OPINION & ANALYSIS


Opinion: Is BART actually fueling the fire for Anonymous protests?

23 August 2011 – By Damon Baldini

I have been following events surrounding the Anonymous OpBART protest since the announcement of the first protest to be held on Monday 15 August 2011 at the Civic Center station.  Normally, CYBERWAR_NEWS would not be following an on the ground protest but the opening salvos fired by Anonymous included hacking and posting personal information from the MyBART.org website.  Members of Anonymous also hacked into the website of the BART Police Officer’s Union and posted the personal information of just over 100 officers as well and that did catch my attention.

After members of Anonymous launched their cyber attack on Friday the 12th, Linton Johnson tweeted that he was called of from his vacation in order to deal with “those who think it is OK to put our passengers in harms way”.  After conferring with the BART police department, Linton Johnson decided that the underground mobile phone service would be cut off in order to keep protesters from using that service to coordinate their protest.  Mr. Johnson indicated that he made this decision on his own and the BART board was not contacted in the decision making process.  Mr. Johnson stated cutting off the cell service was a “gut-wrenching” decision and it was made in the interest of passenger safety over others rights to protest.  My only guess is that this decision was made out of inflated fears over what was happening in the UK and the reports that the media made that the rioters were using mobile devices to coordinate the riots.

Here is where the issue could have ended.  For some unknown reason, rather than apologize for turning of the cell phone service when the criticisms of violations of free-speech rights began to emerge, BART went out and began to publicly argue the validity of its bad decision.  Rather than plead a mea culpa and emphasis that the decision was made in interest of the safety of their passengers, BART spokesman Linton Johnson went on the offensive and made several press conferences where he stated that there is no right to free speech on the BART platform and constitutional rights end the moment people walk through the turnstiles.

Here is where the metaphorical lose-lose situation occurs when an unstoppable force (Anonymous) meets and immovable object (BART).  Anonymous is not an organization that can be stopped per se.  Despite the pending FBI investigation into the hacks, Anonymous is not just one person that you can arrest.  The organization is an entire idea whose whole raison d’ etre is to fight against oppressive organizations and for the rights of the common man.  Unfortunately, the world has no shortage of people, governments or corporations who think it is quite alright to wrong the rest of humanity.  Anonymous is actively looking for the fight and quite frankly, BART played into their hands.

Here is the kicker, we all know from third grade civics class that it is not lawful to yell ‘fire” in a crowded theater despite the fact we as American’s have protection of speech under the U.S. Constitution.  As Americans we all know the limits to our personal freedoms end when exercising those liberties cause harm to others.  The fact that we as a society behave as such is called the “reasonable person standard” in legal circles.  Yet for some reason, the BART leadership wants to make a point that its organization has the ultimate authority to interpret the constitution, dictate social norms and decide where and when free speech is allowed on its state owned and publicly funded property.

Unfortunately, the longer both Anonymous and BART both battle it out in the media for the legal and moral and high ground, the longer these protest will continue.  The more and more BART continues to push back to and try to win their faulty argument, the more Anonymous will intensify its efforts at disrupting BART operations and make their point about personal freedoms.  In the end I am afraid that the one thing that BART was trying to avoid will end up become a self-fulfilling prophesy.  The losers in this no-win contest will be people of the Bay Area when the entirely avoidable injury or death takes place over an issue that could have been handled with more diplomacy.





Employing Social Media and Network-Centric Warfare to Takedown LulzSec


18 August 2011 – By Damon Baldini



Modern law enforcement seems to be struggling with its ability to stop leaderless criminal organization in cyberspace.  The anonymity of the internet leaves traditional gumshoe methods and techniques of criminal investigation, well - flatfooted.  Modern criminal gangs no longer meet on street corners or in neighborhood “social clubs”.  Gone are the days where law enforcement could gain intel on criminal activity by staking out with an unmarked patrol car; modern criminal gangs often meet up in IRC - far away from the prying eyes of law enforcement.

While these organizations often take to the Internet to remain anonymous, they have not given much thought to secrecy.  The activities and planning details are often telegraphed in advance in social media forums.  In fact, leaderless organizations in the digital age can only thrive in an environment where there is a free flow of easily accessible information that does not compromise the identity of the participants.  What these organizations gain in strength by anonymity, they loose in their ability to remain secretive due to their transparency.
 
