To Join or not to Join a Cyberwar – Hacking Back and Hack Attacks
The Russian invasion of Ukraine has put the digital sidelines into the spotlight. The world of cyber is part of conflicts, politics, and military operations. This has become very clear if you look for preparations of the current military actions in Ukraine. Information warfare most likely predates the tanks and missiles by year or even decades. This is not the focus of this article. There have been calls to attack networked targets in order to help. Is this a good idea? Let’s see.
Information warfare is one aspect of the digital domain. Then there are sabotage, disrupting networks, exploiting vulnerabilities, getting access to data, and many more aspects. Joining either side of a conflict is usually a bad idea. Everything starts with the targets. Who runs a system you have decided to attack? It’s hard to figure out without extensive research. Maybe it’s a decoy. It can be a system run as a service by someone for someone else. Or it is the right target. Networked applications can be connected to a lot of endpoints. Using proxies is the first thing attackers do. Defenders do the same. This is one reason why attributing an attack is hard.
Second, which infrastructure do you want to go after? The military rarely does any online shopping. If you go after civilian infrastructure such as businesses, then you will make life for civilians harder. Unless you exactly know what the consequences are, then your offensive actions are questionable at best.
Then there is the wonderful world of false flag operations and honeypots. If you join a cyber call of arms, then the initiators and the targets had better be right. Information warfare also means that people get tricked into doing things they do not fully understand. Doing crowdsourcing right means that you get a lot of unpaid actors doing your work. This can be true for either side. Disinformation is real.
Information security relies on security research and a constant fight against bugs. Eliminating weaknesses is a key task of defenders. Digital warfare relies to some extent on unknown vulnerabilities (i.e. 0 days). Keeping this information from the public or from the defenders has nothing to do with information security. The contrary is true, because keeping these holes open means trouble. Therefore, DeepSec is such a big fan of disclosure (of all kinds).
A better way to use your talents is to spot and unmask disinformation. Getting the facts straight is the first task of getting a clear picture. The Internet has enabled many people to read more lies efficiently. So instead of being a hired gun, maybe it’s not a bad idea to be the Internet janitor.