Remember the good old days when revolutionaries peacefully protested in parks with peace signs, flowers and handmade signs in tie dyed t-shirts? A much simpler world where, no matter what our beliefs or our place in society we had a notion that activists and protesters had an air of good intention. Those days are long gone, and here we are faced with a new, technology based revolution that creates a blurry line between protest and power; the reality is, no matter the cause, it’s just not legal or in many cases the right thing to do.
What I’m talking about is hacktivism; a means of protesting, using computers and networks through methods like stealing information, defacing websites, and denial of service attacks.
According to Verizon’s 2012 Data Breach Investigations Report, of the 174 million stolen records it tracked in 2011, 100 million were taken by hacktivist groups. One recent example affecting the vulnerability of credit card information is a hack of online billing service provider WHMCS’s web host. Not only did the hactivist group Underground Nazis (UGNazi) swipe and leak upwards of half a million customer records, they continued by deleting all the files on the company’s server.
Why, you ask? What was the cause? UGNazi claims that WHMCS’ services were often used by scammers. This apparently was so uncool with them that they were forced to steal and leak thousands of credit card numbers and personal information belonging to completely innocent people leaving them vulnerable to identity theft.
Why punish innocent people?
This attack came only one week after UGNazi launched a childish attack on The Wounded Warrior Project’s website simply to spite one of their rival hackers, The Jester. The claim is that, simply out of malice, they have vowed to terrorize any cause The Jester cares for. The lines get blurrier and blurrier….
How does a company protect itself and its networks from being targeted? Experts and analysts say it’s all about public relations; hacking is an ever-changing diverse realm that will never be completely safeguarded against. The answer is damage control. Principal research analyst for the Information Security Forum an independent global authority, Gregory Nowak, suggests that Hacktivist attacks are different than attacks waged for financial gain. “Consider 2011's high-profile hacktivist attacks against Sony, the CIA, the U.S. Senate and PBS. LulzSec, the group claiming responsibility, said it wanted to send a message about freedom and its support of the anti-security movement. The attacks were meant to embarrass these entities - not cripple them,” Nowak said.
Nowak suggests that information-security and risk management teams should be well educated and raise awareness of the different kinds of threats and their warning signs. He also recommends that businesses have a plan for incident response in the wake of a hacktivist attack.
This phenomenon has given a whole new meaning to putting your neck on the line for what you believe in. Unfortunately, while they’re at it, they are putting other people’s livelihoods on the line as well; most, who have no part in whatever is actually offending them. Fact is: it’s illegal, and much less effective at getting the point across. How much respect am I supposed to have for the exploitation of innocent people as a means of righteousness?