blog archive

Friday, 10 December 2010

Is WikiLeaks engaged in 'cyber war'?

John D. Sutter
Rival hackers have hit WikiLeaks and its enemies with "denial of service" attacks, causing some havoc online.
Rival hackers have hit WikiLeaks and its enemies with "denial of service" attacks, causing some havoc online.
STORY HIGHLIGHTS
  • Media and Twitter feeds declare the website attacks involving WikiLeaks a "cyber war"
  • But security experts say this is nothing like a real cyber war
  • Expert: Cyber attacks start to become war-like when they attack real-world targets

(CNN) -- Media outlets and a Twitter feed this week lobbed a controversial term into the public debate about cyber attacks over WikiLeaks:

"CYBERWAR," the WikiLeaks' European Twitter feed declared, linking to a blog post of the same title.

"WikiLeaks Cyberwar!" read a CBS blog headline.

"Cyberwar erupts over WikiLeaks funding cut," wrote RFI, the international public radio network.

Despite these bold proclamations, internet security experts said the WikiLeaks-related attacks are anything but cyber war -- not that these same experts are exactly sure what a cyber war would look like, or if one has ever occurred.

The WikiLeaks saga reads like a high-tech spy novel -- one packed with government secrets, icy Cold War bunkers, shady networks of anonymous hackers and, most recently, the disruption of American financial institutions.

The battle over the site -- which has come under fire from the United States for publishing private diplomatic communications -- escalated this week as apparent WikiLeaks' supporters crashed the websites of PayPal, Visa and MasterCard, which had stopped processing donations to WikiLeaks.

What is WikiLeaks? Here's how it works
WikiLeaks supporters strike back
Timeline of the WikiLeaks controversy

"There are some things WikiLeaks can't do. For everything else, there's Operation Payback," wrote a Twitter user claiming responsibility for the attacks -- and giving them a snappy name.

That scared plenty of people, even though the credit card companies continued to operate without their Web presence. To many, it also felt unprecedented, like these attacks were a new way to rattle core institutions of the American economy.

But is this kind of thing really new? And what does one call this type of digital battle, where attacks result in the unwanted movement of 1s and 0s online rather than bombed-out buildings and wounded soldiers?

Maybe anything but a cyber war.

Calling the WikiLeaks back-and-forth a cyber war is "completely idiotic," said Bruce Schneier, chief security technology officer of BT, a communications company.

"War. W-A-R. It's a big word," Schneier said. "How could this be a cyber war? It's certainly a cyber attack, right? It's certainly politically motivated. But this stuff has been going on for a couple of decades now. Do you mean there have been thousands of wars that haven't been noticed? It doesn't make any sense at all. If there was a war, you'd know it, and it would probably involve tanks and artillery -- as well as cyber weapons."

Only cyber attacks between two warring nation-states count as cyber war, he said.

WikiLeaks is, of course, a website -- not a sovereign nation.

"War isn't just nameless attacks between parties that are not nation-states to begin with," said Mikko Hypponen, chief research officer at F-Secure. "WikiLeaks is not a country. MasterCard is not a country."

But perhaps that definition still isn't quite good enough. In war, it's usually pretty easy to tell who's doing the shooting. In cyber attacks, it's almost always impossible to determine the origins of an attack unless it's "perpetuated by the slip of the tongue" on the part of the attacker, said Don DeBolt, director of threat research at CA Technologies, a computer security company.

In the WikiLeaks case, for example, no one knows -- or may ever know -- who is behind the attacks on financial websites. The same goes for hackers standing on the other side of the digital battlefield, who have been trying to take WikiLeaks down so that it can't share any more state secrets.

The United States government has denied involvement, but the situation raises a question: If it's almost impossible to know who's behind a cyber attack, how can you say whether one has taken place between two nation-states or not?

Another issue with cyber war is the type of attack that's used.

Security researchers said the tactics of cyber warfare have been deployed in the WikiLeaks saga, but they're by far not the most drastic measures a hacker would take if he or she really wanted to cause real damage.

Schneier compared the pro-WikiLeaks attacks on MasterCard and Visa to a bunch of protesters standing in front of an office building, refusing to let workers in. It's annoying, but it didn't shut down the operation. And it didn't start a war.

Cyber attacks start to become war-like when they purposefully attack real-world targets, causing actual damage to property or death, Hypponen said.

That had never been shown to be possible until this year, when the Stuxnet worm showed that it could attack factory systems and alter mechanical processes, he said. That kind of virus could, in theory, be used to shut down power grids, halt public transportation or blow up factories, he said.

The WikiLeaks attacks are more like political protests, he said.

There's an insider term for this: "hacktivist," or hacker plus activist.

"I see it mostly as a demonstration of their dissatisfaction with the system and how things are going," he said of the hackers who are defending WikiLeaks by targeting big-name American sites. "There are other points you'd want to hit if you wanted to inflict monetary damage or retribution."

The type of attacks pro-WikiLeaks hackers have been carrying out are not at all sophisticated; they actually have been going on for at least 10 years, he said. Called "direct denial of service" attacks -- or DDoS in geek-speak -- these attacks essentially try to overload a website with so much internet traffic that they can't handle the load and temporarily are shut down.

DDoS attacks have been used as a form of protest before.

What's new with WikiLeaks, Hypponen said, is that DDoS attacks have gotten so easy to carry out that almost anyone can participate. There's evidence that "hundreds" of WikiLeaks supporters have volunteered their computers to be used as weapons in these online assaults, said Jose Nazario, senior manager of security research at Arbor Networks, another security firm.

To sign up, you just have to find the right people on Facebook or Twitter and download a simple program with another spy-novel name: a "low-orbit ion cannon."

"Ten years ago you had to be pretty skilled and know the right people to gain entry into this sort of event. Now it's easy," he said.

Still, that doesn't completely settle the "cyber war" issue either. In real-world war, you can fight with swords -- old tools -- or remotely operated drones -- new tools -- and still be engaging in battle. Perhaps part of the definition of cyber war lies in exactly how those tools are used to inflict damage, said Herbert Lin, a computer science and security expert at the National Research Council of the National Academy of Sciences.

"Soldiers use M16s. And they can use them in a prosecution of a war," Lin said. "But policemen also use M16s, and they're not prosecuting a war. So the question here is, does it count to say if you're using cyber warfare techniques against WikiLeaks in various forms, is that cyber warfare?"

Lin answered his own question: "I'd say no."

No comments:

Post a Comment