WikiLeaks Cyberwar! Business Is a Target -- and Also Collateral Damage

Last Updated Dec 8, 2010 3:39 PM EST

A battle is underway between WikiLeaks and its founder Julian Assange on one hand and a growing number of governments, large corporations, and other entities on the other. And as the skirmishes continue, even businesses that haven't been targeted by "hacktivists" will find themselves suffering temporary collateral damage -- either because a rumor ties them, rightly or wrongly, to the WikiLeaks situation, or because they depend on services from one of the targets.

The fight has been joined ever since WikiLeaks began to release roughly 250,000 classified U.S. diplomatic cables it had received, much to the displeasure of governments around the world. Within a week, WikiLeaks found itself without an operating main site, the ability to bring in money or a leader, as Assange had been arrested on suspicious-sounding sexual charges. Those actions set off a full-scale cyberwar. A number of companies such as MasterCard (MC) and PayPal (EBAY) have found themselves direct targets.

Hacktivists

The attacks seem connected to two web sites. One is message board 4chan. Groups of people that use it previously have been the source of anarchistic campaigns against various people and organizations like Scientology that have incurred users' wrath. The other is an anonymous anti-censorship and anti-copyright group called AnonOps and its ongoing Operation: Payback campaign.

Anonymous hacktivists have unleashed a series of distributed denial of service (DDOS) attacks on companies and individuals they perceive involved in the actions against WikiLeaks and Assange. A DDOS attack is a well-established form of Internet exploit. A flood of traffic overwhelms a computer and renders it incapable of attending to its usual tasks. If the computer hosts a web server, the associated site goes offline. Email service running on the machine becomes unavailable for any user. E-commerce grinds to a halt.

The targets

So far, the targets have been on companies or individuals publicly associated with actions against either WikiLeaks or Assange. They include:
Other potential targets could conceivably include Amazon, for pulling the plug on hosting, and Visa (V), which also closed a credit card processing account the organization had. Even Twitter has been named a future target, because of a widespread rumor that the company had intentionally kept WikiLeaks off its trending topics. The list is likely to continue growing:
Alan Bentley, SVP international of Lumension, commented that the attack on MasterCard's website, following its move to block payments to WikiLeaks, certainly should not surprise anyone."Many disgruntled 'hacktivists' will be seeking revenge on behalf of the whistle-blowing website and it is highly likely that this will be the first in a series of attacks on businesses such as Amazon, PayPal, Visa and Swiss Bank, all of which withdrew services to WikiLeaks over recent days," he said.

Between a rock and a DDOS place

It is a difficult scenario for a number of these companies. When you get a call from a U.S. senator or the State Department, saying no takes far more stubbornness -- even foolhardiness -- than most people have. There is always the unstated possibility that you or your organization might find itself under particular legal scrutiny or losing a bid for an important contract.

At the same time as you face a vague government threat, there is also the real damage that hactivists can do. A DDOS attack can bring an important business system to its knees for hours -- an expensive proposition for a large corporation because of lost business and the cost of getting things back to normal.

Corporate bystanders

Not only do the corporations involved get hurt, but so could companies that had nothing to do with the actions. If Mastercard has problems, could it affect your ability to take payments from customers? If a hosting company gets attacked, will it have an impact on your own computer operations?

Supporters and sympathizers have sat behind their computers and shifted the battle to cyberspace as they target companies, institutions, and individuals that they see as antagonistic to WikiLeaks. Business professionals can find themselves trapped like civilians in crossfire, with injuries to Web sites, revenue, email, and other operational systems.

An obvious first step is to beef up security so that systems either withstand attack or, if brought down, return to operation quickly. Businesses should also consider disaster recovery and business continuity: create alternate ways to operate. For example, fail-over hosting could switch business systems to another service provider, even if only on a temporary basis. Back-up email accounts from a Google or Yahoo would allow people to continue working.

In what various people are terming the first true infowar, becoming a target or collateral damage is easy. It's time to acknowledge the fact and act accordingly.

Related:

  • Erik Sherman On Twitter» On Facebook»

    Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.