Page 1 of 4 123 ... LastLast
Results 1 to 20 of 66

Thread: Anonymous attacks (Catch All)

  1. #1
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default Scientology versus Anonymous

    Percolating to the surface is what may be the first inter-faith online insurgency. Spurred by a rather perfunctory take down notice of a video the Scientology religion has been hammered by an online group called Anonymous. Attacks against servers, a fairly complex information/propaganda campaign, and use of para-legal (copyright, freedom of speech, parody, etc.) are being used.

    I have no dog in the hunt of the validity of Scientology but this may be a good case study for scholars of small wars to learn the effectiveness and issues of stateless entity warfare and the resultant issues for society. Following on the heels of the Estonian conflict which was originally blamed on Russia and turned out to be a highly effective band of college students, and with a similar feeling, this conflict is a religion versus a non-state actor. The group "Anonymous" has in an interesting turn attacked all of the elements of information security (confidentiality, integrity, availability, authentication, and non-repudiation) paradigm very rapidly.

    The group Anonymous is posting "secret" materials, changing data in the Scientology systems, disrupting the operations of the Scientologists with distributed denial of service attacks, that would suggest information warfare in the other realms too. As scholars of small wars, with interests in insurgency, and with an understanding that this same attack vector may occur against as a highly coordinated attack against a state (e.g. Estonia) we should pay attention to this evolving form of attack and consider the ramifications for future conflicts.

    LINK
    Last edited by selil; 01-26-2008 at 02:16 AM.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  2. #2
    Council Member bismark17's Avatar
    Join Date
    Mar 2006
    Location
    Seattle, Wa
    Posts
    206

    Default re

    That is interesting. Thanks for posting that! It appears that this battle has gone from frivilious lawsuits to more "active" campaigning. I am surprised that there hasn't been more of this type of activity from the ELF or ALF movements. They have the technological sophistication to be more active in the digital realm but as of yet haven't employed it.

    The black hats that are doing the work must be good because I would assume that the Scientology sites would have decent security due to the type of people they recruit and their own self awareness that they are a target.

  3. #3
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    I was pretty amazed at how effective the"Anon's" are and at how much corporate America is supporting the Scientology side up to and including removing material under TOS violations that obviously weren't. I'm further amazed at how utterly ineffective the scientologist group is being.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  4. #4
    Council Member Ken White's Avatar
    Join Date
    May 2007
    Location
    Florida
    Posts
    8,060

    Default Is the corporate world's response really surprising?

    Seems to me like they'd react on the "I don't want this to happen to me" rationale.

    Sort of my (distant, very distant) cousin against my enemy...

    And would not the guvmint weigh in -- on the same basis?

    No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.

  5. #5
    Council Member bismark17's Avatar
    Join Date
    Mar 2006
    Location
    Seattle, Wa
    Posts
    206

    Default

    They are very well known to use civil lawsuits to fight their points of view and will leave it at that. It just reminds me of the mid 90s when the web was just starting out and all of the nonsense that was generated in that realm.

  6. #6
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    Quote Originally Posted by Ken White View Post
    Seems to me like they'd react on the "I don't want this to happen to me" rationale.

    Sort of my (distant, very distant) cousin against my enemy...

    And would not the guvmint weigh in -- on the same basis?

    No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.
    The government rarely weighs in on cyber conflict until somebody can be proved to be breaking the law.

    As to the information technology aspect consider this.

    Information technology is the life blood of a military unit. You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.

    Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.

    Now consider the old school methods of a spy entering your command tent silent enough to be not detected and capable enough to succeed. The chances are fairly slim right? When the computer becomes the mechanism the chances explode in probability. The attack succeeds and the damage occurs.

    These are the kind of attacks that the Scientology group is being challenged with. There innermost secrets are exposed, the command structure is being exposed, the logistics of the group is open to consideration. Some would say that is just fine the Sceintologists should be more transparent. Regardless no organization can function if trust is violated externally or internally. If this was the Catholic church and records of confessional conversations were being exposed the damage would be catastrophic.

