DOCSLIB.ORG

Cyber Attack Campaigns in Political Conflicts

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Attack Campaigns in Political Conflicts CYBER ATTACK CAMPAIGNS IN POLITI- CAL CONFLICTS A case study of Anonymous hacktivists’ campaign against ISIS Master´s Thesis in Information Systems Science Author: Otto Sulin Supervisor: Jonna Järveläinen 16.02.2018 Turku Turun kauppakorkeakoulu • Turku School of Economics Turun yliopiston laatujärjestelmän mukaisesti tämän julkaisun alkuperäisyys on tar- kastettu Turnitin OriginalityCheck -järjestelmällä. The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service. Table of Contents 1 INTRODUCTION ................................................................................................... 9 1.1 Internet, the new frontier of conflicts ............................................................. 9 1.2 Scientific motivation for this study .............................................................. 10 1.3 General overview of the study ..................................................................... 11 2 POLITICAL CONFLICTS AND WARFARE IN THE CYBERSPACE ............. 13 2.1 Conflicts in the Cyberspace.......................................................................... 13 2.1.1 Perspectives on different types of conflicts ..................................... 13 2.1.2 Analyzing conflicts .......................................................................... 14 2.2 Evaluation of existing cyber conflict models ............................................... 16 2.2.1 Cyber Early Warning Model ............................................................ 16 2.2.2 Ventre’s model ................................................................................. 17 2.2.3 Discussion on evaluated models ...................................................... 18 2.3 Actors in Cyber Conflicts ............................................................................. 19 2.3.1 Non-state actors ............................................................................... 19 2.3.2 State actors ....................................................................................... 22 2.4 Cyber warfare and terrorism in political conflicts ....................................... 23 2.4.1 Defining cyber warfare .................................................................... 23 2.4.2 Definition of cyber warfare .............................................................. 24 2.4.3 Legal status of cyber warfare and attacks ........................................ 25 2.4.4 Cyber terrorism from legal perspective ........................................... 28 3 CYBER ATTACK OPERATIONS ....................................................................... 29 3.1 Cyber Operations Models............................................................................. 29 3.2 Synthesis of the chosen models .................................................................... 31 4 METHODOLOGY ................................................................................................ 34 4.1 Introduction .................................................................................................. 34 4.2 Methods of qualitative analysis .................................................................... 35 4.3 Material gathering and sampling .................................................................. 38 4.3.1 Material gathering methods ............................................................. 38 4.3.2 Sampling .......................................................................................... 39 5 STUDY FINDINGS .............................................................................................. 41 5.1 Introduction .................................................................................................. 41 5.2 On actors and their status ............................................................................. 41 5.2.1 Anonymous ...................................................................................... 41 GhostSec ...................................................................................................... 44 Ghost Security Group ................................................................................... 45 5.2.2 ISIS .................................................................................................. 46 5.2.3 A summary of the key facts regarding Anonymous and ISIS ......... 48 5.3 Latent tensions ............................................................................................. 50 5.4 Initiating events ............................................................................................ 52 5.4.1 Paris attacks ..................................................................................... 52 5.4.2 Anonymous’ reaction to the attacks ................................................. 53 5.4.3 Anonymous’ goals and target selection ........................................... 54 5.5 Cyber reconnaissance ................................................................................... 56 5.5.1 Footprinting and system reconnaissance ......................................... 58 5.5.2 Target listing .................................................................................... 60 5.5.3 Identifying vulnerabilities ................................................................ 62 5.6 Cyber mobilization ....................................................................................... 63 5.6.1 Methods of mobilization .................................................................. 63 5.6.2 Attack planning ................................................................................ 64 5.6.3 Resource preparations ...................................................................... 65 5.6.4 Testing the plan ................................................................................ 67 5.7 Cyber attack ................................................................................................. 67 5.7.1 Distributing the plan ........................................................................ 67 5.7.2 Rehearsing ....................................................................................... 68 5.7.3 Penetrate & control .......................................................................... 68 5.7.4 Violate systems ................................................................................ 69 5.7.5 Lessons learned ................................................................................ 70 6 CONCLUSIONS AND DISCUSSION ................................................................. 