The hacktivism phenomenon

Article published on The Malta Indipendent

The last years have been characterised by the escalation of operations conducted by hacktivist groups, such as the famous Anonymous, which have expressed social dissent through cyber attacks. In contemporary society technology plays a crucial role, and is used as a new cultural vehicle and even aggregation element. It’s a natural evolution towards technology usage and also a carrier of social dissent against the policies of governments and private companies.

Groups such as Anonymous are classic examples of the phenomenon known as “hacktivism” which refers to the usage of computers, and computer networks, to express social protest, or to promote a political ideology. This form of protest isn’t recent; the term in fact was introduced for the first time in 1996 by a hacker named Omega, who was a member of the famous group of hackers the “Cult of the Dead Cow”. The hacktivists attack IT infrastructures with legal and illegal tools to perform their operations of protest, such as denial-of-service attacks, information theft, data breach, web site defacement, typosquatting, and any other methods of digital sabotage.

Anonymous and its operations are at the centre of a heated debate, with public opinion and industry experts divided between those who believe the collective is a group of cyber criminals, and those who take due account of the phenomenon, trying to understand the dynamics of its genesis, and not neglecting the added value of their participation in social dialogue.

According to the study “Data Breach Investigations Report” published by Verizon, hacktivists stole almost twice as many records of ordinary cybercrime from organisations and government agencies, demonstrating how dangerous the phenomenon is.

The most common type of attacks by the Anonymous group is without doubt the Distributed Denial of Service (DDoS), used to make a site or a web service unavailable due to an enormous quantity of requests sent over a short period of time.

But Anonymous and hacktivists in general are demonstrating increasing skills in their attacks, and experts are sure we will witness an increase in the volume of their operations, with possible extensive damage.

In this view, the latest attacks represent an element of innovation because, although it is always a DDoS attack, the method used has profoundly changed since conception. Now a user can, by simply visiting a web page and without any interaction, unwittingly start to flood a victim with unwanted traffic. The trick is possible by simply hiding JavaScript procedures, specifically developed to be interpreted by common web browsers, within the web pages.

Hacktivism has made a quantum leap with this new method for two simple reasons:

The offensive force has increased dramatically.

From a legal standpoint, it is hard to attribute criminal liability to each user. Previously, for example with the attack called LOIC that was used to hack VISA and Mastercard, a user who participated could risk liability because an element of willingness to be involved could be established. However, in the latest style of attack today, a user can claim to be unaware. This subtle aspect could be stimulus for a wide category of undecided persons, who share the ‘hacktivist’ ideology, to overcome their fear of incurring legal process and consequently participate in hacking operations.

Hacktivism also has a cyber warfare connotation, with some groups having a total aversion to any form of control and monitoring, making these groups of hackers oppose any government(s).

The boundary between interpretation of an operation as a simple act of protest or as cybercrime is thin. While many operations are limited to DDoS against a few web sites, resulting in their closure or suspension of operations, on more than one occasion the hacks have resulted in the acquisition, and/or disclosure to the public, of sensitive information with serious consequences.

This happened last Christmas when Wikileaks published, with the support of Anonymous, more than five million e-mails from Texas-based global security think tank company Stratfor, a global intelligence firm. The exposed material shows how government and diplomatic sources all around the world give Stratfor clear advanced knowledge of events and of the politic strategies, all in exchange for money. A great web of informants, government employees, embassy staff and journalists, has been recruited everywhere, and paid through Swiss bank accounts and pre-paid credit cards. On the other hand of course, the actions of groups of hacktivists represent a serious threat to private industry and the national security of each country. The group’s attacks have been shown to bring about the blocking of services provided by a company, to gain access to sensitive information whose disclosure could undermine the internal balance of a country and its relationship with allied states. And it’s for this reason that hacktivism is considered within a cyber strategy as a major cyber threat which can cripple, with its attacks, critical infrastructures, financial services and government agencies.

Groups of hacktivist are considered as the uncontrollable variables in cyber space, capable of surprising us with striking operations worthy of the most skilled cyber army.

Is it possible to use the group and its popularity as a cyber weapon? How is it possible?

Several intelligence agencies believe that it could be more profitable to influence the operations against strategic objectives. Let’s imagine fake hacktivist cells that recruit ordinary people to direct attacks against institutions and hostile governments. We found, on more than one occasion, how dangerous a breath of wind of protest through the new social media can be.

