Here’s a question for you: What do the four recent cyber attacks from the hacker group Anonymous have in common?
Attack 1: On March 4, 2016, a group inside of Anonymous attempted to re-launch OpTrump, an operation that was originally launched on December 11, 2015. The operation’s goal was to expose Donald Trump’s personal information and take down the presidential candidate’s online footprint. The re-launch of the operation was intended to attack Donald Trump’s websites, specifically TrumpChicago.com, on April 1 with a series of network and application layer attacks including DDoS and SQL injections. The group behind this operation published a video as several pastes on Pastebin and Ghostbin.
Attack 2: On Saturday, March 19, an unknown source launched a series of coordinated denial of service attacks against a number of Swedish newspapers. Early reports suggested that Russia was behind the attack following a Swedish announcement that it had adopted a military strategy against Russia’s alleged aggression.
Attack 3: In March 2016, hackers assaulted the website of the Philippines’ elections commission to protest both the integrity of the upcoming presidential elections as well as security concerns regarding the electronic voting. The website was hacked and defaced on Sunday, March 27 by AnonymousPH, and a few hours later was assaulted by another group of hackers – LulzSec Pilipinas – which hacked and dumped the entire COMELEC database of voters.
Attack 4: In April 2016, OpOperadoras was launched against all telecommunication companies in Brazil, in response to a fixed broadband provision that would ban unlimited data plans in Brazil. This data cap enraged millions of internet users and led to a sophisticated operation. First to be hit was ANATEL, the National Telecommunications Agency. ANATEL suffered a major DDoS attack, reaching 40Gbps of traffic generated from international bots, in parallel to a SQL injection that leaked information about telecommunication companies’ executives. Hackers posted a sample of the database on Ghostbin and threatened to release more information.
What do these four attacks have in common? They show us that freedom of speech, press, and human rights are coming under increasing assault, especially in the form of cyber assault, which has the potential to disrupt the democratic process itself in any country. While the face of the threat is not uniform or predictable, it will impact all democratic processes across the world.
Comprehensive cyber protection of modern political processes are missing
Simply based on the information above, it’s clear that cybersecurity protections of our democratic political proceedings are severely lacking. But to take a step deeper, we need to examine the start of security in politics, which can be found in the mission of the U.S. Secret Service.
The Secret Service has been protecting the U.S. President since 1894 as well as candidates for the office, the Vice President, and their families since 1968, ever since the assassination of Robert Kennedy. The Secret Service is one of the most visible groups within our government, and scrutinizing its approach to security provides us with ideas of strategic gaps and lack of protections.
And while the Secret Service’s mission includes “physical protection” of leaders, facilities, and major events, it doesn’t include cybersecurity.
Even the list of resources available, which includes everything from airspace security to hazardous agent mitigation to medical emergency response, and can protect against chemical, biological, radiological, and nuclear threats, never explicitly the risks or protection for cybersecurity.
Risks to our democratic process are growing
We are creating an environment that opens the door to attacks on the democratic process, and the three trends below can be considered side effects if a cyber assault is left untreated.
1. Motives to cyber attack political candidates are increasing
Like any area of technology, information security has its own “acronym soup” that emerges as a language of sorts for practitioners and followers. In the case of political hacktivism and its motives, the acronym that comes to mind is CHEW, popularized by Richard Clarke, former Special Advisor to the President on cyber security. Clarke outlined CHEW to categorize common cyber assault motivation as follows:
- Cybercrime: An attack where the primary motive is financial gain
- Hacktivism: Attacks motivated by ideological differences. The primary focus of these attacks is not financial gain, but rather to persuade or dissuade certain actions or voices
- Espionage: An attack with the straightforward motive of gaining information on another organization in pursuit of political, financial, capitalistic, market share, or some other form of leverage
- Warfare: The notion of a nation-state or transnational threat to an adversary’s centers of power via a cyber assault.
One of the interesting aspects of political hacktivism attacks are that they’re blending aspects of multiple motive categories. The emergence of multi-motive attacks, a blurring of lines across the CHEW principle, is becoming a reality for politicians and free speech organizations. Now they’re being ransomed (typically a crime motivated by money), their data is exfiltrated and violated (also a crime motivated by money), and it can be state-sponsored (cyberwar).
