They are Not What You Think They are … They are Hacktivists

Pierluigi Paganini May 06, 2012

Article Published on The Hacker New Magazine – May Edition “They are Not What You Think they Are … they are hacktivists”

During the last couple of years, we have witnessed the escalation of operations conducted by the Anonymous group, the collective of hackers that is expressing a social dissent through cyber attacks.

In modern society, the technology plays a crucial role, it represents a cultural vector and an element of aggregation, obviously, it could be used also to express dissent against the policies of governments and private companies.

Groups like Anonymous are the maximum expression of a phenomenon defined “Hacktivism” that refers the usage of computers and computer networks to express social protest or to promote political ideology. If you believe that this form of protest is recent you are wrong, the term was introduced for the first time in 1996 by a member of the popular group of hackers the Cult of the Dead Cow hacker named Omega. The hacktivists use to attack systems and architectures with legal and illegal tools as a form of protest. Denial-of-service attacks, data thefts, data breaches, website defacement, typosquatting are just some of the methods used by hacktivists during operations of digital sabotage. Forms of hacktivism are carried out in the belief that proper use of the technical tools will be able to produce similar results to those produced by regular activism or civil disobedience to promote political ideology.

The Anonymous collective is now the incarnation of the hacktivism concept that has monopolized the worldwide attention on the phenomenon. The group and its operations are at the center of a heated debate, public opinion and industry experts are divided between those who believe that a collective is a group of cyber criminals and those who take due account of the phenomenon, trying to understand the dynamics of its genesis and not neglecting the value added to their participation in social dialogue.

We must consider that Internet world is profoundly changing due the continuous acts of hacktivism, the related operations represent one of the major cyber threats. The attacks of these groups produce the same effects of those perpetrated by cyber criminals or governments while targeting strategic objectives, for these reasons the cyber protests must be taken into serious consideration in national cyber strategy.

According to the study “Data Breach Investigations Report”, published by Verizon, hacktivists stole almost twice as many records of ordinary cybercrime from organizations and government agencies.

The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide. An impressive number of attacks made by activists with a regular frequency has been observed during last year causing a great deal of effort responding to the cyber threat. Cyber activists use hacking techniques to perform their operations involving critical masses made of ordinary people. The most common form of attack is the Distributed Denial of Service (DDoS), which attempts to make a site or service unavailable to its users due to an enormous quantity of requests sent in a short period. Hacktivists are demonstrating increasing skills in their attacks and we expect increasing in the number of their operations with possible extensive damage.

In the past, Anonymous supporters have used a program called LOIC allowing them to join in an attack on a particular website, flooding it with unwanted traffic, the group has also released on the web instructions and videos on how to conduct this kind of operations. In terms of media, Anonymous group can be a lesson to many. However, the latest attack I believe represents an element of further development for the group, although it is always a DDoS type, the method used has profoundly changed in the conception.

The recruitment campaign for the attack has also exploited social media to engage the largest number of participants with devastating consequences for victims. Hence the web and social networks like Facebook and Twitter have been flooded with messages of affiliates to the group, a massive media campaign. Anonymous in this way has raised the bar, even a user without his knowledge, by simply visiting a web page without interaction it is possible to flood a victim with unwanted traffic.  The trick is possible simply hiding within the web pages a JavaScript that instructs the browser into visiting a specific phase (the target).

Hacktivism has made a quantum leap with this new method for two simple reasons:

  • The first is that the attack capability has increased dramatically.
  • The second, more subtle but formidable in my opinion, is that from a legal standpoint it is hardly attributable to each user a criminal liability. A user who participates in the attack, unlike what happened before with Loic, today could not always claim to be aware. This subtle aspect could work as a stimulus for a wide category of undecided people who share the ideology but that fear of legal implication.

The dispute between governments and groups of hacktivists such as Anonymous has an important social connotation. The fight for freedom of expression, the total aversion to any form of control and monitoring, reporting of abuse of power and blatant violations are the main arguments that invite to the action groups of hacktivist, however, there is a thin line between a cyber protest and an act of cyber crime. While many operations are limited to DDoS against few web sites in more than one occasion, the disclosure of information acquired through hacking systems have exposed sensitive data to public opinions with serious consequences.

It has happened last Christmas when Wikileaks has published with the support of Anonymous more than five millions of email from Texas-based global security think tank company Stratfor, one of the most important global intelligence firm.
WikiLeaks and Anonymous,  a strategic partnership between the major expression of hacktivism culture, two forces that together are able to frighten the world’s great, the new alliance against dirty affairs.  The hack of the Stratfor Global Intelligence service was made by the same collective Anonymous who leaked company data online, including the full client list of over 4000 individuals and corporations.

They gained access to a subscriber list stored on, and that list contained unencrypted credit card data of the customers. The published email demonstrate that Stratfor company was providing confidential intelligence services to several corporations, such as Lockheed Martin, and also to government agencies such as the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The exposed material shows how Government and diplomatic sources all around the world give Stratfor firm advance knowledge of the events and of the politic strategies, all in exchange for money.

