Since the deadly shootings in Paris Jan. 7, cyber attackers have hit 19,000 French websites, mostly with denials of service. Admiral Arnaud Coustilliere, head of cyberdefense for France's military, said today "that's never been seen before. This is the first time that a country has been faced with such a large wave."
The targets vary widely -- everything from military regiments to pizza shops, according to the Associated Press. The perpetrators, however, are mainly well-known Islamic extremist hacking groups -- including the Middle East Cyber Army, Fallaga team, and Cyber Caliphate, the group that took responsibility for hijacking some American organizations' Twitter accounts this week.
"I think what we're seeing in France is more or less natural escalation of cyberwarfare by non-organized groups of cyber-militia," says Guy Levy-Yurista, senior vice president at MicroStrategy. "While impressive in terms of scale, it's not surprising ... It's the next logical step in this overall cat-and-mouse game."
Levy-Yurista says that these attacks do not demonstrate the sophistication -- neither the tools nor the talent -- of nation-states and organized terrorist groups.
This flood of attacks may be unprecedented, but it is not the first time that cyberattacks have boomed during times of sociopolitical upheaval. Researchers from FireEye found a spike in malware traffic leading up to the intense conflicts between the Ukraine and Russia in March.
DarkReading spoke to Kenneth Geers, senior global threat analyst for FireEye at the time when the research was released. Geers theorized that nation-states may use malware to gather intelligence while planning a possible military maneuver:
'You can find cyber operations that will tip you off to something coming, a pending attack,' he says. 'Cyber activity is usually a reflection of real-world activity. You have to inform each with some knowledge of the other. Cyber war, for lack of a better term, is part of the landscape now.'
The widespread DDoS attacks in France this week differ in that they were reactive, not preliminary -- capitalizing on the killings at French satire magazine Charlie Hebdo after they happened. It would be interesting to find out if there was any spike in info-stealing malware preceding the events.
"When there is a real-world attack happening somewhere, then following on its heels we will see cyberattacks as a second wave," says Levy-Yurista. He suggests focusing not just on how and when attacks occur, but why. "What is the real impact on human life? ... What is the goal? The goal may not be to limit access in France ... I think the goal is to show prowess of the terrorists and instill terror literally in the hearts and minds of the people."