The GCSB website attack can be seen as a statement more than anything else -- the website contains only a few 'about' pages, a small 'newsroom' section containing media releases, and a careers section that contained no open positions at the time of the attack. The website's takedown likely had no impact on the operation of the Bureau besides creating work to counter, then investigate, the attack itself.
Sunday's video claims "This [attack] was downplayed by the media due to more deception from a GCSB employee."
The video does not suggest what sort of action Operation Kiwi Freedom may involve from a technical standpoint, and it does not outline specific targets.
The previous video mentioned the National, ACT and United Future parties, who supported the bill in the 61/59 vote for its adoption. Potential targets include the websites of those parties, their MPs and supporters.
On the same day the second video was posted, the message "You have our full attention and we are watching your every move. #opKiwiFreedom" was sent via @AnonOpsNZ Twitter account to the official Twitter accounts of United Future MP Peter Dunne; National MPs Paula Bennett, Chris Finlayson, Bill English and Prime Minister John Key; and ACT MP John Banks.
Other government websites may be targeted, particularly that of the GCSB, and possibly those of the Security Intelligence Service (SIS), NZ Police and NZ Defence Force, all of which are empowered to draw upon the powers of the GCSB for surveillance of New Zealand citizens under the new legislation. Other supporters of the bill may also be targeted.
The @AnonOpsNZ twitter account has shown support for politicians opposed to the bill, including Green MPs Gareth Hughes and Russel Norman.
Anonymous' most common form of online protest is the DDoS, or distributed denial of service attack, in which attacks by a collection of internet-connected PCs or other devices under the control of an attacker are directed against an internet-facing service, usually a website. In one of its more common forms, this may simply mean saturating a web server with sustained requests, such that legitimate users cannot access the service or their access is limited to some degree.
Sign up for CIO Asia eNewsletters.