Friday, October 05, 2007

People's Information Warfare Concept

Malicious Culture of Participation

DoS battle stations operational in the name of the "Please, input your cause". Preventing a malware infection in order to limit the possibility for the host to become part of a botnet that will later one start a large scale DDoS attack is such a rational thinking that information warriors truly understanding what information warfare is all about, tend to undermine. The recently discussed "people's information warfare" concept highlighting China's growing interest in the idea, is a great example of a culture of participation orbiting around hacktivism cause, a culture we've also seen in many other hacktivism tensions in the past, and will continue to see in the future. The entire concept is relying on the fact that the collective bandwidth of people voluntarily "donating" it, is far more efficient from a "malicious economies of scale" perspective, compared to for instance the botnet masters having to create the botnet by infecting users in one way or another. Moreover, empowering an average Internet user with diversified DoS capabilities is directly increasing the nation's asymmetric warfare capabilities in an event of a hacktivism war.

Furthermore, the majority of DoS or DDoS flooding tools have a relatively high detection rate, but when people want to use them, they'll simply turn off their anti virus software, the one they use to prevent malware infections, but in a "people's information warfare" they can go as far as consciously becoming a part of a hacktivism centered botnet. Take this DoS tool featured in the screenshot for instance, it has a high detection rate only if the anti virus software is running, but in situation where a "malicious culture of participation" is the desired outcome it doesn't really matter. Donating their bandwidth and pretending to be malware infected is far more dangerous than botnet masters acquiring DDoS capability by figuring out how to infect the massess. It's one thing to operate a botnet and direct it to attack a certain site, and entirely another to be infected with a malware that's DDoS-ing the site, a situation where you become an "awakened and fully conscious zombie host".

Examples of the "People's Information Warfare Concept" :

- During the China/U.S hacktivism tensions in 2001 over the death of a Chinese pilot crashing into an AWACS, Chinese hacktivists released mail bombers with pre-defined U.S government and military emails to be attacked, thus taking advantage of the people's information warfare concept

- The release of the Muhammad cartoons had its old-school hacktivism effect, namely mass defacements of Danish sites courtesy of Muslim hacktivists to achieve a decent PSYOPS effect online and in real-life

- The Israel vs Palestine Cyberwars is a great example of how DIY web site defacement tools were released from both sites which resulted in a web vulnerabilities audit of the entire web space they were interested in defacing to spread hacktivism propaganda

- Cyber jihadists taking advantage of the "people's information warfare" concept by syndicating a list of sites to be attacked from a central location, and promoting the use of a Arabic themed DoS tool against "infidel" supporting sites

- What exactly happened during Russia's and Estonia's hacktivism tensions? The voting poll that is still available indicates that people believe it was botnet masters with radical nationalism modes of thinking. But judging from the publicly obtainable stats, ICMP often comes in the form of primitive DIY DoS tools compared to the more advanced attacks for instance. Collectivist societies do not need coordination because they know everyone else will do it one way or another.

Power to the people.

Turkish hackers target Swedish Web sites - "Hackers in Turkey have attacked more than 5,000 Swedish Web sites in the past week, and at least some of the sabotage appears linked to Muslim anger over a Swedish newspaper drawing that depicted the Prophet Muhammad's head on a dog's body. Around 1,600 Web sites hosted by server-provider Proinet and 3,800 sites hosted by another company have been targeted, Proinet spokesman Kjetil Jensen said Sunday. Jensen said hackers, operating on a Turkish network, at times replaced files on the sites with messages."