List of Abbreviations
Chapter 4. New Models
4.2 Information Warfare Model
4.2.7 Application of the IW Lifecycle Model
4.2.7.4 The Wikileaks Incidents – Cyber-based Conflict and Intelligence Warfare
This case study comprises of a number of sub-incidents, making it the most complex of those considered. The initial incidents comprised of four releases of leaked documents; the eventual retaliation to this resulted in a series cyber-attacks and counterattacks. The releases of the documents can be attributed to intelligence warfare in that potentially sensitive information on coalition activities were made public; as were some of the operations of Wikileaks (Gilligan, 2010).
The cyber-attacks can be seen as exhibiting an action-reaction cycle which may indicate how an actual cyber-war between nation states would occur.
The Wikileaks releases made the information of US and coalition military and diplomatic activities available online for public consumption throughout 2010; the initial response was condemnation and an investigation into the original leak (Poulsen & Zetter, 2010). The releases appeared to be publicised by media partners of Wikileaks. The release of diplomatic cables resulted in a stronger retaliation, where Wikileaks was targeted directly and setting of counter-attacks; a chronology of the incident is presented here:
April 2010: A video was released showing journalists being fired on by a helicopter gunship (Bronstein, 2010); the accuracy of some claims regarding the video were questioned (StrategyPage.com, 2010b).
June 2010: A US intelligence analyst was arrested after the investigation; he appears to be the source of all leaked documents (Poulsen & Zetter, 2010).
July 2010: Wikileaks releases war logs from Afghanistan (Poulsen, 2010).
121
October 2010: Wikileaks releases war logs from Iraq (Stewart, 2010).
29 November 2010: Wikileaks releases diplomatic cables and information on US cyber- intelligence; this results in a DDoS attack against the Wikileaks website by a pro-US hacker (Goodwins, 2010).
Due to US pressure, Paypal, Visa, Mastercard, Amazon, and Swiss bank Post Finance block Wikileaks accounts; and the Wikileaks website is removed from the Internet domain registry (Walker, 2010). The IP address and content is made available on various websites supporting Wikileaks. Queries regarding the finances of Wikileaks are raised, and rape allegations against its founder re-surface (Gilligan, 2010).
4 December 2010: The hacker group Anonymous conduct a DDoS attack against the PayPal blog in support of Wikileaks (Walker, 2010).
6 December 2010: Anonymous attacks the main websites of Post Finance and PayPal; a pro-US hacker counterattacks Anonymous (ibid.).
7 December 2010: EveryDNS (who delisted Wikileaks), a US Senate website, Post Finance, the prosecutors of Julian Assange and the rape accuser lawyers are all targeted by Anonymous;
who experiences another counter-attack (ibid.).
8 December 2010: The attack on the lawyers continues; Mastercard, Visa, and PayPal are targeted. Twitter disables the Anonymous profile (ibid.).
9 December 2010: PayPal continues to be targeted and Amazon is attacked by Anonymous; the counterattacks against Anonymous also continue (ibid.).
The first iteration of the IW Lifecycle Model is as follows:
Initial Context: Wikileaks and apparently disillusioned US intelligence analyst may have been motivated to discredit the US, but claimed to be promoting transparency.
Planning: The intelligence analyst had access to the relevant documents; Wikileaks had the technical capability to release the information globally. The possible ethical and legal ramifications did not deter either party.
Attack: Authorised access to a sensitive intelligence network was leveraged; Wikileaks then released these documents. Confidentiality of the information was breached in what appears to be pseudo intelligence warfare and potential PSYOPs (assuming the motivation was to discredit the US).
122
Defence and reaction: Initially the response was reactive by publicly condemning the releases;
the alleged original source of the leak was arrested after an investigation. The reaction and defence due to the release of the diplomatic cables was stronger; multiple financial institutions were pressured into closing Wikileaks accounts, and the website was delisted. This appears to be preventative; in that the delisting reduces the availability of the information to the public, and the blocking of the accounts hinders Wikileaks operations by removing finances. A DDoS attack against the Wikileaks website was also conducted by a pro-US hacker.
Consequences and influence: The international public opinion and support was divided;
political tension increased, and vigilante groups became more active.
The second iteration of the IW Lifecycle Model is as follows:
Altered context: Support and international public opinion is divided after Wikileaks has released a number of potentially sensitive documents; the alleged source has been arrested and the releases publicly condemned.
Attack: Diplomatic pressure was applied by the US to remove financial support from Wikileaks;
their website is also delisted. A vigilante has targeted Wikileaks with a DDoS attack. This is the reaction from the first iteration.
Defence and reaction: The IP address of the Wikileaks website was made available to allow access; other websites began hosting the content to support Wikileaks. The group Anonymous began targeting those organisations that withdrew support from Wikileaks.
Consequences and influence on context: US diplomatic pressure further polarised international opinion, and a pro-Wikileaks vigilante group began targeting institutions who withdrew support from Wikileaks.
The third iteration of the IW Lifecycle Model is as follows:
Altered context: The international community has been further polarised by US diplomatic pressure against Wikileaks, and additional opposing vigilant groups are conducting DDoS attacks.
Attack: Anonymous conducts DDoS attacks (network warfare) against financial institutions and other websites who supported the US.
Defence: The DDoS attacks by Anonymous appear to have been ignored by the victims in that there was no major reaction. Continued pressure resulted in Twitter removing the Anonymous account.
123
Reaction: Pro-US hackers counter-attacked Anonymous.
Consequences and influence on context: Frustration with Anonymous due to the inability to access websites probably reduced support for them. DDoS attacks and counter-attacks continued between pro-Wikileaks and pro-US hackers.