(Image Credit: iStockPhoto/Frank Peters)
Earlier this week the UK government warned that ISIS militants were developing the capability to mount cyberattacks against Britain’s critical infrastructure. Today, the country is experiencing a significant surge of DDoS (Distributed Denial of Service) attacks targeting the United Kingdom.
At the time of writing, the Digital Attack Map shows an unprecedented volume of attack traffic directed at the UK. Many of these DDoS campaigns rely on fragmentation techniques, sending large numbers of TCP or UDP fragments to a target. That flood overwhelms the victim’s ability to reassemble streams, severely degrading performance or taking services offline.
The spike in cyber activity follows a week of violent incidents and international responses, including bombing strikes on key IS positions in Syria and extensive raids on facilities suspected of harboring militants in France and Belgium.
It remains unclear which systems or organizations the attack traffic is intended to disrupt, and whether the traffic originates from ISIS supporters or other actors. Online activist collective Anonymous has been targeted after announcing #OpParis, an operation intended to disrupt social network accounts used for propaganda and recruitment. An IRC channel linked to Anonymous temporarily disabled external connections from third-party clients amid the heightened activity.
#OpParis does not focus on traditional “hacking” in the sense of exploiting server vulnerabilities. Its stated rules prohibit certain disruptive actions such as DDoS attacks; instead, volunteers collect accounts used for propaganda and use platforms’ built-in abuse-reporting tools to have those profiles removed. The campaign has claimed to have taken down thousands of Twitter accounts, though not all removals have been independently verified as linked to ISIS.
ISIS has long used online platforms for recruitment and encrypted tools for private communications. Actions by groups like Anonymous disrupt efforts to spread the group’s ideology and may push militants toward seemingly more secure messaging channels. That shift worries governments, which fear encrypted services can hide planning and coordination from intelligence agencies.
UK Prime Minister David Cameron has publicly discussed restricting encrypted messaging services that are difficult for agencies to intercept. Critics argue such bans would raise serious privacy concerns and would be impractical to enforce, since many secure tools are open source and can be distributed widely.
In response to growing cyber threats, the UK government has pledged £2 billion to establish a National Cyber Centre based at GCHQ (Government Communications Headquarters). Chancellor George Osborne warned that ISIS is attempting to develop capabilities to disrupt essential services—hospitals, power grids and air traffic systems—that could have lethal consequences. Speaking at GCHQ he said the group “has not been able to use it to kill people yet by attacking our infrastructure through cyber attack, but we know they want it and are doing their best to build it.”
Osborne added: “We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace. When we talk about tackling [ISIS], that means tackling their cyber threat as well as their guns, bombs and knives.”
While it is not yet proven that the recent attacks on the UK are directly related to ISIS, the incidents underline the need for a dedicated facility and coordinated response to cyber threats. In September, the Global Cyber Alliance was formed with headquarters in New York and London to help address escalating cybercrime and security challenges. It is not yet clear whether the new National Cyber Centre will expand on that effort or operate as a separate entity.
Will Pelgrin, former CEO and President of the Center for Internet Security, commented: “Cyber crimes have become a worldwide epidemic with estimates of a half billion global cyber victims annually. We must treat cyber security threats and crimes as we would any widespread infectious disease – immediately, urgently and collectively. Cyber risks have reached catastrophic proportions and, therefore, require an unparalleled, public/private and transnational response.”
Do you think cyberattacks by terrorists could cause serious damage? Share your thoughts in the comments.