With the rise of AntiSec since the formation of LulzSec and the growing prominence of Anonymous this year, hacktivism has started to move into the mainstream world.
More and more, SCADA systems and other critical infrastructure is taken for granted and we forget just how much of our lives are managed through private systems. Exploits have been noted as being of critical concern in US government briefs.
This means that there an increasing ability for attacks to result in damage of physical property and the loss of life, and that over time this trend will simply increase.
Carsten Bockstette defined terrorism as:
"political violence in an asymmetrical conflict that is designed to induce terror and psychic fear through the violent victimisation and destruction of non-combatant targets”.
Also with the recent attacks on the Arizona Police Department by LulzSec that resulted in the publication of home addresses of numerous police officers and the compromise of the National Crime Information Center (NCIC) – an organisation that has been referred to as the lifeline of law enforcement – these groups have started to induce fear.
LulzSec have stated that their "top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.“
In doing this under the guise of freedom of information, they are actually causing more widespread damage as well as inciting distress in the mass population.
Those in these groups say that they are simply exposing the lack of security that already exists, but the truth is there is no such thing as perfect security.
Does your home have bullet proof Lucite for windows? If not, then you too are also not perfectly secure. This is the argument taken by those supporting AntiSec. If you do not spend an uneconomically viable amount on security, you deserve all you get.
The argument that these groups are helping is flawed. Their goal of promoting internet freedom and freedom of speech instead creates fear, uncertainty and doubt. They move money from valid uses to futile pursuits and place lives at risk when they target operational data such as that used by the NCIS.
If their maxim was to truly support the cause of creating a more secure world, these groups could target known cyber-criminal groups such as those running the TDL-4 botnet with over 4.5 million infected systems already.
In place of helping, these groups actually divert funds that could have been used to stop these criminal enterprises that are growing at a phenomenal rate.
Worse, they engage in activities that create true suffering. Attacks such as that on CNAIPIC and related organisations have resulted in several ongoing undercover operations being closed through the possible compromise of operational information.
Some of these operations involved undercover operatives who had been in the field for more than 12 months. These where dedicated law enforcement officials working to stop child exploitation, drug smuggling and the forced exploitation of women through people smuggling. Women sold into the illegal sex trade.
The targeting of serious crime forces in the effort to "purposefully sabotage their efforts to terrorise communities fighting an unjust 'war on drugs'" demonstrates a concerted political agenda designed to create chaos and fear.
This is what these so called harmless groups are actually doing. Undertaking protests as a form of entertainment and creating mischief, and causing widespread damage.
When will we start to look at the lives they have damaged, the damage they have forced on us all. When we see the next news story on a drug addict, will we make the effort to think of the connection to AntiSec and the damage they have caused?
Al-Qaeda and other pure terror groups have been on the back foot unable to leverage the social aspects of Web 2.0. The rise of cyber based groups engaging in hactivism is creating chaos, but it is only the start. One question we have to as is will this change as groups such as Anon and LulzSec define a distributed model for social malfeasance?
So I have to say, welcome to the Brave new world of cyber terror where the enemy can spin online media and somehow become your friend. We are not there yet, but we are on the way.
About the Author:
Craig Wright is the VP of GICSR in Australia. He holds both the GSE, GSE-Malware and GSE-Compliance certifications from GIAC. He is a perpetual student with numerous post graduate degrees including an LLM specializing in international commercial law and ecommerce law, A Masters Degree in mathematical statistics from Newcastle as well as working on his 4th IT focused Masters degree (Masters in System Development) from Charles Stuart University where he lectures subjects in a Masters degree in digital forensics. He is writing his second doctorate, a PhD on the quantification of information system risk at CSU.