Home Features Features Hactivism 101

Hactivism 101

operation payback
operation payback

operation_paybackHacktivism is the use of cyber attacks and sabotage to communicate politically motivated causes; it is as old as the internet.  Sole hacktivists have always acted in an individual manner to demonstrate their protest using various attack methods. One popular attack has been, and continues to be, the defacement of websites- Microsoft’s website, for example, was displaced with a Saudi Arabian flag.

Something else happens when hacktivists group together; they commonly perform what’s called a Distributed Denial of Service (DDoS) attack. With the increased number of participants they are able to flood the targeted website with traffic so that the server becomes overloaded. As the site attempts to process the large volume of malicious traffic it denies access from legitimate users and often crashes altogether.

The attacks have become automated, thus making them more powerful and harder to track, and have advanced in their techniques, however, the effect remains the same. Let us take a look at the recent Operation Payback which gained notoriety in the past few months.

Operation Payback is a series of DoS attacks carried out by hacktivists. Their initial goal was to bring down anti-piracy sites, such as the recording and media companies who attempted to act against illegal file sharers. They even attacked law firms who threatened to bring the illegal downloaders to court. In the latest chain of activities they have also started targeting organizations that have spoken against Wikileak’s activities or any other form of “Internet censorhip”. MasterCard, for example, was attacked by the hacktivist group ‘Anonymous’ when they refused to process donations to the whistle-blowing site.

How does this group of hacktivists operate?

Hackers, in short order, build attack software designed to take down websites and services. This software is then made easily available for download by other hactivists. Once installed on a user’s machine it sits idly waiting for the attack command, and when the time is ripe for the attack a “wake up” call is issued to the malware on the hacktivist’s machine. At that stage the machine will start spurting out the malicious traffic to the specific site. Using the power of the community, i.e. all involved hacktivists, the target is inundated with voluminous traffic which causes the servers to crash.

When looking at this specific group, we can see that social factors have a part to play. As the activities of Operation Payback received more media attention, the number of hacktivists joining the specific hacktivist network increased.

Modern hacking, in general, is motivated by data theft.  Stolen credentials, credit card numbers and so forth are highly valued on the black market.  Data is the currency of cyber crime so staying invisible is essential.

In contrast to other forms of cybercrime hacktivism is not motivated by money and actively seeks to gain as much attention as possible; high visibility is the key.  Hacktivists are motivated by revenge, politics, ideology, protest and a desire to humiliate their victims- what would be the point of embarrassing someone if they didn’t know who performed the attack?

Another attention-grabbing DDoS attack was executed in June 2009 by hacktivists protesting against the Iranian elections. In this attack hacktivists operated from outside of Iran and targeted government and other state-sponsored websites. As a result, the Iranian government blocked access to different social network sites to prevent netizens from providing coverage regarding the current state of affairs on the street.

The current chain of events show that the industrialization of hacking (i.e. hacking-for-profit), as witnessed in the past couple of years, will continue to increase. Although there are threats originating from state-sponsored attacks, for example, North Korea DDoSing South Korea and US sites, there still remains another group of attackers. These individuals remain in the background of the threat landscape as the aforementioned threats take the front seat. But every once in a while, they raise their head to protest in unison, carrying out their acts through the Internet channels. With the right power and means they may create much havoc and attention.

The author is Senior Security Strategist at security company Imperva