Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


How to Stop Political Attacks

Experts advise users on how to defend themselves against cyber-terrorism, cyber wars, and hacktivism

Not all hackers are motivated by money. In fact, there is a growing number of politically-motivated attacks on businesses and government agencies, and the methods they use are different -- and potentially harder to stop -- than their cash-hungry counterparts, experts say.

Is your company ready to stop them?

The cyber battle between Russia and Estonia is just one example of the current trend toward the use of computers for political gain, industry observers say. Whether they are cyberterrorists trying to coopt or disable a nation's leading business, "hacktivists" mining the sensitive data of a target company, or ticked-off customers trying to deface your Website, many cyber criminals are using hacking to make their point. (See DOS Gets Political in Estonia and Estonian Attacks Raise Fears of Cyber 'Nuclear Winter'.)

"I suspect I could start a Website called 'Death to Western Civilization.com' and get a couple thousand paid subscribers in a very short time," says Andrew Colarik, an IT security consultant and co-author of Cyber Warfare and Cyber Terrorism, a book published earlier this month. "There are a lot of people on the Web who are influenced to join these movements."

But defending your company against politically motivated attackers is a different challenge than defending it against financially motivated criminals, experts say. You can't just follow the money.

"Attackers will scour Websites associated with a country's government and find flaws in them -- even in some of the most out-of-the-way portions of their Web presences -- and deface them with political messages," notes Jose Nazario, senior security researcher at Arbor Networks, which tracks security incidents.

In its study of Estonia, Arbor Networks recorded 128 unique denial-of-service attacks on Estonian-based URLs. Most lasted less than one hour, with the longest lasting 10 hours and 30 minutes. At its peak on May 9, the attack shut down up to 58 sites at once.

Are businesses at risk from this sort of all-out attack? "In some cases, they could be," Colarik says. "Unless they have a personal grudge against a particular company, most politically motivated attackers will go after high-value, prominent companies -- the IBMs, the Yahoos, the Amazon.coms. It's all about exerting power, so in most cases, they'll go after the companies that have the most money or power."

"It's a pretty tricky [question], but I think it comes down to companies that are extremely intertwined -- and visibly so -- with the government," says Nazario. Key defense contractors fall into this category, but most attackers who want to make a statement about government will usually target the government systems themselves, he says.

So far, DOS attacks, such as the ones seen in Estonia, are the most frequent vector used by political hackers, experts say. Web defacement is another popular political statement, particularly among hacktivists, who are generally trying to make their voices heard by the target company as well as the viewing public.

But those are not the only exploits used by political attackers. "We've seen hacktivists tap into, say, a Congressman's Outlook folders to steal his schedule," Colarik says. "Or they might put spyware on the machine of an administrative staffer -- someone who's not tech-savvy -- so that they can collect data and pass it over to a political opponent."

In some cases, an insider may play a role in the hack. "In banks, for example, an employee might collect data and sell it, and it may end up in the hands of a [politically-motivated] interest."

So what should companies do if they fall into the realm of potential political target? The IT organization should do its best to keep a low profile and decentralize as much as possible, Colarik advises. "If your organization is decentralized but your IT operations are not, you aren't decentralized," he says. "Most of these attackers work in small, local cells, so spread out your systems to give yourself some protection.

"If you're in the AT&T computer operations center, you don't put a big sign up on the building that says 'AT&T Computer Operations Center.' " This principle applies to the logical side of security as well, and IT organizations in high-profile companies should take advantage of Internet service providers' abilities to anonymize IP addresses and email server addresses so that they can't be readily identified with the company.

Nazario agrees that the best strategy is for the company to keep a low political profile. "Protect the brand, keep it out of the negative press, and don't become associated with activities that would give rise to the kinds of nationalist 'retaliation' attacks we see," he advises.

Both Nazario and Colarik say companies should develop a close relationship with their ISPs. "Work with the providers to ensure that if a DOS attack comes your way that you have adequate response measures in place to thwart the attack and repel the traffic," Nazario says, adding that companies should continually audit all Websites under the brand name to ensure that flaws don't allow attackers to penetrate an out-of-the-way server.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also ...
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that create...