Cyber Conflict As an Emergent Social Phenomenon

View metadata, citation and similar papers at core.ac.uk brought to you by CORE

provided by Calhoun, Institutional Archive of the Naval Postgraduate School

Calhoun: The NPS Institutional Archive

Faculty and Researcher Publications Faculty and Researcher Publications

2011 Cyber Conflict as an Emergent Social Phenomenon

Denning, Dorothy E.

Denning, D. E., “Cyber Conflict as an Emergent Social Phenomenon,” Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications (T. Hold and B. Schell eds.), IGI Global, 2011. (.pdf) http://hdl.handle.net/10945/37158 Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications

Thomas J. Holt Michigan State University, USA

Bernadette H. Schell Laurentian University, Canada

InformatIon scIence reference Hershey • New York Director of Editorial Content: Kristin Klinger Director of Book Publications: Julia Mosemann Acquisitions Editor: Lindsay Johnston Development Editor: Joel Gamon Production Editor: Jamie Snavely Cover Design: Lisa Tosheff

Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: [email protected] Web site: http://www.igi-global.com

Copyright © 2011 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or com- panies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.

Library of Congress Cataloging-in-Publication Data

Corporate hacking and technology-driven crime : social dynamics and implications / Thomas J. Holt and Bernadette H. Schell, editors. p. cm. Includes bibliographical references and index. Summary: "This book addresses various aspects of hacking and technology- driven crime, including the ability to understand computer-based threats, identify and examine attack dynamics, and find solutions"--Provided by publisher. ISBN 978-1-61692-805-6 (hbk.) -- ISBN 978-1-61692-807-0 (ebook) 1. Computer crimes. 2. Computer hackers. I. Holt, Thomas J., 1978- II. Schell, Bernadette H. (Bernadette Hlubik), 1952- HV6773.C674 2011 364.16'8--dc22 2010016447

British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library.

All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not necessarily of the publisher. Section 4 Marco-System Issues Regarding Corporate and Government Hacking and Network Intrusions 170

Chapter 9 Cyber Conflict as an Emergent Social Phenomenon

Dorothy E. Denning Naval Postgraduate School, USA

ABSTRACT This chapter examines the emergence of social networks of non-state warriors launching cyber attacks for social and political reasons. It examines the origin and nature of these networks; their objectives, targets, tactics, and use of online forums; and their relationship, if any, to their governments. General concepts are illustrated with case studies drawn from operations by Strano Net, the Electronic Disturbance Theater, the Electrohippies, and other networks of cyber activists; electronic jihad as practiced by those affiliated with al-Qa’ida and the global jihadist movement associated with it; and operations bypatriotic hackers from China, Russia, and elsewhere.

INTRODUCTION needed to launch attacks. Their targets are electronic networks, computers, and data. Warfare is inherently social. Soldiers train and operate in units, fighting and dying for each other The Emergence of Cyber as much as for their countries. Cyber conflict is Conflict, or Hacking for Political also social, but whereas traditional warriors work and Social Objectives and socialize in physical settings, cyber warriors operate and relate primarily in virtual space. Although conflict appears throughout human his- They communicate electronically and meet in tory, its manifestation in cyberspace is a relatively online forums, where they coordinate operations recent phenomenon. After all, digital computers and distribute the software tools and knowledge did not appear until the 1940s, and computer networks until the 1960s. Attacks against computers and the data they held emerged in the late 1950s DOI: 10.4018/978-1-61692-805-6.ch009 and early 1960s, but they were perpetrated more

for money and revenge than as an instrument of The Purpose of This Chapter national and international conflict. Typical crimes included bank fraud, embezzlement, information This chapter examines the emergence of social theft, unauthorized use, and vandalism (Parker, networks of non-state warriors launching cyber 1976). Teenage hacking arrived on the scene in attacks for social and political reasons. These the 1970s, and then grew in the 1980s, as young networks support a variety of causes in such areas computer users pursued their desire to explore as human and animal rights, globalization, state networks, have fun, and earn bragging rights. By politics, and international affairs. This chapter the end of the decade, the single biggest attack examines the origin and nature of these networks; on the Internet was a computer worm launched their objectives, targets, tactics, and use of online by a college student simply as an experiment. forums. It also describes the relationship, if any, Within this mix of playful hacking and serious to their governments. computer crime, cyber conflict, or hacking for political and social objectives, emerged, taking root in the 1990s and then blossoming in the THE NATURE OF NON- 2000s. Now, it accounts for a substantial share of STATE NETWORKS all cyber attacks, as well as some of the highest profile attacks on the Internet, such as the ones Unlike states, non-state networks of cyber soldiers perpetrated by patriotic Russian hackers against typically operate without the constraints imposed Estonia in 2007 and Georgia in 2008. by rigid hierarchies of command and control, for- mal doctrine, or official rules and procedures. In- The Hacker Group Phenomenon stead, they operate in loosely-connected networks encouraging and facilitating independent action in From the outset, hackers and cyber criminals support of common objectives--what is sometimes have operated in groups. In his examination of characterized as “leaderless resistance.” early computer-related crime, Donn Parker found However, while the networks are decentralized, that about half of the cases involved collusion, they are not actually leaderless. A few individu- sometimes in groups of six or more (Parker, 1976, als, often already connected outside cyberspace p. 51). Youthful hackers met on hacker bulletin or from previous operations, effectively take boards and formed clubs, one of the earliest and charge, or at least get things started. They articu- most prestigious being the Legion of Doom (Den- late goals and strategy, plan and announce cyber ning, 1999, p. 49), while serious criminals formed attacks, encourage people to participate, and networks to traffic in cyber crime tools and booty, provide instructions and tools for participating. such as stolen credit cards. Today, there are perhaps They manage the online forums--websites, web tens or hundreds of thousands of social networks forums and groups, discussion boards, chat rooms/ engaging in cyber attacks. While many of these channels, email lists, and so forth--supporting networks were formed for fun or financial gain, network activities. They also develop or acquire others arose for the purpose of engaging in cyber the automated software tools used by the group. conflict. Individuals, often already connected Often, the tools themselves give the leaders some through hacker groups or other social networks, control over the conduct of cyber attacks (e.g., se- came together to hack for a cause. lection of targets and rate of attack), compensating for the lack of a hierarchical command structure over the network players.

