And now one for a completely new outlet, GQ India. Came about after a presentation in Mumbai, looking at a topic that is not traditionally core, though initially the focus on terrorism and online terrorism was a greater focus. Thanks to the editors for their patience with this one and hope to do more in this space!
In the wake of the November 2015 terrorist attacks in Paris by ISIS, the hacker collective Anonymous launched #OpIceISIS, an online campaign targeting the group’s digital presence. At around the same time, analyst friends studying ISIS noticed that their sites and social media accounts were also getting attacked. Realizing that they’d gotten caught up in this vigilante assault against ISIS, my friends eventually found the Anonymous attackers and explained their role. Soon after, a few of us noticed that The Shield (@an0nshield), a Twitter account offering protection from these sorts of accidents, had started following us.
Were Anonymous’ actions effective? Probably not. I believe that this entire episode was merely an expression of the confusing world of cyberwarfare that is increasingly going to dictate contemporary conflict.
But the link between Anonymous and ISIS is more complicated than this first blush suggests: Individuals have shifted from one group to the other. Take, for example, 18-year-old Junaid Hussain, aka hacktivist TriCk, former head of a collective known as TeaMp0isoN that aligned itself with Anonymous for a while. Responsible for a juvenile series of hacks, like the disruption of Britain’s counter-terrorism hotline and leaking information from the email account of an assistant to former UK Prime Minister Tony Blair, Hussain was jailed for six months. Upon his release, he ran off to Syria, where he became a key figure in the ISIS online community, heading up the very CyberCaliphate that Anonymous was later to target.
There’s a sort of logic to this ideological shift – both ISIS and Anonymous ultimately espouse anti- establishment narratives – but Hussain’s tale of switching sides with such alacrity shows only one aspect of the complicated nature of modern cyberwarfare.
Sometimes even the attribution to a non- state group is fake. In April 2015, the French television channel TV5Monde was knocked off air for 18 hours as hackers claiming to be the CyberCaliphate took down its Facebook page and website, and leaked documents allegedly linked to French soldiers fighting ISIS. Yet, soon after the news emerged, investigators started to question the link to ISIS, pointing out that the hackers were using servers which had earlier been connected to hacks linked to the Kremlin. Furthermore, grammatical errors in the messages released by the group proved that the code had been typed on a Cyrillic keyboard and compiled during business hours in Moscow. It all pointed to a state- sponsored Russian attack. Why Russia wanted to target a French TV station like this was unclear, and the nature of the attack worried those who thought it could be an attempt by Russian state-backed hackers to test Western systems.
The most dramatic online attack on a media company, however, came on November 24, 2014 when a group calling itself the Guardians of Peace attacked Sony. It shut down computers, wiped out critical company infrastructure, leaked awkward emails and copies of unreleased film scripts. The US government eventually identified the attack to have emanated from North Korea, allegedly infuriated at the Sony film The Interview, about the attempted assassination of its leader. In an apparent state-level sense of humour failure, Pyongyang decided to lash out against the company. The United States’ response was even blunter, knocking the North Korean Internet (essentially a national-level intranet) offline for a period of days.
The state vs state conflict online seemed fairly straightforward. But an attack two years earlier, whose provenance was never formally confirmed, showed the dangerous potential of an aggressive cyber attack. During the month of Ramadan in 2012, workers at Saudi Arabia’s national oil company Saudi Aramco suddenly noticed that files were disappearing, and 36,000 computers were wiped clean. Engineers panicked and started ripping out cables to disconnect machines from the internet. In a single stroke, a company that’s responsible for almost 10 per cent of the world’s oil production had been returned to a pre-computer era, relying on faxes, typewriters and internal mail systems. For almost two weeks, Saudi Aramco was barely able to function, and was forced to buy some 50,000 hard drives to get its system back online.
While formal attribution was never uncovered, the attack came a couple of months after the New York Times had published an in-depth article, sourced to American officials, indicating that the United States and Israel had teamed up to launch a sophisticated cyber attack on the Iranian nuclear programme. Called Stuxnet, the attack specifically caused centrifuges associated with it to spin too fast, destroying them. For years prior to the revelations, Iranian engineers had been perplexed by this apparent failure in their system. The Saudi Aramco attack, a couple of months after this admission in the American press, may have been an Iranian effort to demonstrate its own offensive cyber capabilities against a close American ally and long-time enemy.
The reality, however, is that cyberwarfare is something that can be conducted without any attribution or claim. Those at the receiving end might have their suspicions, but it is difficult to be certain. Countries often use proxies or purposely establish patterns in their online activity to suggest a different provenance. Anonymous, ISIS or state actors like the United States, China or Russia could all be behind an attack, advancing their own malevolent intentions. Unlike the clarity of dystopian movies like The Terminator or The Matrix, where evil machines use AI to take over the planet, the reality of modern cyberwarfare is a confusing mess of suggestive leads with no clear enemy in sight.
Raffaello Pantucci is Director of International Security Studies at the Royal United Services Institute (RUSI) in London, where he continues to worry about how much he relies on his computer.