Julian Assange: cyber-attacks likely to increase as judicial proceedings continue

On 11 April 2019, Julian Assange, the co-founder of WikiLeaks, was arrested by British police and removed from the Ecuadorian Embassy in London. He had been living there for the last seven years: he took refuge to avoid extradition to Sweden, where he was wanted for questioning on sexual assault charges. Although the Swedish authorities dropped the case in 2017, Assange chose to stay at the embassy as he believed he would be extradited to the US to face charges relating to the publication by WikiLeaks of highly confidential US government documents. The Ecuadorian government revoked both Assange’s asylum and citizenship status after accusing him of interfering in the "processes of other states" and "spying".

Appearing in court later the same day, he was found guilty of breaching his bail conditions and was remanded in custody. An indictment unsealed in the US revealed that legal authorities there have charged him with conspiring to commit unlawful computer intrusion: this is based on his alleged collusion with former army intelligence analyst Chelsea Manning, in particular for assisting her to crack passwords, breach Pentagon computer systems, and download material to be published by WikiLeaks. If convicted, he could be sentenced to five years in prison.

Following the news of Assange’s arrest, hacktivists lost no time in launching cyber operations in response.

Initially using tags such as OpAssange, FreeAssange or OpEcuador, a range of hackers, many of whom are affiliated with the Anonymous collective, claimed they had targeted various Ecuadorian government, financial and education websites with DDoS attacks, or hacked and leaked data, or defaced webpages.

The hackers announcing these attacks are certainly credible: most have been actively participating in other current, high profile operations, such as OpSudan and OpIsrael. They appear to have had very little trouble in breaching websites in Ecuador, illustrating the typically poor cyber-security practices implemented in that country.

On 15 April, Patricio Real, Ecuador's deputy minister for information and communication technologies, reported that 40 million cyber attacks had targeted the websites of public organisations in the country since the arrest of Assange, with the attacks mainly originating in the UK, US, Brazil, Holland, Germany, Romania, France, Austria and Ecuador itself.

Just a few days after the launch of the operations, the hacker collective Anonymous announced that it would shift its focus from attacking Ecuadorian websites to those associated with the UK government.

Three local UK government domains were then hacked and had data leaked by members of AnonymousEspaña: this time the actions were tagged with OpUK. Meanwhile, hacker group Pryzraky launched DDoS attacks against the UK Supreme Court. We have also seen DDoS attacks on the websites for UK Justice, Theresa May, and the City of London Police.

Assange appeared again in court for sentencing on 1 May, and was given a term of 50 weeks for breaching the Bail Act. He is due to appear in court again via videolink on 2 May, this time for a hearing on his possible extradition to the US.

We expect to see cyber-attacks relating to the various pro-Assange operations picking up speed, and new hacktivists who support the general ideas espoused by Anonymous are likely to participate as publicity over this case continues.

Importantly, it would be a surprise if the range of targets were not expanded. Government and financial organisations in Ecuador will remain the main focus for hackers, as will UK law enforcement and judicial domains. However, as the legal proceedings continue on the part of both the US and possibly Sweden, we would also expect those countries to be targeted. In addition, Australia may come into focus: petitions have been launched demanding that the government “ProtectJulian”.

Companies and organisations operating in these countries should therefore be on the alert, and ensure that their cyber-security policies and practical measures are fully up-to-date; in particular, patches for any software vulnerabilities should be applied as soon as they are released.