The Commoditisation Of Hacktivist Attacks

Off-the shelf software for DDoS attacks has brought the means of disruption to smaller pressure groups, says Eric Doyle

Hopefully, David Cameron and his civil service mandarins will have taken on board the message sent by the Anonymous hackers. The successful blocking of the Home Office site, Downing Street and the Ministry of Justice has been followed by an unsuccessful distributed denial of service (DDoS) attack on the Government Communications Headquarters (GCHQ).

The Anonymous group of hackers may have failed in their aim to bring down a government website each week but the signals are there that online services will be vulnerable to attacks. Civil disobedience is potentially entering a new phase and websites, both public and private sector, will have to be hardened against such attacks if chaos is not to ensue.

Commoditised disruption

The ability to mount DDoS attacks has been commoditised and groups like Anonymous find it easy to recruit data cannons – without the computer owners’ permission more often than not. We are potentially reaching a stage where any pressure group can take charge of the means of attack to further their aims to embarrass and inconvenience their targets.

And the atmosphere is growing to foster such groups. Today, The Guardian disclosed that a protest group is planning action to highlight the checkered pasts of some of the major sponsors of the 2012 Olympic Games, such as Dow Chemical, BP and Rio Tinto. As usual, the choice of Macdonald’s as the major food sponsor is highly controversial – especially as the other food sponsors are not getting a mention. Worse than the “fa(s)t food” reputation that still gets associated with the Golden Arches company, it now appears that its “ethically sourced” Olympic menu will be exempt from the London 2012 Organising Committee’s locally-sourced, green aims and will be shipping in most of its chicken from Brazil.

If these issues don’t bring down the wrath of Anonymous, there are plenty more fringe groups that may don the digital activist mantle and create their own DDoS communities.

Imagine if the more militant members of the growing number of anti-capitalist groups decided to DDoS Her Majesty’s Revenue & Customs site on the 31 January deadline for Income Tax returns. The chaos that would ensue would be costly. Hopefully, measures are in place to prevent this but the potential for disruption – which extends beyond DDoS – brings a new element to services that was not present in the paper submission days.

Any company that depends on the Internet for an important part of its business has crossed a line. It has become vulnerable to the new order of protest. In the past picketing and sit-ins were the only direct action options but the new threats are far more disruptive.

The GCHQ withstood the attack at the weekend but it would have been surprising and worrying if the country’s prime surveillance and security organisation had fallen to such a crude attack. Most firms and organisations would have crumbled even if only for a little time.

We talk a lot about the cost of downtime and its effect on business. Any downtime that occurs now is usually planned and managed as companies learn how to ensure business continuity. According to reports, this is avoiding costly, damaging and potentially fatal effects on commerce but external attack is the new downtime.

Just as organisations have learnt how to manage uptime and spent money to put the necessary procedures in place, they must now lean how to protect against focused attacks on their infrastructures by vigilante groups – or even their competitors and foreign governments.

Anonymous may be an irritation in today’s online landscape but it is an indication of the future. Its members are the equivalent of the authors of the early viruses and worms whose work laid the foundations of an underworld that has found a way to monetise the exploits of these pioneers.

What do you know about Internet security? Find out with our quiz!