The machinations of a cyberwar

Hackers are like nations with static and dynamic allies. We utilize them (and vice versa) in order to gain access to information and resources which we feel will further our respective causes. Truthfully, we are Machiavellian in nature. Not because we want to be but because we have to be. We are this way so that we can overcome the waves of adversaries that stand against us, posing as friends.

The year was 2008, and I sat at my computer, grinning because of my cunning prowess for the covert strategy I had just implemented against my enemies. The plan of deception was working.

It was exhilarating knowing that my hacking crew and I successfully deceived our enemies and had placed ourselves at such a strategic advantage that we were able to not only obtain the username and password table to their forum board but also secretly view all private messages and private groups between their members.

All this was made possible because of our spies, former members of the enemy that we had converted to our cause. Because of them, we knew everything. We knew their every move, even before they did.

After all, we were at war. As the saying goes, “He who rules the data rules the world.”

From the words of Sun Tzu in ‘The Art of War’, we learn:

“The end and aim of spying in all its five varieties is knowledge of the enemy, and this knowledge can only be derived, in the first instance, from the converted spy. Hence it is essential that the converted spy be treated with the utmost liberality.”

We weren’t only at war with this group. Back then, we were also at war with Anonymous because they abused the mask and many of its members were notorious cyber bullies. Those were the old days before Anonymous assumed the mantle of the cyber vigilante, the days of random acts of chaos and hacking “for the lulz.”

If that wasn’t enough, we were also at war with Chinese hackers over turf because we had gained access to some of their hacked remote desktops and attempted to boot them from those systems. That didn’t end well for us, resulting in the largest DDoS (distributed denial of service) attack we had ever been on the receiving end of.

We were at war with the world because we could.

Hackers are evolving

These days, we're living in a contentious geo-political climate as the world's citizens take sides or choose to be indifferent. I speak particularly regarding the war with Russia and Ukraine, and now Israel and Hamas. Both continue to rage on, and hackers are also choosing sides and committing acts of cyber warfare against countries and each other.

What does this mean for hacktivism? In the historical sense, hacktivism has undergone a profound metamorphosis. The days when hackers defaced websites and used them like digital graffiti containing their defiant messages to the masses are over.

As hackers attack and contemplate bigger high-profile targets, egos also get bigger. As their reputation grows, so also the number of adversaries. As their power increases, what they are willing to do in order to maintain their larger-than-life reputation – as well as defend their own against retaliation – magnifies until nothing is off limits.

For this reason, I harbor the opinion that many so-called “hacktivist” groups that fall under this general description likely suffer from megalomania and delusions of grandeur. I mean, I’m no psychiatrist. However, the signs are in plain text, so to speak.

I say this because I believe the once noble causes they joined together to fight against are no longer for the people they claim to be defending. That plight has become twisted and distorted into a daily power struggle reminiscent of a drug addiction-like compulsion to find their next fix for power and image while subjugating and destroying their rivals.

That is precisely what is churching beneath the surface of the web today. A cyber war against groups and rivals among hackers.

Illicit collusions

For security purposes, I will refer to each group by pseudonyms. Imagine what happens when little children poke their fingers in the lion’s cage. In this case, one of the biggest hacktivist groups to date, which we will call “1337 XYZ Crew,” suffered a personal attack when one of their members, “MrLeetStr33T,” was doxxed.

Prior to this, the leader of NetHammer was also viciously doxxed by an unknown actor without a name or traceable affiliation. It was believed that the doxxing was carried out by a member of KillNet, although they only admitted affiliation after NetHammer’s leader pointedly accused the attacker of being so.

Whether these two doxxings are directly related has never been ascertained. But shortly after, these seemingly unrelated incidents intersected and crossed paths when it was discovered that NetHammer’s leader was complicit in distributing the dox of MrLeetStr33T, allegedly from the leader of another hacktivist group.

Thus, a loosely knit alliance was formed against the 1337 XYZ Crew. With their collusion discovered, the silent war began, but not without consequences. That is because the 1337 XYZ Crew had the leader of NetHammer swatted. Swatting is what happens when a 3rd party individual calls your local emergency services and deceives them into sending police to a person’s address.

The list of collaborators expanded like wildfire, as actors on the web seemingly perceived that the 1337 XYZ Crew was weakened from the doxing of their members, but the opposite was true. They appeared to be stronger, hardening their resolve to defend their member, regarding him as family.

Next, I watched as they tasked themselves with unraveling the yarn of actors, most of whom tried hard to mislead the 1337 XYZ Crew about their role in the dox and failed. After that, they strove to mitigate possible knowledge of the leak from being picked up by advantageous news sources.

Still, they widened the scope of retribution by employing external resources to assist with counter-doxxing entire enemy rosters, punishing entire crews for the guilty actions of a single person as a matter of principle.

Doxxing – not a child’s game

Doxxing is typically easy, depending on the elusiveness of the target and what kind of information can be found in a person’s digital footprint. It can require a broad range of OSINT (open-source intelligence) skills and a careful eye for detail with an equal amount of patience to uncover the link between tidbits of obscure data hidden in a proverbial haystack of metadata that is rife with false positives.

Additionally, it’s important to note that when a member of a high-profile group individual is doxxed, the exposure can potentially land the individual in serious legal trouble. If a group is known by law enforcement, any chink in their armor can potentially bring the whole crew down.

Hackers (and actors) and even political dissidents depend on their anonymity because it is the lifeblood of their continued survival. Breaking that shield wall can ultimately be their downfall. This is worse than corrupting personal data or stealing information.

Avoiding infiltration

Everything that transpired from this episode and from my own operations so many years ago was made possible because of the ability to infiltrate, commit acts of subterfuge, convert players, and perform misdirection. In essence, it is social engineering at its core.

Having well-placed assets behind enemy lines, playing specific roles such as participating in enemy operations, and contributing to sharing information or services will inevitably cause them to let their guard down. Groups with a large volume of members make it easier for infiltrators to lurk in the background, observing and gathering information.

The culmination of these elements is why there are individuals who seem to have intimate knowledge about things that happen in private groups. Such individuals are wells of information. When they are installed strategically, they can bring down entire groups.

Also, not all enemies share the same ambitions or harbor a mutual ill will. Among hackers, the saying is true, “the enemy of my enemy is my friend.” The 1337 XYZ Crew and their associates were able to reach out even to enemies for information.

While the 1337 XYZ Crew is only one example of the players involved in the current tumultuous dynamic that has been brewing in dark places in cyberspace, the important thing to remember is thus: we will always have adversaries. However, minding your own business will often keep others from seeking to cause you harm.

Hack responsibly.

More From Cybernews:

Hello Alfred app exposes user data

Google image search just got better: revealing the origin of goods and information

Curve Finance suffers second crypto cyberattack

Chrome update spreads Trojan malware

Apple TV Plus joins other streamers in raising prices

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked