Digital Attacks Escalate
To Bomb Threat, Food, Legal Clients, ePayments
London, UK - 5th October 2010, 09:35 GMT
Dear ATCA Open & Philanthropia Friends
[Please note that the views presented by individual contributors are not necessarily representative of the views of ATCA, which is neutral. ATCA conducts collective Socratic dialogue on global opportunities and threats.]
Metamorphosis into Bomb Threat
The head quarters of the US law firm Dunlap, Grubb & Weaver were evacuated just before the weekend by the police after a bomb threat was received via eMail. The firm started thousands of lawsuits against file-sharing users under the name US Copyright Group (USCG) this year. It is best known for pursuing alleged online downloaders of the Oscar-winning movie The Hurt Locker.
Ministry of Sound
Pizza Threat and Prank Calls
Aside from the Distributed Denial of Service (DDoS) attacks that knocked down the online presence of anti-piracy groups and law firms, some involved organisations have also received a high volume of time-wasting prank calls and suspicious ‘free’ pizza.
Attacks on Law Firm's Client and Online Payment Provider
"Anonymous", the vigilante hacking group leading the DDoS campaign against anti-piracy law firms and media groups, planned to attack the UK law firm Gallant Macmillan's website over the weekend. However, before the attack began the law firm took its own site offline. As a result, the hacktivists quickly changed target and attacked the firm's client instead.
This crashed the website and online shopping system of the "Ministry of Sound": the largest independent record label in the world with an estimated annual revenue of USD 125 million, some of which is derived online. Ministry of Sound's electronic payment gateways and payment processing provider were also targeted, along with their operations in other countries. For the first time a website -- that actually generates online revenue from selling music and other items -- has been targeted in "Operation Payback" and the attack will have a direct financial consequence for the Ministry of Sound. Their website has already been down for over a day and it is still not back up.
Gallant Macmillan are pushing for a court order, that would force ISPs to surrender their subscriber information. Today, after a scheduled hearing at London’s High Court, Chief Master Winegarten was going to decide whether to order Plusnet, a subsidiary of BT Group, to hand over customer details to Gallant Macmillan or not. Instead, Winegarten has adjourned the case until January 12th, 2011, bringing temporary relief to those who might have been pursued on the flimsiest of IP address evidence, which can generate false positives. Both Gallant Macmillan and the Ministry of Sound now face the challenge of convincing the judge to grant the court order they seek, and of getting their web sites back in working order.
Fear: Turning The Tables
The leader of the "Anonymous" hacktivists carrying out the DDoS "Operation Payback" attacks says, “We are reminding these firms who use fear on us that they should instead fear us. We ask everyone that ever receives a letter from them not to pay up, and not to give in.” Anonymous posted the following on the 4Chan message board:
"Gallant Macmillian law firm has committed many crimes recently, all of them ignored; ignored by everyone except us. We, the people, will not allow this to continue. They have declared themselves our enemies by sending out thousands of blackmailing letters against innocents, seeking compensation for copyright infringements that don't exist."
"Just with ACS:Law, these letters are being sent by a company that is guilty of crimes against Intellectual Property, as well as crimes against the people. Indeed, even as they seek to 'protect' copyright through barbaric punishment, their hypocritical methods force ISPs to reveal the personal information of thousands without evidence of infringement."
Potential Civil Disobedience
One "Anonymous" hacktivists' flier is aimed at convincing the younger generation not to abide warnings of anti-piracy groups, urging readers to "download as a civil disobedience".
Brand Damage and Rainmaker Risk?
Within the law firms themselves the big hitting litigation partners have in recent years been the highest paid and biggest rainmakers. Yet it is now becoming clear that a single partner's decision to pursue this type of litigation has the potential to rebound on the whole international law firm and cause the law firm's diverse teams and clients to suffer. This can create a huge reputational and brand damage risk for the affected law firm. It must be questioned whether the internal risk controls within law firms are adequately tuned to this type of risk and are capable of properly analysing the medium to long term risks before allowing litigation partners to take on this type of work? If a law firm starts to lose corporate, banking, employment, pension, real estate and/or other project work directly as a consequence of the firm having taken on a piece of litigation work, then was the risk properly analysed and priced? This may simply result in lawyers charging a lot more in fees to carry on this type of work because of the added risks involved. It would be extreme irony if the actions of the hacktivists simply resulted in lawyers being able to charge more to take on the sort of work the hacktivists are endeavouring to stop. Considering the UK law firm Gallant Macmillan's website mentioned “managing our client’s reputations” before it was taken down, it would be interesting to know what the Ministry of Sound think of their lawyers' delivery on that promise at present?
1. Is there a need for a new business model for the global media and entertainment industry given that the old model of intellectual property protection for sales is breaking down in the brave new digital world?
2. These attacks must make law firms, who are active in this area of litigation, question whether the use of scare tactics is a legitimate or sensible approach to the problem of on-line illegal downloads?
3. What if this methodology of DDoS attacks via common pooling of resources and underemployed street talent extends to carrying out digital civil disobedience in different situations worldwide against banks, corporations, their lobby groups, law firms and lawmakers?
4. Given that electronic payment gateways are critical modern infrastructure for a sovereign nation's economic health, what is the fallout of protracted DDoS attacks on such systems?
5. What tools for retaliation do those who are attacked have against their online attackers and are the current security architectures and solutions adequate?
We welcome your thoughts, observations and views. To reflect further on this subject and others, please respond within Twitter, Facebook and LinkedIn's ATCA Open and related discussion platform of HQR. Should you wish to connect directly with real time Twitter feeds, please click as appropriate:
. ATCA Open
. mi2g Intelligence Unit
. Open HQR
. DK Matai