The Rise of Hacktivism
2016 has been dubbed the year of ‘Hacktivism’
Though hacktivism has been on the rise for years
Arab Spring
Financial Crisis of 2008
Brexit
Flint, MI
Leaking of DNC Emails
—-
So what is hacktivism?
Definition: Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.
Hacktivism was coined by Cult of the Dead Cow member Omega
Cult of the Dead Cow?
[ASCCI Art for this group]
_ _
((___))
[ x x ]
\ /
(‘ ‘)
(U)
Founded: 1984
Location: Farm Pac slaughterhouse, Lubbock, TX
Founding Members: Grandmaster Ratte, Franken Gibe, Sid Vicious, Three BBS SysOps
Goal: “Global Domination Through Media Saturation”
Other Aims: Creation of anti-censorship technology, furtherance of human rights on the internet
Description: The original hacktivists were known for their e-zines, music, the creation of the first hacker con, development of a range of cyber security technologies, and outlandish claims.
[1]
“We promise to give each and every former President of the United States a
full dose of Alzheimer’s venom – fast-acting this time – unless we get our
demands fulfilled.”
——–
Economics of cyber attacks:
When you play the numbers it’s low risk, high reward:[3]
UK population – 65 million
4% have been hit by ransomware – 2.6 million
26% of people paid up – 0.68 million
$650 average ransom – $440.2 million income
“‘Hacktivism’ offers an easy and inexpensive means to make a statement and inflict harm without seriously risking prosecution under criminal law or a response under international law. Hacking gives non-state actors an attractive alternative to street protests and state actors an appealing substitute for armed attacks. It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.” — Georgetown Journal of International Affairs – “The Rise of Hacktivism”[2]
——–
Though hacktivist attacks are often less motivated by money
Hacktivist Toolbox:
Doxing:[5][4]
Definition–the strategic outing of an opponent’s real name, home address, or other private information, published with the intention of inconveniencing, frightening or straight-up endangering them.[4]
Techniques: Advanced Search, Social Engineering
Past Doxers: Vigilantes on Reddit, Anonymous, anti-abortion terrorists, CNN, WikiLeaks
Pros: rudimentary doxing can be done by anyone
Cons: Mistaken information, unforeseen consequences of leaking information
Example: In the 1990’s anti-abortion terrorists located and published the personal information of abortion doctor providers and posted them to a hit list. 8 abortion-providing doctors were killed by anti-abortion terrorists.
—
Denial of Service (DoS)Attacks:
Definition — an effort to make a machine or service unavailable to intended users often through flooding the machine or resource with superfluous requests in an attempt to overload resources.
Techniques: Distributed DoS, Application-Layer DoS, Advanced Persistant DoS
Frequency: 124k attacks per week in 2016[9]
Past DoS-ers– Vigilante Botnets, Anonymous, Infected Botnets, Occupy Central
Pros: way for politically motivated individuals or small groups to make a big splash
Cons: DoS attacks are illegal. DoSers are materially damaging the property of another.
Example: In 2010 Anonymous attempted to shut down Paypal’s services for four days in protest to Paypal’s choice not to process donations to Julian Assange. While Anonymous members were charged with misdemeanors, Paypal faced $100,000’s in business losses.
—
Defacing
Definition — the unauthorized effort to alter the appearance or message of individual or organizational websites.
Techniques — SQL Injection, Cross-Site Scripting, Remote File Inclusion, Local File Inclusion, DDoS Attack
Past Defacers — Anonymous, Vigilantes, LulzSec
Pros: often used as a way to emberrass entities in power or make high-publicity political statements.
Cons: Defacing of sites is illegal. Defacers are materially damaging the property of another.
Example: In 2014 a group of unknown hackers defaced RT.com — Russia’s largest online news source — by replacing Russia or Russian’s with Nazi or Nazi’s in every headline on the site. The defacing took 30 minutes to resolve. [7]
—-
Largest Players in Hacktivism
—-
Lulz Security (LulzSec)[8]
Number of members: 6
Organizational Strengths: PR, Defacing, Doxing
Description: For a 50-day run in 2011, LulzSec took, down, defaced, and released confidential documents from many large organizations including Fox, Sony, the FBI, among others. Masters of PR, they portrayed their ‘pranks’ as attacks done ‘just for the lulz’ and reported to their audience of hundreds of thousands on twitter with witty titles like ‘f*** the FBI Friday.’
—
Anonymous
Number of members: flexible
Organizational Strengths: Defacing, DDoS Attacks
Description: More of a loose coalition of like-minded individual hackers, Anonymous are simultaneously called ‘digital Robin Hoods’ and ‘cyber terrorists’ depending on who one asks. Anonymous have taken action through DDoS, Doxing, and Defacing against US government agencies, large financial institutions, ISIS and ISIL, foreign states, child pornography rings, copyright protection agencies, and hate groups. Anonymous often has a physical presence at protests as well, wearing the well-known Guy Fawkes mask.
—
Wikileaks
Number of members: <10 core members, hundreds of volunteers
Organizational Strengths: Doxing
Description: This 'not-for-profit media organization' has been both praised and condemned, having made a name for themselves through dumping millions of classified documents or private corrospondences to the public. Starting in 2006 with secret documents related to attrocaties occuring in Kenya, WikiLeaks has continued to build their trove of once-classified documents to include those on many US government organizations, large corporations, and governments abroad.
---
UGNazis-- [10]
Number of members: ?
Organizational Strengths: Doxing, DoS Attacks
Description: Founded in 2011, the UGNazis are best known for their opposition to the Cyber Intelligence Sharing and Protection Act as well as the Stop Online Piracy Act. In retalliation for these bill, the UGNazis have performed many DDoS attacks on US government agencies, online payment providers, 4Chan, Twitter, and HostGater. Members of the organization including Cosmo the God are also known for Doxing a number of high profile politicians and entertainers including Hillary Clinton and Donald Trump.
Brought to you by CyberSecurityDegrees.com
Citations:
[1]https://www.cultdeadcow.com/cDc_files/cDc-0281.txt
[2]https://journal.georgetown.edu/the-rise-of-hacktivism/
[3]https://www.compact.nl/articles/ruthless-and-rational-cyber-criminal-entrepreneurs/
[4]https://www.washingtonpost.com/news/the-intersect/wp/2015/08/12/how-doxing-went-from-a-cheap-hacker-trick-to-a-presidential-campaign-tactic/?utm_term=.f85db480c833
[5]https://metro.co.uk/2017/07/05/what-is-doxing-and-is-it-illegal-heres-how-people-dox-and-what-you-can-do-to-avoid-it-6757123/#ixzz4qVO8z3fu
[6]https://www.hackingloops.com/6-ways-to-hack-or-deface-websites-online/
[7]https://thehackernews.com/2014/03/russia-today-hacked-russian-replaced.html
[8]https://www.pcmag.com/article2/0,2817,2387716,00.asp
[9]https://www.infosecurity-magazine.com/news/ddos-attacks-increase-in-size-and/
[10]https://www.bleepingcomputer.com/news/security/ugnazi-hacker-who-doxed-trump-clinton-obama-and-others-gets-no-prison-time/
[11]https://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf