News about computer incidents, cyberattacks and hackers appear every day in the media, but which were the first? How did it all start? We are going to review when cyberattacks began, how they have evolved and clarify the terms used.
Violence is a complex concept and is associated with the idea of physical strength and power. It is a concept as old as language itself and it is not surprising that it has also entered cyberspace. Violence has entered the Internet the moment we were aware of the risks we run while using the network and we begin to handle terms such as cyberattacks, cyberdefense or cyberwar.
When did cyberattacks start?
The first cyberattacks occurred at the end of the last century. They were distributed denial-of-service attacks (DDoS) carried out by the Strano network, an Italian group that protested in 1995 against the French government’s nuclear policy. These attacks were complex manual processes that required constant attention and it could not last long because the connection to the network was expensive.
At the end of the 1990s, the Electronic Disturbance Theater (EDT) group gained media attention through DDoS attacks. On that occasion, the attacks were presented as a form of «virtual protest», they used tools developed by themselves for this purpose, which allowed anyone to use them to join this protest. The tool used was called FloodNet and directed the traffic of users towards a target predetermined by the EDT: Mexican politicians and the White House in Washington websites.
Later, the group of hackers Anonymous went a step further in this form of activism and popularized the use of «volunteer botnets«. In this case the tool used was the Low Orbit Ion Cannon (LOIC), in which participants connected their computers to a network and made their computing and network resources available to the attack.
Cyberviolence for political purposes
Following Wikileaks‘ leakage of images of the July 12, 2007 massacre in Baghdad by two US Army Apache helicopters, Paypal closed the accounts for donations in favor of Wikileaks in order to drown it economically. As a result of this action, WikiLeaks sympathizers launched DDoS attacks against e-commerce sites.
During the judicial process to the 14 of Paypal, in December of 2010, the main argument of the defense was the one of the freedom of expression. The idea was: a DDoS attack could be seen as a form of protest and, in that case, should be recognized as a political discourse that should be protected in the same way as free speech is.
However, what was applied in that case was the Computer Fraud and Abuse Act approved by the US Congress in 1986 as an amendment to the Electronic Fraud Act contained in the Comprehensive Crime Control Act of 1984. In the end, ten of the defendants pleaded guilty to damaging a protected computer and the crime of conspiracy, three others pleaded guilty to a misdemeanor and all of them were punished by a fine.
In this example, both attackers to PayPal and PayPal itself used what many now consider cyberviolence for political purposes.
Cyberterrorism or cyberwar?
The situation with respect to the terms used begins to get complicated when others are introduced: as cyberterrorism. By its connotations, this term spreads quickly in the mass media. Its defenders define it as:
The use of means and communication technologies and computer science with the purpose of generating fear or terror in the population, in the ruling class or in the government, thereby causing a violation of the free will of the people.
It includes intentional acts of disruption of telematic networks and personal computers connected to the Internet, using tools such as viruses and malware in general.
The international company of security IT, Kaspersky Lab, released, together with the Laboratory of Cryptography of the University of Budapest, the existence of the virus Flame. Eugene Kaspersky, one of the experts and world leaders in the computer security industry and CEO of the company said that it is a virus so sophisticated that it represents a new level of cyber threat, one that could be “the beginning of the end of the [interconnected] world as we know it. I have nightmares about it.”
For Kaspesky, the term cyberwar would make sense if those that fight on the internet were known enemies and had similar forces. In the case of Flame and other cyber-weapons, this term would not be applicable since «With today’s attacks, you are clueless about who did it or when they will strike again. It’s not cyberwar, but cyberterrorism.”
That is to say, when we speak of attacks on the Internet, the author can not be identified in a certain way. Therefore, it is not possible to identify a person or people to whom to legitimately sanction and any reaction against them, even those of self-defense, could be unjustified attacks to other entities that have nothing to do in the subject and that could lead to a chain reactions even more difficult to control.
This is a key premise, no matter how many people want to respond to these attacks with violence, as it is impossible to find the author, these reactions would only end up damaging all Internet users with unpredictable economic and social consequences. So the answer is not the attack, we have no choice but to look for other ways to protect ourselves…