Which type of hacker usually targets government agencies corporations or other entities they are protesting?

Hacktivism (a portmanteau of the terms hacking and activism) uses digital tools and cybercrime techniques to carry out an attack driven by religious, political, or moral motivations, which could be ethical or unethical. This article explains the meaning of hacktivism in detail, its workings and types, and illustrates the various examples of hacktivism.

Hacktivism (a portmanteau of the terms hacking and activism) is defined as the use of digital tools and cybercrime techniques to carry out an attack driven by religious, political, or moral motivations, which could be ethical or unethical.

A Pictorial Representation of a Hacktivism Attack Cycle

Derived from the phrases hacking and activism, hacktivism is the act of accessing a computer system without authorization for political or social purposes. “hacking” and “activism.” Hacktivism occurs when political or social activists employ computer technology to make a statement favoring one of their causes. It is intended to draw public attention to an issue or cause that the hacktivists believe to be significant – for example, freedom of information, human rights, or a religious point of view.

It usually focuses on government or corporate targets, but it can include any prominent institution, religious groups, drug dealers, terrorists, etc. Someone who engages in this act of hacktivism and performs activities such as defacing an organization’s website or leaking the organization’s information is known as a hacktivist. Groups of hacktivists generally carry out hacktivism attacks.

For over two decades, one of the world’s most notorious hacking organizations has gone by the name “Anonymous.” Anonymous rose to fame after going against the Church of Scientology with a YouTube video featuring the famous actor Tom Cruise. When the church requested them to take it down, Anonymous launched a DoS attack on its website. Since then, Anonymous has faced off against various influential organizations, like ISIS, to promote their particular viewpoint. The famous group made the headlines again at the end of February 2022 by declaring a “cyberwar” against Russia and its president, Vladimir Putin.

See More: Rise of Hacktivism: The Evolving Role of Hacktivists In the Ukraine-Russia Conflict

How Does Hacktivism Work?

The following are some of the purposes of hacktivism:

Getting past government censorship by assisting individuals bypassing national firewalls or assisting demonstrators in organizing themselves online.
Leveraging social media tools to advocate human rights or to assist suppressed populations of dictatorial regimes in communicating with the outside world.
Bringing down government websites that endanger politically active individuals.
Protecting freedom of expression online and improving access to information.
Supporting civilian uprisings and defending democracy.
Assisting computer users in safeguarding their privacy and evading monitoring by using private and anonymous networks like Tor and the Signal messaging program.
Placing a dent in corporate or government authority.
Assisting illegal immigrants in crossing borders securely.
Anti-globalization and anti-capitalism demonstrations.
Protesting war crimes and putting a stop to terrorism financing.

They often use distributed denial-of-service (DDoS) attacks, which involve flooding a website or email address with so much traffic that it temporarily shuts down. Other tactics include data theft, website defacement, computer viruses and worms that disseminate protest messages, stealing and revealing sensitive data, and taking over social media accounts.

Hacktivism emerged as a subculture of hacking, gaming, and web forums, allowing technically inclined individuals to exploit the internet’s connectivity and anonymity to interact with others and work toward mutual objectives. Hackers and hacktivists often employ the same tools and strategies to achieve their goals. However, unlike hacktivists, hackers are not characterized entirely by social reasons.

The legality of hacktivism is quite disputed. While the opponents of hacktivism believe that these activities inflict further damage in a place where non-disruptive free expression is already rampant, others argue that such activities are the same as a peaceful protest and, as such, are recognized as a form of free speech. Hacktivists frequently believe their actions to be a type of civil disobedience, in which they purposefully sidestep the law to promote their protest.

See More: Ready, Set, Hack: 6 Skills To Become an Ethical Hacker in 2021

Why does it matter for enterprises?

Although hacktivism incidents appear to have peaked in 2011, they continue to be prevalent in the cyber realm. Hacktivists have been known to target businesses that allegedly engaged in activities fundamentally opposed to their ideology. For example, Visa refused to process donations made for Julian Assange and then was targeted in Operation Payback. Similar attacks were made on Sony and Microsoft.

Businesses are frequently targeted as collateral damage. They are often subject to widespread disruptions (such as countrywide internet outages), targeted denial of service attacks, defacement attacks, and attempts to locate and steal important information. Nevertheless organizations that are strongly associated with countries (such as national banks or entities named after a country) are more likely to be victimized.

Even brief website defacement can impair a company’s reputation, whereas business interruption caused by large-scale DDoS attacks and data leaks can cause substantial financial impact.

Hacktivists utilize cyber-attacks to further their cause. Disruption and shame are among the anticipated outcomes. For example, Sony was targeted in 2014 in retribution for a film in which the protagonists plotted to assassinate North Korea’s leader. Despite the subject matter on which the attackers appeared to take offense, reports indicate that a gang of hacktivists or dissatisfied firm insiders are the likely suspects rather than nation-state operatives.

