CHAPTER 8: Types of Internet Attacks (5/6)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

One of the most common hybrid attacks is the “false-flag” attack,

sometimes also known as a “joe job” when performed by e-mail. In

this attack, the attacker impersonates the victim, often on a discus-

sion forum or community message board. The attacker, using the vic-

tim’s name, proceeds to make offensive, immature, unintelligent, or

outrageous comments. This form of attack is possible because many

websites fail to verify the identity of people who post comments.

Some simply allow users to post their comments under any pseudo-

nym. It is a simple matter for an attacker to use a victim’s real name

as his pseudonym so that the resulting comment appears to have

been written by the victim—many people will simply assume that a

post under the username “JohnDoe1951” was actually written by the

person named John Doe. On forums where it is not possible to use

the victim’s name as an online pseudonym, then the victim can use a

pseudonym that hints at the victim’s identity (“MicrosoftCEO”) or

just include the victim’s name and e-mail address in the body of the

comment as a fake “signature.”

Of course, “false-flag” attacks are by no means limited to posting

comments on website forums. One writer made a name for himself by

creating an entire blog impersonating Steve Jobs, the CEO and co-

founder of Apple Computers. The impersonator’s blog was filled with

biting cynicism about Apple’s customers and designers. The author

was able to maintain his anonymity for a year before being revealed.

Luckily for the real Steve Jobs, the URL of the blog gave away the fact

that it was not written by the real Jobs: http://fakesteve.blogspot.com.

But many impersonators don’t use obviously fake names: Aerosmith’s

Steve Tyler sued one anonymous individual who set up a fake blog un-

der Tyler’s name.

Another fake blog, purporting to be that of Levi

Johnston, the boyfriend of the daughter of the 2008 Republican vice

presidential candidate Sarah Palin, was set up as soon as the story

broke about the daughter’s pregnancy.

The blog purported to show

that Johnston was in favor of abortion.

Other fake sites impersonate entire groups. Two very nonreli-

gious college students created the website for a fake fundamentalist

Types of Internet Attacks 14 3

Baptist church

; over time, the site has evolved so that the parody is

obvious, but it initially fooled many users into thinking that there

was a real Baptist church espousing ridiculous and heretical view-

points.

Even as late as 2005, the site was still fooling professional

writers into thinking that the church was sincere. An author on the

normally well-respected Web magazine Salon referenced “the dooms-

day predictions of . . . the Landover Baptist Church[,] who believes

that the tsunami was God’s punishment to heathen Indonesia for its

disbelief in Jesus” without any nod toward the fact that the site is a

parody.

Satiric sites like that for Landover Baptist can be an im-

portant part of social dialogue in a free society, but they also demon-

strate the gullibility of many Web users.

False-flag attacks are particularly dangerous because it is often

difficult or impossible for the victim to repudiate the offensive con-

tent. Simply posting “that wasn’t me” does not help—the attacker can

create other comments that appear to revoke the repudiation. Re-

plying often draws more attention to the original content, making the

damage worse. And a repudiation might not even ever be seen: be-

cause some websites list their comments in order by the date they

were submitted, a late repudiation may show up far down the page

and thus be practically invisible. Some reputable websites have an ed-

itor in charge of comments who is empowered to remove false-flag

comments, but they are often overwhelmed or slow to respond.

Other websites, under the false guise of “free speech,” leave it up to

users to deal with anonymous impersonators. Unsurprisingly, many

victims feel completely helpless when faced with an anonymous im-

personator and an irresponsible website.

Attacks of this kind have long been recognized as particularly

damaging, even before the Internet made them so easy. Under the in-

ternational laws of war, enemy soldiers who wore false uniforms of

the International Red Cross or carried with them insignia suggesting

that they represented that organization could be executed as war

criminals, even though the international laws of war normally require

Wild West 2.0144

that enemy soldiers be kept alive, treated humanely, and released at

the end of hostility.

“Trolling” can also be used as another form of social attack that

intertwines the medium and the message. The definition of “trolling”

varies by context, but one of the most effective forms of “trolling” is

to make extreme but believable offensive or controversial state-

ments in an attempt to bait readers into reacting. Experienced users

of Web forums tend to be discerning and are able to identify trolls.

But, forums populated by users who are more familiar with “real-

world” discussions (where trolling is a rare practice) tend to fall vic-

tim to trolls more easily.

To use trolling as a form of online attack, the attacker just has to

bait the victim into making angry or offensive statements. The at-

tacker can do this in any way that lures the victim into an angry or

emotional statement. Sometimes an online attacker will just attack

the victim directly, in the hope of prompting the victim into an angry

defense. For example, anonymously attacking the victim’s credentials,

education, parenting skills, or other attributes may be sufficient to

trigger an angry response. An angry, over-the-top response makes the

victim look bad; the victim may appear to lack emotional control or

may seem vindictive. To make matters worse, sometimes the attacker

can remove or edit the initial triggering comment, making it appear

that the victim is shouting into the wind or vastly overreacting. Or the

attacker can try to bait the victim into revealing personal information,

by challenging a specific credential such as the victim’s education,

salary, IQ, or the cost of the victim’s home. The attacker can then use

the personal information against the victim directly or make the vic-

tim appear to be a braggart. The possibilities are limited only by the

depraved creativity of attackers.

