We live in increasingly turbulent times (or, perhaps, just an era where such things are more widely reported thanks to the internet) with many a conflict beginning, or threatening to start, in the Middle East and other volatile parts of the world.
Some days it seems like you cannot watch the news without seeing some form of reporting on fresh troubles. Increasingly, they involve a ‘cyber’ element in some way, be that ‘cyber war’ or the hacking of web sites perceived to be under the control of the enemy.
Cyber war is something of a misnomer of course. As the esteemed Stephen Bonner has pointed out at a couple of conferences I have attended recently the phrase is totally incongruent with reality – no-one has died due to a cyber attack and to compare some computer hacking to Pearl Harbour, for instance, is somewhat insulting to those who lost their lives in that tragedy.
Thats not to say say the phrase doesn’t get used though. Just today Bonner’s fellow InfoSec Rockstar Javvad Malik was involved in a conversation about ‘cyber war-wongers’:
So what is cyber war then?
Whilst we hear all the doom and gloom about how the next world war will be blasted out on a computer screen in some sort of pseudo-Space Invaderesque ‘sim’ the truth at the moment is that there isn’t a huge amount to it.
Computer attacks, at least the ones that get reported, are mostly about the defacement of web properties with the Syrian Electronic Army (SEA) being somewhat productive in that area of late.
Recently they have attacked a number of media web properties, such as the New York Times, whom they perceive as spreading untruths about what is really going on in Syria. They also targeted Twitter following the suspension of their account there. Whilst this may be ‘cyber’ it is hardly warfare in my opinion.
On the other hand, one aspect that is almost guaranteed to be closely linked with the onset of conflict is the topic of propaganda and the SEA are now increasingly turning their hand to that:
As you can see from the image above the Syrian Electronic Army changed tack somewhat this morning by targeting the official site of the US marines who may be called into action should the US enter into the Syrian civil war. The image they posted showed pictures that appear to represent US servicemen holding messages of protest, though it is interesting to note that none of their faces were visible.
The defaced web page, now down at the time of writing, also carried the following text from the SEA:
“This is a message written by your brothers in the Syrian Army, who have been fighting al-Qaida for the last 3 years.
We understand your patriotism and love for your country so please understand our love for ours.
Obama is a traitor who wants to put your lives in danger to rescue al- Qaida insurgents.
Marines, please take a look at what your comrades think about Obama’s alliance with al-Qaida against Syria.
Your officer in charge probably has no qualms about sending you to die against soldiers just like you,
fighting a vile common enemy. The Syrian army should be your ally not your enemy.
Refuse your orders and concentrate on the real reason every soldier joins their military, to defend their homeland.
You’re more than welcome to fight alongside our army rather than against it.
Your brothers, the Syrian army soldiers. A message delivered by the SEA”
Do you think messages like this to armed forces personnel, along with images that may be faked, constitute cyber warfare?
I don’t, not by a long shot, but they do highlight how an attacker can cause damage to even high profile web properties with relative ease if they have the required motivation to do so.
With that in mind, have you ensured that your own web site is as secure as it possibly can be? And does your business have a plan in place to mitigate the fallout should the worst ever happen?