171 Cyber Conflict as an Emergent Social Phenomenon

The net effect is that non-state cyber war- and political activism, is the broadest area; it can riors are able to mobilize and conduct attacks involve small groups of local activists or large on relatively short notice, unconstrained by the groups crossing international boundaries and com- need to follow time-consuming protocols or wait ing together over the Internet. Targets are typically for an approval process to move through a chain government institutions, including both national of command. Further, the networks can grow to and international bodies, but they also include include thousands of participants, as resources businesses and other non-state groups. Electronic are not needed to pay, train, or relocate individual jihad refers to cyber attacks conducted in support of warriors. Assuming adequate bandwidth, an online the terrorist group al-Qa’ida and the global jihadist forum that supports a small cyber army can just movement associated with it. Targets include both as easily support a large one. government and non-government entities across Online forums play a vital social role in the the globe, but especially in the United States and formation, growth, and operation of cyber conflict other Western countries. Patriotic hacking covers networks. Participants use the forums to acquire state-on-state conflict, but the perpetrators of the information, discuss issues, and get to know each cyber attacks are citizens and expatriates rather other. The forums foster a sense of group identity than governments. Targets are both government and community, while rhetoric on the forums and non-government entities in the opposing state. stirs up emotions, inspires action, and promotes a Although these three areas of conflict are dis- sense of “us vs. them.” Newcomers see that others cussed separately, they are not disjoint. Indeed, are engaged in, or planning to engage in, cyber hacktivism is often used to cover all non-state attacks—leading to the overarching perception social and political hacking, and hence could be that such activity is normative for the group. By considered as encompassing the other two areas. observing this collective behavior, they are more There are some areas of conflict not addressed easily influenced to set aside any personal reserva- in this chapter, most notably conflicts involving tions and go along with the group, especially if racists and extremists engaging in hate crimes and they can do so with little risk and exposure, hiding terrorism. However, electronic jihad exemplifies in the cyber crowd behind a veil of relative ano- this general area of conflict and how it plays out nymity. The forums also serve as a support base on a large scale across the Internet. Another area for operations, providing a means for distributing not covered is conflict at an individual level. cyber attack tools and information about how to Instead, the chapter focuses on conflicts relating use the tools and what targets to attack, as well to broader societal issues. as coordinating the attacks. Participants may be The following sections discuss each area of encouraged to compete for recognition or prizes, these three key areas in greater depth. For each based on who conducts the most attacks. type, motives, social networks, and activities are described, and case studies are used to illustrate general principles and historical developments. THIS CHAPTER’S FOCUS: The final section concludes and discusses impli- HACKTIVISM, ELECTRONIC JIHAD, cations for the future. AND PATRIOTIC HACKING

With this background in place, the chapter now examines three areas of cyber conflict: (1) hacktivism, (ii) electronic jihad, and (iii) patriotic hacking. Hacktivism, combining hacking with social

172 Cyber Conflict as an Emergent Social Phenomenon

HACKTIVISM Decency Act (CDA), a controversial law later ruled unconstitutional by the US Supreme Court. Defined Hackers replaced the US Department of Justice home page with a page that read “Department Hacktivism is the convergence of hacking with of Injustice” and included pornographic content activism. It arose when social activists with com- censored by the act (Attrition, 1996). Another early puter skills began hacking for a cause, usually defacement was performed by an international within networks of other activists. group of hackers opposed to nuclear weapons. Called Milw0rm, the group hacked the web site Cases of Hacktivism of India’s Bhabha Atomic Research Center shortly after India’s nuclear weapons tests in 1998, replac- In one of the earliest reported cases of hacktiv- ing the content with anti-nuclear messages and a ism, protestors unleashed a computer worm into picture of a mushroom cloud. The group of six the National Aeronautic and Space Administra- hackers, whose ages ranged from 15 to 19, hailed tion’s computer network as a means of protesting from four countries: the United States, England, the nuclear weapons. In addition to spreading, the Netherlands, and New Zealand (Denning, 2001). worm displayed the message “Worms Against Since then, web defacements have become Nuclear Killers. Your System Has Been Officially common, and while most are performed for fun WANKed. You talk of times of peace for all, and and bragging rights, many are motivated by social then prepare for war.” The attack took place in and political issues. Zone-h, which records and late 1989, while anti-nuclear activists protested archives web defacements, reported that of the NASA’s launch of the space shuttle carrying roughly 480,000 defacements recorded in 2007, the Galileo probe on its initial leg to Jupiter, as approximately 31,000 (6.5%) were performed Galileo’s booster system was fueled with radioac- for political reasons and another 28,000 (5.8%) tive plutonium. The protestors failed to stop the were performed as expressions of patriotism launch, but the worm took a month to eradicate (Zone-h, 2008). from NASA’s computers, costing the space agency Hacktivists have also “defaced” media other an estimated half million dollars in wasted time than the Web. In 2007, for example, an art group and resources (Denning, 1999, p. 281). called Ztohoven tampered with a TV broadcast in Cyber conflict took off with the introduction the Czech Republic, inserting a mushroom cloud of the Web in the 1990’s. Websites were not only in a landscape scene. A video clip of the trans- handy targets to attack, but also visible to the mission was posted to YouTube (Mutina, 2007). public, making the attacks themselves more visible. In addition, activists could use websites to Tactics Used by Hacktivists publicize forthcoming operations, distribute the tools and information needed to participate, and The tactic of protesting an organization by flooding coordinate the actual attacks. Two general types its website with traffic was pioneered by an inter- of attack emerged and became commonplace: national group of activists called Strano Network. (i) defacements of websites with political and On December 21, 1995, Strano Network organized social messages, and (ii) Denial-of-Service (DoS) a one-hour cyber attack against selected websites attacks--disrupting access to target websites, usu- associated with the French government. At the ap- ally by flooding them with traffic. pointed hour, participants from all over the world One of the first web defacements was per- were instructed to access the target websites and formed in 1996 to protest The Communications rapidly hit the “reload” key over and over to clog

173 Cyber Conflict as an Emergent Social Phenomenon

the sites with traffic. The objective of the DoS sponsored numerous other attacks, which they attack was to protest French government policies refer to as “virtual sit-ins,” to support a range of on nuclear and social issues by disrupting access issues, including the war in Iraq, health care, and to key government sites. Following the strike, a immigration. An attack conducted in collabora- posting on the Internet proclaimed it had been ef- tion with the borderlands Hacklab in March 2008 fective in shutting off access to some of the sites struck nanotech and biotech firms, because “their and drawing media attention. The message also science is driven by the war (in Iraq) and drives asserted that the strike showed “the existence of a the war” (EDT, 2008). world-wide movement able to counteract world- By 1999, the virtual sit-in had become a popular wide injustice; [and] the capacity to develop [such means of protest. That year, over 800 animal rights a] movement in a short time” (Denning, 1989, protestors used EDT’s FloodNet software against p.237; Schwartau, 1996, pp.406-408). websites in Sweden, while a British group calling A few years later, a New York group called itself the Electrohippies Collective developed its the Electronic Disturbance Theater (EDT) auto- own tools and sponsored a massive sit-in against mated Strano Network’s innovative method of the website of the World Trade Organization cyber attack so that participants would not have during their meeting in Seattle (which also gener- to continually hit the reload key to generate traf- ated street demonstrations). The Electrohippies fic. Instead, they could visit EDT’s website and estimated that over 452,000 people worldwide click on a button signaling their desire to join joined their three-day strike (Cassel, 2000). the protest. Upon doing so, a software program EDT’s innovation, which took the form of a named FloodNet would run on their computer website with attack software, allowed thousands and send a rapid and steady stream of packets of people to join a strike with very little effort. with web page requests to the target site. This is All they needed to do was visit EDT’s website sometimes called “HTTP flooding,” as the page and click a button. Mobilizing warriors had never requests are issued with the web’s HTTP protocol. been easier. But a later innovation, the “botnet,” Other Internet protocols have also been used to would give cyber warriors an even more power- flood websites, including ICMP through “ping” ful weapon. Instead of rounding up thousands of requests (“ping flooding”) and TCP through SYN volunteers, a single warrior could compromise and requests (“SYN flooding”). take over thousands of computers on the Internet. EDT began using their tools in 1998 to support This botnet, defined as a network of machines run- the Zapatistas in their struggle against the Mexican ning robot-like malicious software (bots), would government. Their first attack, conducted on April then be instructed to attack the target website in 10, targeted Mexican President Zedillo’s website, a robot-like fashion. The resulting attacks are while their second hit US President Clinton’s site often referred to as Distributed Denial-of-Service (because of US support to Mexico). Their third (DDoS) attacks, because of the distributed nature strike was more ambitious, simultaneously target- of the source of the attack. The term “swarming” ing the websites of President Zedillo, the Pentagon is also used to denote the swarm-like fashion in (because the US military helped train Mexican which multiple agents (bots or people) simultane- soldiers carrying out human rights abuses), and ously strike a common target (Arquilla & Ronfeldt, the Frankfurt Stock Exchange (because it repre- 2000). Most of the DoS attacks described in this sented globalization--which EDT claimed was chapter are of this nature. at the root of the problem). EDT estimated that The Electrohippies used their website to in- 10,000 people participated in the attacks (Den- troduce another innovation in networked collab- ning, 1999; Denning, 2001). Since then, EDT has oration--collective decision making. During an

174 Cyber Conflict as an Emergent Social Phenomenon

international week of protest against genetically- send out email messages filled with subversive modified foods in 2000, visitors to their website keywords such as “revolt,” causing the messages could vote on whether the final phases of the to be snagged by Echelon’s filters—thereby clog- campaign, which included a virtual sit-in, should ging the system with useless intercept data. Word go forward. When the final vote was only 42% spread around the Internet and generated media in favor, with 29% opposed and 29% undecided, attention. But when the day came, the Hacktiv- they cancelled the rest of the campaign. However, ism list, along with various political email lists, future actions did not include an opportunity to were the recipients of massive amounts of the vote, so the Electrohippies may have decided that nonsense email, leading the news service ZDNet they had yielded too much power to site visitors, to characterize it as a “spam farce” (Knight, 1999). likely including curious onlookers and persons associated with the target. The Church of Scientology: Key Cyber activists also use email as a means of Target for Cyber Activists attack. In 1997, for example, protestors bombarded the web-hosting company IGC with a flood of The Church of Scientology has been the target email (sometimes called “email bombing”), of cyber activists for years, often in response to demanding that IGC pull the site of the Euskal the Church’s efforts to censor leaked informa- Herria Journal on the grounds it supported the tion about itself. In January 2008, cyber activ- Spanish-based terrorist group ETA. The protestors ists stepped up their assaults, launching Project also clogged IGC’s website with bogus credit card Chanology to “expel the church from the Internet” orders. The effect of the attacks severely impacted and “save people from Scientology by reversing IGC’s ability to service other customers, lead- the brainwashing.” The project, growing to about ing them to give way to the protestors’ demands 9,000 people, used a DDoS attack to cripple the (Denning, 2001, p. 270). Scientology website for two weeks. It also pub- In what some intelligence authorities char- lished on the Web censored materials and personal acterized as the first known attack by terrorists information about Church leaders (Fritz, 2008). against a country’s computer systems, an offshoot The activists behind Project Chanology took of the Liberation Tigers of Tamil Eelam (LTTE) advantage of the Internet’s relative anonymity by claimed responsibility for “suicide email bomb- using Anonymous accounts. Other activists, most ings” against Sri Lankan embassies. Calling notably the founders of EDT and the Electrohip- themselves the Internet Black Tigers, the group pies, have operated in the open, revealing their true swamped Sri Lankan embassies with about 800 names and taking responsibility for their actions. emails a day over a two-week period in 1998. The However, whereas the relatively small leadership messages read, “We are the Internet Black Tigers of these groups have disclosed their identities and we’re doing this to disrupt your communica- and even spoken at conferences, the thousands tions” (Denning, 1999, p. 69). of participants in their cyber operations have not. During the early days of cyber activism in the late 1990s, someone created a Hacktivism The Role of Lycos Europe email list for persons interested in hacking and activism. Following discussions on the list about Another leadership core that revealed its identity “jamming up” the Echelon global surveillance was Lycos Europe, an email service provider system operated by the US, UK, Canada, Australia, launching a campaign against spammers in 2004. and New Zealand, October 21, 1999, was named Participants in the Make Love, Not Spam cam- Jam Echelon Day. On that day, activists were to paign installed a special screen saver generating

175 Cyber Conflict as an Emergent Social Phenomenon

a slow stream of traffic against websites used by the Pakistan Hackerz Club and Anti India Crew. spammers. The campaign claimed that 110,000 Collectively, the groups had already defaced hun- screensavers irritated 100,000 spam sites over a dreds of websites, often with political messages. one-month period (Make Love Not Spam, 2004). Although GForce expressed support for bin It also generated negative publicity, as critics ar- Laden, they distanced themselves from terror- gued the participants were essentially spamming ism. In an October 27, 2001, defacement of a US the spammers’ websites. military website, they proclaimed that they were “not a group of cyber terrorists.” Condemning the Cautionary Note attacks of September 11 and calling themselves “cyber crusaders,” they wrote, “ALL we ask for Although this section has focused on activists de- is PEACE for everyone.” This turned out to be ploying cyber attacks, it is important to emphasize one of their last recorded defacements. GForce that most activists do not engage in cyber attacks. Pakistan and all mention of the Al-Qaeda Alliance Rather, they use the Internet to publish information Online disappeared. about the issues, generate support, sponsor letter Other hackers, however, have emerged in writing campaigns and petitions, and coordinate their place, engaging in what is sometimes called non-cyber activities such as meetings, marches, “electronic jihad.” Jihadist forums are used to and street demonstrations. distribute manuals and tools for hacking and to promote and coordinate cyber attacks, including a DoS attack against the Vatican website (triggered ELECTRONIC JIHAD by Pope Benedict’s comments about the Prophet Mohammad)--which mainly fizzled, and an Defined “Electronic Battle of Guantanamo” attack against American stock exchanges and banks, canceled Electronic jihad refers to cyber attacks conducted because the banks had been notified (Alshech, on behalf of al-Qa’ida and the global jihadist 2007; Gross & McMillan, 2006). movement associated with it. This movement is The al-Jinan forum has played a particularly held together largely through the Internet. active role, distributing a software tool called Electronic Jihad, used by hackers to participate History of the Movement in DoS attacks against target websites deemed harmful to Islam. The forum even gives awards The first appearance of an al-Qa’ida-associated to the most effective participants, where the ob- hacker group occurred after the September 11, jective is to “inflict maximum human, financial 2001, terrorist attacks, when GForce Pakistan an- and morale damage on the enemy by using the nounced the formation of the Al-Qaeda Alliance Internet” (Bakier, 2007). Online on a U.S. government website it defaced The al-Farouq forum has also promoted on October 17, 2001. Declaring that “Osama bin electronic jihad, offering a hacker library with Laden is a holy fighter, and whatever he says information for disrupting and destroying enemy makes sense,” the group of Pakistani Muslim electronic resources. The library held keylogging hackers posted a list of demands and warned that software for capturing keystrokes and acquiring it planned to hit major U.S. military and British passwords on compromised computers, software websites (McWilliams, 2001b). A subsequent tools for hiding or misrepresenting the hacker’s message from the group announced that two other Internet address, and disk and system utilities for Pakistani hacking groups had joined the alliance: erasing hard disks and incapacitating Windows-

176 Cyber Conflict as an Emergent Social Phenomenon

based systems. Postings on the forum in 2005 Triggering Events for called for heightened electronic attacks against Electronic Jihad US and allied government websites (Pool, 2005a). On another jihadist forum, a posting in October, Electronic jihad, like other acts of cyber protest, 2008, invited youths to participate in an ‘electronic is often triggered by particular events. Publica- jihadist campaign’ against US military systems tion of the Danish cartoons satirizing the Prophet by joining the Tariq Bin-Ziyad Brigades. The Mohammad, for example, sparked a rash of cyber recently-formed group was looking to increase its attacks as violence erupted on the streets in early ranks so it could be more effective (OSC, 2008). 2006. By late February, Zone-h had recorded In a February, 2006, report, the Jamestown almost 3,000 attacks against Danish websites. Foundation reported that “most radical jihadi fo- In addition, the al-Ghorabaa site coordinated a rums devote an entire section to [hacker warfare].” 24-hour cyber attack against Jyllands-Posten, The al-Ghorabaa site, for example, contained the newspaper that first published the cartoons, information on penetrating computer devices and and other newspaper sites (Ulph, 2006). A video intranet servers, stealing passwords, and security. purporting to document a DoS attack against the It also contained an encyclopedia on hacking web- Jyllands-Posten website was later released on the sites and a 344-page book on hacking techniques, jihadist site 3asfh.com. The video was in the style including a step-by-step guide for “terminating of jihadist videos coming out of Iraq, showing that pornographic sites and those intended for the Jews the hackers were emulating the publicity tactics of and their supporters” (Ulph, 2006). The forum violent jihadists (Internet Haganah, 2006). Minbar ahl al-Sunna wal-Jama’a (The Pulpit of Jihadists often target websites used to actively the People of the Sunna) offered a hacking manual oppose them. For example, a message posted to a said to be written in a pedagogical style and dis- Yahoo! group attempted to recruit 600 Muslims cussed motives and incentives for computer-based for jihad cyber attacks against Internet Haganah’s attacks, including political, strategic, economic, website. The motive was retaliation against In- and individual. The manual discussed three types ternet Haganah’s efforts to close down terrorist- of attack: (i) direct intrusions into corporate and related websites by reporting them to their service government networks, (ii) infiltration of personal providers. Muslim hackers were asked to register computers to steal personal information, and (iii) to a Yahoo! group called Jehad-Op (Reynalds, interception of sensitive information, such as credit 2004). According to the Anti-Terrorism Coalition card numbers in transit (Pool, 2005b). (ATC), the jihad was organized by a group named Younis Tsoulis, who went by the codename Osama Bin Laden (OBL) Crew, also threatening Irhabi (Terrorist) 007, also promoted hacking, attacks against the ATC website (ATC, 2004). publishing a 74-page manual “The Encyclopedia The use of electronic jihad to support al-Qa’ida of Hacking the Zionist and Crusader Websites” is explicitly promoted in a book by Mohammad with hacking instructions and a list of vulnerable Bin Ahmad As-Sālim titled 39 Ways to Serve websites on a website he managed (Jamestown, and Participate in Jihâd. Initially published on 2008). Tsoulis was later arrested and sentenced al-Qa’ida’s al-Farouq website in 2003 (Leyden, to ten years in prison for inciting terrorist murder 2003), principle 34 in the book discusses two forms on the Internet. of “electronic Jihâd:” (i) discussion boards (for media operations) and (ii) hacking methods, about which the book writes: “this is truly deserving of the term ‘electronic Jihâd,’ since the term carries the meaning of force; to strike and to attack. So,

177 Cyber Conflict as an Emergent Social Phenomenon

whoever is given knowledge in this field, then he PATRIOTIC HACKING should not be stingy with it in regards to using it to serve the Jihâd. He should concentrate his Defined efforts on destroying any American websites, as well as any sites that are anti-Jihâd and Mujâhidîn, Patriotic or nationalistic hacking refers to networks Jewish websites, modernist and secular websites” of citizens and expatriates engaging in cyber at- (As-Sālim, 2003). tacks to defend their mother country or country of ethnic origin. Typically, patriotic networks attack The Value of Inflicting Harm the websites and email accounts of countries whose actions have threatened or harmed the interests Al-Qa’ida has long recognized the value of in- of their mother country. flicting economic harm on the United States, and The cyber attacks against Estonia in 2007, for electronic jihad is seen as a tool for doing so. After example, were triggered by the physical reloca- the Electronic Battle of Gauntanomo was canceled, tion of a Soviet-era war memorial, while those a message posted on an Islamist website stated against Georgia in 2008 accompanied a military how “disabling [sensitive economic American confrontation with Russia. Cyberspace provides websites] for a few days or even for a few hours a venue whereby patriotic hackers can vent their … will cause millions of dollars worth of damage” outrage with little effort and little risk. They can (Alshech, 2007). A message on al-Jinan noted be armchair warriors, safe behind their computers. that hacking methods could “inflict the greatest Through their online social networks, they become [possible] financial damage” on their enemies. part of a cyber force larger than themselves—a According to Fouad Husseing, economically- force with greater impact than they could have damaging cyber attacks are part of al-Qa’ida’s alone, and one that provides cover for their in- long-term war against the United States. In his dividual acts. book, al-Zarqawi-al-Qaeda’s Second Generation, Husseing describes al-Qa’ida’s seven-phase war as History of Patriotic Hackers revealed through interviews of the organization’s top lieutenants. Phase 4, scheduled for the period Chinese hackers were among the first to form social 2010-2013, includes conducting cyberterrorism networks of patriotic hackers. Beginning with the against the U.S. economy (Hall, 2005). 1998 riots in Jakarta, Indonesia, when Indonesians Although damages from cyber attacks attrib- committed atrocities against the Chinese living uted to al-Qa’ida and associated hackers so far among them, a loose network of Chinese hackers has been minor compared to the damages from came together under a nationalistic banner. The al-Qa’ida’s violent acts of terror, Husseing’s book network, which Scott Henderson (2007) calls the and other writings suggest that al-Qa’ida may Red Hacker Alliance, and others have called the be thinking bigger. A posting in a jihadist forum Honker Union of China, was formed from such advocated attacking all the computer networks hacking groups as the Green Army and China around the world, including military and telecom- Eagle Union. After gathering on Internet Relay munication networks, in order to ‘bring about the Chat (IRC) channels to set a course of action total collapse of the West’ (Alshech, 2007). Of against Indonesia, the hackers formed the Chi- course, the idea of shutting down every single nese Hacker Emergency Conference Center and network is utter fantasy, so vision by itself does launched coordinated cyber attacks, including web not translate into a threat. defacements and DoS attacks against Indonesian

178 Cyber Conflict as an Emergent Social Phenomenon

websites and government email boxes (Henderson, By the time the 2001 spy plane incident had 2007, pp. 9-12). died down, the Red Hacker Alliance had grown According to Henderson (2007, p. 13), the to an estimated 50,000 to 60,000 members. But Indonesian cyber attacks served as both the recruit- most of the members knew little about computer ing and training grounds for the alliance’s next networks and hacking. The attacks were charac- mission: attacks against US websites in retaliation terized as a “chicken-scratch game of a group of for the accidental bombing of the Chinese Embassy children,” “a farcical ‘patriotic show’,” and the in Belgrade during the 1999 Kosovo conflict. work of “Red Hackers who were totally clueless The Red Hacker Alliance published a manifesto in terms of technology” (Henderson, 2007, pp. expressing its patriotic mission and including 44-45). quotes from Mao Zedong, such as “The country A network of patriotic US hackers also emerged is our country; the people are our people; if we over the spy plane incident. According to iDefense don’t cry out, who will? If we don’t do something, (2001b, p. 40), a coalition of hackers calling itself who will?” (Henderson, 2007, p. 14) Project China formed and began defacing Chinese Following the embassy-related attacks, the websites on May 1, 2001. The alliance was formed Red Hacker Alliance engaged in a series of cyber from several prominent hacking groups, including attacks against foreign countries. These included Hackweiser and World of Hell. attacks against Taiwan in 1999, following Taiwan- After the September 11, 2001, terrorist at- ese President Li Deng-Hui’s advocacy for a “two- tacks and invasion of Afghanistan, the network state-theory,” and then in 2000, in conjunction with of US hackers regrouped to avenge the attacks. the Taiwanese elections. Attacks were also aimed Now called the Dispatchers, the patriotic hackers at Japan in 2000, relating to Japan’s handling of defaced several hundred websites associated with events concerning the Nanjing Massacre during governments in the Middle East and Palestinian WWII; in 2004, attacks were related to the disputed Internet service providers, and planned to hit Diaoyu Islands; and in 2001, attacks were related targets in Afghanistan. Founded by Hackah Jak, a to the US, following the collision of a US EP-3 21-year-old security expert from Ohio and former reconnaissance plane with a Chinese F-8 fighter member of Hackweiser and Project China, the jet in late April, 2001, resulting in the fighter pi- group of 60 hackers included members of World lot’s death and China’s detaining the US aircrew of Hell and even some non-US hackers (Graham, after an emergency landing (Henderson, 2007). 2001; Peterson, 2001). The group seemed to qui- Most of the attacks became two-sided cyber etly disappear, however, following appeals from skirmishes, with hackers from both sides attacking industry leaders to refrain from hacking and the targets associated with the other. Indeed, the 2001 group’s defacement of a website belonging to a strikes against the US may have been triggered company having offices in the World Trade Center as much by defacements of Chinese web sites in (WTC) and losing employees on September 11, April, 2001, by a hacker perceived to be from the 2001 (Graham, 2001). US--as by the spy plane incident itself. All in all, Another group of hackers going by the name the incidents looked more like the acts of youthful “Young Intelligent Hackers Against Terrorism” hackers showing off their skills and expressing (YIHAT) also surfaced after the September 11, outrage than state-sponsored activity. Indeed, in 2001, attacks. Their objective was to disrupt al- 2002, the Chinese government asked their hackers Qa’ida’s financial resources. However, claims to refrain from further attacks, as the anniversary that the group had penetrated bank accounts of the 2001 attacks drew near (Hess, 2002). associated with Osama bin Laden and al-Qa’ida were unsubstantiated, and the group’s website

179 Cyber Conflict as an Emergent Social Phenomenon

disappeared following cyber skirmishes with other faced each other’s websites and launched DoS hacking groups, most notably GForce Pakistan, attacks. the group of Pakistani hackers mentioned earlier By January 2001, over 40 hacker groups/ in conjunction with their post September 11, 2001, individuals from 23 countries had hit the web- web defacements and announcement of the Al Qa- sites of eight governments, as well as numerous eda Alliance Online (McWilliams, 2001a, 2001c). commercial sites, according to iDefense (2001a). Both GForce and PHC joined the loosely-formed The Lack of U.S. Patriotic network of Muslim hackers defacing Israeli sites. Hackers Post-2001 One defacement read: “GForce Declares a War against Israel?…. Ok, GForce Pakistan is back. We Since 2001, the United States has not seen a large really planned not to come back to the defacing and active network of patriotic hackers, perhaps scene again, but once again our Muslim brothers because there has not been an international conflict needed us” (iDefense, 2001a). or incident that has seriously threatened the US, or perhaps because Americans are simply not as A Cautionary Note nationalistic as the Chinese are. During the Iraq war (began in 2003), most of the cyber attacks It is important to note that the cyber intifada illus- originated with social activists and foreign hackers trates that there is no hard line between electronic from China and elsewhere opposed to the war; jihad and patriotic hacking. The attacks can be however, there were not patriotic US hackers viewed both as electronic jihad by Muslim hackers supporting it. against Israel and as patriotic hacking by Israeli and Palestinian hackers (and their external sup- The Emergence of Patriotic porters) against each other. In addition, there is Hackers in Other Countries no hard line between jihadist and patriotic hacker networks. Groups such as GForce and PHC have Patriotic hackers have emerged in other countries used their skills to support the jihad as well as and regions, however. Pakistani and Indian hackers their own countries and other Muslim countries have been defacing each other’s websites since and territories. the late 1990s over Kashmir and, more recently, Following the 2000 cyber intifada, hack- in 2008 over the Mumbai terrorist attacks. In the ers aligned with Israel or the Palestinians have early days, the Pakistan Hackerz Club (PHC), engaged in repeated cyber skirmishes, often in one of the other groups forming the Al Qaeda conjunction with incidents taking place on the Alliance Online, was among the most prolific ground. Within 48 hours of Israel’s bombing of web defacement groups worldwide (Christen- Gaza in December, 2008, more than 300 Israeli son, 1999). Armenian and Azerbaijani hackers websites had been defaced with anti-Israel (and similarly went after each other’s websites in 2000 anti-US) messages (Higgins, 2008). The hackers over the fighting in Nagorno-Karabakh, an ethnic came from several countries, including Morocco, Armenian enclave in Azerbaijan (Williams, 2000). Syria, and Iran. Team Evil, a group of Moroccan Israeli and Palestinian/Muslim hackers hackers with a history of attacking Israeli web- launched cyber attacks after the second intifada, sites, took over an Israeli domain name server or uprising, erupted in the Palestinian territories and redirected Ynet’s English news site and other in late September, 2000, following a visit by Ariel websites to phony web pages condemning the Sharon to the Temple Mount and the murder of Israeli strikes (Paz, 2009). For their part, an Israeli three Israeli soldiers. Hackers on both sides de- alliance called “Help Israel Win” developed and

180 Cyber Conflict as an Emergent Social Phenomenon

distributed a software tool for conducting DDoS network based in St. Petersburg, Russia (Georgia attacks against Hamas-friendly sites like qud- Update, 2008). snews.net and Palestine-info.info. According to the group, more than 8,000 people had downloaded Psychological Analysis and Other and installed the Patriot software. With websites Reasons for Patriotic Hacking in Hebrew, English, Spanish, French, Russian and Portugese, the alliance claims to unite “the Rosanna Guadagno, Robert Cialdini, and Gadi computer capabilities of many people around the Evron (2009) offer an interesting social- psycho- world” (Shachtman, 2009). logical analysis of the Estonian conflict. They The cyber attacks against Estonia in April/May, posit that several factors contributed to the assault, 2007, and in Georgia in August, 2008, put Russian including: (i) the loss of status of Estonia’s ethnic hackers on the front page of news sites. However, Russian minority, following the collapse of the patriotic Russians have engaged in cyber attacks Soviet Union and Estonia gaining independence; since at least 1999, when the Russian Hackers (ii) the anonymity and resulting sense of deper- Union defaced a US military website during the sonalization coming from online interaction; (iii) Kosovo war with anti-NATO messages. But with group membership and adherence to group norms; the Estonian attacks, the level of activity dramati- and (iv) rapid contagion through online forums. cally increased. Just before the 2008 Georgian Because most Russian-language Internet users cyber assault, Russian hackers attacked Lithuanian were participating in or endorsing the attacks, such websites to protest a new law banning the display behavior became normative and quickly spread. of Soviet emblems. They also issued a manifesto Despite the ability of non-state actors to in- called “Hackers United Against External Threats flict considerable damage in cyberspace, many to Russia,” calling for a expansion of targets to analysts see a government hand in nationalistic include Ukraine, the rest of the Baltic states, and cyber attacks, for example, attributing the at- “flagrant” Western nations supporting the expan- tacks against Estonia and Georgia to the Russian sion of NATO (Krebs, 2008). Then, in January, government. Stephen Blank (2008) of the US 2009, the Russian hackers knocked Kyrgyzstan Army War College, for example, writes that “the off the Internet (Keizer, 2009). computer attacks … and the other steps taken by The Estonian and Georgian cyber assaults Moscow against Estonia were acts sanctioned by leveraged large social networks, as well as huge high policy and reflected a coordinated strategy botnets of compromised computers scattered all devised in advance of the removal of the Bronze over the world, mostly for DoS and DDoS attacks Soldier from its original pedestal.” (Davis, 2007; Naraine & Danchev, 2008). Postings At the same time, there are good reasons to on Russian-language forums exhorted readers to believe that the attacks were primarily, if not defend the motherland and provided attack scripts entirely, the work of non-state actors. First, some to follow and target websites. The scripts, flooding of the attacks have been traced to independent targets with network traffic, allowed participants persons and to websites operated and frequented to join a loose network of cyber warriors knowing by independent persons. Second, non-state actors little or nothing about hacking. During the Geor- are capable of pulling off large-scale attacks such gian attacks, the Russian website stopgeorgia.ru as these on their own. They do not need govern- offered several DoS tools and a list of 36 targets. ment resources, including funding. The attacks are According to one report, the site traced back to the cheap, and hackers outside the government have Russian Business Network (RBN), a cybercrime the tools and knowledge to launch them. Third, while the tactics used—including web deface-

