• ORNA

All Out War on the Cyber Frontier: A Hacker’s Thoughts

Over a decade ago, I operated a subcompartment hacking unit auxiliary to my usual group, known as the Electronik Tribulation Army. Our target? #OpNorthKorea. This was in response to the threats of war against the United States by North Korea in June 2009.


The US Navy was in pursuit of a North Korean cargo ship they suspected was carrying weapons in violation of UN sanctions, which involved nuclear material. In my mind, Kim Jong-il had threatened to kill Americans.


I put the Korean People’s Army Strategic Rocket Force on notice. I painted a target on their Ballistic Missile Guidance Bureau and started working towards finding a way in to steal sensitive weapons data.


It was going to be tricky because there was no telling if I was going to find a system that was not facing the public web. North Korea has a very small net block, since the country was largely on a local intranet, with only four IP ranges on the CIDR block.


However, if citizens wanted to access the internet, they’d have to receive authorization to use it. That meant that most computers with public-facing IP addresses were government-owned.


Sounds cool, right? But you have to ask yourself, "What’s a far right-wing conservative nationalist and three anarchists got to do with gaining access to critically sensitive military secrets?" They were just following my orders.


My goal was to steal the data and deliver it to the US Navy. But most hackers aren’t me. Most love to publicly leak data and make it available to everyone. Over a decade after #OpNorthKorea, I’m older now, and this scares me. Not the getting older part. The data leaks.


OpRussia Is Like Shrapnel Spread in All Directions


Since the onset of the Russian invasion of Ukraine on Thursday, Feb. 24, support from hackers across the planet has been mixed at best, with what appears the majority siding with the Ukrainian people.


Hackers that previously stated that they support no government have turned a new political leaf, and ostensibly those wielding the most influence have led the charge to attack Russian targets while the world watches.


I have always maintained that hackers are the last line of defense when all else has failed. Consequently, due to the distress of the times, people on both sides of the war are looking to hackers for support, because of the fear of having no voice, coupled with the terror of losing their lives.


But while war wages and people on both sides, both soldiers and citizens, have lost their lives, are the cyberattacks really in support of the victims of the war, or is it just a smokescreen for black hats and script kiddies to be perceived in a righteous light and under the banner of “hacktivism?”


This, too, is being discussed in various pockets of social media and chats, both seen and unseen.


The Israeli cybersecurity company, Check Point Research, has found that this current cyber Armageddon isn't what it appears to be at first glance. They said:


"It seems that many of the hacktivist groups are more focused on building self-reputation and receiving credit for supporting Ukraine or Russia than to cause real damage to the countries."

But what happens when a hacker does more than deface a slew of web pages or merely dumps username and password tables? One of the staples of Anonymous is public disclosure of their activities and the accounts they compromise.


In this same vein, what would happen if a hacker or a group managed to compromise missile defense systems, or uncover top-secret nuclear research? Will it be leaked and therefore accessible to just anyone?


Traditional Cyber Warfare


Traditionally, threat actors engaged in cyberwarfare and cyberespionage are unknown actors. We don’t hear from them, only bits and pieces about them, usually in the form of fragments that have been pieced together by cybersecurity groups, as they attempt to piece together what can be thought of as a proverbial jigsaw puzzle of digital fingerprints and data analysis.


They are often nation-state operatives working on behalf of one government against another. They thrive because they officially only exist in the actions they take, and what little digital “breadcrumbs” left behind, if any.


Likewise, they strike devastating blows. Then dissolve back into obscurity, wherever they are coming from. For this reason, they are designated as Advanced Persistent Threats (APT).


They are powerful and effective, coupled with advanced skills and knowledge. In contrast to what we see in the clearnet, the attacks that have largely been publicized recently are not necessarily threatening or helpful for or against the war effort.


Mainstream Cyberwarfare


According to a tweet posted that same day, the hacking group Anonymous boldly declared a “cyberwar” against Russia, saying, “The Anonymous collective is officially in cyberwar against the Russian government." — Anonymous (@YourAnonOne).


By making this statement, they set the bar high. However, what followed was a barrage of Distributed Denial of Service (DDoS) attacks and a broad scope of website defacements against public-facing Russian websites that do not especially impact the progress of the war, or the victims involved.


Basically, anything within Russia’s IP net block is considered fair game. Additionally, very few targets have been actual Russian troops, military infrastructure, or government. This means that a lot of Russian civilians are bearing the brunt of this so-called “cyberwar,” as if there is no distinction between the actions of President Putin and the Russian people. It’s a free for all.


To date, no crippling military or industrial secrets have been revealed, no military equipment rendered inoperable or critical infrastructure compromised, nor radio frequencies jammed. In other words, this is just another day for hackers, but with a lot more people involved.


But imagine what would happen if hackers actually attacked critical infrastructure? Depending on what that infrastructure is used for, if it has nothing to do with the war, attacking it could arguably amount to an act of cyberterrorism.


On Friday evening, the hacking group Anonymous allegedly broke into a website belonging to the Russian Ministry of Defense and dumped the database tables which held the phone numbers, email addresses, and uncracked hashed passwords belonging to officials.


The group tweeted, “Hacktivist group #Anonymous has successfully breached and leaked the database of the Russian Ministry of Defence website | mil[.]ru |."


They made the information public, with the following tweet, "Hackers all around the world: target Russia in the name of #Anonymous let them know we do not forgive, we do not forget. Anonymous owns fascists, always."


Mind you, these websites are not hosted on the actual local networks of the Russian government. Ostensibly, the skills of the Anonymous collective have presumably reached their peak, while the media really exaggerates the attacks.


But while Anonymous supposedly hacked into Russian state-run television channels on Feb. 26, and interrupted normal broadcasting, no significant action was taking place to calm the war effort or to help mitigate or thwart the Russian invasion.


Provocateurs Arise


It could be said that the aspirations of some don’t aim very high and have settled on creating lulz, at the expense of everything with a Russian domain. However, a group calling themselves APT 5201 seemed to operate as a provocateur in the Belarusian Cyber Partisans Telegram channel, suggesting to their viewers to steal sensitive information pertaining to Russia’s Zircon hypersonic missile, saying:


“If someone managed to steal the plans of Russia’s hypersonic missile […] you could force their hand to cease advancing. That would literally force Putin to stop in his tracks and force him to cease and desist.”

This is the next level of hacktivism. But if any of the clichés are true, do we really want the fate of top-secret research in the hands of some kids and young adults who have no training in handling sensitive information of this nature?


If everyone is to bear their own moral compass, let me remind you, that some people’s moral compass behaves chaotically. While accessing top-secret research could theoretically have the power to leverage the war in some regard, leaking it would place the world in jeopardy.


What Is Considered Off-Limits?


As it relates to this war, and the ensuing cyberwar being facilitated by so many groups around the world, I believe it is paramount for hackers to independently teach and implement some semblance of rules to charter among their peers, in order to prevent creating unnecessary victims during their plight.


The following basic suggestions should be considered non-targets, in order to maintain the integrity of the hacker’s mission:


  1. Schools

  2. Healthcare

  3. Scientific Institutions

  4. Critical Infrastructure

  5. Private Business

  6. All non-enemy combatants


As #OpRussia continues to unfold, the hacks will surely continue. But remember, just because the domain ends in .ru doesn’t mean that a person, group, business, or institution has a stake in the war.


As hacktivists, we can not categorize an entire country as the enemy. But we can respond intelligently to the actions of the guilty aggressors. Therein, lies the difference between friend and foe.


An article by

Jesse McGraw


Edited by

Ana Alexandre

77 views
Screen Shot 2022-06-13 at 4.57.16 PM.png

Detect, respond, prevent and SOAR with ORNA

Subscribe

Weekly cyber insights

Thanks for submitting!