Hacktivism is the fusion of hacking and activism; politics and technology. More specifically, hacktivism is described as hacking for a political cause. It was recently coined due to the ramifications of the recent WikiLeaks-related, large-scale distributed denial of service (DDoS) attacks on businesses.
In 2010, the controversial organization WikiLeaks released thousands of previously confidential and classified documents to the public. The documents dealt with sensitive political issues, including the involvement of the US military in Afghanistan and Iraq, and diplomatic cables from US embassies.
In response to the dissemination of this information, the US government began to exert pressure on organizations linked to WikiLeaks, in order to stem the flow of sensitive information, citing concerns regarding national security. The pressure resulted in a backlash from various groups championing unrestricted transparency of government actions. As part of this backlash, a group of hackers collectively known as Anonymous began coordinated DDoS attacks on a number of websites operated by organizations opposing WikiLeaks.
Hacktivism: been around
DDoS attacks prevent a website or other network resources from being available to users, often by flooding it with communications requests, which can cost a business hundreds of thousands of dollars. These attacks have existed for many years. A variety of motives drive these attacks-from script kiddies declining service to a target website, to a well-organized crime syndicate using DoS attacks for political warfare or monetary extortion.
However an interesting observation is that the pattern of malicious activity did not drastically increase in the wake of the WikiLeaks controversy. Since they are based on DDoS attacks for the most part, IT departments do not distinguish this kind of attack from any other. They view it as simply another attack in the spectrum of threats that they are already monitoring.
Hacktivists are evolving
There were, however, a few things about the WikiLeaks-inspired attacks that differed from previous threats. First, these attacks were “opt-in.” This is notable because instead of looking for computers which were susceptible to malware, users were voluntarily allowing their machines to be controlled for the purpose of implementing the DDoS attacks. By downloading a single piece of software, these volunteers became part of a botnet, which is controlled remotely to coordinate an attack.
This practice has allowed hackers to easily gain access to large numbers of machines for illegal purposes. Also, when using a machine covertly, a hacker only has access to a fraction of the resources in order to remain undetected. By having willing subjects, this new breed of hackers, or “hacktivists,” can fully utilize the resources of each machine, making them many times more effective. Thus a smaller number of machines can do more damage.
Hacktivism: what's stoking the fire?
The mobilization of these hacktivists on a large scale is a new development. It is inadvertently fueled part by the media, as controversies of this nature become more widely covered. Hacktivists are primarily concerned with 'righting' a perceived wrong; either uncaring or unaware that cybercrime is considered a real crime by law enforcement agencies, despite the relative anonymity of Internet actions. This differs from traditional hackers, whose motives are primarily financial.
One additional concern related to the moral aspect of this kind of hacking is that even a company's own employees may participate in the attacks, directly or indirectly. An employee might be willing to risk termination or even legal action for the sake of personal belief or a political agenda.
Securing your network against attack
Most organizations typically rely on traditional security solutions like network firewalls, Intrusion Prevention Systems (IPS) or antivirus that monitor network traffic and/or system activities for malicious activity. In today's scenario, very often the threats come from the Application layer (Layer 7) and also from the Session layer (Layer 5).
Organizations, to protect themselves against such DDoS attacks, need to plan adequately, keeping in mind the current threat levels and anticipating what might come in the future. In particular, good communication with Internet service providers can help stop malicious traffic before it affects a company's network. Another precaution companies can take to secure their networks is to pay attention to the social networking landscape. In contrast to typical hackers, hacktivists often communicate openly through public channels on the Internet to coordinate attacks. Organizations can monitor discussions and code sharing and chat groups and can have staff members who monitor the Internet for such clues. Being aware of an impending attack greatly increases the chances of reducing or entirely eliminating network problems caused by hacktivist attacks.
Another problem posed by these attacks is that multiple attack vectors might be employed simultaneously by separate groups of hacktivists. One botnet might be directly attacking the network infrastructure, while another is seeking to take advantage of vulnerabilities in specific applications. In the future, attacks of such complexity will become far more common. IT staff should be aware that security software will need to handle attacks on multiple levels; simple firewalls will easily be overwhelmed by the scale of the attacks.
The way forward
Large-scale DDoS attacks perpetrated by hacktivists have been billed as an unprecedented threat to the security of corporate networks. While there are new aspects to these attacks, the result is much the same as what IT departments are currently defending against. As long as IT departments communicate with their service providers, work to keep the network infrastructure up to date, and install proper safeguards, they can ensure continued network functionality in the face of hacktivism.