71 6.1 Conclusions .................................................................................................. 71 6.1.1 Literature review and used models .................................................. 71 6.1.2 Summary of the results from the case study .................................... 72 6.2 Limitations ................................................................................................... 73 6.3 Implications for further research .................................................................. 74 REFERENCES................................................................................................................ 76 APPENDICES ................................................................................................................ 86 Appendix 1: Known offensive cyber capabilities of nation-states. ....................... 86 Appendix 2: International legislation regarding cyber terrorism .......................... 91 Appendix 3: Parts of the Canonical Offensive Cyber Operations Model ............. 92 Appendix 4: Tools Employed in the Campaign .................................................... 96 Appendix 5: Index of gathered materials shared in IRC ..................................... 103 List of figures Figure 1 A Cyber Early Warning Model (Carr 2011) ...................................... 16 Figure 2 Canonical model of offensive cyber operations (Grant et al., 2015) . 30 Figure 3 Synthesis of Carr's and Grant et al. models, Political Cyber Attack Campaign Model ................................................................................ 32 Figure 4 Example of Anonymous IRC topic messages .................................... 39 Figure 5 A contemporary Guy Fawkes mask (Wikipedia, 2012) ..................... 42 Figure 6 Slate article “Recognizably Anonymous” (Slate, 2011) .................... 43 Figure 7 GhostSec.org front page (GhostSec, 2016) ........................................ 45 Figure 8 Flag of the Islamic State (IS) (Wikipedia, 2013) ............................... 47 Figure 9 Example of ISIS content in Anonymous IRC chats ........................... 48 List of tables Table 1 Phases of conflict (Sriram & Wermester, 2003) ................................ 15 Table 2 Main non-state actors in cyber conflict (Sigholm 2013) .................... 20 Table 3 Synthesis of Carr's and Grant et al. models ........................................ 31 Table 4 Phases of netnographic study according to Kozinets (2015) ............. 36 Table 5 Summary of key facts ......................................................................... 49 Table 6 Known offensive cyber capabilities of nation-states (Valentino- Devries & Yadron, 2015) ................................................................... 90 Table 7 Canonical model of offensive cyber operations: select goals phase .. 92 Table 8 Canonical model of offensive cyber operations: select targets phase
Load more

Recommended publications
  • The Influence of Anonymity on Participation in Online Communities
    Thèse de doctorat de l’UTT Malte PASKUDA The Influence of Anonymity on Participation in Online Communities Spécialité : Ingénierie Sociotechnique des Connaissances, des Réseaux et du Développement Durable 2016TROY0033 Année 2016 THESE pour l’obtention du grade de DOCTEUR de l’UNIVERSITE DE TECHNOLOGIE DE TROYES Spécialité : INGENIERIE SOCIOTECHNIQUE DES CONNAISSANCES, DES RESEAUX ET DU DEVELOPPEMENT DURABLE présentée et soutenue par Malte PASKUDA le 24 octobre 2016 The Influence of Anonymity on Participation in Online Communities JURY M. M. BAKER DIRECTEUR DE RECHERCHE CNRS Président (Rapporteur) Mme N. GAUDUCHEAU MAITRE DE CONFERENCES Examinateur Mme M. LEWKOWICZ PROFESSEUR DES UNIVERSITES Directeur de thèse M. M. PRILLA PROFESSOR Rapporteur M. M. ROHDE DOKTOR Examinateur Acknowledgements Myriam Lewkowicz Michael Baker Michael Prilla Nadia Gauducheau Markus Rohde Michel Marcoccia Valentin Berthou Matthieu Tixier Hassan Atifi Ines Di Loreto Karine Lan Lorraine Tosi Aurlien Bruel Khuloud Abou Amsha Josslyn Beltran Madrigal Les membres de lquipe Tech-CICO et les membres du projet TOPIC trouvent ici mes remerciements les plus sincres. Abstract This work presents my PhD thesis about the influence of anonymity on par- ticipation in online environments. The starting point of this research was the observation of the design process of an online platform for informal caregivers. I realized that there is no knowledge about the practical effects that an anony- mous identity system would have. This thesis contains the subsequent literature review, which has been synthesized into a model that shows which participation factors might be influenced by anonymity. Three studies on existing online en- vironments have been conducted: One on Youtube, where there was a change in the comment system forbidding anonymous comments; one on Quora, where users can choose to answer questions anonymously; and one on Hacker News, where users choose how many identity factors they want to present and which name they use.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Deciphering L33tspeak
    Ghent University Faculty of Arts and Philosophy Thesis Deciphering L33t5p34k Internet Slang on Message Boards Supervisor: Master Paper submitted in partial fulfilment of Prof. Anne-Marie Simon-Vandenbergen the requirements for the degree of ―Master in de Taal- en Letterkunde – Afstudeerrichting: Engels‖ By Eveline Flamand 2007-2008 i Acknowledgements I would like to thank my promoter, professor Anne-Marie Vandenbergen, for agreeing on supervising this perhaps unconventional thesis. Secondly I would like to mention my brother, who recently graduated as a computer engineer and who has helped me out when my knowledge on electronic technology did not suffice. Niels Cuelenaere also helped me out by providing me with some material and helping me with a Swedish translation. The people who came up to me and told me they would like to read my thesis, have encouraged me massively. In moments of doubt, they made me realize that there is an audience for this kind of research, which made me even more determined to finish this thesis successfully. Finally, I would also like to mention the members of the Filologica forum, who have been an inspiration for me. ii Index 1. Introduction .......................................................................................................................... 1 2. Methodology ......................................................................................................................... 1 2.1 4chan ...............................................................................................................................
