1. Stuck in the Middle
February 2009
Jason Healey
Cyber Conflict Studies Association
Cyberconflict.org
Yes I'm stuck in the middle with you,
And I'm wondering what it is I should do,
It's so hard to keep this smile from my face,
Losing control, yeah, I'm all over the place,
Clowns to the left of me, Jokers to the right,
Here I am, stuck in the middle with you.
From “Stuck in the Middle”
Stealers Wheel, 1972
2. Page 2
About Cyber Conflict Studies Association
Goal: begin a cross-discipline study of
implications of strategic conflict in cyberspace
• Symposium at Georgetown University last February: Can a cyber conflict be deterred? Lessons from
Estonia
• Previous symposia have been on law and cyber conflict, attribution of attacks, arms control, and
visualization of cyber conflict, and deterrence of cyber conflict
• Online “Journal of Cyber Conflict Studies”
• Membership from government, academia, industry. Includes James Mulvenon, Paul Kurtz, Greg
Rattray, Dorothy Denning, others
• Sponsored by Norwich University
3. Page 3
Agenda
• Why “Stuck in the Middle”
• How can it happen?
• How can you see it coming?
• What can you do?
• The Sleep Deprivers…
4. Page 4
Why “Stuck in the Middle” ?
• We are all defending our own corners of cyberspace
– But could be stuck in something larger
• Can be caught because of a protest
– World Economic Forum in 2002
• Or as part of a war
– No, of course it won’t happen
– But what will you do when it does?
5. Page 5
“Hactivists,” “Patriotic Hackers” and the Big Boys
• Relation of physical and cyber troubles
– Easier to cross borders with your protest in cyberspace
– Less likely to be caught
– Easy to organize
– Anonymity means increased chances of bad behavior
• Why did “Hacking = art”
• Who started “patriotic hacking”?
• Who is meanest?
• What nations are best at harnessing it?
• None of this is “cyberterror”
6. Page 6
You may be targeted because of
• Bum luck
– “Kosovo is Serbia” in 2000
– Caught in the middle: Manchester United,
Adidas, viagra.com, jamesbond.com
• The sector you are part of?
– Caught in the middle: Finance, firebombings
and beagles
Secondary and tertiary targeting
Are they just random hackers, or are they organized?
Is another company behind it?
Is another nation behind it?
7. Page 7
Secondary and Tertiary Targeting
• "If you support or raise funds for any company
connected with Huntingdon Life Sciences we will track
you down, come for you and destroy your property with
fire.“
– Animal Liberation Front (source: wikipedia, accessed 7 November 2008)
• The physical dimension
– Yacht club
– Protests at insurers, shareholders, market makers
– Executives targeted, attacked, property firebombed
• The cyber dimension:
– Email and DoS campaigns
– Skip’s neighbors
8. Page 8
You may be targeted because of
• A group you are associated with?
– Caught in the middle? AIPAC
• Choices of your company?
– Caught in the middle? Carrefour
Are they just random hackers, or are they organized?
Is another company behind it?
Is another nation behind it?
9. Page 9
You may be targeted because of
"KFC's license is from America, an important Israeli ally. In consuming US products, it means
that we give financial contributions to Israel's military strikes on the Palestinian people"
Indonesian protest coordinator, January 2009
(Source: Hill and Associates from AFP, CAN, Viva News)
• Perceived actions of your country?
– Serbia, EP-3.
Caught in the middle? The poorly protected…
– Japan in 2001: history books from South Korea, visit
to Yasukuni
Caught in the middle? The poorly protected…
– Who moved my statue?
Caught in the middle? The whole online country
Are they just random hackers, or are they organized?
Is another company behind it?
Is another nation behind it?
10. Page 10
You may be targeted because of
• A real, no-kidding war
– How could this happen here?
– Unless you can make hard, unpalatable
choices you may be in the middle
Are they just random hackers, or are they organized?
Is another company behind it?
Is another nation behind it?
11. Page 11
This region is hactivist central
• Long history of patriotic hacking in Asia
– India Pakistan
– China Taiwan
– China Japan
– South Korea Japan
– China United States
– China Olympic, Tibet protesters
• The “China Ceiling”
12. Page 12
How to see it coming
• Rule #1: Cyber follows, never precedes the
physical
• Rarely ever broken (so far)
• You should find traces of this online with a good
search process
13. Page 13
How to see it coming
• Are you involved in an area likely to draw activists:
– Israel/Palestine
– China/Tibet and China/Taiwan
– Russia/Baltics, Russia/Georgia
– Serbia
– Olympics
– Environmental
– Finance and globalization
• Play “what if” on your CSR and business decisions
• Develop your indicators
14. Page 14
How to see it coming
• Your indicators, rate them 1 to 5
• As these get checked off, consider yourself warned.
Attacks are getting closer:
• Are activists mentioning our company or related
topics?
• Are there physical protests affecting our sector
or related businesses?
Increasing
specificity and
• For example, other companies in the same
likelihood of line, other globalizing firms, or other Olympic
you’re being
attacked sponsors
• Are there cyber protest attacks related to our
business?
• Are there cyber protest attacks against our
sector?
• Are there physical protests against our
company?
• Are we being specifically mentioned for cyber
15. Page 15
What to do if you’re targeted?
• What to do if you’re a target depends on which category
you fall in to
– Bum-luck attacks are best for you as neither sophisticated nor
persistent
– Sector attacks will keep coming back
But will hit your competitors too, ha ha
– Company-specific attacks may be short, but very intense
In rare cases (n=1?) they will be with you forever
Country-specific may also be short, but has the worst
consequences
Are your standard defenses good enough?
– WEF attacks of 2002
16. Page 16
The Sleep Deprivers
• The old big things:
– Olympics
– Taiwan
• The new big things:
– Russia?
– Collapsing Economies
– Food?