Anonymous attacks (Catch All)

[bismark17]

That is interesting. Thanks for posting that! It appears that this battle has gone from frivilious lawsuits to more "active" campaigning. I am surprised that there hasn't been more of this type of activity from the ELF or ALF movements. They have the technological sophistication to be more active in the digital realm but as of yet haven't employed it.

The black hats that are doing the work must be good because I would assume that the Scientology sites would have decent security due to the type of people they recruit and their own self awareness that they are a target.

[selil]

I was pretty amazed at how effective the"Anon's" are and at how much corporate America is supporting the Scientology side up to and including removing material under TOS violations that obviously weren't. I'm further amazed at how utterly ineffective the scientologist group is being.

[Ken White]

Seems to me like they'd react on the "I don't want this to happen to me" rationale.

Sort of my (distant, very distant) cousin against my enemy...

And would not the guvmint weigh in -- on the same basis?

No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.

[bismark17]

They are very well known to use civil lawsuits to fight their points of view and will leave it at that. It just reminds me of the mid 90s when the web was just starting out and all of the nonsense that was generated in that realm.

[selil]

Seems to me like they'd react on the "I don't want this to happen to me" rationale.

Sort of my (distant, very distant) cousin against my enemy...

And would not the guvmint weigh in -- on the same basis?

No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.

The government rarely weighs in on cyber conflict until somebody can be proved to be breaking the law.

As to the information technology aspect consider this.

Information technology is the life blood of a military unit. You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.

Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.

Now consider the old school methods of a spy entering your command tent silent enough to be not detected and capable enough to succeed. The chances are fairly slim right? When the computer becomes the mechanism the chances explode in probability. The attack succeeds and the damage occurs.

These are the kind of attacks that the Scientology group is being challenged with. There innermost secrets are exposed, the command structure is being exposed, the logistics of the group is open to consideration. Some would say that is just fine the Sceintologists should be more transparent. Regardless no organization can function if trust is violated externally or internally. If this was the Catholic church and records of confessional conversations were being exposed the damage would be catastrophic.

The attacks are highly coordinated and have appeared to be effective. It is an interesting case study to watch as it unfolds.

[Ken White]

and understood it when I asked my questions. Which were:

Why is the corporate response a surprise to you (due to those very factors you cite in your tutorial)? It would seem to me the corporate sector wants to deter such actions lest they be aimed at them?

Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense...

[Watcher In The Middle]

Originally posted by Ken White:

Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense

The Fed's seem to have been taking the position all along that the wronged party has to be able to show direct damages. And practically, there's a whole lot of reasons to take that approach.

First off, there's a lot ("considerably more than a lot", actually) of attempting "invasive digital information gathering" that goes on (all the time) in the business world. I have first hand knowledge on this one, and have reported the different attempted exploits to the FBI in extreme detail. The attempted exploits were all unsuccessful, but it was a real eye-opener going through the process of trying to deal with law enforcement (both federal and state) to get this crap to cease and desist.

Practically, the feds just really, really don't want to get in the middle of this food fight. It is messy, time consuming, and difficult to explain (agents are much more likely to understand than the AUSA's, and the Judges, well that's another story). It's a tough sell as a case. They run from these types of cases.

Also, don't underestimate all the spinoff effects of the DMCA and copyright/digital piracy cases. It's one of those areas where the congresscritters keep pushing it (in exchange for campaign contributions from industry), but since DOJ gets to play the role of the "heavy" & toss single moms/college kids into the justice system for stealing music (true or not, that's how it's put out there), they look forward to prosecuting those cases like going out & catching some incurable disease. And that ends up applying to just about anything in the digital law enforcement area which isn't a slam-dunk case.

IMO, can't blame the Feds for trying to duck a no-win scenario.

Now, personally, I can't see any way that the two sides (Scientology Group and the US Government; DOJ) could every find any common ground to the level necessary to take on these type of cyber attacks. Got to be some elements of trust, and there's just nothing there to even start with.

[bismark17]

This conflict made NPR tonight. Their take was that this opposition group is a general entity opposed to any internet censorship and the only reason they got involved was due to that video being removed due to the Church's asking. That video that the opposition produced appears to be a little more personal than that.

[Presley Cannady]

Information technology is the life blood of a military unit.

It most certainly is, but as I understand it TCP/IP isn't, and for all the hype that surrounds these cyberattacks it's often easy to underestimate the defensive value of long lead times in fulfillment, the human eye for detail and the power of the telephone. DDoS is an occasional fact of life for anyone spinning vital operations on TCP/IP networks; sure, script kiddies can do damage but that's what they pay the white hats the big bucks to deal with.

You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.

Compartmentalization in both the private and public sectors should mitigate much of the damage, and to my knowledge divvying up secret data and processes across a number of machines in various security realms has already reduced the risk of compromise to an acceptable degree. At least there's no report of any game changing hacking that's brought down a private company or annihilated a government office's ability to do work.

Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.

Fulfillment is already pretty inefficient, and most logistics operations I've seen in the private sector expect non-trivial screw ups anywhere along the delivery chain. Also, this is only a concern if you're sole means of communicating and verifying requests and responses are via TCP/IP. The game immediately changes once you add in an office manager or supply officer with a phone, a Rolodex, and a gruff, go-get-it demeanor.

Beware the l33t speaking anarchist, but don't be too fearful of him. He doesn't have the money, wherewithal or talent to pull off something immediately and intensely damaging (like knocking a communications satellite out of orbit or jamming multiple square klicks). For the most part, he's got some skill with PHP and VB and an account at various cracker sites and IRC channels where he can run through a HOWTO detailing the best way to recruit friends and spread malware. He might even know how to wardrive and take advantage of folks still using weak WEP. He can even do thousands of dollars of damage or compromise critical secrets. But he can't force you to react in narrowly predictable ways, and more importantly he can't disguise the fact your system's been penetrated for very long.

[Presley Cannady]

One other thing. I don't see exactly how Anonymous leaking Scientology documents they skim off CoS's servers is going to achieve much of anything. If CoS is so inclined, they can always disavow any leaked material that's damaging. It's not as if Anonymous has a trust mechanism in place to prove that what they've got is in fact genuine Scientology material.