    [Show full text]
  • The Rhetorics of the Voltron: Legendary Defender Fandom
    "FANS ARE GOING TO SEE IT ANY WAY THEY WANT": THE RHETORICS OF THE VOLTRON: LEGENDARY DEFENDER FANDOM Renee Ann Drouin A Dissertation Submitted to the Graduate College of Bowling Green State University in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY May 2021 Committee: Lee Nickoson, Advisor Salim A Elwazani Graduate Faculty Representative Neil Baird Montana Miller © 2021 Renee Ann Drouin All Rights Reserved iii ABSTRACT Lee Nickoson, Advisor The following dissertation explores the rhetorics of a contentious online fan community, the Voltron: Legendary Defender fandom. The fandom is known for its diversity, as most in the fandom were either queer and/or female. Primarily, however, the fandom was infamous for a subsection of fans, antis, who performed online harassment, including blackmailing, stalking, sending death threats and child porn to other fans, and abusing the cast and crew. Their motivation was primarily shipping, the act of wanting two characters to enter a romantic relationship. Those who opposed their chosen ship were targets of harassment, despite their shared identity markers of female and/or queer. Inspired by ethnographically and autoethnography informed methods, I performed a survey of the Voltron: Legendary Defender fandom about their experiences with harassment and their feelings over the show’s universally panned conclusion. In implementing my research, I prioritized only using data given to me, a form of ethical consideration on how to best represent the trauma of others. Unfortunately, in performing this research, I became a target of harassment and altered my research trajectory. In response, I collected the various threats against me and used them to analyze online fandom harassment and the motivations of antis.
    [Show full text]
  • I Give Permission for Public Access to My Thesis and for Any Copying to Be Done at the Discretion of the Archives Librarian And/Or the College Librarian
    1 I give permission for public access to my thesis and for any copying to be done at the discretion of the archives librarian and/or the College librarian. Emily Merritt 06/22/12 An Analysis of the Discourse of Internet Trolling: A Case Study of Reddit.com Student presenter: Emily Rose Merritt Project advisor: Esther Castro-Cuenca With the proliferation of social media and community discussion and forum websites, interest in understanding and explaining communication on the Internet (with an emphasis on language-based communication) is on the rise. Over time, new genres of interaction have developed that take place primarily or exclusively in online communication, and with them has developed the need to investigate the structure of these interactions, what their function is within conversations and communities, what their place is within certain Internet discourses, and over time what effects they have on communication on and offline. Thus far many of these genres have been deemed at best disruptive and at worst anti-social, but when studied from a judgment-free point of view show high levels of complexity and offer us excellent opportunities to understand how the Internet is shaping and being shaped by new kinds and contexts of communication. One of these genres of interaction that has gained significant fame on some very popular forums and discussion sites is called trolling. Trolling occurs on discussion sites or message boards when a user intentionally posts erroneous or inflammatory information with the intention of provoking a strong reaction out of other users. The objective of this study is to understand the complexities of trolling, as well as some of its functions and outcomes in anonymous online communication.
    [Show full text]
  • A Study of Internet Based Community Interactions
    Virtual Online Communities: A Study of Internet Based Community Interactions A dissertation presented to the faculty of the Scripps College of Communication of Ohio University In partial fulfillment of the requirements for the degree Doctor of Philosophy Adrian M. Budiman August 2008 This dissertation titled Virtual Communities Online: A Study of Internet Based Community Interactions by ADRIAN M. BUDIMAN has been approved for the School of Media Arts and Studies and the Scripps College of Communication by Drew McDaniel Professor of Telecommunications Gregory J. Shepherd Dean, Scripps College of Communication ii Abstract BUDIMAN, ADRIAN M., Ph.D., August 2008, Mass Communication Virtual Online Communities: A Study of Internet Based Community Interactions (167 pp.) Director of Dissertation: Drew McDaniel The aim of this research was to better understand virtual online communities (VOCs), that is, communities that are formed and maintained through the Internet. This research was guided by four research questions: What do participants in VOCs actually seek? How does a participant critically evaluate information produced in VOCs? What differences do VOC members perceive between their online community experiences compared to their experiences in real-life face-to-face communities? In what ways might a VOC shape its members’ views toward political and social change? The methodology employed was participant observation of 20 informants within their online and offline realms plus in-depth interviews with each informant. Interviews and observations were conducted from 2005 – 2007. This research identified two different types of VOCs: dependent and self- contained VOCs. Dependent VOCs act as extensions to already existent face-to-face communities while self-sustained VOCs are communities where relationships between members are formed, developed, and nurtured purely through virtual encounters on the Internet based on shared interests.
    [Show full text]
  • Leetocracy. Networked Political Activism and the Continuation of Elitism in Competitive Democracy Gustafsson, Nils
    Leetocracy. Networked Political Activism and the Continuation of Elitism in Competitive Democracy Gustafsson, Nils; Breindl, Yana Published in: Nexus. New Intersections in Internet Research 2010 Link to publication Citation for published version (APA): Gustafsson, N., & Breindl, Y. (2010). Leetocracy. Networked Political Activism and the Continuation of Elitism in Competitive Democracy. In D. Araya, Y. Breindl, & T. J. Houghton (Eds.), Nexus. New Intersections in Internet Research Peter Lang Publishing Group. Total number of authors: 2 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 Araya_Araya 9/28/2010 11:01 PM Page 193 C H A P T E R N I NE Leetocracy 1 Networked Political Activism or the Continuation of Elitism in Competitive Democracy YANA BREINDL & NILS GUSTAFSSON INTRODUCTION On May 6, 2009, the European Parliament (EP) gathered for its monthly plenary in Strasbourg.
    [Show full text]
  • The Psychology of Trolling and Lurking: the Role of Defriending and Gamification for Increasing Participation in Online Communities Using Seductive Narratives
    The Psychology of Trolling and Lurking: The Role of Defriending and Gamification for Increasing Participation in Online Communities Using Seductive Narratives Jonathan Bishop Centre for Research into Online Communities and E-Learning Systems, UK ABSTRACT The rise of social networking services have furthered the proliferation of online communities, transferring the power of controlling access to content from often one person who operates a system (sysop), which they would normally rely on, to them personally. With increased participation in social networking and services come new problems and issues, such as trolling, where unconstructive messages are posted to incite a reaction, and lurking, where persons refuse to participate. Methods of dealing with these abuses included defriending, which can include blocking strangers. The Gamified Flow of Persuasion model is proposed, building on work in ecological cognition and the participation continuum, the chapter shows how all of these models can collectively be used with gamification principles to increase participation in online communities through effective management of lurking, trolling, and defriending. INTRODUCTION of-friends’ (COF) for managing friends lists in online communities (Romm & Setzekom, 2008), The study of online communities has led to such the use of the Internet to build online communities, colourful expressions as trolling, flaming, spam- especially using social networking services has ming, and flooding being developed in order to grown – but so has the amount of Internet abuse on describe behaviours that benefit some people while these platforms. Facebook is currently one of the disrupting others (Lampe & Resnick, 2004). Since more popular COF-based websites (Davis, 2008). the proliferation of technologies like the ‘circle- In addition to this, microblogging, such as Twitter, have ‘status updates’, which are as important a DOI: 10.4018/978-1-4666-0312-7.ch010 The Psychology of Trolling and Lurking part of social networks Facebook and Google+, and functioning (Maxwell & Miller, 2008).
    [Show full text]
  • Exploring Tactics of Public Intimacy on Instagram
    . Volume 14, Issue 1 May 2017 Exploring tactics of public intimacy on Instagram Eliisa Vainikka, Elina Noppari & Janne Seppänen, University of Tampere, Finland Abstract: Issues relating to public intimacy characterise current online photo-sharing and visual self- performance practices. People increasingly post personal photos onto public or semi-public online spaces and have the need to negotiate the boundaries of disclosure and privacy. This article explores some of the tactics that ordinary ‘Instagrammers’ adopt when using the mobile photo-sharing app. Michel de Certeau’s theoretical distinction between tactics and strategies is used as a frame to analyse the empirical material. User tactics relating to privacy and authenticity, choices and actions that Instagram users make while operating in the virtual space, are reflected against Instagram’s public statements of their company strategy. The study presents that in their public self-performances, users constantly negotiate between their ideal me, their true me, the surrounding social norms and forming of an authenticity contract. The tactical choices are usually individual and users justify their choices first and foremost to themselves. Although users make individual tactical choices when using the app, they do not downright challenge the strategic goals of Instagram, but rather adapt to them. Keywords: Instagram, social media, self-performance, intimacy, authenticity, privacy, user, tactic, photography Introduction As social media platforms have become increasingly pictorial, the popular photo-sharing app, Instagram, has also become a focus of research interest. Instagram has reached over 400 million users globally and is the most popular mobile application for photo-sharing and visual self-presentation (Duggan et al.
    [Show full text]
  • Joseph Migga Kizza Fourth Edition
    Computer Communications and Networks Joseph Migga Kizza Guide to Computer Network Security Fourth Edition Computer Communications and Networks Series editor A.J. Sammes Centre for Forensic Computing Cranfield University, Shrivenham Campus Swindon, UK The Computer Communications and Networks series is a range of textbooks, monographs and handbooks. It sets out to provide students, researchers, and nonspecialists alike with a sure grounding in current knowledge, together with comprehensible access to the latest developments in computer communications and networking. Emphasis is placed on clear and explanatory styles that support a tutorial approach, so that even the most complex of topics is presented in a lucid and intelligible manner. More information about this series at http://www.springer.com/series/4198 Joseph Migga Kizza Guide to Computer Network Security Fourth Edition Joseph Migga Kizza University of Tennessee Chattanooga, TN, USA ISSN 1617-7975 ISSN 2197-8433 (electronic) Computer Communications and Networks ISBN 978-3-319-55605-5 ISBN 978-3-319-55606-2 (eBook) DOI 10.1007/978-3-319-55606-2 Library of Congress Control Number: 2017939601 # Springer-Verlag London 2009, 2013, 2015 # Springer International Publishing AG 2017 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc.
    [Show full text]
  • The Impact of Social Types Within Information Communities: Findings from Technical Newsgroups
    The Impact of Social Types within Information Communities: Findings from Technical Newsgroups Tammara Combs Turner Karen E. Fisher Microsoft Research The Information School One Microsoft Way University of Washington Redmond, Washington 98052 Seattle, Washington 98195 [email protected] [email protected] Abstract communities or newsgroups—Usenet discussion forums for publicly exchanging threaded messages. Lee, Vogel We explored whether Fisher and Durrance’s [11] and Limayem [24] define an online community as, “a framework of information communities applies to online technology-supported cyberspace, centered upon technical newsgroups and the impact of particular social communication and interaction of participants, resulting in types on information flow within digital economy. Data a relationship being built up.” While “community” has collection methods included content analysis of discussion been defined in many different ways [8, 19, 20, 27, 28], threads from six technical newsgroups over an eighteen the study of online communities—and specifically the month period, along with focus groups, participant flow of information within them are relatively new. observation and interviews with key informants, and Broadly encompassing newsgroups, forums, analysis of quantitative data obtained from Microsoft conferences, and bulletin boards, [33] online communities Research’s Netscan project. Findings support and expand occur “when users are given tools to use their voice in a the information communities framework. Four social public and
    [Show full text]
  • Arxiv:1901.01914V1 [Cs.CR] 7 Jan 2019 46Mlincsoesvaahc Nsnspasainntok[80]
    The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations Jason R. C. Nurse1 and Maria Bada2 1 School of Computing, University of Kent, UK [email protected] 2 Global Cyber Security Capacity Centre, University of Oxford, UK [email protected] Abstract While cybercrime can often be an individual activity pursued by lone hackers, it has increasingly grown into a group activity, with networks across the world. This chapter critically examines the group element of cybercrime from several perspectives. It identifies the platforms that online groupscybercriminal and otherwiseuse to interact, and considers groups as both perpetrators and victims of cybercrime. A key novelty is the discovery of new types of online groups whose collective actions border on criminality. The chapter also analyzes how online cybercrime groups form, organize, and operate. It explores issues such as trust, motives, and means, and draws on several poignant examples, from Anonymous to LulzSec, to illustrate the arguments. Keywords: cybercrime, cybercriminal networks, organized crime, group behavior, hu- man psychology, trust, criminal platforms, criminology 1 Introduction There are various perspectives through which cybercrime and its association with online groups can be studied, e.g., the groups that are responsible for cyber-attacks and similar acts of on- line aggression or the groups of individuals that are targeted. Anonymous is one of the most well-known of the hacker groups and has been linked to numerous high-profile online attacks. These include cyber-attacks on the FBI, US Department of Justice, and US Copyright Of- fice [89], declarations of war on banks and stock exchange markets [4], and more recent calls to action against U.S.
    [Show full text]