We at Cybernews Academy have covered various concepts surrounding hacking and hackers. We have highlighted ethical hacking, red vs. blue teams, and penetration testing. Now, we are transitioning into a grey area of the digital landscape, where we will discuss hacktivism. You may be familiar with groups like Annonymous lurking in the shadowy depths of the digital realm, wreaking havoc on governments and corporations. But what do hacktivists want to achieve, and how have they facilitated the digital takedown of organizations across the globe?
What is Hacktivism
Hacktivism is a portmanteau of hack and activism, which aims to use hacking techniques to raise awareness of or solve a political issue. Many refer to hacktivism as a form of civil disobedience, the refusal to obey the demands or commands of a government or occupying power. A group or individual may believe they are hacking for good. However, unauthorized hacking of a computer system or network is illegal in almost every case. Therefore, this form of ‘activism’ isn’t a viable option to spread awareness of socio-political issues as it raises pointed questions surrounding the ethical and legal implications of hacktivism.
The history of hacktivism
There is conflicting information about when the term hacktivist and the origins of hacktivism emerged into the collective consciousness. Some say hacktivism dates back to 1995 when journalist Jason Sack coined the term in one of his articles. Others say that hacktivism is often aligned with the group the Cult of the Dead Cow when member Omega used the word in an email in 1996. Due to its various meanings and conflicting origins, the term hacktivism has been described as vague. This brings into question the purpose of hacktivism and what kind of activities fall under hacktivism. Some definitions of hacktivism include cyberterrorism, while others deem hacktivism as the use of technology to facilitate social change.
Hacktivism methods
Hacktivists will work independently or in groups and almost always work anonymously. To facilitate these ‘attacks, ’ hacktivists may create new tools or utilize tools already available on the internet.
Here are some methods hacktivists may use to infiltrate a system:
- Doxing - this is the process of revealing private or personal information about an individual or entity to the public.
- Website vandalism - this works to change the appearance of a website to make an often political statement.
- Denial-of-service attacks - otherwise known as DDoS attacks, denial of service refers to the overloading of a website, rendering it inoperable. This is facilitated by malicious agents who take control of public or personal computers via malware executable files transmitted via email attachments or links. This then redirects the network traffic to one website, thus overloading the servers and taking the website offline.
- Anonymity - this usually comes in the form of blog posts and announcements regarding human rights issues and ‘the evils of the government and other organizations.’ Anonymous hackers will use web tools such as disposable email accounts and IP address masking tools.
- Redirection - this involves changing the address of a website so that visitors of the site are redirected to a domain created by malicious agents to defame the original website.
- Geo-bombing - this is the action of adding a geo-tag to a video or image to show where the picture or video was taken. The purpose of this could be to highlight areas in the world where political prisoners are being held. This action may also emphasize areas where human rights are being violated.
Instances of hacktivism
There are various instances where hacktivists have successfully infiltrated a system to spread their message, enact social change, or hunt criminals.
Arab Spring
This refers to a surge of anti-government protests, uprisings, and rebellions that spread across the Middle East and North Africa in 2010. Anonymous, one of the most well-known hacktivist groups, was interested in this uprising. Hacktivists came together to restore government-censored web mirrors while using tools that allowed citizens to retain access to media outlets and social media platforms. Other hacktivists facilitated major cyber-attacks that struck the Tunisian, Egyptian, and Syrian governments, which caused chaos by disrupting their regular operations.
Anonymous attack on Scientology
Operation Chanology was a movement against the practices of the Church of Scientology by members of the hacktivist group Anonymous. Their involvement in this case was due to the Church of Scientology’s attempt at censoring information by removing an interview with Tom Cruise from the internet. The group completed DDoS attacks and other methods used to provoke the church.
Anonymous attack on ISIS
In retaliation for the 2015 terrorist attack in Paris, anonymous claimed to have shut down over 5,000 pro-ISIS Twitter and Facebook accounts. Anonymous further declared war on ISIS and asserted Operation Paris. From there, hackers associated with the group have claimed Twitter accounts and have facilitated various DDoS attacks against the terrorist organization.
Hacktivists' that hunt down child predators
Various hacking organizations aim to hunt down child predators. One of the main groups against child predators is Anonymous. This group started Operation Pedophile Hunt, otherwise known as OpPedoHunt, in 2014. Anonymous began by locating accounts of those who were associated with child pornography. Then, the organization would doxx these child predators and leak their names, passwords, and other information. Anonymous has also been known to hack into websites that contain this material to help unmask child predators.
LulzSec attack on Sony
LulzSec has hacked into various corporations, including Nintendo and Bethesda Game Studios. This group has also taken down websites, including Minecraft and League of Legends. But one of the most notable attacks the group orchestrated was their attack on Sony Pictures Corporation. The LulzSec claimed responsibility for an attack on Sony that extracted personal data that included names, passwords, emails, home addresses, and the date of birth of over a thousand people. LulzSec allegedly used an SQL injection hack to exploit a security vulnerability. The attack was in retaliation for Sony’s legal action against George Hotz for jailbreaking Sony’s PlayStation 3.
Worms Against Nuclear Killer
Otherwise known by its charming acronym W.A.N.K, it is said to be one of the first purported examples of hacktivism. This worm is said to have been created by Australian hackers spreading the anti-nuclear war sentiment via dangerous viruses. The W.A.N.K message appeared on a DECnet network operated by NASA days before the launch of the Galileo spacecraft. NASA had been criticized for using plutonium-based power modules in the Galileo. The reason for the uproar regarding the use of plutonium was the potential danger it could cause to residents of the area in which the launch took place. The worms used on the systems contained bugs used to infect and inflict damage upon the targeted system. This caused massive disruptions for NASA but didn’t inhibit the launch of Galileo.
Avoid attacks
Organizations should protect themselves against hacktivist attacks in the same way they would black hat hackers or cybercriminals. There are many ways that you can protect yourself. Ensuring that your organization has a strong security posture means you are less likely to have vulnerabilities that hackers can exploit. You should ensure that your system uses firewalls and DDoS protection. You should also ensure that your system undergoes vulnerability assessments and network monitoring. Good cyber hygiene in the workplace and university can ensure you aren’t susceptible to attack. Make sure you have separate accounts with different permissions enabled and your passwords are secure. You should also be aware of how you behave online. Although cyber attacks tend to happen to large-scale companies and government entities, you could also be a target. Corporations are often attacked out of injustice or corruption, so behaving ethically and ensuring online safety may lessen your chances of becoming a target.
Hacktivism is a grey area, shrouded in mystery and characterized by moral ambiguity. There have been many successful instances of hacktivism that have taken place throughout the world. However, not all acts of hacktivism are negative, as we trace the cause back to protecting civil liberty, free speech, and bringing justice to those who deserve it most. These instances have been facilitated using various methods for different purposes. Whether hacktivism is good or bad is up to your best judgment. But the question remains unanswered.
