DOCSLIB.ORG

Hacktivism: Assessing the Damage

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

FEATURE Hacktivism: assessing the damage Steve Mansfield-Devine Steve Mansfield- Devine With the rise to stardom of activists Anonymous and hacking group LulzSec, cyber-attacks have entered a new phase. There’s nothing original in the technical exploits they’re deploying – most are very basic. But unlike most attackers, these to the general public) on IRC servers. groups actually crave publicity and are eager to share the data they steal. They While many of those who join in the frequently claim that this is for the greater good, to encourage better security campaigns will simply download and and a more responsible custodianship of personal data. These are issues close use the Low Orbit Ion Cannon (LOIC) to the hearts of information security professionals; so will these attacks have an DDoS tool, it appears to be this core effect on organisations’ attitudes to security? And has the infosecurity landscape group that is capable of wielding at least changed forever? some basic hacking skills. Nevertheless, the key campaigns under the name of First, we have to ask, who are these peo- the music industry for its heavy-handed Anonymous have tended to use DDoS ple? And there’s no easy answer. These legal pursuit of filesharers. It also fore- as the weapon of choice, and a new tool, are not well-defined groups with mem- shadowed what was to become a char- RefRef, has just made an appearance.2 bership lists. And their activities have acteristic of subsequent operations – a This exploits resource exhaustion to take spawned many imitators and fellow- certain superficiality in the arguments down targets. travellers. There are also some distinc- supporting them. Underlying Operation The group also continues non-hacking tions between the groups defined by the Payback (which continues, sporadically, campaigns. Recently, for example, it ‘members’ themselves. This makes labels to this day) was a dislike of copyright announced Operation UnManifest difficult: ‘hacktivists’, ‘activists’, ‘hackers’, that was conflated with the self-serving in which people are encouraged to ‘members’ – even the word ‘group’ itself interests of major media corporations modify copies of the manifesto written – all map very poorly on to how these and narrowly focused on music and by Norwegian mass-murderer Anders people organise and operate. However, movies. It’s a crudity of argument that Breivik, creating versions that ridicule his for the sake of discussion, and brevity, has resurfaced in the group’s attacks on ideology. By flooding the web with these we’ll use words like ‘group’ and ‘hacktiv- information security companies and mauled copies, anyone seeking the mani- ists’ to encompass Anonymous, LulzSec ‘whitehats’. festo can never be sure they are getting and those who tag along in their shade. The group’s ambitions are often the real thing.3 couched in terms of uncovering cor- Anonymous ruption and fighting oppression and LulzSec use the vocabulary of revolution, even Anonymous has a long track record of though their activities are commonly According to LulzSec – or Lulz Security activism, only a portion of it involv- perceived as little more than juvenile – its hacking activities had no higher ing hacking. The group first came to stunts or vandalism. But this isn’t to purpose but were simply for the ‘lulz’ – public attention as a result of its Project doubt the authenticity of their motiva- the pure joy of creating mayhem. This (or Operation) Chanology campaign tions or feelings. These were particu- assertion has been undermined by the against the Church of Scientology. This larly evident during the pro-Wikileaks group itself a number of times: in fact, frequently involved ‘Anons’ gathering in campaigns which, famously, brought the action that really brought it to public street protests, many wearing the now- minor grief to the likes of Mastercard attention was the defacement of a web- iconic Guy Fawkes masks. Anonymous and PayPal.1 site belonging to the Public Broadcasting quickly established a style characterised Anonymous says it is leaderless, a Service (PBS) in the US because LulzSec by anarchic wit and portentous (and, claim that is both partially true and dis- was unhappy with the treatment of many would argue, pretentious) videos. ingenuous. Certainly, anyone can join Wikileaks in a documentary. This light-hearted posturing and the in a campaign – or mount one of their What followed was 50 days of hack- nature of its target won Anonymous own – under the Anonymous banner. ing stunts, including repeated attacks on widespread sympathy. At the same time, there is clearly a core Sony. Many of the attacks resulted in Its next major campaign could be said group running key Twitter accounts, the theft of users’ login credentials for to have appealed to a narrower demo- producing YouTube videos and control- websites and other online systems. There graphic: Operation Payback attacked ling important channels (some closed were government targets, too, including 5 August 2011 Network Security FEATURE law enforcement: the move was part of the hackers’ constant attempts at mis- direction and disinformation. Shortly before this issue went to press, the Metropolitan Police arrested Jake Davis who, they claim, is Topiary. The AntiSec campaign is focused on alerting the world to security weak- nesses – particularly on the part of government entities and corporates – and what AntiSec sees as dishonesty and ineffectiveness on the part of the information security industry. One early action was the leak of 700 con- fidential documents from Arizona’s Department of Public Safety. Although still seen as a LulzSec attack, it was accompanied by an attempt at justifi- cation: “We are targeting AZDPS spe- cifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona,” said a statement.7 Other high-profile stunts included the downloading of large numbers of documents from defence and FBI contractor ManTech, the leak- ing of emails from the Department of Homeland Security, 90,000 email addresses – many of them mili- tary – from defence firm Booz Allen Hamilton, and the defacement of 77 law enforcement websites and the leak- ing of the personal details (including social security numbers and home addresses) of 7,000 law enforcement officers.8,9 LulzSec adopted a whimsical, piratical theme for its announcements. Security awareness the CIA and, in the UK, the website of It’s worth repeating, though, that the AntiSec supporters are not slow in the Serious Organised Crime Agency Anonymous name is adopted by a wide taunting or denigrating ‘whitehats’. In a (SOCA), which was brought down by a variety of people around the world. discussion on the AnonOps IRC server, DDoS attack.4 in the #reporter channel used to talk to At first, LulzSec denied any con- AntiSec the press, someone identifying himself nection with Anonymous. But it soon as ‘joepie91’ explained: “The problem became apparent that LulzSec mem- In mid-June 2011, LulzSec suddenly most people have with the majority of bers, who probably never numbered announced it was disbanding – or rather, ‘whitehat security researchers’ is that they more than half a dozen or so, were the merging with Anonymous as part of a charge insane amounts of money for same people behind many Anonymous new campaign, AntiSec.5 The reason for supposed ‘security’, and then fail to pro- activities and may even represent the the change was never clear. ‘Topiary’ – tect from even the most basic attacks.” people within the Anonymous core with regarded as the mouthpiece of LulzSec (It’s important to note that, while genuine (albeit low-level) hacking skills. – claimed in an interview that the group joepie90 had admin privileges for This became explicit when LulzSec wanted to quit on: “A high note, a classy the #reporter channel, and others later admitted responsibility for attacks ending”.6 Most onlookers, however, seemed to defer to him, as they did to against security firm HBGary, which believed the decision was driven by the Anonymous9 during a later chat, this were originally claimed by Anonymous. heat the group was starting to feel from does not make either of them a 6 Network Security August 2011 FEATURE spokesman for Anonymous. It is part of the fiction of Anonymous being ‘leader- less’ that no-one speaks in an official capacity. However, the personal opinions offered during IRC chats echoed those frequently stated by Anons.) The hostility towards whitehats could be brushed aside as nothing more than name-calling, but perhaps it is more revealing than that. It may demonstrate a fundamental lack of understanding when it comes to the root cause of security vulnerabilities, which isn’t a lack of skill or under- standing among security professionals, but among those who pay them. It’s an institutional or business problem. “There are lots of good information security professionals out there that have great technical skills, but technical skills alone will not protect your com- pany,” says Brian Honan, an independ- ent consultant based in Dublin who Following a number of arrests, LulzSec announced via Twitter that it was unaffected – but it was specialises in the strategic risk aspects clearly feeling the heat. of information security. “You also need to have management skills, budgeting • joepie91: 2. the ‘whitehat security London that works with organisations skills and political skills – because you researchers’ take advantage of this of all sizes. He believes that the security have to make sure that your agenda is incapability on the managers side, industry has been fuelling fear, uncer- part of the company’s agenda – and and charge outrageous amounts of tainty and doubt. “I think this is, by you need to have risk management money for things that do not appro- and large, pushed by vendors who are skills. If I’m an attacker, I can take my priately secure the systems saying, be afraid, be very afraid,” he time and focus on one element of your But even this basic understanding is says.
Recommended publications
  • UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations

    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations

    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations Title A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Permalink https://escholarship.org/uc/item/6w76f8x7 Author Swift, Kathy Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Santa Barbara A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Education by Kathleen Anne Swift Committee in charge: Professor Richard Duran, Chair Professor Diana Arya Professor William Robinson September 2017 The dissertation of Kathleen Anne Swift is approved. ................................................................................................................................ Diana Arya ................................................................................................................................ William Robinson ................................................................................................................................ Richard Duran, Committee Chair June 2017 A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Copyright © 2017 by Kathleen Anne Swift iii ACKNOWLEDGEMENTS I would like to thank the members of my committee for their advice and patience as I worked on gathering and analyzing the copious amounts of research necessary to
  • Rethinking Documentary Photography

    Rethinking Documentary Photography

    RETHINKING DOCUMENTARY PHOTOGRAPHY: DOCUMENTARY AND POLITICS IN TIMES OF RIOTS AND UPRISINGS —————————————————— A Thesis Presented to The Honors Tutorial College Ohio University —————————————————— In Partial Fulfillment of the Requirements for Graduation from the Honors Tutorial College with the degree of Bachelor of Arts in Art History —————————————————— by Jack Opal May 2013 Introduction I would like to think about documentary photography. In particular, I would like to rethink the limits of documentary photography for the contemporary. Documentary, traditionally, concerns itself with the (re)presentation of factual information, constitutes a record.1 For decades, documentary – and especially social documentary – has been under siege; its ability to capture and convey and adequately represent “truth” thrown into question, victim to the aestheticization of the objects, fading trust in their authors, and technological development. So much so that the past three decades have prompted photographer, documentarian, and art historian Martha Rosler to question first its utility, then its role, and finally its future in society. All of this has opened up the possibility and perhaps the need to reconsider the conditions and purpose of documentary practice, and to consider the ways in which it has been impacted by recent technological and historical developments. The invention of the internet and the refinement of the (video) camera into ever more portable devices and finally into the smartphone, and the rise to ubiquity within society of these inventions, signifies a major shift in documentary. So, too, have certain events of the past two decades – namely, the beating of Rodney King (and the circulation of the video of that event) and the development and adoption of the occupation as a major tactic within the political left.
  • Sample Iis Publication Page

    Sample Iis Publication Page

    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
  • Wikileaks Wars: Digital Conflict Spills Into Real Life

    Wikileaks Wars: Digital Conflict Spills Into Real Life

    Home | Tech | Science in Society | News | Back to article WikiLeaks wars: Digital conflict spills into real life 15 December 2010 by Jacob Aron Magazine issue 2791. Subscribe and save For similar stories, visit the Computer crime and Weapons Technology Topic Guides ADVERTISEMENT Editorial: Democracy 2.0: The world after WikiLeaks WHILE it is not, as some have called it, the "first great cyberwar", the digital conflict over information sparked by WikiLeaks amounts to the greatest incursion of the online world into the real one yet seen. In response to the taking down of the WikiLeaks website after it released details of secret diplomatic cables, a leaderless army of activists has gone on the offensive. It might not have started a war, but the conflict Dress code for an Anonymous vendetta (Image: is surely a sign of future battles. Sander Koning/AFP/Getty) 1 more image No one is quite sure what the ultimate political effect of the leaks will be. What the episode has done, though, is show what happens when the authorities attempt to silence what many people perceive as a force for freedom of information. It has also shone a light on the evolving world of cyber-weapons (see "The cyber-weapon du jour"). WikiLeaks was subjected to a distributed denial of service (DDoS) attack, which floods the target website with massive amounts of traffic in an effort to force it offline. The perpetrator of the attack is unknown, though an individual calling himself the Jester has claimed responsibility. WikiLeaks took defensive action by moving to Amazon's EC2 web hosting service, but the respite was short-lived as Amazon soon dumped the site, saying that WikiLeaks violated its terms of service.
  • “Hacktivists” Strike Back

