Hacktivism is the technology world’s approach to political activism.
Unlike other types of cyber crime, cyber-attacks against businesses or governments are not for financial gain, but rather intended to cause embarrassment and reputational damage. Utilizing the skills of computer experts to advocate for or protest against a specific cause, hacktivism in its milder forms can blur the line between illegal hacking and the right to protest, which is an essential element of freedom of speech. In its more extreme manifestations, hacktivists are differentiated only by motive from cyber thieves who plunder digital information for personal gain. In fact, hacktivists often are more destructive and disruptive than cyber thieves, who typically prefer to slip in an out of systems unnoticed.
Although hacktivism has been a component of the activist arsenal since the early days of the Internet, the movement has recently been reinvigorated thanks mostly to a loosely affiliated international group of individuals referred to as “Anonymous.” This movement came about largely as a result of WikiLeaks and its highly publicized and extremely controversial posting of classified documents from the U.S. government. In response to WikiLeaks actions, major businesses attempted to distance themselves from the organization. In retaliation for perceived censorship, Anonymous began to bombard the websites of WikiLeaks opponents with distributed denial of service (DDoS) attacks. This has since been referred to as the first war over digital information.
More recently, a series of politically motivated attacks repeatedly targeted some of the nation’s largest financial institutions. A hacktivist group located in the Middle East, Izz ad-Din al-Qassam Cyber Fighters, claimed responsibility for the DDoS attacks that disrupted the websites of dozens of U.S. banks. U.S. intelligence officials, however, claim that due to the sophistication of the attacks, the group was likely backed by a nation-state with all signs pointing to the Iranian government. Although the attacks were mostly seen as a nuisance, there was concern that they were being used as a cover for data theft.
Today, seemingly no business or government agency is immune from an attack. With increasing frequency these attacks, which in the past were often crude denial of service assaults, use sophisticated tactics previously common only among blackhat hackers to access sensitive information. Hacktivism went from simply being a nuisance for a few organizations caught in the cross-hairs of a political or social cause to a significant threat to potentially every business and government agency.
Case Count by Year
Hacktivism cases have been increasing steadily among the cases tracked by Advisen.
As new opportunities and technologies emerge, hacktivists adapt their methods and strategies. The following are some of the more common hacktivist tactics currently being applied.
Denial-of-Service (DoS): Attacks designed to prevent legitimate users from accessing information or services from a website. The most common DoS attack occurs when an attacker “floods” the server hosting the target website with requests for information.
Distributed Denial-of-Sercvice (DDoS): DDoS attacks expand on DoS attacks by activating a network of computers (known as a botnet) to send huge amounts of data to a website.
Website Defacements: Replacing or manipulating a webpage with new information in an attempt to convey a particular message.
Site Redirects: By adjusting the address settings, hackers can cause website users to go to a website of their choosing.
Virtual Sit-In: A mass form of hacktivism that is essentially a DoS attack involving individual protestors manually reloading web pages.
Information Theft: An increasingly preferred method of hacktivism that involves illegally obtaining access to a computer or network and stealing private information.
Warning Tactic: Warning targets of an impending attack to draw attention to a cause.
Diversion Tactic: Using DoS attacks to draw attention away from a more comprehensive plot.
Relative Occurrence Rate by Industry – US
Public administration is by far the industry with the highest relative occurrence rates. This is perhaps not surprising given that hacktivism is often politically motivated.
Source and Type of Loss
The core tactics of hacktivists have shifted from relatively benign attacks designed to make a statement and/or disrupt a website to those with more sinister intentions and consequences. Hacktivists now frequently look to damage and embarrass their targets by stealing sensitive and highly valuable corporate and personal information. Stolen trade secrets, confidential documents, and personal identifiable information (PII) cause significantly more damage and create substantially more publicity for their intended cause.
This chart shows the source of data loss in hacktivism cases. Website breaches are far and way the biggest source of loss, followed by server breaches.
The fact that Anonymous is now practically a household name is evidence of how effective hacktivism can be. Hacktivists may rarely succeed at getting companies or governments to change their behavior, but can be very effective at drawing attention to their causes. Hacktivism will undoubtedly be a feature of the online world for the foreseeable future, and no company or organization can assume the will not fall victim to an attack.
This chart shows that the largest type of loss faced by victims of hacktivism is corporate loss of business income, followed by personal privacy.