    The attacks are highly coordinated and have appeared to be effective. It is an interesting case study to watch as it unfolds.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  7. #7
    Council Member Ken White's Avatar
    Join Date
    May 2007
    Location
    Florida
    Posts
    8,060

    Default Thanks, however, I fully understand all that

    and understood it when I asked my questions. Which were:

    Why is the corporate response a surprise to you (due to those very factors you cite in your tutorial)? It would seem to me the corporate sector wants to deter such actions lest they be aimed at them?

    Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense...

  8. #8
    Council Member
    Join Date
    Jul 2007
    Posts
    204

    Default Not in this area...

    Originally posted by Ken White:
    Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense
    The Fed's seem to have been taking the position all along that the wronged party has to be able to show direct damages. And practically, there's a whole lot of reasons to take that approach.

    First off, there's a lot ("considerably more than a lot", actually) of attempting "invasive digital information gathering" that goes on (all the time) in the business world. I have first hand knowledge on this one, and have reported the different attempted exploits to the FBI in extreme detail. The attempted exploits were all unsuccessful, but it was a real eye-opener going through the process of trying to deal with law enforcement (both federal and state) to get this crap to cease and desist.

    Practically, the feds just really, really don't want to get in the middle of this food fight. It is messy, time consuming, and difficult to explain (agents are much more likely to understand than the AUSA's, and the Judges, well that's another story). It's a tough sell as a case. They run from these types of cases.

    Also, don't underestimate all the spinoff effects of the DMCA and copyright/digital piracy cases. It's one of those areas where the congresscritters keep pushing it (in exchange for campaign contributions from industry), but since DOJ gets to play the role of the "heavy" & toss single moms/college kids into the justice system for stealing music (true or not, that's how it's put out there), they look forward to prosecuting those cases like going out & catching some incurable disease. And that ends up applying to just about anything in the digital law enforcement area which isn't a slam-dunk case.

    IMO, can't blame the Feds for trying to duck a no-win scenario.

    Now, personally, I can't see any way that the two sides (Scientology Group and the US Government; DOJ) could every find any common ground to the level necessary to take on these type of cyber attacks. Got to be some elements of trust, and there's just nothing there to even start with.

  9. #9
    Council Member bismark17's Avatar
    Join Date
    Mar 2006
    Location
    Seattle, Wa
    Posts
    206

    Default re:

    This conflict made NPR tonight. Their take was that this opposition group is a general entity opposed to any internet censorship and the only reason they got involved was due to that video being removed due to the Church's asking. That video that the opposition produced appears to be a little more personal than that.

  10. #10
    Council Member
    Join Date
    Nov 2007
    Location
    Boston, MA
    Posts
    310

    Default

    Quote Originally Posted by selil View Post
    Information technology is the life blood of a military unit.
    It most certainly is, but as I understand it TCP/IP isn't, and for all the hype that surrounds these cyberattacks it's often easy to underestimate the defensive value of long lead times in fulfillment, the human eye for detail and the power of the telephone. DDoS is an occasional fact of life for anyone spinning vital operations on TCP/IP networks; sure, script kiddies can do damage but that's what they pay the white hats the big bucks to deal with.

    You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.
    Compartmentalization in both the private and public sectors should mitigate much of the damage, and to my knowledge divvying up secret data and processes across a number of machines in various security realms has already reduced the risk of compromise to an acceptable degree. At least there's no report of any game changing hacking that's brought down a private company or annihilated a government office's ability to do work.

    Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.
    Fulfillment is already pretty inefficient, and most logistics operations I've seen in the private sector expect non-trivial screw ups anywhere along the delivery chain. Also, this is only a concern if you're sole means of communicating and verifying requests and responses are via TCP/IP. The game immediately changes once you add in an office manager or supply officer with a phone, a Rolodex, and a gruff, go-get-it demeanor.

    Beware the l33t speaking anarchist, but don't be too fearful of him. He doesn't have the money, wherewithal or talent to pull off something immediately and intensely damaging (like knocking a communications satellite out of orbit or jamming multiple square klicks). For the most part, he's got some skill with PHP and VB and an account at various cracker sites and IRC channels where he can run through a HOWTO detailing the best way to recruit friends and spread malware. He might even know how to wardrive and take advantage of folks still using weak WEP. He can even do thousands of dollars of damage or compromise critical secrets. But he can't force you to react in narrowly predictable ways, and more importantly he can't disguise the fact your system's been penetrated for very long.
    PH Cannady
    Correlate Systems

  11. #11
    Council Member
    Join Date
    Nov 2007
    Location
    Boston, MA
    Posts
    310

    Default

    One other thing. I don't see exactly how Anonymous leaking Scientology documents they skim off CoS's servers is going to achieve much of anything. If CoS is so inclined, they can always disavow any leaked material that's damaging. It's not as if Anonymous has a trust mechanism in place to prove that what they've got is in fact genuine Scientology material.
    PH Cannady
    Correlate Systems

  12. #12
    Council Member SteveMetz's Avatar
    Join Date
    Jan 2007
    Location
    Carlisle, PA
    Posts
    1,488

    Default

    Quote Originally Posted by selil View Post
    Following on the heels of the Estonian conflict which was originally blamed on Russia and turned out to be a highly effective band of college students
    Do you have a citation on that? My Eurasia guy is still writing about it as if it was an act of the Russian government.

  13. #13
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    Here is one of the stories they say he was an ethnic Russian. http://news.yahoo.com/s/afp/20080123...s_080123193328

    It says in the article he is a student but not where. Reading the article it looks like he isn't a Russian not Estonian. I made the leap that he was from the ethnic reference. I'm thinking though that when this is exposed it's college students using Kremlin computers as horse power much like we've seen in the past.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  14. #14
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,093

    Default The Assange Cyber War?

    The collective Anonymous, an informal but notorious group of hackers and activists, also declared war on Sunday against enemies of Mr. Assange, calling on supporters to attack sites companies that do not support WikiLeaks and to spread the leaked material online.

    *

    The Internet group Anonymous, which in the past has taken on targets as diverse as the Church of Scientology and Iran, disseminated a seven-point manifesto via Twitter and other social networking sites pledging to “kick back for Julian.”

    Gregg Housh, a prominent member of the group, said by telephone from Boston that an orchestrated effort was under way to attack companies that have refused to support WikiLeaks and to post multiple copies of the leaked material.

    The Anonymous manifesto singled out PayPal, which cut off ties with WikiLeaks for “a violation” of its policy on promoting illegal activities, a company statement said.

    “The reason is amazingly simple,” Mr. Housh said of the campaign. “We all believe that information should be free, and the Internet should be free.”

    By late Sunday, there were at least 208 WikiLeaks mirror sites up and running.

    “Cut us down,” said a message on the WikiLeaks Twitter feed on Sunday, “and the stronger we become.”
    From
    http://www.nytimes.com/2010/12/06/wo..._r=1&src=twrhp

    Google term : Cyber Militia

    And yet the Church of Scientology and Iran don't seem to be any worse for wear these days.
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  15. #15
    Council Member
    Join Date
    Aug 2010
    Posts
    98

    Default

    Quote Originally Posted by AdamG View Post
    From
    http://www.nytimes.com/2010/12/06/wo..._r=1&src=twrhp

    Google term : Cyber Militia

    And yet the Church of Scientology and Iran don't seem to be any worse for wear these days.
    It does cost the companies money for bandwidth. In fact one of the issues that Wikileaks has had is paying it's bills. Apparently to ISP's getting paid is more important than national security. Any site hosting the material doesn't have much legal claim if it's attacked either to say the least, so they are more of an uncomfortable client than one like the RIAA, who has to pay for a lot of countermeasures.

    Speaking of which, these files all enjoy copyright outside the USA, and inside the USA they're classified. The NATO documents I thought were supposed to be classified in NATO participating countries, but apparently those markings are meaningless. In any event it shouldn't matter who the complaining party is in a copyright case that much. If it works for stolen tracks of Metallica one would think a law could work on stolen classified documents.

  16. #16
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,093

    Default

    It'd be a good thesis for someone, comparing historical militia effectiveness against 21st Century cyber militias ("Can unaffiliated cyber militias stay focused long enough to be effective? Will government-sponsored cyberwar be Anonymous' Long Island 1776?")

    At least Assange learned from Dr. Strangelove, and publicized his Doomsday Device.

    Julian Assange, the WikiLeaks founder, has circulated across the internet an encrypted “poison pill” cache of uncensored documents suspected to include files on BP and Guantanamo Bay.
    Read more: http://www.foxnews.com/world/2010/12...#ixzz17LVRZx53
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  17. #17
    Council Member
    Join Date
    Aug 2010
    Posts
    98

    Default

    Quote Originally Posted by AdamG View Post
    It'd be a good thesis for someone, comparing historical militia effectiveness against 21st Century cyber militias ("Can unaffiliated cyber militias stay focused long enough to be effective? Will government-sponsored cyberwar be Anonymous' Long Island 1776?")

    At least Assange learned from Dr. Strangelove, and publicized his Doomsday Device.


    Read more: http://www.foxnews.com/world/2010/12...#ixzz17LVRZx53
    And yet they can't claim to be willing to release anything if they're otherwise legally choked off. I don't put it past them to start amending their desires to include jets to undisclosed locations & suitcases full of money, but other than not exposing the names it's their plan to dump all the documents they have.

    The problem I see with the insurance file is a simple one. Who gains the most from those names? The US & NATO military missions suffer, presumably along with a pile of Afghans, Pakistanis & Iraqi citizens, not to mention anyone diplomatically connected with the US who have thus far evaded angry identification. The people who gain from their release are literally the enemies of the free world. So I am more concerned about some hostile actor targeting Wikileaks participants for assassinations that Mr. Assange seems hell bent on blaming the USA for no matter what.

  18. #18
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,093

    Default

    Posted at 8:31 AM ET, 12/ 8/2010
    4chan knocks MasterCard offline for WikiLeaks cutoff
    By Rob Pegoraro

    I hope you weren't planning on looking for a new credit card or finding an ATM at MasterCard's site this morning. The credit-card firm's Web presence has been largely unreachable for the past few hours after a coordinated attack intended to punish it for refusing to process donations to WikiLeaks.

    Reports such as TechCrunch's post indicate the "denial of service" operation was coordinated through 4chan, a free-form message-board site that's been used to arrange numerous other sorts of Web mischief and sabotage, as well as a separate effort called Operation: Payback.
    http://voices.washingtonpost.com/fas...rd_offlin.html

    PayPal has admitted that the US Government was behind the company's decision to sever ties with whistle-blower site Wikileaks.
    http://www.ibtimes.com/articles/9005...an-assange.htm
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  19. #19
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    Anon and Assange are NOT cyber warfare. They aren't even really good hackers. Heck they are only recruiting about 500 hosts for their DDOS. The Russians brought 1000s to their parties back in the early 2000s. Calling today cyber warfare is hyperbole at best. It is mildly amusing though.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  20. #20
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,093

    Default

    Quote Originally Posted by selil View Post
    Anon and Assange are NOT cyber warfare. They aren't even really good hackers. Heck they are only recruiting about 500 hosts for their DDOS. The Russians brought 1000s to their parties back in the early 2000s. Calling today cyber warfare is hyperbole at best. It is mildly amusing though.
    WWII and the Congo Civil War were different levels of the same mildly amusing thing.
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

Similar Threads

  1. Pakistani people OK with drone attacks?
    By BayonetBrant in forum South Asia
    Replies: 12
    Last Post: 11-03-2012, 04:18 PM
  2. Social Media and Unconventional Warfare
    By Bill Moore in forum Doctrine & TTPs
    Replies: 38
    Last Post: 09-21-2012, 12:39 PM
  3. The Threat from Swarm Attacks (catch all)
    By davidbfpo in forum Doctrine & TTPs
    Replies: 4
    Last Post: 08-07-2012, 11:42 AM
  4. Attacks in Iraq Down Considerably
    By SWJED in forum Blog Watch
    Replies: 1
    Last Post: 01-23-2006, 10:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •