The power of thousands of individuals acting en masse has become a weapon of war. While politicians, revolutionaries, and totalitarian governments have long known how to send crowds of protesters to the streets to parade in front of the television cameras, the new trend is to mobilize forces over the Internet to engage in the equivalent of mass online protests. In some case the results can be humorous. In others, not. Remember Mr. Splashy Pants? In an attempt to garner sympathy for its cause Green Peace posted a poll to choose a name for a whale. A call to the members of Reddit , the hugely popular social bookmarking site, was put out. It read:
Greenpeace are having a vote to name a whale they have ‘adopted’. All the options are the names of ancient gods of the sea. And then there’s ‘Mister Splashy Pants’. Please vote ‘Mister Splashy Pants’.
Green Peace demonstrated extremely good humor in accepting the results of over 100,000 votes for “Mr. Splashy Pants” for the humpback whale they were tracking via satellite.
During the US Presidential elections of 2008 any online poll was quickly inundated with votes derived from a call to arms by the followers of one candidate or the other with Ron Paul, the small government libertarian, usually winning out because of his appeal to the tech-savvy.
Alexader Putin, Prime Minister of Russia, has learned to use crowdsourcing to orchestrate massive Denial of Service attacks capable of shutting off an entire country’s ability to access the Internet. Included in his growing list of successful attacks are Estonia 2007, Lithuania 2007, Ukraine 2007, Georgia 2008, and Kyrgystan 2009. Putin commands a youth group called the Nashi, which meet every summer for fresh air, exercise and indoctrination. When it comes time to spread a little trouble Putin has an operative post instructions for downloading tools for spewing web requests along with a list of targets. Nashi, and Putin followers then download the tools and kick off the targeted attacks. DDoS by crowdsourcing. The beauty is that this technique provides a shield of plausible deniability. This was not Russia it was a bunch of patriots that were angry at [insert justification here].
During the recent military action in Gaza attacks against Israeli and American web sites became the most recent example of a crowd sourced cyber attack. Dozens of attackers systematically defaced over 800 web sites with pro-Hamas messages, many of them depicting gruesome images of dead babies and wounded civilians. Among the sites attacked were Israeli news sites, government servers, and even hospitals that were treating Palestinian casualties of the Gaza war. (Hamas supporters hack into Hadera hospital Web site)
Every age brings its new methods of warfare. The Romans perfected field combat with foot soldiers. Napoleon developed modern staffing for command and control combined with the science of logistics for re-supply, and the use of canon batteries. World War I saw the introduction of poison gas and mechanized armies. World War II introduced aviation, missiles, and rockets to the mix. Vietnam was the most tragic example of the use of guerrilla warfare to vanquish the techniques and technology of World War II era armies. The so-called war on terror is seeing the rise of cells, suicide bombers, and IED’s as effective weapons.
While defacing websites and disabling government communication vehicles such as the Ministry of Foreign Affairs site of the Georgian government have not yet been recognized as warfare, it is apparent that networks, which have had an immeasurable positive impact on communication, commerce, and social interaction, are also vulnerable to attacks. Attacks on and across networks will become the defining innovation of future wars.
The motivation for using a disbursed and large group of non-professionals in a cyber attack are both political and technical. Political advantage arises from the plausible deniability. China still maintains the fiction that attacks against the Pentagon, France, Germany, India, Australia, and New Zealand that emanated from within its borders are the acts of unaffiliated young hackers. Even now Russia does not accept responsibilities for attacks against Estonia, Lithuania, Ukraine or Georgia. Russia, perhaps the most accomplished country at manipulating world opinion, continues to deny all responsibility for its well orchestrated attacks that have not only brought down the immediate targets, such as web sites of government agencies, but have effectively brought Internet traffic to a halt in the targeted regions.
The technical advantage of crowd sourcing cyber attacks comes from the difficulty in defending against a massively distributed flood of requests sent against a web site or web resource such as DNS. Hackers have been exploring and refining the techniques of Distributed Denial of Service for two decades. The earliest denial of service attack was a simple ping flood. Anyone with a fast computer running Unix could execute a simple command that would generate ping packets, small one way communications used by network monitoring products to check to see if a host is still responding, to completely tie up the resources of the target computer or even completely clog its network connection. Ping floods are simple to defend against. A single rule in a router or firewall between the attacker and the target can block all pings.
There are, however, some packets that cannot be simply blocked at the firewall. Packets associated with the normal operation of the attacked web site or other type of server have to be let through. In the case of a website there is the TCP packet that initiates a connection between a browser and a web server, the SYN packet. When a web server receives a SYN packet it begins a three way handshake and waits for a response. An attacker simply sends millions of SYN packets which ties up the web server to the point where it cannot accept any more connections. While effective defenses have been developed for blocking SYN floods it still means deploying special equipment in the network path. Another type of attack, the GET flood, mimics thousands of web browsers requesting pages. This type of attack makes the web server work at maximum capacity serving up its pages and effectively prevents legitimate traffic from getting through.
Flood attacks using SYN and GET can be blocked if the source is known. Once again, just block all traffic from a specific IP address. It did not take long for hackers to develop techniques for distributing their attacks among hundreds, thousands and potentially millions of attacking hosts. These are the most effective attack techniques known, and can be very expensive to counter. The winner is usually the one with the most available bandwidth. So, when Russian sources attack small, recently networked countries, like Estonia and Georgia, they will inevitably win.
There are two ways to create an army of attacking hosts. Hackers have been “recruiting” hosts by spreading malware that surreptitiously infects a computer and enlists it in a network that can be controlled from a central point and commanded to launch an attack against a target at the whim of the owner of the army of what are called “bots”. These “bot armies” are available for hire and have been used to threaten and launch attacks, most famously against online gambling sites. In those instances the motivation was extortion. The other way is crowd sourcing whereby a large group of constituents, such as Putin’s Nashi, or Hamas members, or Israelis, are provided with software downloads and instructed how to attack the targeted web sites or infrastructure.
Just prior to its invasion of South Ossitia, the Georgian province, attack software was made available at stopgeorgia.com a web site traceable to the nefarious Russian Business Network, which in turn has been linked to ex-KGB operatives. The site also included a list of targets at which to direct the attacks in Georgia. It appears that traffic normally routed through Turkey to Georgia was also blocked.
While Russia continues to scoff at allegations that it engaged in cyber attacks the fact remains that a weapon was used to great advantage for Russia during a military operation. The almost plausible deniability afforded Russia by crowd sourcing is one of its advantages.