    “Hacktivists” Strike Back

    SECUrITY AGENCE FRANCE-PRESSE Supporters of Wikileaks founder Julian Assange “Hacktivists” Strike Back wear Guy Fawkes masks Cyber attacks on financial institutions serve as they demonstrate against his arrest in as a warning sign Amsterdam in December 2010. The “Hacktivist” in december 2010, the websites of international financial services gi- group “Anonymous” has ants Visa, Mastercard and PayPal were temporarily shut down, victims adopted the Guy Fawkes of a coordinated cyber attack dubbed Operation Payback by its per- image as its public face. petrators. “Hacktivists” who support wikileaks and its founder Julian assange attacked after the companies terminated service and disabled donations to the website. The economic impact of the attack remains unclear and the tar- geted companies denied suffering consequential losses. but the attackers, using the names “anon” and “anonymous,” demonstrated the ability of cyber attacks to infiltrate and damage businesses and government agencies. A modern form of protest Amazon, the online retailer that hosted Anonymous didn’t protest by chanting slogans Wikileaks on its servers, was the first to pull out. or waving signs — it struck against Wikileaks’ Visa, MasterCard and PayPal soon followed, perceived enemies in the spirit of the virtual essentially crippling Wikileaks’ ability to accept world they share. Wikileaks, whose raison d'être is donations that support publishing efforts. The exposing classified or confidential government cyber attacks started soon after. or corporate information, is under pressure When Anonymous staged its attack in the vir- from the United States and other governments tual world, it used a favorite weapon of the cyber after leaking more than 250,000 U.S.
  • Bank & Lender Liability

    Bank & Lender Liability

    Westlaw Journal BANK & LENDER LIABILITY Litigation News and Analysis • Legislation • Regulation • Expert Commentary VOLUME 17, ISSUE 6 / AUGUST 1, 2011 Expert Analysis Once More Into the Breach: Are We Learning Anything? By Cynthia Larose, Esq. Mintz Levin Cohn Ferris Glovsky & Popeo I’m a guy who doesn’t see anything good having come from the Internet. … [The Internet] created this notion that anyone can have whatever they want at any given time. It’s as if the stores on Madison Avenue were open 24 hours a day. They feel entitled. They say, “Give it to me now,” and if you don’t give it to them for free, they’ll steal it. –Sony Pictures Entertainment CEO Michael Lynton, May 14, 20091 How ironic. This comment two years ago by Lynton created a minor firestorm and drove him to post a lengthy rebuttal on The Huffington Post,2 but at the time, Lynton was referring to content piracy, not data breaches. Given the events since Sony’s massive data breaches in April3 (and subsequent breaches in May and June), he might as well as have been referring to user informa- tion held by Sony and its various properties. As a matter of fact, the Sony Pictures hackers said, “Sony stored over 1 million passwords of its customers in plain text, which means it’s just a matter of taking it.”4 Since the April PlayStation Network breach that exposed more than 100 million user accounts, Sony has been hacked more than 10 times. Sony Europe,5 Sony BMG Greece,6 Sony Thailand,7 Sony Music Japan8 and Sony Ericsson Canada9 all suffered some intrusion and compromise of user information.
  • Deterring Iran After the Nuclear Deal

    Deterring Iran After the Nuclear Deal

    MARCH 2017 COVER PHOTO NIEL HESTER | FLICKR 1616 Rhode Island Avenue NW Washington, DC 20036 202 887 0200 | www.csis.org Lanham • Boulder • New York • London 4501 Forbes Boulevard Lanham, MD 20706 301 459 3366 | www.rowman.com Deterring Iran After the Nuclear Deal PROJECT DIRECTORS AND EDITORS Kathleen H. Hicks Melissa G. Dalton CONTRIBUTING AUTHORS Melissa G. Dalton Thomas Karako Jon B. Alterman J. Matthew McInnis Michael Connell Hijab Shah Michael Eisenstadt Michael Sulmeyer ISBN 978-1-4422-7993-3 Farideh Farhi Ian Williams Kathleen H. Hicks 1616 Rhode Island Avenue NW Washington,Ë|xHSLEOCy279933z DC 20036v*:+:!:+:! 202-887-0200 | www.csis.org Blank MARCH 2017 Deterring Iran after the Nuclear Deal PROJ ECT DIRECTORS AND EDITORS Kathleen H. Hicks Melissa G. Dalton CONTRIBUTING AUTHORS Melissa G. Dalton Thomas Karako Jon B. Alterman J. Matthew McInnis Michael Connell Hijab Shah Michael Eisenstadt Michael Sulmeyer Farideh Farhi Ian Williams Kathleen H. Hicks Lanham • Boulder • New York • London 594-68742_ch00_6P.indd 1 3/13/17 7:13 AM About CSIS For over 50 years, the Center for Strategic and International Studies (CSIS) has worked to develop solutions to the world’s greatest policy challenges. T oday, CSIS scholars are providing strategic insights and bipartisan policy solutions to help decisionmakers chart a course toward a better world. CSIS is a nonprofit organ ization headquartered in Washington, D.C. The Center’s 220 full- time staff and large network of affiliated scholars conduct research and analy sis and develop policy initiatives that look into the future and anticipate change. Founded at the height of the Cold War by David M.
  • From Clicktivism to Hacktivism: Understanding Digital Activism

    From Clicktivism to Hacktivism: Understanding Digital Activism

    Information & Organization, forthcoming 2019 1 From Clicktivism to Hacktivism: Understanding Digital Activism Jordana J. George Dorothy E. Leidner Mays Business School, Texas A&M University Baylor University ABSTRACT Digital activism provides new opportunities for social movement participants and social movement organizations (SMOs). Recent IS research has begun to touch on digital activism, defining it, exploring it, and building new theory to help understand it. This paper seeks to unpack digital activism through an exploratory literature review that provides descriptions, definitions, and categorizations. We provide a framework for digital activism by extending Milbrath’s (1965) hierarchy of political participation that divides activism into spectator, transitional, and gladiatorial activities. Using this framework, we identify ten activities of digital activism that are represented in the literature. These include digital spectator activities: clicktivism, metavoicing, assertion; digital transitional activities: e-funding, political consumerism, digital petitions, and botivism; and digital gladiatorial activities: data activism, exposure, and hacktivism. Last, we analyze the activities in terms of participants, SMOs, individuals who are targeted by the activity, and organizations that are targeted by the activity. We highlight four major implications and offer four meta-conjectures on the mechanisms of digital activism and their resulting impacts, and reveal a new construct where participants digitally organize yet lack an identifying cause, which we label connective emotion. Key Words Digital activism, social activism, political participation, social movements, connective emotion, literature review 1.0 Introduction Not long ago, activism to promote social movements was relegated to demonstrations and marches, chaining oneself to a fence, or writing to a government representative. Recruiting, organizing, and retaining participants was difficult enough to ensure that often only largest, best supported movements thrived and creating an impact often took years.
  • Bakalářská Práce 2013

    Bakalářská Práce 2013

    Masarykova univerzita Filozofická fakulta Ústav české literatury a knihovnictví Kabinet informa čních studií a knihovnictví Bakalá řská diplomová práce 2013 Alena Brožová Masarykova univerzita Filozofická fakulta Kabinet informa čních studií a knihovnictví Informa ční studia a knihovnictví Alena Brožová AntiSec: hacktivistická kampa ň za svobodu na internetu Bakalá řská diplomová práce Vedoucí práce: PhDr. Pavla Ková řová 2013 Prohlašuji, že jsem diplomovou práci vypracovala samostatn ě s využitím uvedených pramen ů a literatury. …………………………………………….. Podpis autora práce Zde bych cht ěla pod ěkovat vedoucí práce PhDr. Pavle Ková řové za pomoc a cenné rady v pr ůběhu tvorby bakalá řské diplomové práce. Bibliografický záznam BROŽOVÁ, Alena. AntiSec: hacktivistická kampa ň za svobodu na internetu . Brno: Masarykova univerzita, Filozofická fakulta, Ústav české literatury a knihovnictví, Kabinet informa čních studií a knihovnictví, 2013, 59 s. Vedoucí bakalá řské práce PhDr. Pavla Ková řová. Anotace Bakalá řská diplomová práce „AntiSec: hacktivistická kampa ň za svobodu na internetu“ se zabývá hackerskými útoky v rámci operace AntiSec, které byly uskute čněny pod záštitou propagace svobodného internetu, svobody informací a svobody projevu. Práce se zabývá etickou oprávn ěností provedení útok ů v souvislosti s pravidly definovaných etických teorií a kodex ů. Pro toto hodnocení jsou využity principy dimenzionální analýzy. Výsledkem práce je souhrn informací o prob ěhnuté operaci s důrazem na eti čnost provedených útok ů. Annotation Bachelor thesis „AntiSec: hacktivism campaign for freedom on the internet“ deals with hacker attacks in Operation AntiSec which were made under the auspices of promoting free internet, freedom of information and freedom of expression. The work deals with the ethical legitimacy of carrying out attacks in relation to the rules of defined ethical theories and codes.
  • You Are Not Welcome Among Us: Pirates and the State