Most would consider the hacks illustrated in the beginning of this article as principally hacktivist-driven attacks, as they were focused largely on just stopping or silencing a message.
2. New research and tools help the rise of encrypted networks and Darknets
As I wrote in my February column, the Darknet has changed the game of how, where, and why to attack political figures, processes, and infrastructure.
If you’re not familiar with the concept, a Darknet is basically a software defined network (SDN) running on top of an existing network that can only be accessed by those who know how to use it. Sometimes there’s a “secret handshake” required to gain access and build communities. Darknets can be anything from your corporate intranet to a peer-to-peer network, but often exist to conceal information from other businesses or governments or protect privacy (on networks like Tor).
The notion of the Darknet is both intimidating and exhilarating. It’s the ultimate established SDN. However real it is today, the whole concept of a hidden internet existing around the public internet is bizarre to most people. But to give you an idea of how much of a threat a Darknet is, law enforcement is now targeting many of these networks for takedowns, seeing them as similar to botnets.
For example, Dutch police arrested the owner of Ennetcom, a provider of encrypted communications for a network of 19,000 customers, on suspicion of using the business for organized crime.
While Ennetcom and most of its users are in The Netherlands, the bulk of the company’s servers were in Canada, where it allegedly sold modified telephones for about 1,500 euros each, then used its servers for the encrypted data traffic. The phones couldn’t make calls or use the internet, but they turned up repeatedly in investigations on drug cases, criminal motorcycle gangs, and gangland killings. All 19,000 of the network’s users were sent a message notifying them that the system was being investigated by police. This case is a great example of new tools being developed to distribute, communicate, and execute new attacks.
3. Candidates for political office need Information Security Officers
It’s clear from the success of many of these attacks that candidates for political office or newsrooms do not have the following:
- Strong information security protections in place
- Strong capacity and resolve to thwart attacks proactively
- Strong ability to keep a clear message running throughout a cyber assault.
The world changes quickly, and so should security constructs, but how? There are three macro-level disruptive business trends that factor into the biggest nemesis of information security officers globally. They include:
- Artificial Intelligence (AI): Automation in everything is giving rise to AI
- Humans as the best attack vector: Automation is also driving de-humanization and accelerating non-technical vulnerabilities. These non-technical vulnerabilities are, ironically, accelerating the idea that data privacy and confidentiality are not the sole responsibility of infosec pros.
- Lights-out security: Ironically, our future threat is also our answer. Haste, waste, or delay in automation defines future failure.
Everywhere we look, automation is upon us. Once automated, the environment is rife for a “thinking” fabric over which it will drive its efficient operation. Humans have been automating work for a long time, but we’ve never had the capability to really automate thinking. From this perspective, the natural inclination is to believe that we’ve been here before; however, this concept is both new, a serious threat, and ironically, our biggest breakthrough technical opportunity.
We’ve become so numb to the omnipresence of bots in nearly all security attacks that we haven’t bothered to look deeply into how bots themselves have evolved. They’ve shifted into highly efficient tools that automate nearly everything an attacker might want to accomplish, from escalating privileged access to decrypting traffic to driving volume in DDoS attacks.
Most of the major security threats, such as application DDoS, brute force, and SQL injection, are executed in part through botnets. These tools are designed to select actions based upon the anticipated responses from the defender. As people have become more predictable in detection and mitigation, the bad guys are designing tools to adjust to our defenses faster than we can detect their changes.
One solution: The digital secret service
Given the threat landscape evolution and importance of newsroom fidelity and political candidate sanctity, this is an area where the government needs to step in and provide something like a Digital Secret Service whose role would be equivalent to the Physical Secret Service in numerous ways. However, the operating space and domain would be one with ghostly characteristics of computer warfare. The charter of this group would be similar — to defend the political processes of the republic — but the execution would need to cover the freedom of press and speech overall.
As cyber attacks against political leaders, institutions, and others grow, this Digital Secret Service would stand guard against the hacktivists and others increasingly attacking the fidelity and trustworthiness of our democratic governments.