Some creative forms of online attack rely on third-party sites

that accept and relay any information provided to them. For example,

in the United States, political campaigns are required to disclose the

names of their significant donors. Attackers have used this system to

Types of Internet Attacks 14 5

smear both candidates and individuals. One group of political ac-

tivists attempted to donate to President Barack Obama’s political

campaign under parodic names, including “Osama bin Laden,” “Sad-

dam Hussein,” and “Bill Ayers” (the 1960s radical to whom some of

Obama’s opponents tried to link him).

These contributions were

widely reported and would likely have appeared in public fundrais-

ing databases (such as Opensecrets.org) had they not been manually

intercepted as a result of the publicity. It is equally possible to make

political contributions in the name of an unwilling victim. By mak-

ing the campaign in the name of an unwilling donor, it is possible to

associate a victim with political causes she may disagree with or one

that she would be embarrassed to be caught supporting. In one re-

cent example, online campaign finance records show that news blog-

ger Matt Drudge donated $2,300 to the 2002 Republican campaign.

The donation has been used to suggest that he is biased in favor of

conservative news stories. But, while Drudge admits to voting for Re-

publicans, he claims that the donation was “a fraud” done by some-

body else “in my name.”

Impersonation will always be a danger as long as the technology

underlying the Internet allows (and even encourages) anonymity.

Websites have no way to reliably identify users, and users have no

way to identify each other. The result is a mismatch of imperson-

ators, anonymous users, and earnest citizens trying to be heard above

the din. If you want to avoid impersonation, you must claim your on-

line identity before anybody else does, as described in Chapter 11.

Notes

1. The lawsuit was eventually dismissed on procedural grounds, without deter-

mining whether the statements were lies.

2. A day care worker was accused of performing an amputation on one child

and of turning another child into a mouse. The prosecutor pressed charges,

despite the fact that both children were found fully intact and in human

form. The day care worker spent seven years in prison before the New Jersey

Wild West 2.0146

Supreme Court threw out the case. State v. Michaels, N.J. Supreme Court

(June 23, 2004). Go: http://wildwest2.com/go/801. For more coverage, see

Go: http://wildwest2.com/go/802 and Go: http://wildwest2.com/go/803.

3. Leon Jaroff and Jeanne McDowell, “Lies of the Mind,” Time, November 23,

1993. Go: http://wildwest2.com/go/804.

4. Ibid. Go: http://wildwest2.com/go/805.

5. Timothy Moore, “Satanic Ritual Abuse,” Encyclopedia of Psychology

(Farmington Hills, Mich.: Gale Group, 2001), via findarticles.com. Go:

http://wildwest2.com/go/806.

6. See, for example, the haunting documentary Capturing the Friedmans, which

tells the story of a family torn apart by doubtful accusations of ritual abuse.

Go: http://wildwest2.com/go/807.

7. Dale Turner, “Kind Words Can Be the Greatest Gift,” Seattle Times, October

17, 1992. Go: http://wildwest2.com/go/808.

8. Alan J. Stein, “Windshield Pitting Incidents in Washington Reach Fever

Pitch on April 15, 1954,” HistoryLink (undated). Go: http://wildwest2.com/

go/809.

9. Laura Rico, “Memory Can Be Manipulated by Photos, Study Finds,” Univer-

sity of California (press release), November 19, 2007. Go: http://wildwest2

.com/go/810.

10. Hany Farid, “Photo Tampering throughout History” (undated), via

dartmouth.edu. Go: http://wildwest2.com/go/811.

11. Museum of Hoaxes, “The Tydings Affair.” Go: http://wildwest2.com/go/812.

12. Mike Nizza and Patrick J. Lyons, “In an Iranian Image, a Missile Too Many,”

The Lede (blog), July 10, 2008, via nytimes.com. Go:

http://wildwest2.com/go/813.

13. Snopes.com, “Photograph Shows Senator John Kerry and Jane Fonda

Sharing a Speaker’s Platform at an Anti-war Rally,” March 1, 2004. Go:

http://wildwest2.com/go/814.

14. Carla Marinucci, “Doctored Kerry Photo Brings Anger, Threat of Suit,” San

Francisco Chronicle, February 20, 2004. Go: http://wildwest2.com/go/815.

15. User: Swarby, “Death Star over San Francisco” (video), via Youtube.com.

Go: http://wildwest2.com/go/816.

16. Richard Morgan, “Revenge Porn,” Details, via men.style.com. Go:

http://wildwest2.com/go/817.

Types of Internet Attacks 14 7

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for CHAPTER 8: Types of Internet Attacks (5/6)

Create new playlist

Sign In

Sign Up

Table of Contents for
CHAPTER 8: Types of Internet Attacks (5/6)