Anonymous attacks (Catch All)

[selil]

Percolating to the surface is what may be the first inter-faith online insurgency. Spurred by a rather perfunctory take down notice of a video the Scientology religion has been hammered by an online group called Anonymous. Attacks against servers, a fairly complex information/propaganda campaign, and use of para-legal (copyright, freedom of speech, parody, etc.) are being used.

I have no dog in the hunt of the validity of Scientology but this may be a good case study for scholars of small wars to learn the effectiveness and issues of stateless entity warfare and the resultant issues for society. Following on the heels of the Estonian conflict which was originally blamed on Russia and turned out to be a highly effective band of college students, and with a similar feeling, this conflict is a religion versus a non-state actor. The group "Anonymous" has in an interesting turn attacked all of the elements of information security (confidentiality, integrity, availability, authentication, and non-repudiation) paradigm very rapidly.

The group Anonymous is posting "secret" materials, changing data in the Scientology systems, disrupting the operations of the Scientologists with distributed denial of service attacks, that would suggest information warfare in the other realms too. As scholars of small wars, with interests in insurgency, and with an understanding that this same attack vector may occur against as a highly coordinated attack against a state (e.g. Estonia) we should pay attention to this evolving form of attack and consider the ramifications for future conflicts.

LINK

[bismark17]

That is interesting. Thanks for posting that! It appears that this battle has gone from frivilious lawsuits to more "active" campaigning. I am surprised that there hasn't been more of this type of activity from the ELF or ALF movements. They have the technological sophistication to be more active in the digital realm but as of yet haven't employed it.

The black hats that are doing the work must be good because I would assume that the Scientology sites would have decent security due to the type of people they recruit and their own self awareness that they are a target.

[selil]

I was pretty amazed at how effective the"Anon's" are and at how much corporate America is supporting the Scientology side up to and including removing material under TOS violations that obviously weren't. I'm further amazed at how utterly ineffective the scientologist group is being.

[Ken White]

Seems to me like they'd react on the "I don't want this to happen to me" rationale.

Sort of my (distant, very distant) cousin against my enemy...

And would not the guvmint weigh in -- on the same basis?

No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.

[bismark17]

They are very well known to use civil lawsuits to fight their points of view and will leave it at that. It just reminds me of the mid 90s when the web was just starting out and all of the nonsense that was generated in that realm.

[selil]

Quote:

Originally Posted by Ken White

Seems to me like they'd react on the "I don't want this to happen to me" rationale.

Sort of my (distant, very distant) cousin against my enemy...

And would not the guvmint weigh in -- on the same basis?

No familiarity with the corporate IT -- or anybody's IT -- realm so I'm just asking.

The government rarely weighs in on cyber conflict until somebody can be proved to be breaking the law.

As to the information technology aspect consider this.

Information technology is the life blood of a military unit. You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.

Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.

Now consider the old school methods of a spy entering your command tent silent enough to be not detected and capable enough to succeed. The chances are fairly slim right? When the computer becomes the mechanism the chances explode in probability. The attack succeeds and the damage occurs.

These are the kind of attacks that the Scientology group is being challenged with. There innermost secrets are exposed, the command structure is being exposed, the logistics of the group is open to consideration. Some would say that is just fine the Sceintologists should be more transparent. Regardless no organization can function if trust is violated externally or internally. If this was the Catholic church and records of confessional conversations were being exposed the damage would be catastrophic.

The attacks are highly coordinated and have appeared to be effective. It is an interesting case study to watch as it unfolds.

[Ken White]

and understood it when I asked my questions. Which were:

Why is the corporate response a surprise to you (due to those very factors you cite in your tutorial)? It would seem to me the corporate sector wants to deter such actions lest they be aimed at them?

Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense...

[Watcher In The Middle]

Originally posted by Ken White:

Quote:

Could the government not be expected to take a biased view of the what the law says to assist in hacker deterrence on the same basis? I understand that nominally they don't act unless a law is broken but you and I both know there's some, uh -- elasticity is a good word -- in making that determination. I also would include 'unofficially' and not only in the law enforcement sense

The Fed's seem to have been taking the position all along that the wronged party has to be able to show direct damages. And practically, there's a whole lot of reasons to take that approach.

First off, there's a lot ("considerably more than a lot", actually) of attempting "invasive digital information gathering" that goes on (all the time) in the business world. I have first hand knowledge on this one, and have reported the different attempted exploits to the FBI in extreme detail. The attempted exploits were all unsuccessful, but it was a real eye-opener going through the process of trying to deal with law enforcement (both federal and state) to get this crap to cease and desist.

