Is Your Business At Risk of a Hacktivist Attack?

Unlike hardened cyber criminals who hack for commercial or geo-political gains, hacktivists hack mainly to prove their point, for what is considers as a noble cause, or to retaliate against what it perceives as a wrong. The attacks carried out by hacktivist on businesses and governments primary cause humiliation rather than any significant loss of sensitive data. Anonymous, for instance, has made it clear that they hack defense and intelligence contractors websites only to expose their security vulnerabilities and not for any financial or strategic gain.

A close analysis of hacking committed by hacktivist groups such as Anonymous and LulzSec confirms this tend.

Anonymous rose into limelight in 2008 with a worldwide protest against the Church of Scientology for removing a video on YouTube featuring Tom Cruise. They declared war on the Church of Scientology for enforcing internet censorship, and soon launched a denial of service attacks against the church. Since then Anonymous has led dozens of similar attacks, all against what it saw as censorship.

Recent instances of hacking also reveal strong causes as motives. Anonymous hacked into the servers of ManTech International, a $2.6 billion computer security company that won a major F.B.I. contract and released the company’s internal company documents online taunting them saying “It’s really good to know that you guys are taking care of protecting the United States from so-called cyber threats.” Similarly, the hackers compromised McLean Va. Based Booz Allen Hamilton, a $5.6 billion company that does computer security work for the Defense Department, and released e-mail addresses of 90,000 military personnel on the public domain..

In another instance, an executive at HBGary Federal made a public boast of his ability to unmask the members of Anonymous. The hackers retaliated by breaching the network of this very company, and releasing online a large trove of the company’s e-mail messages that included details of its business transactions. The release information disclosed a shady undercover operation to discredit WikiLeaks and people who support the group, and the company had to fire the CEO, to distance itself from the controversial plan.

On June 8 2011 LulzSec hacked into the National Health Service servers and gained access to health service passwords. They however issued a statement: “we mean you no harm and only want to help you fix your tech issues… we’re a somewhat known band of pirate-ninjas that go by LulzSec. Some time ago, we were traversing the internet for signs of enemy fleets. While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords.” Soon after this,

Anonymous and its affiliated groups have also launched denial-of-service attacks on PayPal and MasterCard, to retaliate against processing donations for WikiLeaks, and against PBS.com in retaliation for an allegedly defamatory documentary on WikiLeaks source Bradley Manning.

In August 2011, Anonymous hacked into the BART website and publicized the names, addresses, personal e-mails and passwords of 102 Bay Area Rapid Transit System (BART) police officers, to take revenge against BART’s attempt to cut cell services.

Instances of hacktivists hacking business websites, especially that of small and medium businesses are rare or nonexistent. From past behavior, hacktivists target only the government and large public corporations, especially those that take decisions they find offensive. Therefore, if you are a small or medium business refraining from sticking out your nose to where it does not belong, chances are hacktivists will spare you. However, if you thrive in seeking the limelight, position yourself as a guardian angel of computer security or have anything to do with defense or the government, you may be a target of a hacktivist attack.

However, a potential danger with hacktivist groups is their loose association and nebulous nature. Any hacker can claim membership of groups such as Anonymous, and as such corporate spies and nation-state actors may undertake their nefarious acts and hide their activities under the umbrella of Anonymous, to draw suspicion away from them.

Not everyone share hacktivists sense of enthusiasm for the cause. The law has come down on the groups and made many arrests. Critics allege that hacktivists would be better off focusing their energy on tasks such as taking down child-exploitation sites, which would provide them with popular acclaim. Others suggest that they would be better off finding evidence of corruption, or “the real dirt.” A strong school of opinion exists that hacktivist groups actually do not have any real goals and are teenagers simply wanting “to smash things,” and having done that coming up with a cause to defend their actions.

The motivations for hacktivists are seemingly to expose the corrupt and humiliate the establishment for laughs, rather than any personal gains, but such antics do create collateral damage. While the retaliation and humiliation that hacktivists aim to inflict is passing, the real impact of hacktivists has been to bring network and computer security on the front page of almost every major news website in the world.