DOCSLIB.ORG

Cyber Attack Campaigns in Political Conflicts

Cyber Attack Campaigns in Political Conflicts

CYBER ATTACK CAMPAIGNS IN POLITI- CAL CONFLICTS A case study of Anonymous hacktivists’ campaign against ISIS Master´s Thesis in Information Systems Science Author: Otto Sulin Supervisor: Jonna Järveläinen 16.02.2018 Turku Turun kauppakorkeakoulu • Turku School of Economics Turun yliopiston laatujärjestelmän mukaisesti tämän julkaisun alkuperäisyys on tar- kastettu Turnitin OriginalityCheck -järjestelmällä. The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service. Table of Contents 1 INTRODUCTION ................................................................................................... 9 1.1 Internet, the new frontier of conflicts ............................................................. 9 1.2 Scientific motivation for this study .............................................................. 10 1.3 General overview of the study ..................................................................... 11 2 POLITICAL CONFLICTS AND WARFARE IN THE CYBERSPACE ............. 13 2.1 Conflicts in the Cyberspace.......................................................................... 13 2.1.1 Perspectives on different types of conflicts ..................................... 13 2.1.2 Analyzing conflicts .......................................................................... 14 2.2 Evaluation of existing cyber conflict models ............................................... 16 2.2.1 Cyber Early Warning Model ............................................................ 16 2.2.2 Ventre’s model ................................................................................. 17 2.2.3 Discussion on evaluated models ...................................................... 18 2.3 Actors in Cyber Conflicts ............................................................................. 19 2.3.1 Non-state actors ............................................................................... 19 2.3.2 State actors ....................................................................................... 22 2.4 Cyber warfare and terrorism in political conflicts ....................................... 23 2.4.1 Defining cyber warfare .................................................................... 23 2.4.2 Definition of cyber warfare .............................................................. 24 2.4.3 Legal status of cyber warfare and attacks ........................................ 25 2.4.4 Cyber terrorism from legal perspective ........................................... 28 3 CYBER ATTACK OPERATIONS ....................................................................... 29 3.1 Cyber Operations Models............................................................................. 29 3.2 Synthesis of the chosen models .................................................................... 31 4 METHODOLOGY ................................................................................................ 34 4.1 Introduction .................................................................................................. 34 4.2 Methods of qualitative analysis .................................................................... 35 4.3 Material gathering and sampling .................................................................. 38 4.3.1 Material gathering methods ............................................................. 38 4.3.2 Sampling .......................................................................................... 39 5 STUDY FINDINGS .............................................................................................. 41 5.1 Introduction .................................................................................................. 41 5.2 On actors and their status ............................................................................. 41 5.2.1 Anonymous ...................................................................................... 41 GhostSec ...................................................................................................... 44 Ghost Security Group ................................................................................... 45 5.2.2 ISIS .................................................................................................. 46 5.2.3 A summary of the key facts regarding Anonymous and ISIS ......... 48 5.3 Latent tensions ............................................................................................. 50 5.4 Initiating events ............................................................................................ 52 5.4.1 Paris attacks ..................................................................................... 52 5.4.2 Anonymous’ reaction to the attacks ................................................. 53 5.4.3 Anonymous’ goals and target selection ........................................... 54 5.5 Cyber reconnaissance ................................................................................... 56 5.5.1 Footprinting and system reconnaissance ......................................... 58 5.5.2 Target listing .................................................................................... 60 5.5.3 Identifying vulnerabilities ................................................................ 62 5.6 Cyber mobilization ....................................................................................... 63 5.6.1 Methods of mobilization .................................................................. 63 5.6.2 Attack planning ................................................................................ 64 5.6.3 Resource preparations ...................................................................... 65 5.6.4 Testing the plan ................................................................................ 67 5.7 Cyber attack ................................................................................................. 67 5.7.1 Distributing the plan ........................................................................ 67 5.7.2 Rehearsing ....................................................................................... 68 5.7.3 Penetrate & control .......................................................................... 68 5.7.4 Violate systems ................................................................................ 69 5.7.5 Lessons learned ................................................................................ 70 6 CONCLUSIONS AND DISCUSSION ................................................................. 71 6.1 Conclusions .................................................................................................. 71 6.1.1 Literature review and used models .................................................. 71 6.1.2 Summary of the results from the case study .................................... 72 6.2 Limitations ................................................................................................... 73 6.3 Implications for further research .................................................................. 74 REFERENCES................................................................................................................ 76 APPENDICES ................................................................................................................ 86 Appendix 1: Known offensive cyber capabilities of nation-states. ....................... 86 Appendix 2: International legislation regarding cyber terrorism .......................... 91 Appendix 3: Parts of the Canonical Offensive Cyber Operations Model ............. 92 Appendix 4: Tools Employed in the Campaign .................................................... 96 Appendix 5: Index of gathered materials shared in IRC ..................................... 103 List of figures Figure 1 A Cyber Early Warning Model (Carr 2011) ...................................... 16 Figure 2 Canonical model of offensive cyber operations (Grant et al., 2015) . 30 Figure 3 Synthesis of Carr's and Grant et al. models, Political Cyber Attack Campaign Model ................................................................................ 32 Figure 4 Example of Anonymous IRC topic messages .................................... 39 Figure 5 A contemporary Guy Fawkes mask (Wikipedia, 2012) ..................... 42 Figure 6 Slate article “Recognizably Anonymous” (Slate, 2011) .................... 43 Figure 7 GhostSec.org front page (GhostSec, 2016) ........................................ 45 Figure 8 Flag of the Islamic State (IS) (Wikipedia, 2013) ............................... 47 Figure 9 Example of ISIS content in Anonymous IRC chats ........................... 48 List of tables Table 1 Phases of conflict (Sriram & Wermester, 2003) ................................ 15 Table 2 Main non-state actors in cyber conflict (Sigholm 2013) .................... 20 Table 3 Synthesis of Carr's and Grant et al. models ........................................ 31 Table 4 Phases of netnographic study according to Kozinets (2015) ............. 36 Table 5 Summary of key facts ......................................................................... 49 Table 6 Known offensive cyber capabilities of nation-states (Valentino- Devries & Yadron, 2015) ................................................................... 90 Table 7 Canonical model of offensive cyber operations: select goals phase .. 92 Table 8 Canonical model of offensive cyber operations: select targets phase

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    112 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us