22 Dec 2010

Were WikiLeaks-linked cyber attacks over hyped?

Uncovering the true scale of the WikiLeaks-inspired Anonymous cyber attacks, they were not as bad as we were led to believe, writes Technology Correspondent Benjamin Cohen.

WikiLeaks Anonymous cyber attacks not as bad as they seemed (Getty)

If you were to judge by last week’s headlines, you might have thought the world was about to crash to an end due to cyber warfare. Those headlines started after major companies such as Visa and Paypal withdrew their support for WikiLeaks – and quickly became the target of cyber attacks.

Some reports suggested it was the opening salvo in a new cyber war. But Channel 4 News has discovered that the situation was nowhere near as serious as it was made out. Data provided to Channel 4 News suggests less than one per cent of cyber attacks were caused by “hacktivist” groups and that few individuals are actively involved with the Anonymous group.

The attacks on Visa, PayPal, MasterCard and others were via DDOS (distributed denial of service attacks) coordinated by the Anonymous group on forums and IRC chat rooms using the code name “Operation Payback”. Simply put, they used websites and/or software tools to flood the webservers of these companies with requests in order to crash them and create a “denial of service”.

Small groups can attack big companies

But data provided to Channel 4 News by Arbor Networks indicates that since October there have been 77,725 cyber attacks on specific websites world wide with less than 1 per cent caused by “hactivists” such as Anonymous. We were provided with the data relating to one un-named target: their website was brought down by just 110 identified individuals with three being based in the UK.

The attacks were not successful, they caused a small amount of damage and delay. Professor Peter Sommer

This shows that it is possible for a very small group to bring down the website of a major corporation, but it also reflects why the attacks were so short lived. They can only sustain the attack for a short period of time, partly because it is relatively easy for the corporation’s hosting provider to identify the signature relating to that attack and block it.

Professor Peter Sommer, the author of the 1980s geek bible, The Hacker’s Handbook and now academic and expert witness, told Channel 4 News: “The attacks were not successful, they caused a small amount of damage and delay to Visa and Mastercard’s website, but actually as we speak, there is no sign that any body is being sympathetic to WikiLeaks and giving them back the payment facilities which is what triggered the attack in the first place.”

Were we mislead?

So were we mislead by both Anonymous and cyber security companies at the scale of last week’s attacks?

Former newspaper editor Professor Tim Luckhurst thinks the media was conned. He told Channel 4 News: “Journalists are terrified of the impact of the internet on their profession so they tend to interpret stories about those who use the internet intelligently with a great deal of paranoia which leads them to inflate the significance of what really happened.

“And then, there is a bizarre coalition of interests, you have the net activists on one side and on the other, net security companies who think they can sell people a solution to a problem that might not be quite as bad as they would like people to believe it is.”

A draft study for the OECD due to be published next year and seen by Channel 4 News argues that “hacktivists” like Anonymous are low level risks because of their small numbers, lack of focus and a technical inability to bring down systems for a sustained period of time.

The report argues that the bigger risk comes from criminals and states that can cause much more damage because they control millions of virus infected computers. Their attacks have wider geo-political impact such as we’ve seen during Russia’s alleged attack of Estonia and Georgia’s internet infrastructure.

The data we’ve seen indicates that the UK is the fifth biggest source and victim of cyber attacks. We’ve been told by sources close to the Cabinet Office, under whom the Office of Cyber Security and Information Assurance sits, that Whitehall departments and websites come under attack all of the time, but without any noticeable success by the hackers. In 2009, it was reported that Chinese state sponsored hackers gained access to Whitehall IT systems.

Earlier this year, the Defence Spending Review put £650m aside for cyber defence purposes, but we understand that some of these funds will be used to develop the UK’s cyber weaponry capability.

Professor Sommer told Channel 4 News: “Any body who conducts any reasonable research into cyber warefar for defensive purposes actually has all of the knowledge they need in order to carry out a cyber attack. All that is missing is a small amount of additional work and the political will.”

Threat of cyber attack

Although they couldn’t comment on whether the UK is developing cyber weapons, the Cabinet Office told Channel 4 News: “Government departments have been made aware of the recent potential threat of cyber attacks through the normal channels. GovCert provides a computer emergency alerting and response mechanism for government departments. The Cyber Security Operations Centre monitors the threat and extent of any such attacks through close working with other government departments and agencies, and also act to ensure a co-ordinated response.”

Government departments have been made aware of the recent potential threat of cyber attacks. Cabinet Office

In respoce to threats by Anonymous that they would attack Whitehall, the Cabinet Office spokesman said: “We have not seen a spike in attacks but continue to monitor the situation and take any remedial action as necessary. We take the protection of informatin, networks and ICT systems very seriously using a range of personnel, procedural and technical security measures to mitigate against such threats.”

Duplicate to survive

Anonymous’ Operation Payback didn’t change the minds of the companies that took WikiLeaks offline. But Wikileaks survived by duplicating its content on web servers all around the world, meaning it will be impossible for any state or company to suppress the information it releases.

Ironically, this is rather like the backup systems that major corporations and governments use to protect against cyber attacks. But unlike theirs, WikiLeaks’ mirrors are run by volunteers, so not even Julian Assange himself can take down the site. So its future and the leaks it contains are therefore secured forever.