The fight has been joined ever since WikiLeaks began to release roughly 250,000 classified U.S. diplomatic cables it had received, much to the displeasure of governments around the world. Within a week, WikiLeaks found itself without an operating main site, the ability to bring in money or a leader, as Assange had been arrested on suspicious-sounding sexual charges. Those actions set off a full-scale cyberwar. A number of companies such as MasterCard (MC) and PayPal (EBAY) have found themselves direct targets.
HacktivistsThe attacks seem connected to two web sites. One is message board 4chan. Groups of people that use it previously have been the source of anarchistic campaigns against various people and organizations like Scientology that have incurred users' wrath. The other is an anonymous anti-censorship and anti-copyright group called AnonOps and its ongoing Operation: Payback campaign.
Anonymous hacktivists have unleashed a series of distributed denial of service (DDOS) attacks on companies and individuals they perceive involved in the actions against WikiLeaks and Assange. A DDOS attack is a well-established form of Internet exploit. A flood of traffic overwhelms a computer and renders it incapable of attending to its usual tasks. If the computer hosts a web server, the associated site goes offline. Email service running on the machine becomes unavailable for any user. E-commerce grinds to a halt.
The targetsSo far, the targets have been on companies or individuals publicly associated with actions against either WikiLeaks or Assange. They include:
- PayPal, which froze the account of WikiLeaks at the behest of the US Department of State
- MasterCard, which closed the organization's account so it could not process credit card payments (MasterCard has not given reasons for its action.)
- Swiss bank PostFinance after it froze Assange's personal account
- the site of Senator Joe Leiberman, who claimed to have contacted Amazon (AMZN) to pressure it to stop hosting the WikiLeaks site
Alan Bentley, SVP international of Lumension, commented that the attack on MasterCard's website, following its move to block payments to WikiLeaks, certainly should not surprise anyone."Many disgruntled 'hacktivists' will be seeking revenge on behalf of the whistle-blowing website and it is highly likely that this will be the first in a series of attacks on businesses such as Amazon, PayPal, Visa and Swiss Bank, all of which withdrew services to WikiLeaks over recent days," he said.
Between a rock and a DDOS placeIt is a difficult scenario for a number of these companies. When you get a call from a U.S. senator or the State Department, saying no takes far more stubbornness -- even foolhardiness -- than most people have. There is always the unstated possibility that you or your organization might find itself under particular legal scrutiny or losing a bid for an important contract.
At the same time as you face a vague government threat, there is also the real damage that hactivists can do. A DDOS attack can bring an important business system to its knees for hours -- an expensive proposition for a large corporation because of lost business and the cost of getting things back to normal.
Corporate bystandersNot only do the corporations involved get hurt, but so could companies that had nothing to do with the actions. If Mastercard has problems, could it affect your ability to take payments from customers? If a hosting company gets attacked, will it have an impact on your own computer operations?
Supporters and sympathizers have sat behind their computers and shifted the battle to cyberspace as they target companies, institutions, and individuals that they see as antagonistic to WikiLeaks. Business professionals can find themselves trapped like civilians in crossfire, with injuries to Web sites, revenue, email, and other operational systems.
An obvious first step is to beef up security so that systems either withstand attack or, if brought down, return to operation quickly. Businesses should also consider disaster recovery and business continuity: create alternate ways to operate. For example, fail-over hosting could switch business systems to another service provider, even if only on a temporary basis. Back-up email accounts from a Google or Yahoo would allow people to continue working.
In what various people are terming the first true infowar, becoming a target or collateral damage is easy. It's time to acknowledge the fact and act accordingly.
- Twitter vs. WikiLeaks: Algorithms Are Uncontrolled Corporate Spokespeople
- WikiLeaks Puts Corporations on Red Alert. First Responders: The Lawyers
- The Wrong WikiLeaks Lesson: Clamp Down on Info Sharing
- WikiLeak vs Bank of America: How to Maintain Morale Amid A PR Crisis
- Bank of America is Not the Only Company that Should Fear WikiLeaks