Cyberwarfare and Cyber Battlespace

Op Whaledump – A Military Analysis Part 3 – Tactics

24 August 2014

I’ve previously set out two operational outcomes for Operation Whaledump. First, to prove that social media, in particular political blogs, were not trustworthy sources of balanced journalism. Second, to prove that the plausible deniability of links with these outlets by Key and other senior politicians was not true.

The centre of gravity, therefore, was the trust relationship between the public of NZ, politicians and social media operators. This part of my analysis will consider the tactical options available and chosen. As a reminder, the tactics or ‘means’ of a plan are described as:

“Military tactics can be described as the science and art of organizing a military force, and the techniques for using weapons or military units in combination for engaging and defeating an enemy in battle”.

How do you attack trust between so many people on such a nebulous topic as social media? The short answer is that you don’t need to. The vast majority of Kiwis are cynical or completely disengaged regarding politics and wouldn’t have ever been near a political blog. At last report, Dirty Politics has sold 15,000 hard copies. Translated into votes, that’s about 1 list MP for a party without an electorate. Hardly a game changer. To achieve the operational objectives only requires victory in terms of the opinions of a small group of key influencers including politicians, judiciary, professional bodies, main stream media (MSM) and the like – sometimes referred to as the ‘Beltway’.

Trust is a relationship based on predictability. It is a measure of belief in the honesty, fairness, or benevolence of some other party. Misplaced trust is trust placed in other persons or organisations where that trust or loyalty is not acknowledged or respected; is betrayed or taken advantage of. It can also mean trust or loyalty to a malignant or misguided cause (Wiki definitions).

Clearly, the tactical objectives include ‘flicking the switch’ from trust to a feeling of misplaced trust among a critical mass of beltway individuals. While people probably feel, for instance, that some political bloggers ‘beat up’ a story – most wouldn’t have thought, up till now, that there were straight out liars amongst them. Similarly, most would have thought that political groupings like ‘Team Key’, although likeable, were probably ‘dressing up the facts’ in a manner favourable to their cause from time to time. Few, up till now, would have even dreamed that the scale was as demonstrated in Hager’s book and the subsequent email dumps.

What, then, were the tactical options for Op Whaledump? Coup de main (a decisive strike that relies on speed and surprise to achieve its objectives) versus a more attritional approach (death by a thousand leaks)? Where to attack? The resources of the government parties were probably too great for the campaign. If the hacker had targeted parliamentary resources, the full weight of the security agencies would have been brought to bear on them.

I think the hacker conducted some reconnaissance (port and packet sniffing) and that could have included a wide range of other people’s accounts. He or she was surprised to find first vulnerabilities and ultimately a treasure trove of material on the servers used by Slater (bear in mind that the email and chat dumps appear to come from more than one medium). As I wrote in an earlier part, Slater was a perfect target because he garners the least public and media sympathy of the political bloggers. Hager also said recently that the hacker was personally annoyed with Slater over his treatment of a family tragedy on the West Coast of the South Island. I don’t doubt that but I think the plan to hack Slater was developed well in advance of the attack. I think Op Whaledump used the West Coast incident as a diversionary tactic. For several days, it worked, with media and others asking the grieving family if they were behind it.

It’s not clear whether this was a straight point to point Denial of Service (DoS) attack or whether it was a Distributed DoS involving multiple people or computers. Given the length of time (3+days), I’m inclined toward the latter, unless it involved hardware damage.

Now, the tactics become emergent in nature i.e. they develop and change as the campaign unfolds. No doubt, the hacker spent some days incredulously reading what they had. Copies of the emails were safely stored in a variety of places around the world. According to Hager, the emails were not passed to him until March. The DoS was in January. Knowing the tension and excitement that must have been experienced by the hacker, I think that this delay is the main pointer to there being more than one person involved. The ‘normal’ path would have been to publish the lot or simply drip feed them just like a Snowden or WikiLeaks story. But Op Whaledump paused and adjusted their plan at this point.

Hager took 5-6 months to write the book. It is incredible that those behind Op Whaledump’s original hack as well as everyone involved in Hager’s publishing team not only managed to keep the campaign secret but also to put out the disinformation that his upcoming book was about the Five Eyes spy community. That is not the work of an amateur opportunist. The book was launched on 11 August at 5pm, exactly the right time of the day to get TV coverage for the evening news. A few days later on 15 August, @Whaledump began tweeting and followed with links to public file servers with selective dumps of the source emails. We can take it from his last tweet that his IP spoof ‘places’ him in Vanuatu. The only dropped ball so far was the initial failure to remove personal material from the emails that added nothing to the story. This was fixed in subsequent posts.

t is unclear whether the hacker always intended to follow up the book launch with the source material or whether this was, once again, a case of emergent tactics in response to the Prime Minister and others attempting to dismiss the book as a ‘left wing smear campaign’ that was not based on facts. There are now various people making noise about legal action. This will not be bothering Hager personally but, undoubtedly, one side of the field will want to know who the hacker is and will seek that information legally. On the other hand, the National Party will probably have told its people to say and do nothing until after the election. The MSM will continue their pursuit of this story if, for no other reason, than the Prime Minister is trying to avoid being questioned about it.

I may do a summary of Op Whaledump closer to the election – Maybe more to follow…

Blatant Advertising Bit: Have you read my short story trilogy “A Poke in the Fifth Eye”? It’s available in Kindle format for only 99c. A ripping good yarn about dirty bomb drone swarms in Wellington New Zealand, a couple of destroyed spy bases, an air force base on fire and only a hastily assembled bunch of Kiwi Reservists standing between the terrorists and their ultimate goal.