UK intelligence agency MI6 recently hacked into al-Qaeda networks and changed a bomb making recipe to a cupcake recipe, in what’s now being called “Operation Cupcake.” The change was made in an al-Qaeda magazine meant to encourage self-starter terrorists.
Most attention has fallen on the incident itself, but the approach used in foiling a would-be magazine to assist terrorists was an interesting cue as to what type of hackers are employed by MI6. Most notably, they did it for the Lulz.
Instead of just removing data or scrambling information, they planted something meant to be funny.
This is an interesting approach, as it is typical of everyday hacker groups. While assisting rebels in Egypt and Tunesia, for example, Anonymous Operations mass ordered pizza deliveries to the countries’ embassies. Another group, LulzSec recently defaced the PBS website and put an article on the front page stating Tupac was found alive in New Zealand, in response to a Frontline special on WikiLeaks they didn’t like.
Their actions accomplished what they set out to do, but the methods they used were intended to be funny. It’s common practice for hackers to go in, get what they want done, then have a bit of fun.
The fact that MI6 did this, however, suggests they may be hiring professional hackers who already know their trades, rather than training them from scratch.
It was also highly effective in other regards. The majority of media attention has highlighted the cupcakes, while saying little about what else was done—making content of the magazine an unreadable mess if anyone downloads it. In other words, it made MI6 look cool, made a joke of al-Qaeda, and eliminated any overly-serious or critical reporting on the incident. Humor has a funny way of eliminating bad press, and government hackers could learn a lot from this.
Typically, government try to conceal cyberattacks, even to the people they’re launching the attacks against. Hackers, on the other hand, like to inform targets they’ve been pwned. Imagine, for instance, if after Iran discovered Stuxnet on their computers, a screen popped up saying “All Your Base Are Belong to U.S.”
This usually doesn’t happen, but it may be the start of a new trend of cyberwar where countries don’t try to hide their actions, and have a bit of fun in the process.