Terms like “cyber-war” have been used a lot in the wake of the recent denial-of-service attacks on MasterCard, Visa and other entities that cut off support for WikiLeaks. But do these attacks really qualify? An analysis by network security firm Arbor Networks suggests that they don’t, and that what we have seen from the group Anonymous and “Operation Payback” is more like vandalism or civil disobedience. And we should be careful about tossing around terms like cyber-war — some believe the government is just itching to find an excuse to adopt unprecedented Internet monitoring powers, and cyber-war would be just the ticket.
The “info-war” description has been used by a number of media outlets in referring to the activities of Anonymous, the loosely organized group of hackers — associated with the counter-culture website known as 4chan — who have been using a number of Twitter accounts and other online forums to co-ordinate the attacks on MasterCard and others over the past week. But the idea got a big boost from John Perry Barlow, an online veteran and co-founder of the Electronic Frontier Federation, who said on Twitter that:
The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops.
As stirring an image as that might be, however — especially to suburban teenagers downloading a DDoS script from Anonymous, who might like to think of themselves as warriors in the battle for truth and justice — there is no real indication that Operation Payback has even come close to being a real “info-war.” While the attacks have been getting more complex, in the sense that they are using a number of different exploits, Arbor Networks says its research shows that they are still relatively puny and unsophisticated compared with other hacking incidents in the past.
Distributed denial-of-service attacks like the kind Operation Payback has been involved with have been ramping up in size, Arbor says, with large “flooding attacks” involving as much as 50 gigabytes of data or more, something that can overwhelm data centers and carrier backbones.
So were the Operation Payback strikes against Amazon, MasterCard, Visa and a Swedish bank (which cut off funds belonging to WikiLeaks) in this category? No, says Arbor.
Were these attacks massive high-end flooding DDoS or very sophisticated application level attacks? Neither. Despite the thousands of tweets, press articles and endless hype, most of the attacks over the last week were both relatively small and unsophisticated. In short, other than than intense media scrutiny, the attacks were unremarkable.
In other words, the most impressive thing about the attacks is the name of the easily downloadable tool they employ, which hackers like to call a “Low Orbit Ion Cannon” or LOIC for short (there are also a couple of related programs with minor modifications that are known as the “High Orbit Ion Cannon” and the “Geosynchronous Orbit Ion Cannon”). But unlike a real ion cannon, the ones used by Operation Payback only managed to take down the websites of their victims for a few hours at most.
As Arbor notes in its blog post on the attacks, however, real cyber-war is something the U.S. government and other governments are very interested in, for a variety of reasons — and it has a lot more to do with malicious worms such as Stuxnet, which seeks out and disables specific machinery in a deliberate wave of sabotage, than it does some DDoS attacks run by voluntary bot-nets such as the one organized by Anonymous. And among other things — as investigative journalism Seymour Hersh noted in a recent New Yorker piece entitled “The Online Threat: Should We Be Worried About a Cyber War?” — such a war would give the military even more justification for monitoring and potentially having back-door access to networks and systems, allegedly to defend against foreign attacks.