Regardless, there is considerable consensus that hacktivists deployed malware designed to exfiltrate and compromise data security in internal systems of Sony’s network. The stolen data contained network design specifications, employee login information, and comprehensive PII (including salary, social security numbers, and birthdates). They later shared the lost data in public forums.

See More: Credential Stuffing and Account Takeovers: How Bad Is the Impact on Financial Services?

Types of Hacktivism Attacks

Hacktivists may carry out attacks in several ways:

Types of Hacktivism Attacks

1. Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks

A DDoS attack is a way of overloading systems and crashing a website. When individuals employ civil disobedience to raise awareness about a problem, they stage a sit-in.

Businesses must suspend operations during this type of protest since dozens or hundreds of people are physically seated inside an area where these businesses are supposed to be operational. Since organizations are forced to halt, the activists capture the public’s attention. Hacktivists engage in a similar tactic when they indulge in a DoS attack. Although they do not alter a website’s content, they flood it with requests, jamming its server and rendering it unresponsive to regular users.

2. Doxing

‘Doxing’ is an abbreviation of “dropping dox,” and ‘dox’ is slang for documents. Doxing is typically a malicious act committed against individuals with whom the hacker disagrees or opposes. Doxing (occasionally spelled as Doxxing) is the act of releasing personal information about an organization or individual, such as their valid name, home address, workplace, phone number, bank information, and other personal information. That information is then broadcasted to the general public without the victim’s consent. The data is often sensitive and is commonly utilized in extortion efforts.

3. Anonymous blogging

Bloggers can often persuade people that they are stating the truth and making significant societal statements, even when their real names are not disclosed. Since they are anonymous, the target cannot pursue the blogger. Activists, whistleblowers, and journalists use this strategy. It protects the blogger while still giving them a forum to speak out about issues such as human rights violations or repressive government regimes.

4. Website defacement

Web defacement is a type of assault in which unauthorized individuals infiltrate a website and alter the site’s content with their content. The messages might include a political or religious statement, profanity, or other objectionable information that would disgrace website owners. It can also comprise a notification that a specific group of hackers has hacked the website.

To carry out these attacks, hacktivists alter the code of a software or a website (that is not protected by a secure web gateway) so that users see faults or messages expressing the perpetrator’s point of view. The message might be threatening or humiliating, or the attack could impair a critical feature of the site or program to convey the hacktivist’s message.

See More: Microsoft Exchange Server Hack Shows Why Risk Assessment Is Key to Data Security

5. Geobombing

This method allows internet users to add a geotag to YouTube videos to display the video’s location on Google Earth and Google Maps. Geo-bombing is when a hacktivist utilizes the geo-location function to tell viewers where a video was filmed. This is frequently used to show viewers where political captives or human rights advocates are being detained.

6. RECAP attacks

RECAP is software that allows users to obtain copies of papers that would otherwise require a payment to the United States Federal Court. The database used by federal courts in the United States is known as Public Access to Court Electronic Records, or PACER, which is RECAP spelled backward. In this sense, hacktivists provide a free service while removing a barrier that they believe should not have been there in the first place.

7. Website replication

This strategy attempts to replicate a legitimate website. When a website is censored, hackers may copy the site’s content and post it under a new uniform resource locator (URL). The hacktivist replicates the content and links it to a new URL on a mirror site, ensuring that the content remains accessible. It is intended to encourage freedom of information.

8. Information leaks

This is a common activist strategy. Typically, an insider source gains access to sensitive or classified material that implicates an individual, company, or government agency in bad conduct and makes it public. Hacktivists release data not only to target an organization or individual that contradicts their principles but also to garner exposure. When reliable information is made available, news outlets are eager to broadcast it. When a headline highlights a hacktivist movement, or group, such as Wikileaks, that movement may even acquire some authority, exposure, and respect.

9. Virtual sit-ins

Virtual sit-ins are similar to manual DoS or DDoS attacks, except they are carried out by actual people rather than software. In this type of attack, the attackers continuously load web pages to overwhelm a site to the point where it fails.

10. Website redirects

In these types of attacks, hacktivists alter a website’s address to reroute users to a site that promotes their objective.

See More: What Is Social Engineering? Definition, Types, Techniques of Attacks, Impact, and Trends

Hacktivism Attack Examples

Here are a few examples of hacktivist attacks that have occurred over the years:

1. Assaults after the Black Lives Matter campaign

After George Floyd’s murder, the well-known hacktivist group Anonymous spoke out about police corruption. After the murders of Tamir Rice and Michael Brown, the group voiced similar denouncements of police violence. The group posted videos on Twitter condemning the police department of Minneapolis unequivocally, calling on it to disband.”: We will reveal your multiple crimes to the public since we do not trust your corrupt institution to deliver justice” — was the leitmotif of the video.

2. Attack on the U.S. Executive Wing

The Syrian Electronic Army, which reportedly has ties to Bashar al-Assad, the Syrian President, launched DDoS strikes on the United States Executive Branch in 2013 to further their anarchist goals. The Army has conducted operations to infiltrate government, media, and privately held organization websites employing spear-phishing and DDoS hacking techniques.

In 2016, the FBI indicted two SEA members with criminal conspiracy. The army penetrated government and private-sector institutions in the United States to obtain passwords and launch DDoS and defacement campaigns. The organization successfully disseminated a bogus tweet claiming that the President was wounded in a White House explosion. The Dow Jones dropped 140 points after the post was made public.

The Syrian Electronic Army aims to hack computer network systems of organizations regarded as a direct danger to the Syrian authorities, collecting information on possible Syrian adversaries.

3. LulzSec attack on Sony Corporation

LulzSec performed a series of hacks against Sony Corporation in 2011 to highlight the company’s lax security procedures, compromising the personal information of over one million Sony users. It achieved this by using SQL injection to collect sensitive information on the users, such as email addresses, passwords, birthdays, and home addresses, which were placed on its website, effectively doxing Sony.

Around 100,000 Sony users’ privacy was jeopardized. Sony spent at least $600,000 to recover from the incident.

4. Worms against nuclear killers

W.A.N.K, one of the earliest examples of blatant hacktivism, was reported to have been devised by Melbourne-based hackers “Electron” and “Phoenix.” At the time of the incident, considerable anti-nuclear sentiment dominated conversations in the nation. A few days before a launch by NASA, the hackers tried to shut down the DECnet computer network using a worm that infected the devices. The attack consisted of two worms, W.A.N.K. and OILZ, which contained vulnerabilities that prevented access to accounts and data and reset passwords. The worm took advantage of the system’s weak password management and security, detecting accounts with passwords that were similar to the username.

5. Leaked Repository of Clinton Emails

Julian Assange, the director and founder of Wikileaks, created the website to clarify politically distorted terminology. The agency has disclosed everything from corruption probes to Guantánamo Bay operations throughout its existence. In 2016, the group sent out a batch of emails seized from the Democratic National Committee (DNC) by Russian hackers referred to as the GRU.

Wikileaks’ purpose is to safeguard free expression and media dissemination. It suggests that transparency leads to a more scrutinized society with less corruption. The organization released many emails from the DNC, particularly between Hillary Clinton and her campaign manager, suspected of being hacked by Russians to aid Donald Trump’s campaign. Following the leak, the Department of Justice charged 12 Russian hackers for the incident.

See More: What Is Email Security? Definition, Benefits, Examples, and Best Practices

6. Attack on the U.K. Labor Party

The hacktivist group Lizard Squad recently attacked the U.K.’s Labor party during the country’s general election in December 2019. The botnet-driven DDoS attack targeted Jeremy Corbyn, the party’s leader at the time, as well as the party’s website. The group also promised to launch further attacks on both government and Labor party websites. It has claimed responsibility for attacks on Sony, Microsoft Xbox, and even Taylor Swift in the past. It has been reported that the group has turned to financially motivated crime in the interim, building and renting out its botnet through a DDoS-for-hire service.

Tackling hacktivism

As one can see from these examples, hacktivism attacks can have significant repercussions and are typically carried out in the form of large-scale, concerted attempts. To stave off hacktivism attacks, organizations can follow a few basic techniques:

Going back to basic security – The most effective strategy to avoid most threats is to increase site security, even at the most fundamental level. To reduce a large proportion of risk, firms should do a thorough penetration test of public-facing internet systems twice a year. When it’s too tricky, hackers generally move on to the next target.
Examining social networks – Monitoring social media is an excellent approach to keeping track of hacktivists’ plans. While many businesses currently monitor Twitter for public relations objectives, it is wise to train employees to be on the lookout for security warnings. DeadMellox, leader of the hacktivist group Team GhostShell implied in an interview, “People should check our Twitter page more often, we let them know in advance what’s going to happen.”
Keeping off of hacktivists’ radar – By concentrating its efforts on ethical behaviors, a company can avoid the attention of hacktivists. They can completely prevent the prospect of an attack by ensuring that they do not engage in wrongful deeds. When hackers witness injustice or wrongdoing, they target organizations engaging in such misconduct.

See More: What Is Data Loss Prevention (DLP)? Definition, Policy Framework, and Best Practices

Takeaway

With the rise of digital technologies, activists will inevitably leverage ethical (and sometimes unethical) hacking techniques to demonstrate or to bring down who they perceive as “evildoers.” The best way to protect against hacktivism is by maintaining a solid and secure online presence, communicating with regulatory bodies, adhering to ethical practices, and adopting transparency as a part of organizational culture.

Did this article help you understand the meaning of hacktivism? Tell us on LinkedIn, Twitter, or Facebook. We’d love to hear from you!