Practically, the feds just really, really don't want to get in the middle of this food fight. It is messy, time consuming, and difficult to explain (agents are much more likely to understand than the AUSA's, and the Judges, well that's another story). It's a tough sell as a case. They run from these types of cases.

Also, don't underestimate all the spinoff effects of the DMCA and copyright/digital piracy cases. It's one of those areas where the congresscritters keep pushing it (in exchange for campaign contributions from industry), but since DOJ gets to play the role of the "heavy" & toss single moms/college kids into the justice system for stealing music (true or not, that's how it's put out there), they look forward to prosecuting those cases like going out & catching some incurable disease. And that ends up applying to just about anything in the digital law enforcement area which isn't a slam-dunk case.

IMO, can't blame the Feds for trying to duck a no-win scenario.

Now, personally, I can't see any way that the two sides (Scientology Group and the US Government; DOJ) could every find any common ground to the level necessary to take on these type of cyber attacks. Got to be some elements of trust, and there's just nothing there to even start with.

[bismark17]

This conflict made NPR tonight. Their take was that this opposition group is a general entity opposed to any internet censorship and the only reason they got involved was due to that video being removed due to the Church's asking. That video that the opposition produced appears to be a little more personal than that.

[Presley Cannady]

Quote:

Originally Posted by selil

Information technology is the life blood of a military unit.

It most certainly is, but as I understand it TCP/IP isn't, and for all the hype that surrounds these cyberattacks it's often easy to underestimate the defensive value of long lead times in fulfillment, the human eye for detail and the power of the telephone. DDoS is an occasional fact of life for anyone spinning vital operations on TCP/IP networks; sure, script kiddies can do damage but that's what they pay the white hats the big bucks to deal with.

Quote:

You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.

Compartmentalization in both the private and public sectors should mitigate much of the damage, and to my knowledge divvying up secret data and processes across a number of machines in various security realms has already reduced the risk of compromise to an acceptable degree. At least there's no report of any game changing hacking that's brought down a private company or annihilated a government office's ability to do work.

Quote:

Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.

Fulfillment is already pretty inefficient, and most logistics operations I've seen in the private sector expect non-trivial screw ups anywhere along the delivery chain. Also, this is only a concern if you're sole means of communicating and verifying requests and responses are via TCP/IP. The game immediately changes once you add in an office manager or supply officer with a phone, a Rolodex, and a gruff, go-get-it demeanor.

Beware the l33t speaking anarchist, but don't be too fearful of him. He doesn't have the money, wherewithal or talent to pull off something immediately and intensely damaging (like knocking a communications satellite out of orbit or jamming multiple square klicks). For the most part, he's got some skill with PHP and VB and an account at various cracker sites and IRC channels where he can run through a HOWTO detailing the best way to recruit friends and spread malware. He might even know how to wardrive and take advantage of folks still using weak WEP. He can even do thousands of dollars of damage or compromise critical secrets. But he can't force you to react in narrowly predictable ways, and more importantly he can't disguise the fact your system's been penetrated for very long.

[Presley Cannady]

One other thing. I don't see exactly how Anonymous leaking Scientology documents they skim off CoS's servers is going to achieve much of anything. If CoS is so inclined, they can always disavow any leaked material that's damaging. It's not as if Anonymous has a trust mechanism in place to prove that what they've got is in fact genuine Scientology material.

[SteveMetz]

Quote:

Originally Posted by selil

Following on the heels of the Estonian conflict which was originally blamed on Russia and turned out to be a highly effective band of college students

Do you have a citation on that? My Eurasia guy is still writing about it as if it was an act of the Russian government.

[selil]

Here is one of the stories they say he was an ethnic Russian. http://news.yahoo.com/s/afp/20080123...s_080123193328

It says in the article he is a student but not where. Reading the article it looks like he isn't a Russian not Estonian. I made the leap that he was from the ethnic reference. I'm thinking though that when this is exposed it's college students using Kremlin computers as horse power much like we've seen in the past.

[Cannoneer No. 4]

Anonymous Hackers Target Alleged WikiLeaker Bradley Manning's Jailers

http://blogs.forbes.com/andygreenber...nings-jailers/

Quote:

Anonymous hackers name Department of Defense Press Secretary Geoff Morell and chief warrant officer Denise Barnes as targets and call on members to dig up personal information on both, including phone numbers, personal histories and home addresses. The goal of the operation, for now, is to “dox” the two officials, the typical Anonymous method of publishing personal information of victims and using it for mass harassment.

. . . doxing will likely include “ruin life tactics” such as “ordering them pizza, sending them thousands of boxes, reporting them to police for drug abuse, sex offenders list, tricking their ISPs into canceling the Internet, messing with their social security numbers, false flag, fax harassment, phone harassment, email bombing, subscriptions to magazines, diapers, tampons.”

Can DOD Information Assurance and Computer Network Defenders protect Morrell and Barnes, or will they be pwned?

If Anonymous is considered a virtual militia, is this a Paramilitary Information Opposition Operation?

[SteveMetz]

I don't have a position on Manning's treatment since I don't know anything beyond what I read in the papers. But if this group does attack people as a result of their performance of official duties, it would seem that law enforcement would have a grounds to take a range of actions against them. History is full of individuals and organizations convinced they were smarter than "the system" who eventually found otherwise.

[anonamatic]

This type of activity clearly crosses the line from being protest to a direct attack. While the groups volunteers in the hive might want to characterize this sort of activity as being 'direct action' in a context of protest, it stands in contrast to other groups who engage in acts of civil disobedience. I don't think I've read about any instances where people have sought out to personally attack a press secretary. This is a person whose role is to be a messenger after all.

While on an emotional level the idea of Mr. Manning enjoying serious and prolonged discomfort is something I find quite satisfying, on a practical level my concerns are different. I firstly am concerned that even given Assange's expressed prior intent to use whoever came his way to attack the US, that his counsel is not examining those matters explicitly & offering advice that reflects the nature of how his client has been ill used. Secondly, I am concerned that the conditions of Mr. Manning's incarceration, while technically justifiable, are doing more harm than good with public relations. Thirdly, there is the question of protecting DoD & government personnel, given that Mr. Manning seems to be enjoying counsel that can only be described as bordering on being irresponsible press whores, I can't see how it will be all that easy to conduct normal legal business.

[Brett Patron]

At what point are kinetics on the table?

Seems to me that both Morrell or Barnes have a right to self defense, and that, by extension the US Gov't has a duty to vigorously find and defeat this threat. And i don't mean better anti-virus protection.

This is a direct threat to the sovereignty of the US. These hackers constitute a clear and present danger and need to be dealt with rather rapidly and rather aggressively. They are terrorists. No different then Al Qaeda.

But instead, we'll try to "understand" them and deal with them as if they are small time hoods.

:facepalm:

[Cannoneer No. 4]

Quote:

Originally Posted by SteveMetz

But if this group does attack people as a result of their performance of official duties, it would seem that law enforcement would have a grounds to take a range of actions against them.

NCIS could sic McGee on 'em. The real NCIS will probably have some involvement. State of Virginia might take some interest. But most of this probably won't rise to the level of felonies so what actions might law enforcement bother to take?

[Cannoneer No. 4]

Quote:

Originally Posted by Brett Patron

At what point are kinetics on the table?

No sooner than Inaugaration Day, 2013, and probably not then. Do you want to give them martyrs?

Quote:

Originally Posted by Brett Patron

. . . the US Gov't has a duty to vigorously find and defeat this threat.

But does .gov have the talents, resources and permission to successfully engage and defeat Anonymous? NSA probably does, but what should they quit doing to reprioritize Anonymous to the head of line?

Quote:

Originally Posted by Brett Patron

This is a direct threat to the sovereignty of the US. These hackers constitute a clear and present danger and need to be dealt with rather rapidly and rather aggressively. They are terrorists. No different then Al Qaeda.

U. S. sovereignty isn't directly threatened. The PERSEC of a senior civil servant and of a serving Marine are directly threatened. Harrassment is not terrorism. Anonymous is very different from Al Qaeda. Anonymous is not a monolithic, organized organization. Some are bad, some are good, some bad Anons are good some days, mosts Anons are low skilled cannon fodder but some have real skills. Not prudent to ignore them, but not a good idea to make more out of them than they really are.

[anonamatic]

Quote:

Originally Posted by Cannoneer No. 4

State of Virginia might take some interest.

After they get done making plans for ice sculptures in hell, they might find the time to think about it. They compete with Texas over who can do more executions after all. Between the large amounts of hard core conservatives in the south west of the state, and the large amount of military and government workers in the east and north, I can't think of a less sympathetic constituency.

I think that they would probably openly snicker at anyone suggesting that they do as much, not to mention that they have no jurisdiction. Explaining that they have no jurisdiction would be the part where they caved in to expressions of glee I'd bet.