Tuesday, 1 October 2019

What is Hacktivism?







The notion of hackers with a political message has taken the internet by storm in the recent decade. Check out notable examples of hacktivism in our article.


Hacking with a cause


It's impossible to turn on the news these days without hearing about hackers.

While hackers were once talked about as an exotic, futuristic threat, today they are a hot topic on news outlets all over the world. Russian hackers flooding social media with political robots, phishing scams on Facebook, massive security leaks - you name it.

However, not all hackers are created equal. While some people believe all hackers act solely out of self-interest, there are those whose sole purpose is to advance a political cause, whatever that cause may be. These are the so-called hacktivists.

Let's take a deeper look at what are hacktivists and what do they stand for.


What is Hacktivism?


Simply put, hacktivism is the use of hacking techniques to further a political or social agenda. There is no single box for classifying hacktivists. They can be all over the spectrum when it comes to proficiency levels, target preference, choice of tools, and preferred tactics. 

Ultimately, what defines hacktivism is the motivation behind the actions, not the actions themselves. And what motivates them can vary greatly.

Like real-world activists, hacktivists generally take action against a power-exerting institution, like a government or corporation. However, hacktivism can involve actions against multiple targets which are perceived to be loosely associated with a broader cause.

Some hacktivists engage in mostly harmless mischief, like changing the title of United States' Department of Justice website to "Department of Injustice." Others are a bit more impactful, such as the leak of the Democratic National Convention's emails in the 2016 US presidential elections.


Hacktivism Examples


Let's take a look at some of the most notable examples of hacktivism to understand just how varied and far-reaching it can be.

The Arab Spring

In 2011, in the face of government oppression in Tunisia, Tunis protestors had a difficult time getting the international media to notice what was happening in their country.

After hacktivist collective Anonymous embraced the cause, hackers around the globe became a megaphone, taking to social media and helping Tunisians to circumvent censorship and show the reality of the country. The group also launched repeated DDoS attacks against government websites.

Such actions proved effective in bringing international attention, and soon led to mass protests in Egypt, Syria, Libya, and much of the Middle East.


Operation DeathEaters

While hacktivists usually work outside the law, during Operation DeathEaters Anonymous helped law enforcement bring down a criminal network in the UK.

The group began with a series of DoS attacks on sites sharing child pornography on the dark web. Bringing the websites down was the first step in what ended up becoming a larger, coordinated effort.

In total, Anonymous hackers brought down 40 websites, uncovering evidence of a massive international pedophilia ring in Europe. They then proceeded to publish the identities of around 1500 individuals who were allegedly using the websites.


2016 United States Election

Perhaps the most iconic use of hacking techniques in history, the 2016 US presidential elections have shown just how much impact hackers can cause.

This was not one, but multiple actions aimed at interfering with the election. The attacks were purportedly carried out by Russian-based hackers and included misinformation, hijacking of social media accounts, and leaked documents and emails. Russia repeatedly denied any involvement.

It’s hard to measure how much impact the hacks had in the result itself, but the sheer impact they had on public trust - and arguably on democracy itself - is a testament to the power of hacking.


Notable Hacktivist Groups


Typically, hacktivists work alone. However, some operate as loosely affiliated units behind a broadly-defined set of ideals.

Anonymous

Few hacker groups are as notorious as the Anonymous collective, whose members disguise themselves in Guy Fawkes masks.

The group has members all over the globe, often coordinating attacks to achieve a common goal. They have made headlines for targeting ISIS and hacking Sarah Palin's emails.

LulzSec

The now-defunct LulzSec took themselves a little less seriously than Anonymous. Operating for just over a year, the group said that they were in it "for the lulz."

LulzSec's attacks targeted corporations like Sony Pictures and government agencies like the CIA.

Much of their motivation was to showcase the dangers of weak passwords and password reuse, and consisted mostly of defacing websites.

Ghost Squad Hackers

Unlike LulzSec, GSH's motivations are entirely serious. They're entirely politically motivated, and their victims include the KKK, Donald Trump's presidential campaign, and several international governments.

They've drawn media attention for attacking the Israeli Defense Force, the Central Banks, the United States Military, and the governments of Ethiopia and Afghanistan.

Other Notable Groups

While these three are among the more impactful hacktivist groups, there are dozens of other groups using cyberattacks to further their agendas. These groups include the Chaos Computer Club, CyberVor, the Legion of Doom, and many more.


Hacktivism Tactics


Hacktivists use a number of tactics to achieve their aims. A large scale hacktivist campaign can combine multiple tactics. Here are the main tactics employed by hacktivists:

Doxing

Doxing is the release of an individual or institution’s confidential information to the public. This information usually consists of addresses, phone numbers, private communications, banking details, and identities. Doxing can lead to reputational, financial, or even physical harm.

DoS (also DDoS)

DoS stands for "Denial of Service" (or Distributed Denial of Service). These attacks generally use bots to make massive numbers of requests and overload a website, effectively taking it temporarily offline.

Virtual Sit-Ins

Virtual sit-ins are similar to DDoS attacks, but instead of using an automated bot network, hacktivists manually visit a website in large numbers to try and crash its servers.
Website Mirroring

Website mirroring is used to bypass government censorship. Information from censored websites are copied to a non-censored website and relayed via a different IP address.

Anonymity

Since the risk of government retaliation is so high, anonymity is a high priority among serious hacktivists. When playing defence, hackers use tools like encryption, IP masking, free email accounts, proxies, VPNs, and TOR to keep hidden from prying eyes.


Hacktivism vs. Cyberterrorism: What's the Difference?


The line between hacktivism and cyberterrorism is a blurry one to say the least. Both are motivated by ideology and claim their actions support a noble cause. There’s a substantial overlap in the choice of tools and tactics, too. So how to tell one from the other?

In real life, one seemingly obvious distinction is the method and extent of the harm one is willing to cause. Going as far as killing unarmed civilians (or even armed defence forces) is usually a tell-tale sign of terrorism. Organised sit-ins and marches tend to be the realm of activists, and even when escalating to confrontation and violence it’s hard to argue that protestors are terrorists.

The detachment provided by the digital world blurs somehow this line, as damage caused by cyber attacks is harder to see. Few (if any) hacks result in immediate deaths, so the difference lies in the intent behind it - and that’s one hell of a slippery slope.

This kind of controversy is the reason some authors and publications prefer to restrict the use of the term “cyberterrorism” to the online actions of well-known terrorist organisations.


Is hacktivism good or bad?


While hacktivist tend to believe they’re on the right side, it’s never as straight-forward as this. Hacktivism is a form of challenge to the established order. The goal is to affect social change, and this is usually a painful process.

There’s nothing inherently good or bad about change itself. As with all things subjective, the morality lies in the eyes of the beholder. If you believe the cause, then ends justify the means and even damaging actions are good. If you don’t, no matter the benefits that come from it - it’ll still be bad


What’s the future of hacktivism?


As recent history shows, hackers motivated by politics are increasingly able to influence (or at least disrupt) the political establishment. But that’s the past - what lies in the future for hacktivism?

There seems to be little agreement around it.

According to a 2019 report, hacktivist activity has decreased by 95% from 2015 to 2019. There is even some speculation that “false-flag hacktivism” (when nation-states carry cyber attacks under the banner of hacktivism) could be the reason driving actual hacktivists away.

The research, conducted by IBM, has been criticised by independent media for its lack of objective criteria in defining hacktivism - which allegedly left multiple examples of hacktivism out of the tally.

In contrast, tech publication Wired claims hacktivism is actually on the rise - it’s just more ineffective than ever.

So where do we actually stand? Is hacktivism increasing, or decreasing?

Perhaps that’s not even the right question. The truth is, we’re deep into an age where information is power. And as we move deeper into this reality, those who are skilled at obtaining, manipulating, or destroying information can potentially exert even more influence than today.

With over a third of Brits believing hackers will influence the next elections or referendums, we need to accept that political hacking isn’t going nowhere anytime soon. Whether we call them hacktivists or not, it’s almost a moot point.