Cyber-Terrorism: E-WWIII? (2 of 8)

POST 2: DOMESTIC ATTACKS

Anonymous

We begin our discussion close to home, looking at the cyber-terrorist group Anonymous who has claimed responsibility for a myriad of cyber-attacks and whose own history tracks the origins of cyber-terrorism. In discussing the goals and aims of the organization, it is important to keep in mind the definition of what constitutes a cyber-attack as opposed to an individual crime perpetuated through the use of a computer. We will also look at the ramifications of Anonymous’ attacks and the accompanying body of law under which retribution or damages may be claimed against the group.

History & Mission Statement

Anonymous is a somewhat prototypical version of who we imagine to hackers and anarchists to be. The group was born in 2003 on 4chan, an image board that allows users to post blog entries on various topics anonymously—hence the group’s attachment to the name.[1] 4chan facilitated these secret messages and allowed this disjointed group of international posters to plan and carry out attacks on various individuals and government agencies. Throughout the past decade the group has swelled in numbers and in recent years has begun having an offline presence holding protests in various cities which coordinate and raise awareness about their online presence.[2] When participating in public protests, the members wear stylized Guy Fawks masks that became popular following the release of the movie V for Vendetta, which chronicles the anarchist revolution against a totalitarian government and portrays the members of the movement wearing these masks while carrying out violent acts in public.[3] One such protest, held in response to a newly implemented Japanese law which banned illegal downloading of music and movies, consisted of a mass clean-up of a public park and coined the term “constructive protest.”[4]

Anonymous hacktivist

Viewed in this light Anonymous does not comport with what we generally view terrorists to be. Nevertheless, when comparing the general philosophy of the group along with the means and lengths the group is willing to go through to motivate governments and special interest groups to conform to their agenda, we begin to see how this loosely knit group of hackers can and should be considered cyber-terrorists in the truest sense.[5] Because of Anonymous’ diverse group of international members and the very nature of their existence, tying them to one “mission statement” is impractical. Suffice it to say, the group opposes internet censorship and control and their attacks are targeted at those whom they believe are at the root of problem—whether that be a government, organization or corporation.[6] The group itself believes that their political motivations mean they are “hacktivists” rather than cyber-terrorists. Hacktivism has been defined as “using technology to improve human rights across electronic media.”[7] Yet these definitions seem to be semantics as the conduct underlying both encompass the same elements: political agenda, use of online disruptions, etc., messages targeted at changing government or corporate policies to fall in line with group’s agenda. Despite what Anonymous and other Hacktivist groups call what they are engaging in, the attacks discussed below will qualify as cyber-terrorism for means of prosecution.

Notable Attacks                                                  

The exact number of attack perpetuated by Anonymous during the decade since their inception is inexact, which is to be expected when dealing with such a loosely run organization. There is no infrastructure, no leadership, no “man behind the curtain” pulling the strings. Nevertheless, the group’s organized pranks took on political motivations in 2008 in an attack that was known as “Project Chanology,” in which Anonymous promoted and carried out a series of organized distributed denial of service attacks (DDoS) against the Church of Scientology.[8]

These DDoS attacks are the most common form of cyber-warfare employed by all cyber-terrorists against their targets. DDoS involves infiltrating networks (through unauthorized access or hacking) to bombard the target’s servers with repeated requests for data; in the aggregate, these fake requests will eventually cause the servers to crash under weight of the number of requests. DDoS attacks can be employed by cyber-terrorists to crash emergency services for an entire nation. This issue will be discussed in further detail in Post 3.

The aim of these targeted attacks against the Church of Scientology was not only to ridicule and promote awareness about the more extreme practices of the Church, but to destroy the religion altogether.[9] Therein lies the traditional motives which mark this attack as cyber-terrorism. One member uploaded a short video during the attack which claimed responsibility and threatened the Church stating, “Anonymous has therefore decided that your organization should be destroyed. For the good of your followers, for the good of mankind everywhere.”[10]

The largest attack known to date was Operation Payback. Although this attack will likely be remembered as a protest to support WikiLeaks founder Julian Assange, the attack initially began in September 2010 as an effort to support file-sharing sites and combat U.S. governmental attempts to shutdown such cites—keeping in line with the group’s agenda of providing free information for all.[11] While the attacks related to Operation Payback were carried on for several months in late 2010 to early 2011, all involved DDoS against various corporate websites that the group viewed as contributing to the fight against illegal downloading of music and entertainment. One such attack, mentioned in a recent indictment against 13 of the group’s perceived leaders, took place on September 16, 2010 against the website for the Motion Picture Association of America.[12] According to the indictment, the instructions for the attack were simply posted in the online forum. The posting set out specific dates and times for “waves of attack” and stated “[t]his will be a calm, coordinated display of blood. We will not be merciful.”[13]

According to the New York Times, Anonymous has even gone directly after foreign governments.[14] The attack was in response to reports of the extreme working conditions mine workers were subjected to in Mexico. Anonymous targeted the website for the Mexican National Chamber of Mines and may have gone as far as to steal the organization’s e-mail as extortion.[15]

Legal Ramifications

As previously mentioned, prosecutors brought formal charges against 13 hackers involved in Operation Payback under 18 U.S.C. § 371, Conspiracy to Intentionally Cause Damage to a Protected Computer.[16] However, this section deals with conspiracy only and must be used in conjunction with other criminal statutes. Therein lies the issue with prosecuting many of these crimes carried out by Anonymous. In response to these issues came the Computer Fraud and Abuse Act. The act was passed as a gap-filler remedy to deal with evolving issues of cyber-security that are not covered by traditional state and federal laws.[17] The act works by “outlawing conduct that victimizes computer systems.”

Subparagraph 1030(a)(3) makes intentional, unauthorized access (hacking) to a governmental computer illegal.[18] However, this act only applies to Anonymous’ conduct as it relates to purposeful hacking of government computers and would not apply to Project Chanology, which victimized privately run networks that do not house government information.

Nevertheless, some recourse may be available in connection to Operation Payback under §1030(a)(2), which protects consumer credit or other kinds of financial information.[19] This section is unique in that for the first time congress has enacted a statute that does not require the offender to misuse the information (in the form of embezzlement or conversion) but merely accessing the information in and of itself is a violation.[20] By enacting this statute it shows that congress has read out any intent requirement and instead believes that hackers are accessing the information with a nefarious intent (to misuse the information) and not simply just to access it. This distinction is especially important given that Anonymous’ main goal is not to commit financial crimes, but to induce a free flow of information for all.

Most useful to the private entities which have been victimized by Anonymous, may be subsection 1030(g) which provides a civil cause of action to victims.[21] Project Chanology and other cyber-attacks perpetuated by Anonymous have left victims by way of private entities and websites who were victims of DDoS attacks. Those entities may be able to bring suit and recover any monetary damages for the time during which service was down (loss of profits) and if necessary an injunction to stop continuing DDoS attacks.

The issue will then be who to name in the suit, considering Anonymous is of course anonymous. Operation Payback has proven how difficult this task may be as thousands were involved and two years later only 13 people have been indicted.


[1] Origins of Hacktivism: Anonymous, LULZ, LULZ Security and Wikileaks, WDD Web Security (Oct. 24, 2011), http://403.wddinc.com/2011/origins-of-hacktivism-anonymous-lulz-security-and-wikileaks/ (last visited Oct. 2, 2013).

[2] See Internet without borders: Anonymous protests Indian web censorship, RT: Question More (June 9, 2012), http://rt.com/news/anonymous-india-protest-censorship-500/ (last visited Oct. 2, 2013).

[3] V for Vendetta (Warner Bros. 2005).

[4] W.E. Wessamore, Anonymous Group Cleans Public Park in Constructive Protest, IVN (July 9, 2012), http://ivn.us/2012/07/09/anonymous-group-cleans-public-park-in-constructive-protest/ (last visited Oct. 2, 2013).

[5] See Elmusharaf supra Post 1, n. 4.

[6] See Brian B. Kelly, Investing in a Centralized Cybersecurity Infrastructure: Why “Hacktivism” Can and Should Influence Cybersecurity Reform, 92 B.U. L. Rev. 1663, 1711 (2012).

[7] Elinor Mills, Old Time Hacktivists: Anonymous, You’ve Crossed the Line, CNET (March 30, 2012), http://news.cnet.com/8301-27080_3-57406793-245/old-time-hacktivists-anonymous-youve-crossed-the-line/ (last visited Oct. 4 2013) (quoting a presentation made at the Digital Law Enforcement Conference, which was held at Yale Law School in 2004); see also Noah C.N. Hampson, Hacktivism: A New Breed of Protest in A Networked World, 35 B.C. Int’l & Comp. L. Rev. 511 (2012). Hampson’s article determines that along with politically motivated attacks, cyber-attacks motivated purely by financial gain may also constitute Hacktivism, even though they would not be deemed cyber-terrorism. Therefore, cyber-terrorism may be thought of as a smaller subcategory under the larger Hacktivism umbrella.

[8] Scientology: Fair Game, The Economist, Jan. 31, 2008, available at http://www.economist.com/node/10609174.

[9] David George-Cosh, Online Group Declares War on Scientology, National Post, Jan. 26, 2008, available at http://web.archive.org/web/20080128145858/http://www.nationalpost.com/news/canada/story.html?id=261308.

[10] Id.

[11] Brian X. Chen & Nicole Perlroth, U.S. Accuses 13 Hackers in Web Attacks, N.Y. Times, Oct. 3, 2013, available at http://www.nytimes.com/2013/10/04/technology/us-accuses-13-hackers-in-web-attacks.html?ref=anonymousinternetgroup&_r=0.

[12] Id.

[13] Id.

[14] Id.

[15] Id. The article goes on to connect Anonymous to cyber-attacks against Israel in response to Israel’s military strikes on Hamas. When looking at how the group interjects itself into real world political and military issues, the line between cyber and terrorism becomes blurred.

[16] 18 U.S.C.A. § 371 (West).

[17] Charles Doyle, Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws, Congressional Research Service (Dec. 27, 2010), http://www.fas.org/sgp/crs/misc/RS20830.pdf (last visited Oct. 4, 2013).

[18] Id.

[19] See Chen supra note 16. Operation Payback also involved attacks against Visa and Mastercard for their reluctance to turn over donations made to Anonymous.

[20] Doyle supra note 22.

[21] 18 U.S.C.A. § 1030 (West).

Advertisements

2 Responses to “Cyber-Terrorism: E-WWIII? (2 of 8)”

  1. Something for you to think about: you suggest that hackativists are rightly considered to be engaged in terrorists acts although you also say they cannot be tied to one mission statement, no doubt due to the loose alignment of members of Anonymous. But doesn’t labeling the acts as terroristic beg the question? What is terrorism anyway? Do we have a definition of the term that is commonly or even internationally accepted. Would it be possible for a group to hack and cause DDOS attacks and yet not be terrorists?

  2. Although difficult to assign one mission statement to a group as large and heterogeneous as Anonymous, the foundation upon which the group was built upon and the philosophy which guides their attacks has always been free flow of information to the masses–think wikileaks’ great-great-grandfather. Although at first blush attacks on groups like the Church of Scientology seem to fall outside the scope of this basic ideal, however the basis for attacking the Church’s practices was in how the Church attempts to silence free speech of its members. Free speech may be but a tenuous connection to Anonymous’ main goal of free information to all over the internet, but may nonetheless be housed under its umbrella. It is because Anonymous chooses its various attacks to fall within the scope of their purpose in an attempt to change political or religious agendas, that they qualify as a terrorist-organization. It is my opinion that had this attack been carried out against an older or more recognizable religion, the response to the attack would have been more readily identified as terrorism.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: