Cyber Guerilla

Cyber Guerilla

Jelle van Haaster

Rickey Gevers

Martijn Sprengers

Table of Contents

Cover

Title page

Copyright

About the Authors

Foreword

Preface

Introduction

Chapter 1: General principles of cyber guerilla

Abstract

Introduction

The essence of cyber guerilla

Cyber guerilla strategy

Cyber guerilla tactics

Cyber warfare on favorable terrain (When to wage guerilla)

Cyber warfare on unfavorable terrain

Conclusions

Chapter 2: The hacker group

Abstract

Introduction

The hacker as social reformer

The hacker as combatant

The hacker group

Conclusions

Chapter 3: Organization of #operations

Abstract

Introduction

Intelligence

Operations

Considerations during operations

Tools and techniques

Effects

Media strategy

Postoperation posturing

Chapter 4: Appendices

Abstract

Introduction

Illustrative hacker groups (Rickey Gevers)

Future of hacker groups

Index

Copyright

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright © 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-805197-9

For information on all Syngress publications visit our website at https://www.elsevier.com/

Publisher: Todd Green

Acquisition Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Priya Kumaraguruparan

Designer: Mark Rogers

Typeset by Thomson Digital

About the Authors

Jelle van Haaster, LL.M. University Utrecht, BA War Studies, Faculty of Military Sciences, is an award-winning writer, software programmer/developer, and speaker. He is an officer in the Royal Netherlands Army and has a diverse background in legal, military, and technical defense matters. Jelle recently developed an award-winning software app for effectively utilizing social media during military operations, and he is the author of multiple scholarly IT-Law, IT, and military-operational publications. He is currently completing his multidisciplinary PhD thesis on the future utility of military Cyber Operations during conflicts at the Netherlands Defense Academy and University of Amsterdam.

Rickey Gevers is currently Chief Intelligence Officer at the security firm Redsocks. He has been responsible for numerous revelations regarding high-profile security incidents both national and international. He was, amongst others, the first person to discover key logger used by Dutch law enforcement agencies and uncovered several criminal gangs and their operations. As an expert in technical matters he has been frequently consulted or hired as lead investigator, including in some of the largest security incidents the world has ever seen. Rickey appears frequently in Dutch media and has hosted his own TV show called Hackers.

Martijn Sprengers is an IT security advisor and professional penetration tester who is specialised in conducting covert cyber operations, also called red teaming. He performs digital threat actor simulation by using real world tactics and techniques to infiltrate complex IT environments for his clients. With his vast knowledge of offensive security he helps international organisations to strengthen their preventive security measures, increase their detection capabilities and prepare themselves for real attacks. He holds an MSc in computer security, performed research on password encryption techniques and has written multiple articles in the field of IT security, cybercrime, and cryptography.

Foreword

In the days of yore, an occupying force only had to worry about other occupying forces, thus focusing their efforts on defensive posture. As internal conflicts loomed, and guerilla forces began to strike in unilateral and seemingly decentralized movement, occupiers realized their greatest weakness––that their enemy was within.

During Guerre d’Algérie (1954–62), French forces found themselves stumped by the effectiveness of the initial wave of guerilla style warfare across Algeria. Although outnumbering their counterparts, Front de Libération Nationale (FLN), The French found themselves in a conundrum: give up its occupied territory or eliminate the threat. They chose the latter and won the battle, but lost the war by means of popular opinion. Whether by design or coincidence, French forces were seen as aggressive and abusive in their response, and FLN reached the goal they had set from the beginning: Libération.

With the conceptualization and implementation of the Internet came a new era of warfare. Being able to communicate with people around the world at will changes the defense scope and methodology. While the French forces had to deal with and understand an enemy which was confined within a border, security forces now have to deal with and understand an enemy that claims none. The Arab Spring started on the streets of Sidi Bouzid, Tunisia, but spread like wildfire across social media. The power of the people, and its information propagation, toppled governments and hierarchies.

Attribution becomes nearly impossible as attackers adapt with every failed mission, evolving their tactics and combining their experiences as groups meet and merge. It only takes a team of 4–10 to cripple an infrastructure if members are designated roles, where each member can independently focus on their strong points and research is combined. From information gathering and reconnaissance, to exploit development and social engineering, they continue to expand on attack methodologies while defensive forces struggle to keep up.

Alas, the era of the cyber guerillas.

Hold out baits to entice the enemy. Feign disorder, and crush him.—Sun Tzu

Hector Monsegur (Sabu)

Preface

Conflict used to be about borders. A long time ago, we would defend ourselves by living in cities surrounded by walls. Those walls kept enemies away. Over time, the walls around cities become higher, longer, and wider. The longer and wider these walls, the more invisible they became, marking areas of wealth, prosperity, power, and belief systems. Eventually, those walls became borders. And, for hundreds of years, conflict was about borders. Conflicts were about conquering land or converting people from their belief system to another belief system.

Conflict and war have always been fueled by technology. Technology like gunpowder, steel blades, and fighter jets. The staggering possibilities of technology always seem to shine at their strongest during periods of war. War has been a real driver of technology. And technology has driven war.

One of the side effects of the Cold War was that the Internet was created. The US military created it as a way to uphold a chain of command during nuclear war. The Internet was created as a military infrastructure. By developing the Internet, mankind opened up a whole new way of waging war on one another. And, the Internet has no geography. It has no borders. By creating the Internet, mankind opened up a Pandora’s box where tangible borders and recognizable enemies ceased to exist.

In addition, war used to be symmetric: armies would fight other armies. Technology of war has moved on. We no longer know, nor can clearly describe, who the enemy is, what they want to achieve, or what their motives are. We go into battle using technologies we do not fully understand, against enemies that remain in the shadows, and into wars that we will never know whether or not they are over. Who is the enemy? Hackers? Anonymous? The Russian Mafia? North Korea? Islamic State?

Cyber guerilla distills the conviction that smaller forces can rival larger forces in influence in our networked society. And, cyber guerilla is a perfect example of what asymmetric conflict looks like today.

Mikko Hypponen

Chief Research Officer, F-Secure Helsinki, Finland

Jan. 8, 2016

Introduction

Jelle van Haaster

Have you ever realized that the rise of information technology has enabled the individual more than any other entity? Most would probably answer no or I do not know, which is only logical considering the current impetus emphasizing the dangers of networking and information technologies. States have seized the information technology domain as a new way of monitoring and controlling citizens––all for the sake of peace and security.

A domain aimed at the free, unhindered flow of data is quickly becoming the proving ground for States. The Internet has been dubbed a new warfighting domain, a battlespace that is proving to be the host of most 21st century conflict. Conflicts that will revolve around influencing others through information, about creating, collecting, controlling, denying, disrupting, or destroying that information.

A cyber prefix flood has securitized every aspect of information technology, white papers have earmarked cyber systems, cyber citizens, cyber threats, and many more as part of the cyber environment. William Gibson’s pristine cyberspace––coined in his 1984 book Neuromancer––has become militarized, spawning a new breed of military action dichotomized as cyber war, cyber attacks, and cyber operations. As the whole domain is claimed by States, one would indeed almost forget that it is the individual who is most powerful.

But, what role can a mere individual play on the stage set by States? Most publications focus on means and methods available to States, how States should organize their cyber forces, govern their cyber infrastructure, conduct cyber operations, etc. As States are the focal point of those publications, one could step into the pitfall of overlooking the vast amount of options open to an individual. An individual on its own or in unison with like-minded individuals can influence equally or even more effectively than a State.

Feeding the construct that the individual is the least powerful actor in cyberspace is the practice of information security professionals. They characterize actors using arbitrary parameters as advanced persistent threat, organized crime, insider threat, hacktivist, and script kiddies/noobs. These types of actors have varying skill sets, training, and experience, and potential impact. By doing so, information security professionals disqualify the place of a noninformation security individual or less knowledgeable practitioners on a stage set by States. They tend to equate potential influence to information security training and knowledge. This is, however, nonsensical––the capacities at an individual’s disposal are unparalleled compared to the means at the disposal of information security professionals a decade ago. The noninformation security individuals have a vast array of capacities at their disposal; these are just a click away. Individuals only have to tap into these vast resources to claim their rightful place on the stage.

There are many technical manuals and how-tos showing individuals how to use specific cyber and information technology capabilities. This is in sharp contrast with the few publications aimed at illustrating how to generally and effectively utilize cyberspace with these capabilities; in other words: Focus on the bigger picture. Tools and capacities alone are not enough to become influential in cyberspace––first, organization, strategy, tactics, and shared convictions are required. This book is one of the rare publications also aimed at these elements. It will, among others, touch upon tools, tactics, and procedures but it will also look at the bigger picture. This book is about showing that the individual can match the power of States, (large) corporations, and any other actors. Its purpose is to provide a counterweight to the current push toward emphasizing the power of States and large actors over individuals. At the same time, this book, Cyber Guerilla, will function as a warning to these actors believing that they reign supreme in cyberspace and on the Internet.

This book will provide a comprehensive description of cyber guerilla; it will cover this subject doctrinally, organizationally, and technically. Chapter 1 will describe the theoretical and ideological foundations of cyber guerilla. As such, it will serve as a doctrinal prelude to Chapters 2 and 3. Chapter 2 will focus on the cornerstone of cyber guerilla: the hacker group and its members. As cyber guerilla requires a versatile, intelligent, and very specific type of individual to fight on the digital forefront, this chapter will discuss the organizational aspects of the hacker group but also other aspects such as mind- and skill-set. After having described the conceptual and organizational foundations, Chapter 3 will focus on the tactics, tools, and procedures with which cyber guerilla is fought. Lastly, this book will look at illustrative State and non-State hacker groups and draw lessons from their activities in Chapter 4. The last part of Chapter 4 will consider the consequences of future developments on cyber guerilla, hacker groups and their tactics, tools, and procedures.

Chapter 1

General principles of cyber guerilla

J. van Haaster

Abstract

This chapter covers the conceptual foundations of cyber guerilla. The essence of cyber guerilla is defined as an amorphous concept epitomizing the violent or nonviolent struggle against a larger State or non-State actor. Hacker groups play a prominent role in combating these types of actors. To be able to take on a larger actor, the hacker group requires (end-)goals and a strategy for achieving these goals. For an adequate strategy, it is essential for the hacker group to be aware of the societal context, the state of the hacker group and the opponent. Having created and stated (end-)goals and a strategy, the hacker group can engage in conducting activities or operations. Cyber guerilla tactics are characterized by the following principles: asymmetry, mobility, and stealth.

Keywords

cyber guerilla

essence of cyber guerilla

tactics

strategy

favorable terrain

unfavorable terrain

Chapter outline

Introduction

The essence of cyber guerilla

Cyber guerilla strategy

Cyber guerilla tactics

Cyber warfare on favorable terrain (When to wage guerilla)

Cyber warfare on unfavorable terrain

Conclusions

Introduction

This chapter will describe the theoretical and ideological foundations of cyber guerilla. As such, it will serve as a doctrinal prelude to the organizational Chapter 2 and the technical Chapter 3. Part 1 of this chapter will describe the essence of cyber guerilla and how it differs from conventional guerilla. After describing the essence of cyber guerilla, Part 2 will show concrete footholds for formulating a clear (end-)goal and strategy for the hacker group. When the hacker group has clear goals and a coherent strategy, it can start conducting activities to achieve the goals. Although cyber guerilla shares similarities with conventional guerilla on a conceptual level, the tactics differ considerably. Part 3 will highlight the fundamental characteristics of cyber guerilla tactics: asymmetry, mobility, and stealth. As with any strategy, operation, or tactic, it should be tailored to the situation at hand. As Che Guevara made clear, a situation can favor the guerilla or the opponent. This is the same during cyber guerilla; there are favorable and unfavorable circumstances. Part 4 will describe circumstances favoring cyber guerillas and Part 5 will expand on unfavorable circumstances.

The essence of cyber guerilla

What is cyber guerilla but another phrase feeding the cyber prefix flood? The simple answer: cyber guerilla is but an idea. Cyber guerilla is a conviction that smaller forces can rival larger forces in our networked society. Whereas Guerilla Warfare is a specific way