You think you have some knowledge about computer hacking? Your skills with breaking into Facebook and Twitter accounts are well known? Or maybe you are capable of infiltrating the web hosting provider? Groups like Anonymous are exploiting the power of modern technology for social protest and to promote political ideology. The fight for freedom of expression, the defense of human rights, the total aversion to any form of surveillance and control, and the reporting of abuse by regimes are the main arguments that incite groups of hacktivists to action. If YOU think that you have some skills and if you want to call yourself a hacktivist, who fights ISIS terrorists, for example, this is one step-by-step plausible scenario.
A hacktivist collective has decided to attack the terrorist organization Bina Al-ar-mal after they captured and executed an inocent group of people (Christian communities in Syria for example) in the Midle East. Bina Al-ar-mal is believed to consist of over 40,000 people, has hundreds of public Twitter feeds and Facebook accounts, and runs a small terrorist news site hosted on a third country server. It has three known leaders, who we shall refer to as Head Terrorist 1, Head Terrorist 2, and Head Terrorist 3. Twenty-seven hacktivists have joined the effort. They have been split into three teams: team 1 consists of five of the most highly skilled hacktivists, team 2 consists of seven moderately skilled hacktivists, and team 3 consists of fifteen amateur hacktivists.
(Day 1, Hour 1) Team 1 is initially tasked by the collective with infiltrating as many terrorist Twitter and Facebook accounts as possible. The team starts enumerating the accounts immediately. They decide that no drill will be executed, as breaking into Facebook and Twitter accounts is a trivial task.
(Day 1, Hour 1) Team 2 is initially tasked by the collective with infiltrating the web hosting provider hosting the terrorist group’s website. They begin reconnaissance.
(Day 1, Hour 1) Team 3 is initially tasked by the collective with attacking Bina Al-ar-mal’s website directly. They begin to map the website.
(Day 1, Hour 2) Team 1 finishes enumerating the terrorist Facebook and Twitter accounts. They begin attempting to break into them.
(Day 1, Hour 2) Team 3 finishes mapping Bina Al-ar-mal’s website and begins to attack.
(Day 1, Hour 3) Team 1 has breached a few terrorist Facebook and Twitter accounts. After examining their contents they determine that the terrorists are using SpookyMail email service to communicate off of social media. A few terrorist email accounts are identified and the team begins to try to break into those as well.
(Day 1, Hour 3) Team 3 gains read/write access to a limited portion of the server Bina Al-ar-mal’s website is hosted on. The other teams are alerted. They set up a simple php based IP logger script to capture the IP addresses of Bina Al-ar-mal members attempting to check their organization’s news feed.
(Day 1, Hour 6) Team 2’s reconnaissance ends. They have located the web hosting provider and gathered information on said provider’s website and servers. They begin attacking them.
(Day 1, Hour 7) Team 1 breaches their first few terrorist email accounts.
(Day 1, Hour 9) Team 2 locates a vulnerability in the the terrorist’s web hosting provider’s website. They are not able to fully compromise any of their servers, but they are able to get a list of customer names, domain names, and billing addresses by exploiting a flaw in the website’s shopping cart feature. Upon inspecting the list, they discover that the person paying Bina Al-ar-mal’s hosting bill has a British billing address. The other teams are alerted and Scotland Yard is notified of the terrorist threat immediately.
(Day 1, Hour 23) Team 1 is able to get Head Terrorist 1’s email address off of the “contact” pane of one of the hacked terrorist email accounts. They make ready for a spear phishing attack against him, but decide to wait some time to launch it, as it is currently the middle of the night where Head Terrorist 1 is believed to be.
(Day 2, Hour 3) Team 3 has gathered over seven thousand IP addresses of people viewing Bina Al-ar-mal’s news feed and tries to attack them all using known router vulnerabilities. When all is said and done they have infected thirty-seven routers and forty-six workstations. They determine that thirty-four of these work stations belong to active members of Bina Al-ar-mal. They observe these workstations passively, hoping to gather information. The other two teams are briefed on their success.
(Day 2, Hour 8) Team 1 launched a spear phishing attack against Head Terrorist 1 using the hacked email account of another terrorist.
(Day 2, Hour 9) Team 1’s spear phishing attack against Head Terrorist 1 is a success. They now have full control over his Windows XP laptop and inform the other two teams of their success. After searching the laptop’s hard drive and downloading a half gigabyte of confidential documents and IM logs, the team decides to plant a PDF of the Christian Bible on it along with some real looking fake papers from the CIA. After gleaning Head Terrorist 2’s and Head Terrorist 3’s email addresses from the stolen IM logs, the team sends them both emails from the hacked email account of a lower level terrorist claiming that Head Terrorist 1 is dirty.
(Day 2, Hour 9) Team 3 decides to take the sensitive information stolen from Head Terrorist 1’s computer stolen by Team 1 along with other fake CIA documents and place it on all thirty-four of the terrorist workstations they control. They use a hacked email account belonging to an uninvolved terrorist to inform Head Terrorist 2 and Head Terrorist 3 that Head Terrorist 1 is a traitor an he has at least thirty-four moles inside of their organization, all of whom they mention by name.
(Day 2, Hour 10) Head Terrorist 1’s laptop is searched by security forces under the control of Terrorist 2. Head Terrorist 1 is determined to be part of the CIA and is placed into a cell to be used as leverage against the United States.
(Day 2, Hour 17) Head Terrorist 2 and Head Terrorist 3 raid all thirty-four of the suspected moles and find the planted documents. They begin to interrogate all thirty-four of them in order to find out how deep the CIA has penetrated their organization. None of them know anything but most of them make up real sounding false information to make the interrogations end.
(Day 3, Hour 3) Team 1 determines that most remaining Facebook and Twitter accounts can not be breached. Several team members leave and a few stick around to try and finish off the remaining accounts.
(Day 6, Hour 17) Scotland Yard arrests the person allegedly paying for Bina Al-ar-mal’s web hosting. It is later determined that the person is actually part of a London-based Bina Al-ar-mal cell.
(Day 6, hour 20) Team 2 destroys Bina Al-ar-mal’s web site after catching word of the Scotland Yard raid.
End Result: One of three head terrorists is being held by their own organization as a traitor and thirty-four unrelated terrorists are being held by their own organization and brutally interrogated about actions they did not commit. One terrorist is in the custody of the Scotland Yard, and a British terror cell has been exposed. Bina Al-ar-mal’s entire communication network is compromised (but they do not know that yet), and their website has been taken offline permanently. All members of Bina Al-ar-mal are now becoming increasingly suspicious of their fellow members and the hacktivist collective is now in a position to launch further attacks on Bina Al-ar-mal (using the compromised email and social media accounts) at a later time. This has all been accomplished in under a week.
Disclaimer: All information provided in this document is for educational purposes only.