Sunday, September 30, 2012

Cyberthreats and Actor Opacity

Over the past week, a series of denial of service (DOS) attacks hit six major American banks.  While DOS attacks do not affect the integrity of secure systems, DOS attacks provide a greater threat than a minor nuisance; such attacks demonstrate the proliferation of methods available to non-state-actors (and occasionally state-backed actors) to wage asymmetric attacks on unconventional targets.

A denial of service attack relies on overwhelming a website’s ability to process requests for access. A successful attack effectively causes the website in question to become unavailable to further requests. While such attacks have long been the trademark of loose organizations such as Anonymous, responsibility for the attacks has been claimed by a relatively new group called the Izz ad-Din al Qassam Cyber Fighters, ostensibly in response to the viral video trailer, “The Innocence of Muslims” which caused a surge of protest and violence in the Middle East in early September.

There is currently dispute as to whether the attacks were independently organized by the Cyber Fighters, or whether the attacks were organized with state backing. Because the attacks require either massive computational power or the coordination and collaboration of many users, the Cyber Fighters attack would seem to require the former, due to the unprecedented size of the attack. Indeed there has been considerable suspicion that the group may not even be involved at all in the attacks. Rather, Senator Joe Lieberman announced Wednesday in a C-SPAN interview that the attacks were sponsored in some form by Iran as retaliation for the increasing pressure of economic sanctions.

What is perhaps most interesting in this latest round of attacks is its asymmetric nature. Regardless if organized independently by a group motivated by an anti-Islamic video, or by a state in retaliation for economic sanctions, the group responsible is difficult to trace, which challenges the ability of the United States to counter such attacks.  As the United States attempts to boost its cyberwarfare capabilities both defensive and offensive, the plausible deniability afforded by DOS attacks will present an on-going challenge in an emerging battlefield in which there are many actors and motivations.

No comments: