• United States



by Brian Krebs

The cyberwar will not be streamed

Dec 20, 20106 mins
Critical InfrastructureNetwork SecurityTechnology Industry

Brian Krebs on careless use of 'cyberwar' terminology in the wake of Wikileaks

In early 2000 — ages ago in Internet time — some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafiaboy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.

It wasn’t long before the antics from novice hackers like Mafiaboy were overshadowed by more discrete attacks from organized cyber criminal gangs, which began using these distributed denial-of-service (DDoS) assaults to extort money from targeted businesses. Fast-forward to today, and although vanity DDoS attacks persist, somehow elements in the news media have begun conflating them with the term “cyberwar,” a vogue but still-squishy phrase that conjures notions of far more consequential, nation-state level conflicts.

[ Also read Krebs’ FCC must make ISPs crack down on spammers ]

If any readers have been living under a rock these last few weeks, I’m referring to the activities of Anonymous, an anarchic and leaderless collection of individuals that has directed attacks against anyone who dares inhibit or besmirch the activities of Wikileaks, an organization dedicated to exposing secret government documents. To date, the Web sites attacked by Anonymous include,,,, and, among others.

I could find no entry in the latest Merriam Webster dictionary for “cyberwar,” but I’m guessing that when the word does appear it will attempt to define a virtual conflict between nation states and/or industries designed to give the aggressor some kind of immediate or long term strategic, tactical or economic advantage.

The consensus of experts seems to be coalescing around a definition of cyberwar in which either the attack is launched in combination with a kinetic or traditional physical assault, or is conducted stealthily (the Stuxnet worm probably fits this latter definition). In either case, it is highly likely that the cyber element of an attack won’t be clearly understood until well after the damage is done.

Members of Anonymous have claimed that their attacks are against those who threaten the free speech rights of Wikileaks, but recent actions by some members reveal the thinness of this claim: On Thursday, Anonymous members began attacking and subsequently disabling the Web site of Arbor Networks, after the latter posted a lengthy analysis showing that earlier Anonymous attacks were simple and paled in comparison to more directed and serious attacks.

“Despite the thousands of tweets, press articles and endless hype, most of the attacks over the last week were both relatively small and unsophisticated. In short, other than intense media scrutiny, the attacks were unremarkable,” Arbor’s Craig Labovitz wrote.

True, most of the classified cables released by Wikileaks so far haven’t exactly been bombshells, but even the more banal and obvious leaks appear to have already damaged U.S. relations with other nations. At the same time, the mass publication of classified documents by Wikileaks isn’t helping the cause of individual free speech — namely, proposed protections for journalists and for lone whistleblowers who speak out. For example, the U.S. Congress has all but closed up shop until January, without passing either a federal journalist shield law or a whistleblower protection law: In both cases, opponents cited Wikileaks as a major reason for withholding full support of the measures.

Largely unmentioned in the media coverage of this supposed “cyberwar” is the very valid criticism that Anonymous has latched onto the Wikileaks scandal mainly to elevate its own status, and for the sheer drama of it all. It is worth noting that while Wikipedia has become the go-to, open source Internet encyclopedia, Anonymous has developed its own Wikipedia: Encyclopedia Dramatica, which according to Wikipedia exists to satirize “both encyclopedic topics and current events, especially those related to or relevant to internet culture.”

Military and security experts have been reluctant to use or encourage the use of cyberwar weapons — and not simply because developed nations have the most to lose from such a skirmish. Part of the problem is that just as hi-tech guided missiles can sometimes miss their mark, even precision cyber attacks can cause collateral damage, disrupting neighboring networks and servers (lost in all of the speculative reportage on the Stuxnet worm as an agent of the U.S. or Israeli government bent on hobbling Iranian nuclear ambitions is the reality that this same threat spread to U.S. and allied critical systems).

What’s more, correctly attributing a cyber attack to a specific aggressor often is challenging. Anonymous learned this over the weekend, when it was quickly blamed for attacking and crippling The attack came this week after the anti-spam group warned that a Wikileaks mirror – – is hosted on a Russian Internet provider that has a history of being friendly to a large number of domains associated with cyber criminal activity. When contacted at their IRC channel, several Anonymous activists denied that the group had anything to do with the attack on Spamhaus, and the topic in that chat channel had been changed to “We’re not ddosing spamhaus”. Meanwhile, remained unreachable for some time.

This editorial isn’t meant to denigrate or diminish the threat from DDoS attacks. As Arbor’s Labovitz noted, “the trend towards militarization of the Internet and DDoS used as means of protest, censorship, and political attack is cause for concern (the world was a simpler place when DDoS was mainly driven by crime, irc spats and hacker bragging rights). Overall, DDoS fueled by the growth of professional adversaries, massive botnets and increasingly sophisticated attack tools poses a real danger to the network and our increasing dependence on the Internet.”

Instead, I hope the media will exercise a bit more restraint in tossing around volatile terms like cyberwar, particularly to describe the antics of a group that has a well-earned reputation for attention-grabbing stunts and lampooning just about everything. At best, such flattery may only encourage copycat attacks; at worst, it trivializes the far more serious issues raised by the Wikileaks scandal.

CSOonline contributor Brian Krebs previously covered security for the Washington Post. He blogs at