Game-ChangingThreat: The Rise Of The H acking Collective

By David Gewirtz

hroughout history, there has always been a barrier of entry to warfare. Oh , sure, there have been snipers

Even most terrorist attacks

and bowmen who might score a lucky shot, taking down a leader I a training camp in Mes Aynak, located in the barren Logar and showing his head on a horse Province, 25 mi les south east of or out the hatch of a tank turret. But I Kabu l, Afghanistan. Hijackers Khalid al-M ihdhar and Nawaf the reality has been that unless you al-Hazm i were sent to Pakistan to learn about Western cu lture. were able to muster some serious firepower and were Mohamed Alta, Marwan alalso able to pay for an army of fighters , you couldn 't really Shehh i, Ziad Jarra h were then sent to South Florida for basic make war. fli ght training.

have had a barrier of entry. The events of September II. for example, were conducted by a I team of 19 hijackers, along with I support personnel. The team's preparation included attending

iacsp.com
All of thi s req uired money, and al-Qaeda had lots of it. The terrori s t orga ni za t io n had a hu ge war chest, consistin g of hundred s of milli o ns o f dollars from Osa ma bin Laden ' s pe rsona l fOrlune, heroin traflicking, and do natio ns frol11 s upporters. In other wo rds, orc hest rati ng th e attacks of September II , 200 1 did not come chea p.
Th at cost was a formidable barrier for most wo uld -be attacke rs. Just the cos t of cond uc ting a wa r o r eve n a large sca le terrori s t a ltack took amounts of cas h o ut of reach of all but the largest organ iza ti ons.

What happens thoug h, when the barr ier of entry is red uced to zero? What if yo u (or someone ju st a little bored , poorly soc ia li zed, or rea ll y pi ssed off) co uld ca use some serious damage without needing to ju st ify the ir ac ti o ns eno ugh to get financial and mate riel support?

c lips. Dubbed "YouTube Porn Da y, " th e event s howcased the group 's somewhat twis ted sense of humor. It 's here that we begin to sec a differe nce between a traditiona l atlack and th ose fro m hack er co ll ectives. So me ac tiv it ies are done fo r good reasons, to suppo rt a ca use, o r as a res ult of co ll ec ti ve ange r. But some other activities, like the YouTube Po rn Day, arc s impl y done for the " LOLZ," or the fun of it. Members o f these g roups ca n be anyone and everyo ne. No id e ntit y in formation is exc ha nged. Members may part icipate in one event, never to show up again, or they ma y be invo lved o n a co ns ta nt bas is. Members never meet eac h o ther -- o r th ei r vic tim s. T hey s impl y s it down at th e ir co mputers, log in , and begin tormenting the ir vic tim s.

What happens is chaos. And it's happening now.

Let me in trod uce yo u to the new shadow wa rri ors of the seco nd decade of the 21 s t ce ntur y. Indi vidu a ll y, their names are unkn ow n, nOI ju st to law e nforcement , but even to each other, as we ll as to all links in the ir cha in of command. But, coll ectivel y, th e na mes Ano nymo us and Lul zSec are becoming legendary. Combin ed, these g ro ups are a ll eged to have attacked or hacked the Church of Sciento 1ogy, the Epil epsy Foundatio n, the Suppo rt Onl ine Hip Hop an d AIiHi pHop Web si tes, and the No Cussing Clu b. On May 20, 2009, the g ro up Anonymo us upl oa ded hundred s of o nlin e v id eos to Yo uTube , labe led as I,"nil y friendly fare , but conta ining po rn ogra phi c

