It seems like a plot lifted from the pages of a cyberpunk novel: A US federal cyber-security company, in association with large corporations and banks, plot the downfall of an Internet based whistle-blowing organisation.

They plan to do this by nefarious means:

1. cutting of all donation routes and closing the organisations bank accounts, effectively starving the organisation of funds.
2. submitting false whistle-blowing documents to the organisation which on the surface would seem to come from credible sources but, when released could be easily discredited.
3. a campaign of misinformation attacking the anonymity of the organisations document submission process – frightening off future submitters.
4. attacking the Internet infrastructure of the organisations document submission process utilising sophisticated cyber attacks to collect data on document submitters.
5. discrediting employees through smear campaigns utilising social media platforms.
6. intimidation of journalists who support the organisation.

But the whistle-blowing organisation isn’t toothless. A highly motivated and sophisticated hacker cell protects them in cyberspace wreaking digital havoc on anyone who threatens the organisation.

Profiling the hackers

This hasn’t been overlooked by the cyber-security company which has gone to great lengths to ‘penetrate’ the hacker cell. With assistance from Law Enforcement Agencies, they were able to analyse data collected from Internet Relay Chat and social media web sites reportedly used by the hackers, and connecting the dots, profile many of the hacker cell’s alleged senior members. They were now ready to release their findings at an upcoming security conference.

However, an ambitious and somewhat naive CEO of the cyber-security company, wishing to make a name for himself and his company, talks to a national newspaper about his company’s findings. The newspaper publishes the story.

A declaration of war

This is seen as a declaration of war by the hacker cell and they respond the only way they know how .. by hacking into the cyber-security company’s servers. First they gained access through an insecure web server and from there the hackers were then able to jump to other systems, including the cyber-security company’s email server – where more than 60,000 emails were retrieved and made public on the Internet. From information taken from the retrieved emails, the hacker cell were also able to take control of accounts held by the CEO on social networking sites, posting propaganda messages on the boards.

That’s got to hurt

Just to add insult to injury; when the attack was over and the digital dust had settled, it was revealed by the hacker cell that a 16 year old girl had been the first to penetrate the cyber-security company’s systems – ouch!