Unleashing cyber attacks on government, organizations, or businesses as a form of protest is not some relatively new concept. There have been several instances of it over the past decades and it has been the subject of discussions with many questioning if it does really serve its supposed purpose.
Once again, hacktivism merits serious discussions because of the recent rise of hacktivist attacks. "Recent high-profile activity suggests the hacktivist threat is reemerging after being curtailed by law enforcement and could grow over the decade to encompass a wider set of targets, perpetrators, and tactics," says Sam Lichtenstein, Stratfor Director of Global Security Analysts at RANE.
Are they really good for society or are they mere cybercrimes made somewhat palatable to the public because of their purported goal of holding certain businesses, government bodies, or people into account? Some sectors are doubting the real intentions of these attacks and there is a growing consensus that they should be treated just like other cybercrimes.
Dealing with the threat of hacktivism
Hacktivist attacks are not that different from the usual cyber attacks. They only differ in their supposed intention of getting back at abusive businesses or protesting against governments. As such, the solutions to deal with them are the same exact solutions used to address other threats.
Increased risk of hacking due to supposed activism can expose an organization to potential losses--whether or not there are actually social injustices supposedly being done or whether it is just a matter of bullying or outright criminal acts by hackers. Thus, security validation is also done in the same ways as an organization normally should.
More security-savvy enterprises are able to see things from the perspective of both defender and attacker with the use of advanced purple team simulation frameworks to make sure that security controls are working the way they should. Seeing security from both sides of the equation is a good strategy to enhance an organization's security posture.
There is no evidence that hacktivists are considerably more skilled than ordinary cybercriminals, although they may not compare to state-sponsored bad actors that employ a wide range of tactics and concerted long-term efforts to ensure the success of their attacks.
Hacktivists typically turn to the following methods:
● Distributed Denial of Service (DDoS) - The hacktivist group Anonymous has conducted numerous DDoS attacks to shut down websites and web services. Notable examples of which are those done in response to the attempts to suppress WikiLeaks.
● Doxing - This refers to the gathering of sensitive details about a person or organization to be exposed to the public. Doxing can expose people to online bullying or mobbing by internet users. Worse, it can lead to offline harassment when sensitive details like addresses and phone numbers are exposed.
● Data leaks - Information from a government office can be used to incite people to stand up against an abusive government. Similarly, exposing information from a corporation to reveal abuses, deceit, or anomalous activity can drive consumers to boycott businesses, protest, or file class suits. There are also instances when data leaks are done to affect the operations and finances of a company just like what happened to Sony Pictures Entertainment in 2014.
● Website defilement and replication - This is done usually to mock governments or businesses and effect reputational damage. This was already done as early as the 1990s with the attack on the website of the United States Department of Justice in 1996. Sometimes attackers replicate entire websites to make them publicly available in opposition to censorship and audience restrictions. Hacktivists may also come up with website parodies as a form of protest or to creatively expose the wrongdoings of a person or organization.
● URL redirection - This is not an inherently bad process. Many organizations use URL redirection for various legitimate purposes. However, hacktivists can use this to redirect visitors to untrusted sites. This threat is mentioned in the MITRE ATT&CK framework as one of the common adversary tactics used by bad actors to sabotage a website.
● Internet disconnection - A group called Legions of the Underground, back in 1998, sought to disable internet access in countries where internet censorship and human rights abuses were committed.
● Ransomware and financial theft - Sometimes, hacktivist groups, particularly the obscure ones, blatantly attack for financial gain. They encrypt critical business files and ask for ransom in exchange for the decryption code. They may also steal from bank accounts or cryptocurrencies in the guise of making a statement against some social issue.
All of these attacks can be prevented or their adverse impacts can be mitigated with the right security controls and protocols to prevent aggravation. Many cybersecurity platforms provide effective preventive and remediation tools. With up-to-date cyber threat intelligence, organizations can avoid the harshest consequences of the attacks. However, there will be instances when the attacks are too overwhelming or sophisticated to be easily blocked or remediated.
Ideologically ineffective but still seriously threatening
WIRED infosec writer Lily Hay Newman says that hacktivists are on the rise, but they are less effective than ever. She is referring to the failure or insignificant impact of hacktivists on their targets. Hacktivist groups like Anonymous have been continuously making their presence felt in places like Sudan, but it appears they are not achieving their desired outcomes.
One of the reasons for this is the improvement of the cybersecurity solutions used by organizations. Governments and large corporations have been improving their cyber defenses, so it is not that easy for hacktivists, especially the neophytes and inexperienced, to accomplish their goals. Because of this, many are reportedly turning to low-hanging fruits or smaller targets like universities and small government agencies.
These, however, do not mean that the threats have ceased to be a serious concern. Some see hacktivism as a disguised attack against businesses initiated by competitors. There are also those who think that the messages they are trying to convey are overwhelmingly overturned by the damage or inconveniences they create.
The United States now views "Ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations" as significant threats based on a US Counter-Intelligence paper issued in 2020. Interestingly, these attacks are already listed in the same category as five adversarial countries, three terrorist groups, and "transnational criminal organizations.".
In many cases, hacktivist attacks are no different from the usual cyberattacks that result in financial losses and damaging operational disruptions without making an unambiguous win for social justice. The supposed hacktivist attack by Anonymous followers on the Dallas Police Department app, for example, resulted in a very dangerous disruption that could have led to injuries or deaths as legitimate complaints were left unentertained.
"Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud," said Tessa Gorman, a Seattle-based Acting U.S. Attorney, in a Reuters report mentioning the indictment of 21-year-old Swiss hacktivist Tillie Kottmann.
The necessity of effective cybersecurity
Whether or not hacktivism serves real social justice value, it is important to stress that organizations should always take cybersecurity seriously. It is not for anyone to arbitrarily decide that the operations of a company or government agency should be interrupted. Hacktivists cannot compellingly claim to be beacons of ethical deportment. Besides, no business would willingly suffer losses and admit that they are at fault for them to deserve getting attacked.
Indeed, there are doubts as to the altruism of hacktivism. It would be difficult to give a clear answer if it really serves as a social justice tool or if it is just sugar-coated cybercrime. What is incontrovertible, though, is that it is vital to have effective cyber defenses, including thorough security validation, to deal with all kinds of cyberattacks.