A great spider of informants, government employees, embassy staff and journalists, recruited worldwide and paid through Swiss banks accounts and pre-paid credit cards. The mutual cooperation had already been manifested when the Anonymous group opposed to the actions tied against the founder of Wikileaks Julian Assange accused of publishing hundreds of Thousands of secret U.S. government cables beginning in December 2010. The US government applied as

The US government blocked the donations to the Wikileaks via PayPal, MasterCard, and Visa. To protest against the penalty, Anonymous arranged massive attacks against these financial institutions. Of course, the actions of groups of hacktivists represent a serious threat to private industry and the national security of each country. The hacktivism is considered within a cyber strategy a major cyber threats that can cripple with his attacks critical infrastructures, financial services and government agencies.

Groups of hacktivist are considered as uncontrollable variables in the cyber space capable of surprising us with striking operations worthy of the most skilled cyber army.

Are we able to mitigate the risks of exposure?

The cornerstone of the hacktivism is the recruitment of common people through social media to engage in protests, powerful machine that moves announcing its arrival and producing a loud noise. This undoubtedly provides two advantages:

  1. Knowledge of group policies.
  2. Ability to operate covert actions against strategic objectives by exploiting the group’s operations as a diversionary action.

Governments and law enforcement agencies understood the offensive potential of the group has accelerated the implementation of measures to control the main channels of communication adopted by hacktivist.

My thought is shared in many environments, and many experts are convinced that the phenomenon Anonymous must be analyzed from another perspective in some ways innovative.

Is it possible to use the Group and its function as a cyber weapon? How is it possible?

It is widely believed that it should be used to carry out intelligence operations aimed at infiltrating the system. The brand of groups like Anonymous could be used to involve a critical mass of people for their attacks, making impossible the attribution. In a hypothetical phase two does not makes sense to destroy it. Threat actors could be interested in influencing their actions, suggesting operations against strategic objectives for cyber operations or planning military operations behind a diversionary action conducted by groups like Anonymous.

A fake cell of hacktivists could recruit hackers and use them in operations against institutions and hostile governments. The group has always been driven by purely political motivation, and for this reason, imagining it for strategic planning of operations could destabilize an opponent government exaggerates the tone of the internal political debate. We know very wall the dangerous of a protest supported via PSYOPs operations.

Assumed the possibility of using groups like Anonymous, or rather its model of protest, as a cyber weapon who might be interested in its “recruitment,” what are related risks?

Obviously, the idea is very appealing to all governments that have to conceive cyber actions and that need guarantee a low media exposure.  How to approach the dangerous groups and with what risks?

Intelligence operations and study of the phenomenon are preparatory to the approach of groups of hacktivists. There is the concrete possibility to infiltrate groups of hacktivists and influence their strategy. The risks are related to the negotiation phase with unstable and mutable organizations that are not really known.

Gen. Keith Alexander, current director of the National Security Agency warned of the possibility that groups of hacktivists will have the ability in a short term to bring cyber attacks to the national power supplies causing a limited power outage in the US.
Power supplies are just one possible targets together with telecommunications systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems and emergency services.  The profile of cyber assaults against US government and corporate targets is increasing manifesting high skill in the cyber strategy of the attacks. Gen. Alexander declared :

If forces like those of hacktivist have the technical capacities and critical mass such that they can influencing foreign policy, are we sure that among their goals there are critical infrastructures?

Why we want to consider Anonymous a criminal organization?

Mr. Richard Stiennon, Chief Research Analyst at IT-HARVEST, draws some distinctions in the definitions as well. A cybercriminal is generally motivated purely by profit. That is a different goal than cyber espionage, which seeks to access intellectual property for military or industrial strategic advantage, or cyberwar, which focuses on actually sabotaging infrastructure, disrupting critical systems, or inflicting physical damage on an enemy.

Do you recognize anonymous in one of these definitions? Does Anonymous want this?

In an official message to the Wall Street Journal Anonymous regarding the accusation has written

“Ridiculous! Why should Anonymous shut off power grid? Makes no sense! They just want to make you feel afraid.”

Is hacktivism only a threat or also a voice to listen?

Some forms of protest are for sure illegal but we must consider that they are the expression of dissent shared among large communities, they are the voice of masses.The main events of protest in the history were always characterized by elements of illegality due to their connotation of opposing the current governments. From a legislative perspective, we must distinguish hacktivist from a cyber criminal. There are countless methods of judgment about the actions of Anonymous and similar. We must consider the reasons on the genesis of these movements, otherwise, we will not have framed what I consider a historical phenomenon.

In terms of security, the group is without doubts a threat due to its capabilities and objectives it targets. I think that Anonymous is a voice to be taken into account. You cannot stop ideologies with the repression!


[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Hacktivism) 

you might also like

leave a comment