Inside Cyber Warfare - Jeffrey Carr [110]
This more nuanced approach included general discussion about enemies of the Chinese people. Just as the Chinese cyber militia used the Anti-CNN website to rail against the perceived bias of the Western media, discussions on various Chinese hacker and other nationalist websites included discussions about the need to reign in the Tibetan community. No direct discussion about targeting specific Tibetan organizations was required. Instead, the general discussion regarding the increasingly restive Tibetan community likely was enough to motivate members of the Chinese cyber militia to execute cyber espionage attacks such as the example shown in Figure 12-5.
Figure 12-5. Virus-laden PowerPoint used to infect members of the Tibetan community (image courtesy of F-Secure)
Case study: Cyber attacks against Denmark
On September 30, 2005 the Danish newspaper Jyllands-Posten published a series of cartoons depicting the Prophet Mohammed. The newspaper claimed it published these cartoons as an attempt to contribute to the ongoing debate about self-censorship and the ability to criticize Islam.
Danish Muslim organizations sternly objected to the publication of the cartoons and held public protests to voice their displeasure. Protests soon spread around the world. The following February, protest against the publication of the cartoons continued and a corresponding campaign of website defacements and denial of service attacks were launched.
According to zone-h, a European consortium of IT security professionals that tracks cyber crime, over 600 Danish websites have been attacked. A majority of these attacks were website defacements; however, denial of service attacks against the Jyllands-Posten newspaper website (http://www.jp.dk) were also executed.
The Prophet Mohammed cartoon controversy occurred against the backdrop of simmering tensions between European countries and Muslims (Figure 12-6). In the case of these attacks, very little cyber reconnaissance was required. Attackers understood that websites in the .dk domain were to be targeted. Many of the website defacements appear to have been carried out with automated scripts designed to exploit known vulnerabilities in production web server software.
Figure 12-6. Stages of cyber attacks on Danish websites
Although the cyber attacks occurred many months after the publication of the cartoons, it is clear that these cartoons were used as the initiating event to rally Muslim and other sympathetic hackers to the cause of attacking Danish websites. These defacement and denial of service attacks were coordinated through a network of jihadist websites. Defaced sites also included propaganda designed in part to promote further attacks against Danish websites. Additionally, individuals promoting the boycott of Danish goods launched no4Denmark.com. Although this particular website was not used to organize the Muslim cyber militia, it certainly drew attention to their cause.
Lessons Learned
Latent tensions and cyber reconnaissance are important stages in well-organized politically motivated cyber attacks, but they do not appear to be necessary. The low-cost and low-risk nature of cyber warfare allows an attacker to quickly coordinate an attack against an adversary. Latent tensions are not necessary as long as an initiating event capable of rallying a cyber militia to action occurs. A cyber militia can conduct an unsophisticated brute-force denial of service attack without conducting the type of extensive cyber