A recent article has drawn our attention on fake news and botnets and about how the web can be weaponised that originally appeared in Das Magazin, Switzerland. While the core subject of the article represents an interesting piece of European very recent history (only 10 years ago, 2007) and presents the very first internet war as it is now known, looking at it from a cyber security perspective presents some very useful points to consider and reflect upon, especially on the cocktail of attacks and technologies used:
- botnets executing automated queries part of DDoS attacks,
- e-mails overloads,
- websites hacked and redirected,
- governmental servers and websites down or unavailable,
- war dialling (blocking government phones with fake calls).
As the article shows, there cyber-attacks were matched simultaneously by actions in the physical world by coordinated mass protests.
The largest bank of the country became incapable of servicing online requests, credit cards and international payments. What made such an attack unique was also the way it was executed: it was outsourced and crowdfunded. Its duration, from 26th April – 19th May 2007 impaired the government so much that they found no other remedy but a brutal disconnection of the whole country from internet and therefore ceasing its virtual existence for a while.
While there was no official claim from the originator of the aggression, from the cyber-technology point of view it appeared evident that such attacks can be as effective as any physical attacks to impair a country, its administration, its banking and its communication systems. For more than 3 weeks, that country was in an acute weakness state, with multiple vulnerabilities that could have been exploited in a real conflict. However, this appeared to be just an experimental part of what is now known as a hybrid and non-linear type of engagement philosophy. This philosophy itself is worth pondering upon as by understanding it, specific counter-measures could be devised. The key resides exactly within the ‘hybrid’ and ‘non-linear’ concepts: to hybrid and non-linear attacks, the classic and linear type of responses are ineffective. Within CS-AWARE we will look into developing hybrid and non-linear countermeasures, as such attacks as the one mentioned in Das Magazin 2007 can be easily directed towards administrations and governments infrastructures. To be continued.
Laurentiu Vasiliu, CEO,
Peracton.