181 Cyber Conflict as an Emergent Social Phenomenon

ments, web flooding, and botnets of compromised own initiative and not under the direction of the computer—are regularly used by non-state actors, Russian government (Clover, 2009). there are good reasons why states would not At least so far, non-state actors appear to engage in such attacks. They typically violate be responsible for most cyber conflict, taking domestic crime statutes and cause considerable advantage of this new medium to conduct rapid, collateral damage, thereby, also violating law of large-scale attacks at low cost. war principles, such as necessity and proportion- ality. Fourth, states have other means of dealing with conflict; for example, diplomacy, sanctions, CONCLUSION and military operations. Cyber attacks might be deployed as part of military operations, but they Cyber conflict, at least so far, is predominantly would more likely be precision strikes against a non-state activity. Networks of civilian cyber military targets used for command and control, warriors come together to hack for a cause. Typi- reconnaissance, and communications rather than cally, the networks center around social activism mass attacks against civilian websites. However, (hacktivism), jihad (electronic jihad), or nation- it is possible that the Russian government played alism (patriotic hacking). Tools and tactics are some role in the attacks, for example, by encour- adopted from those used by other hackers, while aging or condoning them. online forums provide the principal means of Even when attacks can be traced to government organization and support. computers, it would be presumptuous to conclude Although cyber attacks launched by non-state that they were launched by the state. The computers networks have been highly disruptive, they have may have been compromised by hackers of any not been lethal or even destructive. Nobody nationality. Even if individuals within the govern- has died, and following an attack, services and ment were responsible for the attacks, they may data are restored. The attacks look more like the have been operating on their own, not as agents cyber-equivalent of street demonstrations than of their government or under direction from their terrorism or warfare, though even street protests government. About 7.4% of the participants in a sometimes become destructive and deadly. When cyber attack against the Mexican Embassy’s Lon- Estonia relocated its memorial, for example, riots don website in June, 1999, for example, apparently broke out not only in cyberspace, but also on the had “.mil” addresses; that is, addresses assigned streets, the latter leading to one death and 150 to the US Department of Defense. However, the injuries (Fritz, 2008, p. 33). Similarly, the street attacks were not conducted by the Department of violence that erupted over the Danish cartoons Defence. They were conducted by the Electronic left 139 dead and 823 injured (Cartoon, 2006). Disturbance Theater (discussed earlier), having a However, even if cyber conflict has not been history of attacking the websites of the US and particularly destructive, some of the attacks have Mexican governments, including the Department inflicted substantial financial costs on their targets, of Defence websites. The “.mil” participants likely owing to the disruption of services and the need visited the EDT website used to generate the at- to devote resources to defense and recovery. One tacks, becoming unwitting participants. Estonian bank targeted during the cyber assault One participant in the Estonian attacks, was said to have lost at least $1 million (Landler Konstantin Goloskokov, was a commissar of the & Markoff, 2007). pro-Kremlin youth movement Nashi, but he said Whether cyber conflict will evolve to some- that he and a few friends had operated on their thing more destructive is difficult to predict. Clearly, some jihadists would like to cause greater

182 Cyber Conflict as an Emergent Social Phenomenon

harm, though they currently lack the knowledge As-Sālim, M. (2003) 39 Ways to serve and par- and skills to do so. Other non-state actors may ticipate in jihâd. Retrieved June 30, 2008, from also turn to more destructive cyber attacks, just http://tibyan.wordpress.com/2007/08/24/39- as they turn to terrorism, insurgency, and other ways-to-serve-and-participate-in-jihad/. forms of physical violence. ATC. (2004). ATC’s OBL crew investigation. Many critical infrastructures are vulnerable Anti-TerrorismCoalition. to cyber attacks that could be quite destructive, even deadly. Already, cyber attacks have caused Attrition. (1996). Attrition mirror. Retrieved 1996 raw sewage overflows, disabled emergency 911 from http://attrition.org/mirror/attrition/1996. services, and disrupted health care in hospitals. In html#dec addition, security researchers have demonstrated Bakier, A. H. (2007). Forum users improve elec- how cyber attacks could physically destroy electri- tronic jihad technology. Retrieved June 27, 2007, cal power generators (Meserve, 2007). Thus, in the from http://www.jamestown.org/single/?no_ presence of both motivated actors and vulnerable cache=1&tx_ttnews%5Btt_news%5D=4256 systems, cyber terrorism could morph from the largely theoretical threat it is today to something Blank, S. (2008). Web war I: Is Europe’s first infor- all too real. mation war a new kind of war? Comparative Strate- Still, most activists are more interested in gy, 27, 227–247. doi:10.1080/01495930802185312 raising awareness about an issue and pressing Cartoon. (2006). Cartoon body count. Retrieved for change rather than inflicting serious harm. April 21, 2009, from http://web.archive.org/ For them, cyber conflict will retain its character- web/20060326071135/http://www.cartoonbody- istic of being primarily disruptive. Exact tactics, count.com/ however, will change as technology evolves and hacking along with it. Cassell, D. (2000). Hacktivism in the cyberstreets. Retrieved May 30, 2000, from http://www.alternet. org/story/9223 REFERENCES Clover, C. (2009). Kremlin-backed group be- Almeida, M. (2008). Statistics report 2005-2007, hind Estonia cyber blitz. Financial Times (North March 5, 2008. Retrieved March 18, 2008, from American Edition), (March): 11. www.zone-h.org CSI. (1998). Email attack on Sri Lanka computers. Alshech, E. (2007). Cyberspace as a combat zone: Computer Security Alert, 183, 8. The phenomenon of electronic jihad. MEMRI In- Davis, J. (2007). Web war one. Retrieved Septem- quiry and Analysis Series, 329. The Middle East ber, 2007, from http://www.wired.com/images/ Media Research Institute, February 7. press/pdf/webwarone.pdf Arguilla, J., & Ronfeldt, D. (1993). Cyberwar Denning, D. E. (1999). Information warfare and is coming! Comparative Strategy, 12, 141–165. security. Reading, MA: Addison-Wesley. doi:10.1080/01495939308402915 Denning, D. E. (2001). Activism, hacktivism, Arquilla, J., & Ronfeldt, D. (2000). Swarming & and cyberterrorism . In Arquilla, J., & Ronfeldt, the future of conflict. Santa Monica, CA: RAND. D. (Eds.), Networks and netwars (pp. 239–288). Santa Monica, CA: RAND.

183 Cyber Conflict as an Emergent Social Phenomenon

Drogin, B. (1999). Russians seem to be hack- Hess, P. (2002). China prevented repeat cyber ing into Pentagon. Retrieved October 7, 1999, attack on US. Retrieved October 29, 2002, from from http://www.sfgate.com/cgi-bin/article. http://seclists.org/isn/2002/Oct/121 cgi?f=/c/a/1999/10/07/MN58558.DTL Higgins, K. J. (2008). Hundreds of Israeli EDT. (2008). EDT. Retrieved December 17, 2008, websites hacked in ‘propaganda war.’ Re- from http://www.thing.net/~rdom/ecd/ecd.html trieved December 31, 2008, from http://www. darkreading.com/security/attacks/showArticle. Electrohippies (2009). The electrohippies call jhtml?articleID=212700313 on people around the globe to celebrate World Intellectual Privateers Day 2009. Retrieved April iDefense. (2001a). Israeli-Palestinian cyber con- 13, 2009, from http://www.fraw.org.uk/ehippies flict. Fairfax, VA: Intelligence Services Report. Fritz, J. (2008). How China will use cyber warfare iDefense. (2001b). US-China cyber skirmish of to leapfrog in military competitiveness. Culture April-May 2001. Fairfax, VA: Intelligence Opera- Mandala, 8(1), 28-80. Retrieved 2008 from http:// tions Whitepaper. epublications.bond.edu.au/cm/vol8/iss1/2/ Internet Haganah. (2006). How the brothers at- Georgia Update. (2008). Russian invasion of tacked the website of Jyllands-Posten. February 7. Georgia. Retrieved October 9, 2008, from www. Retrieved October 21, 2008, from http://internet- georgiaupdate.gov.ge haganah.com/harchives/005456.html Graham, J. (2001). Hackers strike Middle Eastern Jamestown. (2008). Hacking manual by jailed sites. Retrieved September 26, 2001, from http:// jihadi appears on web. Retrieved March 5, 2008, www.usatoday.com/tech/news/2001/09/19/hack- from http://www.jamestown.org/programs/gta/ attack-launched.htm single/?tx_ttnews%5Btt_news%5D=4763&tx_ ttnews%5BbackPid%5D=246&no_cache=1 Gross, G., & McMillan, R. (2006). Al-Qaeda ‘Battle of Guantanamo’ cyberattack a no-show. Retrieved Keizer, G. (2009). Russian ‘cybermilitia’ knocks December 1, 2006, from http://hostera.ridne.net/ Kyrgyzstan offline. Retrieved January 28, 2009, suspended.page/?currtag=12&currletter=2 from http://www.computerworld.com/s/article/9126947/Russian_cybermilitia_knocks_Kyr- Guadagno, R. E., Cialdini, R. B., & Evron, G. gyzstan_offline (2009). (in press). What about Estonia? A social psychological analysis of the first Internet war. Knight, W. (1999). Jam Echelon day de- Cyberpsychology & Behavior. scends into spam farce. Retrieved October 22, 1999, from http://news.zdnet.co.uk/emerging- Hall, A. (2005). Al-Qaeda chiefs reveal world tech/0,1000000183,2074601,00.htm domination design. Retrieved August 24, 2005, from http://www.theage.com.au/news/war-on- Krebs, B. (2008). Lithuania weathers cyber at- terror/alqaeda-chiefs-reveal-world-domination- tack, braces for round 2. Retrieved July 29, 2008, design/2005/08/23/1124562861654.html from http://voices.washingtonpost.com/security- fix/2008/07/lithuania_weathers_cyber_attac_1. Henderson, S. J. (2007). The dark visitor: Inside html the world of Chinese hackers. Fort Leavenworth, KS: Foreign Military Studies Office.

184 Cyber Conflict as an Emergent Social Phenomenon

Landler, M., & Markoff, J. (2007). Digital OSC. (2008). Jihadist forum invites youths to fears emerge after data siege in Estonia. Re- join ‘electronic jihadist campaign.’ Open Source trievedMay29, 2007, from http://www.nytimes. Center, October 6, 2008. com/2007/05/29/technology/29estonia.html Parker, D. B. (1976). Crime by computer. New Leyden, J. (2003). Al-Qaeda: The 39 principles York: Scribner. of holy war. Retrieved September 4, 2003, from Paz, S. (2009). Anti-Israel group wreaks havoc http://www.israelnewsagency.com/Al-Qaeda. with Israeli web sites. Retrieved January 4, 2009, html from http://www.jpost.com/servlet/Satellite?cid Make Love Not Spam. (2004). Make Love Not =1230733155647&pagename=JPArticle%2FS Spam. Retrieved April 3, 2009, from http://www. howFull makelovenotspam.com/ Peterson, S. (2001). Crackers prepare retalia- McWilliams, B. (2001a). Anti-terror hackers tion for terrorist attack. Retrieved December 22, seek government blessing. Retrieved October 17, 2009, from http://www.gyre.org/news/explore/ 2001, from http://www.infowar.com/hacker/01/ hacktivism?page=1 hack_101701b_j.shtml Pool, J. (2005a). New web forum postings call McWilliams, B. (2001b). Pakistani hackers for intensified electronic jihad against gov- deface US site with ultimatum. Retrieved Oc- ernment websites. Retrieved December 22, tober 17, 2001, from http://lists.jammed.com/ 2009, from http://www.itac-ciem.gc.ca/pblctns/ ISN/2001/10/0158.html tc_prsnts/2006-2-eng.asp McWilliams, B. (2001c). Pro-USA hackers Pool, J. (2005b). Technology and security discus- target Pakistani defacement group. Retrieved sions on the jihadist forums. Retrieved December December 22, 2009, from http://faculty.vassar. 22, 2009, from http://www.comw.org/tct/terror- edu/lenevare/91101/ infowar.html Meserve, J. (2007). Staged cyber attack reveals Reynalds, J. (2004). Internet ‘terrorist’ using vulnerability in power grid. Retrieved April 22, Yahoo to recruit 600 Muslims for hack attack. 2009, from http://www.cnn.com/2007/US/09/26/ Retrieved October 21, 2008, from http://www. power.at.risk/index.html mensnewsdaily.com/archive/r/reynalds/04/rey- nalds022804.htm Mutina, B. (2007). Hacking incident goes on Czech TV. Retrieved June 19, 2007, to www.zone-h.org Schachtman, N. (2009). Wage cyberwar against Hamas, surrender your PC. Retrieved January Naraine, R., & Danchev, D. (2008). Zero Day: 8, 2009, from http://www.wired.com/danger- Coordinated Russia vs Georgia cyber attack in room/2009/01/israel-dns-hack/ progress. Retrieved August 11, 2008, from http:// blogs.zdnet.com/security/?p=1670 Schwartau, W. (1996). Information warfare (2nd ed.). New York: Thunder’s Mouth Press. Onley, D. S., & Wait, P. (2006). Red storm rising. Retrieved August 21, 2006, from http://www.gcn. Ulph, S. (2006). Internet mujahideen refine elec- com/Articles/2006/08/17/Red-storm-rising.aspx tronic warfare tactics. Retrieved December 22, 2009, from http://www.jamestown.org/programs/ gta/single/?tx_ttnews%5Btt_news%5D=666&tx_ ttnews%5BbackPid%5D=239&no_cache=1

185 Cyber Conflict as an Emergent Social Phenomenon

Vatis, M. (2001). Cyber terrorism and information William, S. (2000). Armenian and Azerbaijani warfare: Government perspectives . In Alexander, hackers wage war on Internet. Retrieved Feb- Y., & Swetnam, M. S. (Eds.), Cyber terrorism ruary 17, 2000, from http://www.hrea.org/lists/ and information warfare. Ardsley: Transnational huridocs-tech/markup/msg00417.html Publishers, Inc.

186