacks, according to an internal document obtained by Truthout. The DHS sent out a similar internal communication a week later after Anonymous shut down the Oakland police department’s web site in a revenge attack after the Oakland cops evicted the Occupy camp there. This time, the DHS cyber agents contacted the FBI.

The FBI, not the DHS, has made the majority of high-profile arrests of Anonymous-affiliated hackers, suggesting that federal authorities see hacktivists as politically motivated criminals, not cyber-terrorists. On May 6, the FBI announced the arrests of six high-profile hackers thought to be members of AntiSec and other Anonymous-affiliated groups.

Hector Xavier Monsegur, who was known as “Sabu” online during his days as an Anonymous hacker powerhouse, pled guilty last summer to high-profile hacking conspiracies, including the well-publicized hack that embarrassed the HBGary security firm so much that its CEO resigned. Information handed over by Monsegur helped the FBI track down the other five hacktivists, including Jeremy Hammond, an AntiSec member who is facing a maximum sentence of ten years for stealing account information and more than five million internal emails from Stratfor, a private global intelligence security firm. The emails are thought to be the same currently being published by WikiLeaks in the “Global Intelligence Files.”

2011 was the year of the “hacktivist,” but 2012 could be the year of the crackdown. Federal agencies like DHS seem content in leaving the eviction notice up to local law enforcement when it comes to communal protest campouts, but in the digital world that knows no state lines or border, hacktivists can expect Big Brother to be watching.

Truthout expects to receive more Occupy files from DHS in the coming weeks.