    You Are Not Welcome Among Us: Pirates and the State

    International Journal of Communication 9(2015), 890–908 1932–8036/20150005 You Are Not Welcome Among Us: Pirates and the State JESSICA L. BEYER University of Washington, USA FENWICK MCKELVEY1 Concordia University, Canada In a historical review focused on digital piracy, we explore the relationship between hacker politics and the state. We distinguish between two core aspects of piracy—the challenge to property rights and the challenge to state power—and argue that digital piracy should be considered more broadly as a challenge to the authority of the state. We trace generations of peer-to-peer networking, showing that digital piracy is a key component in the development of a political platform that advocates for a set of ideals grounded in collaborative culture, nonhierarchical organization, and a reliance on the network. We assert that this politics expresses itself in a philosophy that was formed together with the development of the state-evading forms of communication that perpetuate unmanageable networks. Keywords: pirates, information politics, intellectual property, state networks Introduction Digital piracy is most frequently framed as a challenge to property rights or as theft. This framing is not incorrect, but it overemphasizes intellectual property regimes and, in doing so, underemphasizes the broader political challenge posed by digital pirates. In fact, digital pirates and broader “hacker culture” are part of a political challenge to the state, as well as a challenge to property rights regimes. This challenge is articulated in terms of contributory culture, in contrast to the commodification and enclosures of capitalist culture; as nonhierarchical, in contrast to the strict hierarchies of the modern state; and as faith in the potential of a seemingly uncontrollable communication technology that makes all of this possible, in contrast to a fear of the potential chaos that unsurveilled spaces can bring.
  • List of Targets of Arrested Computer Hackers 6 March 2012

    List of Targets of Arrested Computer Hackers 6 March 2012

    List of targets of arrested computer hackers 6 March 2012 The five computer hackers charged in New York Tribune and Los Angeles Times, using on Tuesday and a sixth who pleaded guilty are misappropriated login credentials. accused of involvement in some of the most notorious hacking incidents of the past 18 months. -- February 2011: A cyberattack on private computer security firm HBGary that involved the The following are some of the cyberattacks in theft of 60,000 emails from HBGary employees and which the two Britons, two Irishmen and two the HBGary chief executive, as well as defacing his Americans allegedly played a role as members of Twitter account. Anonymous, Lulz Security or associated groups: -- April-May 2011: A cyberattack on a Fox -- December 2010: Operation Payback. Distributed Broadcasting Company website that involved the denial of service (DDoS) attacks by members of theft of names, dates of birth, telephone numbers, Anonymous on the websites of MasterCard, email and residential addresses for more than PayPal and Visa in retaliation for their refusal to 70,000 potential contestants on the Fox television accept donations for WikiLeaks. In a DDoS attack, show the "X-Factor." a website is bombarded with traffic, slowing it down or knocking it offline completely. -- May 2011: A cyberattack on Sony Pictures Entertainment that revealed the passwords, email -- January 2011: Defacing a website of the Irish addresses, home addresses and dates of birth of political party Fine Gael after accessing computer 100,000 users of the www.sonypictures.com servers in Arizona used to maintain the website, website and a subsequent online attack against www.finegael2011.com.
  • Easier Said Than Done: Legal Reviews of Cyber Weapons

    Easier Said Than Done: Legal Reviews of Cyber Weapons

    Easier Said Than Done: Legal Reviews of Cyber Weapons Gary D. Brown* & Andrew O. Metcalf** INTRODUCTION On June 1, 2012, author and New York Times reporter David Sanger created a sensation within the cyber-law community. Just over a year previously, Vanity Fair, among other media outlets, reported that a malware package of unprec- edented complexity had effectively targeted the Iranian nuclear research pro- gram.1 The malware, which came to be known as Stuxnet, was also discovered on many computer systems outside Iran, but it did not appear to do any damage to these other systems. Just as the discussions spurred by the discovery of Stuxnet had begun to die down, the New York Times published an interview with Mr. Sanger to discuss his newest book, in which he alleged that the Stuxnet malware had been part of a U.S. planned and led covert cyber operation. The assertion that a nation state had used a “cyber attack” in support of its national objectives reinvigorated the attention of cyber-law commentators, both in and out of government. What makes Stuxnet interesting as a point of discussion is that the basic functioning of the software is easy to understand and easy to categorize. A piece of software was deliberately inserted into the target systems, and physical damage was the result. However, resulting physical damage is not characteristic of most cyber operations, and the legal analysis of Stuxnet is of limited utility when examining a broad range of cyber activities.2 A distinct lack of physical effects is much more characteristic of cyber operations, and the absence of physical effects has continued to complicate the legal analysis of cyber in the context of military operations.