Cyber-activism and cyber-warfare will continue to be major topics in IT security this year.
The 3rd Security Blogger Summit, hosted by Panda Security in Madrid, focused on cyber-activism and cyber-war as well as on the new dangers posed to users and institutions on the Internet. The roundtable discussion highlighted the most recent examples of these emerging trends, international co-operation and the limits of these activities on the Web. The discussion also centered on the new trends for 2011 and the legal framework against this type of Web activity.
Opinions about cyber-activism and WikiLeaks proved relatively united, with most of the participants agreeing that it is an unstoppable phenomenon. “There is no way to stop a phenomenon like WikiLeaks”, said Enrique Dans, panel member. “In the future anybody will be able to disclose relevant information from a website, as contaminated as this might be.”
Bob McMillan, a San Francisco-based computer security journalist explained that, in his opinion, “WikiLeaks is as important as The New York Times. It’s has helped those who wanted to expose sensible information, and to think of changing the legislation in the wake of a denial of service attack like those in the operation ‘Avenge Assange’ is very difficult”.
Operation ‘Avenge Assange’ was initiated by the Anonymous group and Operation Payback, targeting firstly organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks.
Cyber-activism was discussed as a growing occurrence. Participants agreed that the technical evolution means people are able to replace meetings and gatherings with internet-based tools. In addition, the global situation that the technical evolution has created means that cyber-activism is possible on an international scale, with it becoming more and more unnecessary to gather large amounts of people in order to attract attention.
IT researcher Rubén Santamarta indicated that, “Cyber-activism was born from the global situation we live in. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns.”
Despite hasty attempts in many countries to pass legislation to counter this type of activity, effectively by criminalising it, Panda believes that in 2011 there will be yet more cyber-protests, organised by this group or others that will begin to emerge.
The Summit participants also discussed some of the most relevant examples of cyber-war, such as the alleged attacks targeting Iran’s nuclear plants using the Stuxnet Trojan, as well as Operation Aurora, concerning attacks on Google from China in order to steal secret corporate information.
Panel members Elinor Mills and Bob McMillan coincided in pointing out that the term ‘cyber-war’ was ‘too exaggerated’ for the actual events taking place. “We still do not know the real dimensions of cyber-war and it is easy to confuse it with espionage or even cyber-crime”, explained Mills. McMillan added that, “Even though Stuxnet has been used as a cyber-weapon, it does not mean that we are already knee deep in a cyber-war. If there really was a cyber-war, it would be on a global scale, as with the two Great Wars of the 20th century.”
However, others insisted on the idea that the cyber-war phenomenon is at its early stages and will probably become a reality in 10 years’ time. “We are talking about a war without an army. It is a fourth-generation war where it is possible to damage a country without having to invade it with soldier”, says Santamarta. “A country can have another one under control through the Internet even before they have declared war on each other.”
While the debate over cyber-war and its effects continue, Panda believes that these kinds of web attacks will increase in 2011, with many of them remaining unnoticed by the general public.