With 2011 nearly half over, the year so far has revealed a litany of high profile victims of cyberterrorism. To make matters even more disturbing, the U.S. has decided to declare war on anyone who dares infiltrate its servers. In a year where it seems you can’t watch the news without learning about a new cyber attack, some interesting perspectives have been suggested, but when hackers decide what’s right and what’s not, where will it all end?
With 2011 Part I nearly in the bag, we’ve seen an active year for high profile security breaches that include the likes of Sony, Lockheed Martin, CitiBank, Epsilon, the European Commission, and the governments of South Korea and Canada being stung by some form of cyber attack. To make matters even more sobering, the U.S. government recently announced that it would treat cyber attacks on its servers as an act of war and respond with a conventional military response to anyone who just can’t keep their Internet connections to themselves.
Then, when it didn’t seem like things could get any more interesting, Reuters reported this week that three members of the hacktivist group Anonymous were arrested in Spain on charges of cyber attacks on Sony, banks and other organizations; mere hours later, Anonymous responded by hitting the website of Spain’s national police force.
Also this week, the saga continued when the International Monetary Fund was the latest victim of an assault when their systems were infiltrated in what’s been described as “connected to a foreign government, resulting in the loss of e-mails and other documents.” IMF spokesperson David Hawley assured the world that the fund is still fully functional, but that the IMF, “are investigating an incident. I am not in a position to elaborate further on the extent of the cybersecurity incident,” Hawley went on to say.
Amidst the flurry of attacks, the U.S. government has stepped into the spotlight, perhaps in a proactive attempt to avoid being the target of a catastrophic attack. Reuters reported that, “CIA Director Leon Panetta told the U.S. Congress this week the United States faces the “real possibility” of a crippling cyber attack.” “The next Pearl Harbor that we confront,” said Panetta, could be an attack of their servers that, “cripples our power systems, our grid, our security systems, our financial systems, our governmental systems.” In his Senate confirmation hearing to be the next U.S. Secretary of Defense, Panetta stated that, “This is a real possibility in today’s world.”
Where Does It End?
If a bona fide global assault is being waged in cyberspace, where will it end? To better understand what’s been going on (and what could come next), one has to consider the source of these attacks – the hackers – and what motivates them. At the risk of generalizing things, it appears that there are four types of hackers, each with their own motivations, involved in the ongoing mayhem:
- Hacker groups like Anonymous, who have made it clear that they’re in it to create mayhem – anarchists pure and simple. Less interested in monetary gain than in the creation of mayhem, groups like Anonymous find some sort of Robin Hood-like nobility in striking a blow for solidarity – for example their attacks on Sony in support of George Hotz, iPhone hacker extraordinaire, who has been the target of legal action by Sony.
- Hacktivist groups like LulzSec are a little different than Anonymous, in that not all their actions are decidedly destructive, they don’t always have a cause, and they don’t seem to be interested in any gain beyond revealing their prowess to the world. While LulzSec also wants to take a chunk out of Sony, other hack attacks seem more benevolent, if not misguided, in that they are merely trying to expose exploits that the target organizations seem to miss. Not entirely benevolent, they seem to be the Puck in the forest, mischievous and happy to embarrass, if their most recent attempts are any indication. Unfortunately, sometimes mischief can be more damaging than intent, as Michael Calce, aka MafiaBoy can attest.
- Hackers for profit, no more or less criminal than the two listed above, but less obvious since they don’t announce themselves to the world and their intent is to remain hidden in the shadows. Needless to say, this is an awfully big bucket that contains pretty much every spammer, phishing enthusiast and scareware purveyor out there, but this group is no less dangerous than the others listed here, in terms of the damage that can be done, just on an individual user level. Mostly.
- Arguably the most dangerous of all, state sponsored hackers. China has recently come clean about its efforts to ‘protect’ itself, and no one should doubt that every major nation in the world has a government unit dedicated to waging war on the Internet. While it may sound like Hollywood fiction and conspiracy theory, one has to look no further than the discovery of Stuxnet in 2010 and the ongoing attacks against South Korea as evidence that the next World War will be waged, at least partially, in cyberspace.
Will it really be the next Pearl Harbor, as Leon Panetta suggests? Is there any way to protect ourselves from deliberate attacks, or are the hackers just better at breaking things than we are at making things? Anonymous wasted no time retaliating against the Spanish police for taking three of their own into custody, and when it’s not revealing user’s porn site passwords and nipping at Sony’s heels, LulzSec seems to be genuinely interested in helping some websites. “We’re not targeting Nintendo, “LulzSec Tweeted after posting a Nintendo server configuration file on its website. “We like the N64 (gaming console) too much – we sincerely hope Nintendo plugs the gap.”
Misguided? Yes, for when any interest group – acting independently or under a state sponsored umbrella – decides where right starts and wrong ends, then we could all be in for a long and devastating war.