This is the sixth and final piece in a series of articles we will be featuring on Strife in the coming week looking at the role of Proxy Warfare in the 21st century by Series Editor Cheng Lai Ki. Previous articles in the series can be found here.
By: Elmer Hernandez
The declaration of war by Anonymous on the Islamic State (IS) directed public attention to what seemed to be an action movie plot: the hacker heroes against the terrorists. Some applauded the initiative, in what they feel is a needed response to Government inefficiency, while others mocked and denounced the declaration as nothing but the latest Anonymous attention-grabbing headline, soon to be forgotten. Neither credulous and naïve optimism, nor outright mockery, are adequate however.
Terrorist activity in cyberspace is widespread, fluid and hard to tackle. Their use of technologies like the internet, social media and encrypted means of communication, represent an escalating concern. Government efforts could still use additional specialized support, hacktivist and related groups are an interesting source to consider. Despite the media hype, Anonymous is nowhere near the only group in this struggle, the rise of Ghost Security Group (GSG) is a prime example of a new type of approach.
After splitting from Anonymous last fall, this particular group has become closer to private sector actors such as Kronos Advisory, and with Kronos’ founder Michael Smith as an intermediary, they have begun working with Governments. Smith “recognized the value of our work and began forwarding our data to appropriate parties in various states as it proved viable and pertinent” says GSG’s technology lead Raijin Rising[1].
GSG differs from a lot of current hacktivist initiatives, for instance some of the activities the group carries out appear to go beyond the efforts of many other groups in terms of complexity. Such activities include counter surveillance, cryptocurrency tracing, data mining and penetration testing. This has led many in the community to criticize GSG as moving away from hacktivism and morphing into some sort of security consultancy, but Raijin insists GSG is still well within the hacktivist realm, concerned with their own agendas when not aiding governments and private entities.
These groups can provide support to existing efforts. States already possess important capabilities to counter and detect terrorist activity through their intelligence and security agencies, such as GCQH, MI5 and MI6 here in the United Kingdom. They also work with private sector actors for a more effective approach, including companies such as Facebook. Nevertheless the authorities will eventually need the help of subversive groups, suggests Raijin. In fact he says authorities have already started developing cyber teams of their own to tackle IS activity, but nothings beats the experience of groups like his. “Groups like ours know the enemy already – we know their culture, their tools, their leaders and their methods”.
His statements are not to be taken lightly. Others have long been aware of the potential value of these groups, Russia is a worrying example. Pro-Kremlin proxy youth groups like Nashi have allegedly been used to censor opposition, as well as conducting espionage and cyber-attacks against other states[2]. There is also the more professional work of groups such as APT 28[3], although not much is known about their composition. Furthermore the Russian Federal Security Service (FSB) is allegedly recruiting hackers and developing cyber units to mobilize against IS[4]. It is evident the Russian State is aware of the benefits of fostering and maintaining hacker expertise as a vital resource that might otherwise prove hard to find[5].
These proxy-type examples do not represent a model liberal democracies should follow, but they should provide a wake-up call in that illiberal regimes are not ignoring an important resource.
Consequently it would be unwise to simply mock such idea without proper consideration. For those who are sceptical it must be noted that cooperation between security actors and hacktivists is not unprecedented, for example Cult of the Dead Cow offered and allegedly provided assistance to the FBI’s Magic Lantern initiative together with Microsoft [6]. Indeed the suggestion of the potential of hacktivists as assets for national cybersecurity is not a new one, it has been made at least since the turn of the millennium[7].
However, and despite what we could consider as a boom in hacktivist activity in the past 8 years, such suggestion is still not taken seriously enough. “Working with ‘hacktivists’ is still a taboo subject for most entities and most would never admit at this time to using or receiving our information” Raijin recognizes. Understandably, governments and law enforcement might be reluctant to cooperate with hacktivists and hackers, perhaps out of fear of appearing incompetent and inefficient for accepting the help of vigilante groups and individuals.
Some will say that government need not refuse such help, but simply keep it hidden and deny any such links. Interestingly enough Raijin himself suggests that those benefitting from their work would appreciate GSG to continue operating silently too. Silence notwithstanding it would be naïve to think governments are currently rejecting contributions from hacktivist groups. There are claims of hacktivists efforts having prevented attacks, GSG’s work has allegedly prevented violence in various places from Tunisia to New York, while other Anonymous affiliated initiatives have reportedly done the same in countries like Italy.
Those demanding proof and acknowledgement by the relevant authorities will probably remain unsatisfied, but such critics do not seem to understand what they are asking for. Fears of perceived incompetency and inefficiency by authorities are not the only reasons for the lack of evidence. If this cooperation is taking place, as it seems to be, and is proving effective, it makes little sense to compromise any aspect of this relationship only for the sake of appeasing sceptics or giving hacktivist groups public acknowledgment. Cooperation with hacktivists will most likely never be officially recognized, this seems to be their inevitable fate.
While disappointing, Raijin highlights how public recognition is not their prime goal “our mission is to save lives and put a stop to sickening brutality…. We didn’t start this fight for fame”. Similarly it is not important for him to prove anything to any outsiders, claiming that the group nevertheless has the relevant evidence, “we save everything and we have the documents and screenshots that were used to validate specific threat vectors that were forwarded to entities”.
Within the hacktivist community, some consider it foolish and dangerous to get too close to government while others condemn any form and degree of such cooperation[8], in what they see as a naturally antagonistic relationship. If wider efforts are to be effective however, cooperation with authorities is paramount. Hacktivist groups can contribute to existing governmental efforts only if they have the right coordination, this is important for two reasons.
First, the independent initiatives of various hacktivist groups have the potential of disrupting already ongoing operations by authorities. Intelligence is vital, common hacktivist action such as web defacements, distributed denial of service attacks and any sort of meddling with key social media accounts can deprive authorities of important sources of information. GSG claim they have become aware of this, and have moved away from what they describe as brute force methods and instead focus on more intelligence related operations.
Second, many other hacktivist activities have been strongly criticized for their lack of quality which can affect innocent people. Anonymous is a relevant example, doxing campaigns have proved to be inaccurate and have put people who have nothing to do with IS at risk. Even GSG themselves are not free from these types of criticism, which goes to show the deep scepticism that exists towards any sort of non-governmental efforts, no matter their apparent level of sophistication.
Despite of such issues Raijin remains confident about the value of the work of independent groups, “We’ve already shown that our work can responsibly provide actionable intelligence…”. The prospect of increased incorporation of hacktivist efforts into a wider multilateral initiative “is looming on the horizon”, but it is no certainty. Raijin says that so far authorities seem to be mimicking their efforts by creating teams of their own instead of tapping into their experience, perhaps a balance can be struck. One thing is clear however, it makes little sense to ignore extra technical expertise that could provide a helping hand to existing efforts; the hacktivist initiative should not be rejected but guided.
Elmer Hernandez is an MA student in Intelligence and International Security. His academic interests include hacktivism, surveillance and cybersecurity especially within Latin America. He is available for contact at [email protected].
Notes:
[1] Interview with Raijin Rising, transcript included.
[2] Jose Nazario. Politically Motivated Denial of Service Attacks. (Conference on Cyber Warfare,
- NATO Cooperative Cyber Defence Centre of Excellence [CCDCOE] 2009).
[3] FireEye. APT 28: A Window into Russia’s Cyber Espionage Operations? (2014).
[4] Eugene Gerden. ISIS vs Anonymous - and Russia? (SC Magazine 2015).
[5] Keir Giles. “Information Troops” – a Russian Cyber Command? (Proceedings form the 3rd International Conference on Cyber Conflict, 2011) pp. 54-55.
[6] Dorothy E. Denning. Cyber Conflict as an Emergent Social Phenomenon. In: HOLT, T. J. & SCHELL, B. H. (eds.) Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. (New York: Information Science Reference 2011).
[7] Mark G. Milone. Hacktivism: Securing the National Infrastructure. (The Business Lawyer, 58,
383-413, 2002).
[8] David Gilbert. Anonymous Is Hacking ISIS, But Warns Collaborating With US Government Is ‘Deeply Stupid’. (International Business Times 2015)