The last few weeks have brought almost daily cyber-attacks on government websites. Just recently, the SOCA (Serious Organized Crime Agency) in the UK was down for a weekend caused by a DDoS (distributed denial of service) attack. A Washington, D.C. government website was taken down the week before, and a New Zealand government site also experienced a DDoS attack. Other websites that were shut down by DDoS attacks included the UK Supreme Court and the FBI. A few weeks earlier, Anonymous, one of the most well-known hacktivist collectives, launched DDoS attacks on the Russian government, the Polish government, and the Mexican government. The list goes on and on.
Suppose you do not favor a new law that was just passed, or dislike a country’s immigration policies, or want to fight what you see as corruption in religious institutions. You can organize a demonstration or take the fastest, easiest and most effective way and launch a virtual attack on the offensive website. You can then take down the parliament portal to protest unfair laws or policies, shut down the local police’s website or the website of any offending organization. Hacktivists have been very effective launching attacks on government websites and their motivation increases with each successful attack. Even TIME Magazine included Anonymous in their “100 Most Influential People List”, which definitely emboldens the number of politically or socially motivated DDoS attacks against these offensing websites.
Today, cyber-attacks have become the latest weapon in the arsenal of social protest. Those unhappy with governments or political policies have traditionally shown their passion in the streets. Protest leaders work to congregate large numbers of people together physically where they parade for long hours in front of the symbolic building in all kinds of weather. This is difficult work that requires recruiting, organizing and bussing protesters to the site with no guarantee of getting the massive numbers necessary to attract media attention. Why bother when it is possible to launch a virtual protest that often gets wider and more intense media coverage than any local street demonstrations?
With all these politically motivated attacks in the news, I decided to check with Radware’s ERT (Emergency Response Team) to see if their experiences showed an increase in government cases over the past weeks. The ERT handles dozens of security cases every week involving Radware customers from all over the world. I found that there were three times as many anti-government cyber-attacks during the first quarter of 2012 as compared to the last quarter of 2011.
Since it is much easier to launch a cyber protest than it is to organize masses of people for street demonstrations, there is more incentive to use DDoS attacks as the weapon of choice. We expect to see more government websites under attacks in the coming months, which only means that government agencies should reevaluate their cyber-attack mitigation strategy and prepare themselves to combat today’s security threats.