After reading more of John Robb’s ideas comparing terrorist operations to the open source programming ethic, I’m beginning to think that the relation is a bit more than metaphorical. It’s clear that part of this “open source warfare” are groups of Muslim vandals who have taken to defacing sites. In spite of warnings that this might lead to denial of service attacks and more serious hacking threats, none have been corroborated yet (well, at least not by anyone credible). It’s all to easy to believe they are coming though. Recently Robb suggested that infrastructure-based attacks by small “open source” guerillas may be coming soon and “much of the instruction and research passed to these groups will be done through the Internet.” I’d take this one step further and say that some of the attacks may come through the internet as well. Meanwhile, it’s becoming more evident that threats from organizations that are neither companies nor nations are growing (or have grown) beyond the ability of national armies to defeat.
All of this, though, makes me wonder: where are the white hats? Surely the Muslim world doesn’t have a monopoly on groups of hackers willing to engage in a guerilla war for a cause they believe in, without any central organizing authority. And I’m not just talking about turning Hamas into smut peddlers. Combating these Islamist hackers requires a group willing to subject them to something they should fear: scrutiny. I’m thinking of, at least, some kind of web sites that would post things like “site X was hacked by these people — here’s what we know”. Naturally, such sites would get attacked, but that would actually be useful. There would also need to be some sort of trust system to control who could post, but the net is pretty good at figuring out that sort of stuff. More crucial would be participation of the sites being attacked. Some would be willing to share logs, some would be trickier. Most important would be the reaction of the military and intelligence agencies. I’d like to think they’d welcome the help, but chances are they’d try to shut it down. An open source counterinsurgency does run the risk of accidentally ruining “official” covert action of which it has no awareness, but I suspect that’d be a risk worth taking.