And act Ollt, these groups have. When the Austra lia n gove rnm e nt bega n to block access to the on lin e s it es operated by Ano nymous, the g ro up condu cted a di stributed denial of se rvice (OOoS) attack o n the Australian prime v' mini s ter 's Web si te . V hen fina ncin g sites Amazon , PayPal, Maste rCa rd , and Visa stopped funn e lin g fund rai sin g payme nts to the operators o r Wiki lea ks, A no ny mo us laun ched Operati o n Payback to s hut down those si tes. But it's not as cut and dri ed as yo u might think . Whil e Anonymo us mi ght ac t out , atlack ing gove rnm ent and financ ial sites, or act up, funneling po rn in to YouTube, the group has also condu cted some interestin g free speech operations, 111 0st notably setting lip the site Ano nymou s Iran, a site des igned to funn el in fo rm ati on in and out of Iran as a res ult of Irani an censorship and the q uest io nab le re s ult s of the 2009 Ira ni an e lections. In addi ti o n to Aus t ralia, A n ony m o ll s ha s a ttacked th e Web s ites of th e gove rnments of Z im babwe, Egyp t, T uni sia , a nd Malays ia, a ll as pun is hm en t fo r th ose gov ernments bloc kin g c it izen access to Wikileaks. Prank attacks are one thing, but the attacks are grow ing more seriolls. In May and June, the gro up LulzSec, considered by many to be an Ano nymous spin-off, attacked Sony and shut down the Pl ayStation Network an d a va ri ety of other Sony resources for almost two months. The group stole user data from the PBS network. They seem to have a gam ing-related interest, hav ing aucmpted or penetrated Nintendo, Minecrail, th c Escapist Magazine, Beth esda Studi os, and the servers of the o nline ga me Eve .

That 's why, th rougho ut histo ry, wars and large-sca le attac ks were cond ucted by large natio ns o r tribes, re ligioll s orga ni za ti ons, and ve ry large, organized gro ups.

Not anymore.
Ju st as th e perso nal co mput er

has red uced the cost of ent ry for so Ill any more pedestr ia n ac ti viti es ( lik e publi s hin g, filmm ak in g, and the lik e), so it has vast ly, a lmos t inco mprehensibl y, re duce d th e barrier of entry for warfare,

For some participants, it's a release, a way to get out their aggressions. For some, it's merely a way of exercising a twisted sense of humor. Other paI1icipallts are genuinely nasty and want to cause hJll11 and distress. It doesn't matter. When you're anonymous, you can be fi'ee to act oul.

at least in the digital domain . Thi s cha nge in cost has resulted in so me sca ry changes in the wa rfi ghting land scape. Back when it cost milli o ns o r more to condu ct an aHack of any expected effective ness, the attackers had to have a good reason to co ndu ct th e aHack. Whil e th e ir reaso nin g m ight have been twisted, ev il , o r ot herw ise not in th e public interest, the re had to be a s trong enough justificat ion to attra ct foll owers, war ri ors, an d mo s t impo rtant , fundi ng.

It's here that we begin to see a difference between a traditional attack and those from hacker collectives . Some activities are done for good reasons , to support a cause, or as a result of collective anger.
SeekIng the Edae Through Education. Training. and Technology

Tf-te JO.Jrnal ot Counterterrorism & Homeland

,_".,l-LA ,,'/

International

Veneratio Diliae/1tia Vires

just We b s ites fro m th e Cit y of O rl ando, bu t fo r loca l reso rts, th e Chamb er of Co mm erce, and rand om Web sites simpl y providing Orl ando-related in fo rm ati on.

Whil e th e ir ac ti vities are a lm ost ce rta inl y ill ega l and alm ost always somewhat harm fu l, th ese gro ups aren ' t what we ' ve co me to kn ow as the us ual th rea t. T he iss ue is much more complex. As we go into the coming decades, we ' re lik ely to see more of these gro ups fo rm . T he ir m iss io n and fo cus will be di ffe rent and co uld change on a dim e. The ir membe rship mi ght also change fro m day-to-day. W he n it co mes to hac ker co ll ecti ves , th e r e is o nl y o ne c on s tan t: th ey ' r e troubl e . In d e alin g w ith th ese g r o up s, i f I we re to leave yo u with one strong sugg e s ti o n, it 's thi s: use ca re. Don' t approac h dea lin g with th ese o rga ni zat ions in th e same way yo u wo uld an e nemy, a cri m i na l o rga ni zati o n, o r a te rro ri st g ro up . Th e hac ke r coll ect ive is a w ho lly ne w thin g, a nd needs to be d ea lt with in e ntire ly new ways , with k id g loves, and with s ubtl ety.

Lul zSec attac ked th e Atl anta chapter of InfraGa rd, a public-pri vate security partners hi p with the FBI. The group released emai l add resses and passwo rd s of senate. gOY, the Web site of th e Uni te d States Senate. The group also fired off a DDoS aga inst CIA.gov, the public-fac ing site for the Ce ntral Intellige nce Age ncy. Like Anonymous, Lul zSec isn't onl y in to causing trouble. When it fo und a security vulnerability in th e British Nationall-lealth Service systems, LuizSec sent an email to the se rvice, advising th em how to fi x their "tech issues."

So, where's the threat?

Inl110st cases, the attacks by Anonymous and LulzSec have been more pranks than threats. Some have been seri ous, li ke th e Sony outage. Some have been funny (if illegal and wrong), like YouTube Porn Day. Nothin g, so fa r, has caused damage ofa level to be considered a nati onal security threat.

The threat is the potential.

What to day mi ght sim ply be all attack on a videoga me co mp a n y mi g ht , tomo rr ow, be an attac k on a criti ca l in frastru ctu re co mp o nent or a criti ca l link in th e finan cial services chain. Beca use th ese gro u ps are ad-hoc at bes t, th eir membersh ip nui d in th e ex treme, it 's ve ry di fficul t to pred ict o r "ga me" th e act io ns o f these groups to proj ect and impl ement defe nses. Furth e r, w hil e th ese t wo g r o up s see m t o have a ve r y s tr o n g sense of twisted honor, th ey co uld be co-opted by fa r less se lf-amused indi v idu a ls, g ro up s, o r nati ons, and th e e ffo rts of a large mass of a no nymo us co mp ute r users co uld be turn ed, aim ed, and focused o n ca us in g rea l, ta ng ibl e, dea dl y da mage.

And yet.
The groups have apparently j oined together to enc ourage computer criminal s of all stri pes to break into government Web sites ac ross th e world. The gro up al so bro ke into the computers of the Ari zona Department of Pu blic Safety, re leas ing hundreds of docum ents marked "sensiti ve" or "offi cial use onl y", This was apparently as a protest for Ari zona's somewhat draco nian immigrati on policies. As I write thi s, Anonymous has decided it doesn't li ke the City of Orlando because

About the Author

David GelVirtz is th e d irector of the U.S. S tra teg ic Perspec ti ve Institu te and edito r-in -chieJ oj the ZATZ tec hnicol magaz ines. He reg ularly writes cOlI/m en tary and analysis for CNN's Anderson Cooper 360, and has writt e n m o re than 700 ar t icles abo ut tech nology. David is a fo rm er professor of compli ler science. has lectured a t Pr in ceto n , Be rke ley, UCLA, and Stanford, has been awarded th e pres tigio lls Sigma Xi Research Award in Enginee ri ng, and was a ca ndida te for the 2008 Pulitze r Pr ize in Letters. He is th e Cyberlerrorism Advisor for JACSP. David's personal Web site is at DavidGewirtz. COlli Read his blog at CNN Anderson Cooper 360for politics, policy, alld analysis. Read his blog al CBS Inleraclive ,. ZDNel Government where tech meets politics and government.
01' Follolll him on Twiller al @ , DavidGewirtz

The groups

have

apparently joined together to encourage computer criminals of all stripes to break into government Web sites across the world.

Seeking the Edge Through Education. Training.

members of a gro up feedin g th e homeless we re arres ted for doin g so against city ordinances. The onl y go tcha is th at Anonymous has apparently attacked not

Fin a ll y, it 's impo rt a nt to r ea li ze that t hese a re n 't orga ni zed te rro ri s t gro ups , bu t are and Technology in s tea d co mpose d of peo pl e we mi g ht norm a ll y co n s id er o ur fri ends and neig hb ors, o ur de ntists, o ur netwo rk admini st rato rs, o ur law n care g uys, o ur bow ling budd ies, and even o ur law enfo rce ment profess io nals.

Journal of Counte rterroris m & Homeland Security Inte rn ationa l Vo1. 17. NO.3