In 2010, users of Paypal were unable to access their money or make transactions for almost eight hours. The reason? The site had been hit by a Denial of Service (DDoS) attack by the hacktivist group Anonymous, who were protesting Paypal’s decision to stop taking donations on behalf of Wikileaks founder Julian Assange. On their website, Anonymous claimed the actions were to protest what they viewed as censorship, and to encourage transparency.
The term hacktivism was coined in 1996, and refers to using computers and computer networks as a means of protest. It might include creating a denial of service attack, such as the case of Paypal, where users coming to the site cannot log in or use the site for its intended purpose, but it can also include such acts as creating spoof or parody sites, redirecting sites, defacing sites (a small television station in Maine, for example, had its site briefly replaced with an offensive photo after running a story that a local resident didn’t like) or even small acts of rebellion, such as adding typos and grammatical errors to the site.
Who Are Hacktivists?
It’s not just e-commerce and media that are potential victims of hacktivism. Governments from all over the world are beefing up their efforts to avoid being the victims of political and terrorist groups who want to steal state secrets and cash, and bring down internal networks. Every day the U.S. and others are the victims of targeted attacks from cyber terrorist groups—including al Qaeda. In fact, the U.S. Department of Defense has begun taking a proactive approach to cyber security, recognizing that hacktivists are no longer low-level hackers breaking in “for fun,” and are now serious, high-level operatives like Anonymous, with deep-pockets, advanced skills and little concern for consequences.
The Doors to Hacktivism Are Always Open
For many people, the image of the hacktivist is the slightly nerdy guy sitting in his basement, entering line after line of code in an attempt to break into a computer network. While in some senses the image is partially true, these days there are a lot more doors to cybercrime—and many people don’t even realize the vulnerabilities. For example, U.S. government agencies are constantly the targets of cyber threats, advanced attacks and sabotage, and hacktivists often gain access through malware installed on social media sites, security vulnerabilities on personal mobile devices synched to government networks and lax security in the cloud. The hacktivist is not accessing the network through the front door—he is accessing information on a mobile device or tablet and strolling in the back door.
Avoiding Cyber Attacks
The most important step any agency or business can take to avoid being the victim of a hacktivist is to take a proactive approach to security. Many wait until there is a problem—the site is under a DDoS attack, or a security breach has been identified—to react.
Instead, thwarting hacktivist attacks requires diligence beforehand to fend off the persistent attackers. For example, developing security protocols for using the cloud and properly vetting potential vendors and other users can help prevent security vulnerabilities. There need to be strict controls on BYOD (bring your own device) policies and use of social media, as well as network level protocols such as advanced firewalls and encryption. Most importantly, organizations need to recognize that the ever-changing landscape of hacktivism requires an ongoing effort and consistent monitoring. Hackers are consistently developing new strategies to wreak havoc, and therefor there needs to be a constant effort to stay one step ahead of them.
Up to this point, major terrorist groups have not used cybercrime in a major way, but they certainly have the capability to do so in the future. For that reason—and to maintain the freedom and convenience of internet users both in the U.S. and abroad—it’s important to recognize hacktivism and take the necessary steps to prevent it.
About the Author:
Gerald Williams enjoys computers and gold. He made his way to Silicon Valley via the Midwest and hasn’t looked back. He has worked in the industry for 10 years as an IT consultant and IT security advisor.