Since leaderless organizations do not have a pyramid-type leadership hierarchy, it is not possible to topple this type of organization with a traditional “decapitation” attack.  Leaderless organizations act like computer or infrastructure networks.  In order to bring down the network, you must attack the critical nodes of the network.  Bring down enough nodes and the entire network will fall apart.  This is an ideal tactic to use on an organization like al Qaeda; find the main hubs or “nodes” of the organization and systematically take them down.  Eventually, the effectiveness of the organization is diminished and eventually will fall victim to questions of strength and relevancy.

What if you are trying to take down just the criminal elements of an organization like Anonymous?  Despite medial portrayals, the actual criminal element of the movement is a small fraction of the whole.  By employing the principles of network centric warfare, the major nodes of the criminal element can be identified.  A plan can then be set in place to neutralize those undesirable sub elements without damaging the network as a whole.

We can use Twitter to determine the critical nodes of the Anonymous collective.  By monitoring hash tags (#), mentions (MT) and retweets (RT) traffic over a period of a few days, a picture or the major nodes of the network will begin to emerge.  The major nodes will be the pivot point for operational information as well as any general chatter about the movement.  A quick review of individual profiles will show that major nodes will generally have a 4-5 digit following and their tweets will be in the 4 digit range.  The actually number of individuals that these major nodes follow will be in the 2-3 digit range.  I like to use a step up rule for classifying a major node (following, tweets and followers) in a 2-3-4 or 3-4-5 step progression.  The larger the ration of progression, the more significant the size of the node.
 Once you have isolated the major nodes, you can look for the minor nodes as well.  These nodes are often where you will find your factions within the organization.  Here is often where you will find the criminal element at work.  In order to crack this node you will need to employ the following steps: Identification, Documentation, Exposure, Isolation and Incarceration.

The first step is to map all the associations and main members of the group.  Despite being part of a leaderless organization, you will generally find there is a central figure(s) in which the other members gravitate.  You will want to monitor these individuals closely and begin your investigation with any intelligence that is gathered in their tweets or chats.  The second step is to document all of the activities that this organization undertakes.  This information will come in handy for the next three steps.
A wide campaign of exposure must take place in order to bring to bear public awareness and to help stem any materiel support that the criminal component may be siphoning off of the larger organization.  A well coordinated exposure campaign should document the actual harm posed to individuals rather than the organizations that they attack.  Human beings have empathy for other human beings, not corporations.

Two methods can be employed in order to completely isolate the dark node from the remainder of the group.  Early elimination of key members can provide a tactical advantage to law enforcement, thereby reinforcing the public awareness campaign and also providing some human intelligence.  In addition, continual public awareness campaign will eventually make the dark node a liability and therefore facilitate their complete isolation from the larger organization.  Once isolated, dark nodes lack the resources and manpower to continue their operations and will either burnout entirely or eventually are swept up by law enforcement.

For proof of concept, I submit the example of LulzSec.  After their initial 50 day rampage they decided to grab some cover by associating themselves with the Anonymous AntiSec movement.  While the LulzSec hackers would have preferred to disappear in the anonymity of Anonymous, both internal organizational pressures and external media publicity kept the spotlight on LuLzSec.  A central leader was identified as AnonymouSabu from which the LulzSec members took orders.  As critical mass and arrests of key members mounted, association with LulzSec was seen as a liability.  LulzSec were effectively cut off from the Anonymous manpower pool and once that occurred, they were unable to effectively complete anymore operations.  Despite some insider media attention (winning a Pwnie) the relevance of the organization died.  At the time of the writing of this article,  another  key member, Kayla identified as Lolspoon, had her Twitter account temporarily suspended.  Whitehat hackers have been hot on the trail of Sabu and may have positively identified him as a person who was bartending at a vendor party during DefCON 2011.  AnonymouSabu has since announce his “retirement” à la Keyser Söze

White House Cyberspace Policy Review - Are we too late to catch up?

By Damon Baldini

President Barack Obama directed a 60-day comprehensive review be conducted of the nation’s cyber
security policy and procedures as they relate to national security and securing critical infrastructure.
The review team was comprised of a cross-section of cyber security experts from government, academia
and industry. Their report, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure was released with recommendations that outline a new way forward
toward building and protecting a reliable and secure national digital infrastructure.

It comes as no surprise that the review panel reports that the federal government is woefully under
prepared for the daily onslaught of cyber-attacks this nation faces. The American people have
been reading headlines that the Chinese government has been stealing our national secrets via
cyber espionage for years. Now it seems you can find stories in the news about how post-Eastern
bloc cybercriminals are raking millions from U.S. citizens every day. The government seems almost
overwhelmed to the point of paralysis with how to handle the problem. Despite a handful of high
profile arrests, hactivist groups like Anonymous continue to take down the websites of the CIA and the
FBI with ease.

As the report states, The United States is indeed at a crossroads and the national discussion about cyber
security needed to happen… like yesterday. The United States can no longer afford to rely on passive
security measures to protect our economy and our critical infrastructure. Just as our two oceans no
longer protect us from distant threats in the nuclear age, we can no longer depend on mere firewalls
and out dated security protocols to protect us from advanced persistent threats in the information age.
We need to act boldly. It is time to rally the whitehats (and maybe convert some grayhats) and get on a
war footing with cyber security.

If you were expecting some light saber rattling while reading the President’s policy review, you will be
sadly disappointed - this is not a war doctrine. Expect the actual battle plans to be drawn up by the
likes of the DOD, DoJ and the intelligence agencies as they define the appropriate retaliatory response
for each type of cyber offense. In the past, dealing with cyber-attacks was often left up for grabs to
whichever agency happened to get involved in the issue first. In the future you can expect to see more
formalized joint operations being conducted between the FBI, CIA, DOD and the DHS in going after the
bad guys. Theoretically, the decision to send some JDAMs down your smokestacks for state-sponsored
hacking versus aggressive home visitations by federal law enforcement for run-of-mill credit card
cybercriminals will now come from a central response command.

Unfortunately, like most policy review documents this one is a snoozer. There are the predictable
recommendations for the appointment of a policy official who has the responsibility of coordinating the
efforts of multiple agencies dealing with cyber threats; and the creation of a bureaucracy to facilitate
the same. In fact, most of the near term action items have to do with building the structure in which
to deal with the cyber security program. Two other items have to do with developing a national public
awareness campaign to promote cyber security and the development of a cyber-security incident
response plan. Honestly, I think the American people already know about the risks that the Internet
poses and the cyber threats that are out there. I am a bit troubled however that after 25-plus years
of the existence of the Internet our government is finally getting around to writing a cyber-incident
response plan. What took so long – hasn’t anyone in government security seen that 1983 movie

The policy reviews suggests that our nation needs to build up our cyber defense infrastructure in
order to help us mount an adequate response to the current and future threats we face. This plan
calls for partnering with the private sector and to begin retooling our education system in order to
train new people to help with mitigating threats to our infrastructure. Here we are confronted with
yet another “Sputnik moment” and frankly we should be concerned that our nation’s attention is
just spread too thin at the moment to deal with this issue adequately. Our focus is currently divided
between three wars (Iraq, Afghanistan and Libya), a trillion-dollar budget deficit, a lingering economic
recession, a looming energy crisis and increasing tension with China.

I watched an Al Jazeera news segment last week that claimed that China has hundreds of thousands of
patriotic “Red Guest” hacktivists who support the Chinese government by hacking into foreign computer
systems to steal secrets and to infiltrate critical infrastructure systems. They also attack anti-China
websites and help their domestic websites improve security. Their raison d'être is to help China push
back against what they view as the global imperialism of the United States and the increasing Japanese
militarism in the question of Taiwan and in the Horn of Africa. Meanwhile, in America our hactivist are
mounting “protest” by taking down the websites of PayPal, Sony Games and the FBI – sometimes just
for the lulz.

Taking all this information into context, you can understand why I am concerned about the future of
America’s cyber security. America is way behind the power curve and given our cultural inability to be
proactive against intangible threats, I fear that it will take a digital “Pearl Harbor” type event before we
act. I do not want to come off sounding like a fearmonger, but the time to act is now and we need to
move quickly. Hopefully we will be able to get a suitable cyberspace defense plan in place before China finishes building our F-35 Joint Strike Fighter before we do.

No comments: