6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Rain Ottis<br />
lists thousands of examples of such activity, as reported by the attackers. Many of the attacks are<br />
clearly politically motivated and identify the Cell that is responsible.<br />
Some members of the Cell may be involved with cyber crime. For example, the development,<br />
dissemination, maintenance and use of botnets for criminal purposes. These resources can be used<br />
for politically motivated cyber attacks on behalf of the Cell.<br />
3.2 Strengths<br />
A benefit of the Cell model is that it can mobilize very quickly, as the actors presumably already have<br />
each other’s contact information. In principle, the Cell can mobilize within minutes, although it likely<br />
takes hours or days to complete the process.<br />
A Cell is quite resistant to infiltration, because the members can be expected to establish their hacker<br />
credentials before being allowed to join. This process may include proof of illegal attacks.<br />
Since the membership can be expected to be experienced in cyber attack techniques, the Cell can be<br />
quite effective against unhardened targets. However, hardened targets may or may not be within the<br />
reach of the Cell, depending on their specialty and experience. Prior hacking experience also allows<br />
them to cover their tracks better, should they wish to do so.<br />
3.3 Weaknesses<br />
While a Cell model is more resistant to countermeasures than the Forum model, it does offer potential<br />
weaknesses to exploit. The first opportunity for exploitation is the hacker’s ego. Many of the more<br />
visible attacks, including defacements, leave behind the alias or affiliation of the attacker, in order to<br />
claim the bragging rights. (Carr 2009) This seems to indicate that they are quite confident in their skills<br />
and proud of their achievements. As such, they are potentially vulnerable to personal attacks, such as<br />
taunting or ridiculing in public. Stripping the anonymity of the Cell may also work, as at least some<br />
members could lose their job and face law enforcement action in their jurisdiction. (Carr 2009) As<br />
described by Ottis (2010b), it is probably not necessary to actually identify all the members of the Cell.<br />
Even if the identity of a few of them is revealed or if the corresponding perception can be created<br />
among the membership, the trust relationship will be broken and the effectiveness of the group will<br />
decrease.<br />
Prior hacking experience also provides a potential weakness. It is more likely that the law<br />
enforcement know the identity of a hacker, especially if he or she continues to use the same affiliation<br />
or hacker alias. While there may not be enough evidence or damage or legal base for law<br />
enforcement action in response to their criminal attacks, the politically motivated attacks may provide<br />
a different set of rules for the local law enforcement.<br />
The last problem with the Cell model is scalability. There are only so many skilled hackers who are<br />
willing to participate in a politically motivated cyber attack. While this number may still overwhelm a<br />
small target, it is unlikely to have a strong effect on a large state.<br />
4. The hierarchy<br />
The third option for organizing a volunteer force is to adopt a traditional hierarchical structure. This<br />
approach is more suitable for government sponsored groups or other cohesive groups that can agree<br />
to a clear chain of command. For example, the People’s Liberation Army of China is known to include<br />
militia type units in their IW battalions. (Krekel 2009) The model can be divided into two generic submodels:<br />
anonymous and identified membership.<br />
4.1 Attributes<br />
The Hierarchy model is similar in concept to military units, where a unit commander exercises power<br />
over a limited number of sub-units. The number of command levels depends on the overall size of the<br />
organization.<br />
Each sub-unit can specialize on some specific task or role. For example, the list of sub-unit roles can<br />
include reconnaissance, infiltration/breaching, exploitation, malware/exploit development and training.<br />
Depending on the need, there can be multiple sub-units with the same role. Consider the analogy of<br />
310