A colleague of mine recently posted a link to an information warfare-related article on an Iranian activism site. Like-minded Iranian friends, affiliated with the Green movement, seemed to have as a goal to disseminate information about how to counter censorship in Iran by distributing tools, news, and other means of helping dissidents avoid having their communication muzzled and detected by the mullahs.
This particular article lists examples of electronic warfare by regime-friendly groups such as the “Iranian Cyber Army”, recently suspected of numerous attacks against organizations seen as hostile to the Iranian government. Ironically, these included Chinese search engine baidu.com in retaliation for some perceived slight by the Chinese government — this shortly after several Chinese organizations have become increasingly implicated in online hits against U.S. and other Western government and corporate targets; a recent report in The Associated Press / The Guardian mention the Chinese universities Shanghai Jiaotong and Lanxiang Vocational Institute as sources of the “Aurora” attacks against Google and others. On a humorous side note, if 1337 xenophobic script kiddies friendly with one totalitarian regime are now going after 1337 xenophobic script kiddies friendly with another totalitarian regime, it might become difficult to figure out who’s on whose side…
That said, there’s not much an outsider with technological know-how can do to help victims of censorship and repression in any country beyond providing them with the education and means to get around official repression of communication with each other and with the outside world, and to avoid being detected by government thugs while doing so. A friend of mine, when asked to to provide help and information about censorship avoidance to an Iranian group, took a very cautious line, making it very very clear that he was reluctant to offer anything that carried even the slightest possibility of someone being arrested, tortured, or even killed if they were found using it. I take a bit of a different view — solutions like PGP, TOR, Haystack, anonymous remailers, or SSL enabled CGI proxies, combined with private browsing available on most newer browsers, are powerful stuff, and with a modicum of care on the part of their users, can conspire to throw a hefty wrench into the surveillance machinations of dictatorial spooks. The best anyone can do is to make users at risk of brutal crackdowns aware of what could possibly go wrong, give them a good head-start on how to use their new toys, and let them be adults about making an educated choice. After all, in the case of the Iranian protesters, these are people who’re willing to go out on the street and be shot at for what they believe in.
So much for “passive” assistance — giving people better anonymous / encrypted communications tools and the knowledge on how to effectively use them. What about active help, though? Beyond the usual low-level stupidity found in IRC channels (e.g. background noise of the “www.bobsautodetailing.com pwn3d by H4X0RZ 4 ALLAH AGAINST 4m3r1kkkAH” variety), attacks on the infrastructure of Western countries and organizations from Russian, Iranian, North Korean, Chinese, and other groups, presumably with at least some tacit blessing from their governments, are pretty common. Botnets designed to carry out probes and hits on infrastructure, launch DDoS attacks, create economic sabotage, steal sensitive data, and other bad things, are pretty common in the wild.
Cybercrime legislation in most developed countries is designed to pursue and allow prosecution of even casual probes by unauthorized persons. Whether one agrees with laws or enforcement tactics or not, the goal is to keep anyone, no matter what motivates them, from generally screwing things up by spying, stealing, or vandalizing. Unless it specifically takes into account intent, the law doesn’t differentiate between amateurs or professionals — it’s all a crime. Why? Partially because attacking a person/host/company/government via a network is the technologically easiest, least physically risky way of getting to the goodies, and because it’s often impossible to differentiate between the casual hacker and the much-vaunted bugaboo of organized cybercriminals and government-sponsored electronic espionage. The idea, I suppose, is that tolerating any intrusion means that the world economic system as we know it will grind to a standstill (or at least your job and mine will be made that much more difficult.) Maybe, maybe not, but without such laws as a deterrent, I’m sure the barriers to causing grief to legitimate business would be a lot lower.
But what of aiding and abetting attacks against distasteful regimes or their allies / henchmen? A few years ago, the idea of counter-hacking, or ethical hacking aimed at taking out threats either by sabotaging those responsible or by “cleaning” affected infrastructures when unsuspecting owners could not or would not, was in high discussion. Most security professionals in my circle of acquaintances seemed to be roundly against this concept, due to the potential for a slippery slope, and for unacceptable collateral damage — plus, what good is it to have and enforce laws against illicit intrusion when the “good guys” themselves are guilty of violating them, even if they are perfectly well-meaning?
Given how hungry my non-technical Iranian friends were for any information about “passive” tools as those described above, I’d imagine groups in opposition to the government (supposedly there’s now a “Green Cyber Army“) would imaginably be equally happy for any assistance from sympathetic types in the West. As someone strictly in favor of the rule of law, I can’t condone any illegal actions of the sort these guys are indubitably carrying out, but anything that helps cause grief for kiddies hacking in the service of thugs is ok in my book. A few dozen clicks to waste here and there to waste the bad guys’ bandwidth, a Metasploit download mirror, or an open proxy or TOR gateway probably wouldn’t violate the spirit of the law. Wink wink.