WikiLeaks: Case Study for Cyberwar?

Tuesday, December 14, 2010

David Dennis


One of the problems of trying to understand cyberwar is that we don't really know what it looks like or how it behaves. Mostly, this is due to the fact that the participants/victims don't report it.

If anything is reported, it is heavily skewed or filtered for political purposes. Ironically, the situation surrounding the massive WikiLeaks releases may be the very thing people need to consider what cyberwar looks like. Consider the following:

1. WikiLeaks uses electronic means to get its information. In many cases, it is patently illegal to procure, possess or publish the documents they have, all higher morality arguments aside.

People would call for prosecution of State Department officials if Russia announced they had all this information. Why would it be any different for a non-government organization?

At very least, WikiLeaks is a high value target for cyberwar operations, if not an actual weapons platform in a cyber campaign.

2. WikiLeaks' assets are all over the globe and can migrate with lightning speed to anywhere. It took days to apprehend WikiLeaks' leader. The web site's contents changed hosts multiple times and is almost impossible to take down.

Any attempts to suppress it also affected innocent web sites. This kind of warfare is much closer to insurgency to conventional warfare.

3. There are lots of mercenaries on both sides. Some sympathize with one side or the other. It's quite possible that there are some paid or otherwise "attached" elements in the fray as well.

What began with web sites to raise money for legal defense led to DDOS attacks on not only those sites but organizations that processed payments related to the cause.

These hacks and attacks go on, despite the fact that they are technically illegal in many countries. History is replete with lessons in combatting--and retaining--mercenaries.

4. There is a lot of bad intelligence. EveryDNS was the host/DNS provider at one time for WikiLeaks, yet EasyDNS was targeted because it was mistakenly attributed in press accounts. Professional militaries are used to the "fog of war," but most Western societies (and many of their leaders) are not.

In addition, they generally have a low tolerance for mistakes. Unfortunately, many of the participants are not as highly skilled at dealing with the fog of war as professional military organizations.

5. Compared to conventional arms, WikiLeaks (and their attackers) require very few people, assets or resources to operate. In addition to the flexibility and survivability mentioned above, it's very cheap to support significant operations.

The technology and expertise has spread to many nations so lots of groups can be members of the "cyber club." Unfortunately, many don't have the legal or ethical restraints to which the current world order is accustomed.

6. The heart of the conflict doesn't directly involve nations, but rather groups that aren't national in character. WikiLeaks itself is a company and many of the partisans are individuals, small groups or transnational organizations.

The most obvious national player is the US government, but it is largely taking a deliberate strategy, using lawyers and law enforcement agencies rather than direct action, cyber activities.

Unlike many previous cyberwar activities--Georgia and Estonia come to mind--the activities surrounding WikiLeaks don't have conventional or direct national political components. This makes it a unique conflict, which might allow us to study a more pure cyber conflict.

Possibly Related Articles:
Data Loss breaches Defense Cyberwar WikiLeaks
Post Rating I Like this!
David Phillips The more you know about classified electronic media, the more you know that Private Watz-his-face (sooo not important) is a pawn. No-one, and I mean, no-one has un-audited USB download capability of that much national security data. Access is segmented all the way up to deputy secretary level. And even then, alarm bells would be going off all over. Who are they trying to kid??? Someone is trying to START a war!!! But its not the hapless private.
David Dennis The thrust of my post was actually to consider what cyberwar looks like, but you bring up a good general point. I work with a lot of systems which have extensive monitoring. Anything so much as looks funny, a notification is sent. The problem with many of these systems, however, is that there are very few people who are able to respond to the alerts in a timely fashion. You have security compliance, but not a secure implementation.

In this specific case, the breach could be the private or anyone weak link. One thing is sure, though. Either they didn't see the collateral damage that all the releases would cause or they didn't care. The first person is a fool; the second one is an anarchist.
Paul Gillin IBM's Craig Reinhardt suggests that this could be a wake-up call to federal agencies that have " been hitting the snooze button on electronic records management" and that businesses might take a cue from their actions. I'm sure there are IT executives looking at these revelations and thinking, "thank God that wasn't me."
David Phillips Thank you all for your comments. Sorry it took me so long to respond. But I appeciated them, and respec the thought that was put into them.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked