Cyber Guerilla Page left intentionally blank Cyber Guerilla Jelle van Haaster Rickey Gevers Martijn Sprengers AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier Syngress is an imprint of Elsevier 50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States Copyright © 2016 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, elec- tronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treat- ment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress ISBN: 978-0-12-805197-9 For information on all Syngress publications visit our website at https://www.elsevier.com/ Publisher: Todd Green Acquisition Editor: Chris Katsaropoulos Editorial Project Manager: Anna Valutkevich Project Manager: Priya Kumaraguruparan Designer: Mark Rogers Typeset by Thomson Digital Contents About the Authors .............................................................................................................vii Foreword ............................................................................................................................ix Preface ................................................................................................................................xi Introduction ......................................................................................................................xiii CHAPTER 1 General Principles of Cyber Guerilla ................................................................1 J. van Haaster Introduction ......................................................................................................1 The Essence of Cyber Guerilla ........................................................................2 Cyber Guerilla Strategy ...................................................................................3 Cyber Guerilla Tactics .....................................................................................5 Cyber Warfare on Favorable Terrain (When to Wage Guerilla) .......................7 Cyber Warfare on Unfavorable Terrain ............................................................9 Conclusions ....................................................................................................12 CHAPTER 2 The Hacker Group .........................................................................................15 R. Gevers Introduction ....................................................................................................15 The Hacker as Social Reformer .....................................................................16 The Hacker as Combatant ..............................................................................17 The Hacker Group ..........................................................................................19 Disciplines .................................................................................................20 Conclusions ....................................................................................................39 CHAPTER 3 Organization of #Operations ........................................................................41 M. Sprengers and J. van Haaster Introduction ....................................................................................................41 Intelligence .....................................................................................................42 Counterintelligence in General .................................................................42 Counterintelligence During Operations ....................................................44 Operations ......................................................................................................45 Cyber Kill Chain .......................................................................................46 Advanced Persistent Threat Life Cycle .....................................................59 Considerations During Operations .................................................................68 Target Architectures and Network Segregation .........................................68 Dealing with Monitoring and Defense Systems........................................75 Limits of Encryption .................................................................................78 v vi Contents Tools and Techniques .....................................................................................81 Evasion Techniques ...................................................................................81 Network Scanning Tools ...........................................................................89 Mapping Tools for (Internal) Reconnaissance ..........................................89 Password Cracking Tools ..........................................................................90 Miscellaneous Tools ..................................................................................91 Effects ............................................................................................................91 Overview of Effects ...................................................................................92 Media Strategy ...............................................................................................95 Media Organization Within the Hacker Group .........................................96 Considerations ...........................................................................................98 New Media ..............................................................................................101 Using Conventional Media ......................................................................105 Postoperation Posturing ...............................................................................107 CHAPTER 4 Appendices .................................................................................................111 R. Gevers, M. Sprengers and J. van Haaster Introduction ..................................................................................................111 Illustrative Hacker Groups (Rickey Gevers) ................................................112 Anonymous .............................................................................................112 LulzSec ....................................................................................................113 Jeremy Hammond—AntiSecurity ...........................................................114 Cult of the Dead Cow “cDc” ...................................................................115 Team TESO/ADM/w00w00/LSD-PL .....................................................115 Chaos Computer Club .............................................................................115 Chinese APTs ..........................................................................................116 Rebellious Rose .......................................................................................116 Anons Bataclan .......................................................................................118 Future of Hacker Groups .............................................................................119 Future of Chapter 1 (Jelle van Haaster) ..................................................121 Future of Chapter 2 (Rickey Gevers) ......................................................122 Future of Chapter 3 (Martijn Sprengers) .................................................123 Index .............................................................................................................................125 About the Authors Jelle van Haaster, LL.M. University Utrecht, BA War Studies, Faculty of Military Sciences, is an award-winning writer, software programmer/developer, and speaker. He is an officer in the Royal Netherlands Army and has a diverse background in legal, military, and technical defense matters. Jelle recently developed an award-winning software app for effectively utilizing social media during military operations, and he is the author of multiple scholarly IT-Law, IT, and military-operational publications. He is currently completing his multidisciplinary PhD thesis on the future utility of military Cyber Operations during conflicts at the Netherlands Defense Academy and University of Amsterdam. Rickey Gevers is currently Chief Intelligence Officer at the security firm Redsocks. He has been responsible for numerous revelations regarding high-profile security incidents both n ational and international. He was, amongst others, the first person to discover key logger used by Dutch law enforcement agencies and uncovered several criminal gangs and their operations. As an expert in technical matters he has been frequently consulted or hired as lead investigator, including in some of the largest security incidents the world has ever seen. Rickey appears frequently in Dutch media and has hosted his own TV show called Hackers. Martijn Sprengers is an IT security advisor and professional penetration tester who is special- ised in conducting covert cyber operations, also called “red teaming”. He performs digital threat actor simulation by using real world tactics and techniques to infiltrate complex IT environments for his clients. With his vast knowledge of offensive security he helps international organisa- tions to strengthen their preventive security measures, increase their detection capabilities and prepare themselves for real attacks. He holds an MSc in computer security, performed research on password encryption techniques and has written multiple articles in the field of IT security, cybercrime, and cryptography. vii Page left intentionally blank Foreword In the days of yore, an occupying force only had to worry about other occupying forces, thus fo- cusing their efforts on defensive posture. As internal conflicts loomed, and guerilla forces began to strike in unilateral and seemingly decentralized movement, occupiers realized their greatest weakness––that their enemy was within. During Guerre d’Algérie (1954–62), French forces found themselves stumped by the effective- ness of the initial wave of guerilla style warfare across Algeria. Although outnumbering their counterparts, Front de Libération Nationale (FLN), The French found themselves in a conun- drum: give up its occupied territory or eliminate the threat. They chose the latter and won the battle, but lost the war by means of popular opinion. Whether by design or coincidence, French forces were seen as aggressive and abusive in their response, and FLN reached the goal they had set from the beginning: Libération. With the conceptualization and implementation of the Internet came a new era of warfare. Be- ing able to communicate with people around the world at will changes the defense scope and methodology. While the French forces had to deal with and understand an enemy which was confined within a border, security forces now have to deal with and understand an enemy that claims none. The Arab Spring started on the streets of Sidi Bouzid, Tunisia, but spread like wildfire across social media. The power of the people, and its information propagation, toppled governments and hierarchies. Attribution becomes nearly impossible as attackers adapt with every failed mission, evolving their tactics and combining their experiences as groups meet and merge. It only takes a team of 4–10 to cripple an infrastructure if members are designated roles, where each member can in- dependently focus on their strong points and research is combined. From information gathering and reconnaissance, to exploit development and social engineering, they continue to expand on attack methodologies while defensive forces struggle to keep up. Alas, the era of the cyber guerillas. “Hold out baits to entice the enemy. Feign disorder, and crush him.”—Sun Tzu Hector Monsegur (“Sabu”) ix