May 12th, 2007
Hactivism or information warfare?
Just as the term "cyber terrorism" gets linguists all riled up, "information warfare" is sure to elicit the wrath of security pundits and bloggers alike. While I will be the first to acknowledge that cyber terrorism is a problematic term (no loss of life or limb from shutting down an Internet service), I do ask what do you call it when terrorist organizations engage in hacking and cyber crime? Terrorist sponsored hacking? Just in the last six months there have been disturbing indications that terrorist organizations are getting wired and starting to experiment with tools and techniques that are usually associated with the petty cyber criminal.
Now we learn that in the continuing saber rattling over the World War II memorial in Estonia that denial of service attacks, purportedly emanating from Russia, are targeting Estonian government web sites. Is this just ethnic factions in Russia engaging in hacktivism, or is it supported by the Russian government? And if a hostile nation launches denial of service attacks against the web infrastructure of a neighboring state is that "information warfare?"
The attacks are intensifying. The number on May 9th—the day when Russia and its allies commemorate Hitler's defeat in Europe—was the biggest yet, says Hillar Aarelaid, who runs Estonia's cyber-warfare defences.
Hmmm, Estonia even has someone who runs cyber-warfare defenses. That begs the question: who runs their cyber-warfare offensives?
NATO has been paying special attention. “If a member state's communications centre is attacked with a missile, you call it an act of war. So what do you call it if the same installation is disabled with a cyber-attack?” asks a senior official in Brussels.
What ever you want to call it there are going to be more attacks of this nature. Terrorist and state sponsored cyber attacks have begun to be a real threat. The prospect should make you contemplate the level of preparedness within your own organization.
Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.