Intelligence operations and studies of the phenomenon are preparatory to the approach, but with regard to the possibility of infiltrating the group, this could of course be achieved by conditioning, for example through financial compensation and other incentives, the medium and high level representatives of the groups − those people that define the strategies of protest. There are risks related to negotiation with unstable and mutable organisations that we do not fully understand, but history teaches that such agreements are possible, and have indeed occurred in the past, such as between states and criminal organisations. In some ways this approach is similar to what can occur when government intelligence agencies discover a weakness in existing cyber infrastructures and, rather than report and assist to repair the weakness, they allow the weakness to remain so as to be able to exploit it for their own offensive purposes now or in the future. This is different to ‘ethical hacking’ where a person (such as co-author of this article Pierluigi Paganini) hacks to find weaknesses in a system for the purpose of identifying and removing the weakness, and to help build defences. Ross Anderson, the well known professor in Security Engineering at Cambridge University, is reported to have asserted that the “lions’ share” of the UK government’s cyber budget is allocated to develop cyber offence capabilities.

Is hacktivism only a threat or also a voice to listen to? What can we expect for the future?

Some forms of hacktivism protests are certainly illegal, but we must consider that they are expressions of dissent shared between large communities; they are the voice of masses. The demonstration is in the number behind each attack. These guys are not alone, they have a lot of common people behind them. The main events of protest in history were always characterised by elements of illegality due to their connotation of opposing the governments in question. From a legislative perspective, we must distinguish a hacktivist from a cyber criminal. Although the damages are to be considered in high regard, there are countless methods of judgment regarding the actions of Anonymous and similar groups. In terms of security, the group is without doubt considered a threat due to the capabilities shown and the objectives selected. In another sense they do bring to public awareness some of the clear vulnerabilities in existing cyber systems, and thinking people will be asking themselves, and hopefully others, “Why are our critical cyber systems so vulnerable?” Hacktivism can therefore be seen as helping to motivate a shift towards much needed improvements. Politically, I think that Anonymous is a voice to be taken into account. Ideologies could not be repressed with the arrests, and what is possibly unique about Internet enabled social activism, such as the Arab Spring, is that it can reflect a widespread shift or evolution in popular opinion or consciousness.

These observed attacks should give us cause to reflect. I think the group is currently in a state of transition which, despite having reached a critical mass of supporters, has began to split into numerous cells scattered throughout the world.

For now, these cells appear to be driven by common goals, but what will happen tomorrow?

In a heterogeneous scenario, the risk that external agents can infiltrate the group influencing policy is concrete. New operations can be organised in the name of the group with unpredictable consequences, foreign states or law enforcement may involve masses of people and convince unaware hacktivist to conduct ideological battles. The time of hiding, in the form of protest, could begin to decline and, to give strength to their operations, hacktivists would be obliged to make public appearances, presenting their vision and political programmes to the world through their representatives. The groups are aware that their attacks may begin to serve a third cause, not just their own.

Analysing for example the Anonymous case, we must distinguish two phases of Anonymous phenomenon, the first one that I define “Here I am, know me and learn to live with my judgment” is the one we are leaving − in this phase the group introduced itself to the world, showing its offensive capabilities but also enjoying broad support. The second phase, named “Openness”, is the one we will live in the coming months. In this phase the group will try to talk with institutions, will operate on the internet, but also in the street. The stage is very delicate. Because of the heterogeneous nature of the groups, many hacktivists will not accept the openness of institutions, deciding instead to pursue a policy separate from the line indicated by the collective, perhaps seeing themselves as victims who, through becoming loose cannons in the web, could stage indiscriminate and unethical attacks.

This is the worst scenario, where chaos may reign on the web, where regulations cannot keep up with social change, and where some government and corporate bodies are trying to create a sense of security and trust in the cyber environment, while others seek to exploit what some world class security experts state is a history of generations of deployments of insecure cyber systems, with subsequent endless security patching.

It is time to revert to the fundamentals, to insist only on cyber systems that are built secure from the ground up, and in the meantime we can also continue to support the call for more openness in government and corporate management, whereby it would not fall to hacktivist groups to be, at times, the ones to have to expose actions and attitudes by people and organisations in positions of trust failing to satisfy democratic principles and working counter to future harmonious international relations. When all is said and done, a secure and resilient cyber domain should be a universal and fundamental right, along with honesty and transparency in both government and corporate governance. No doubt the future will see more hacktivism and hopefully other less disconcerting forms of Internet enabled social activism to achieve these constructive objectives.

by Ron Kelson, Pierluigi Paganini, David Pace

ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded by the Ministry for Gozo, Eco Gozo Project, and prize winner in the 2012 Malta Government National Enterprise Innovation Awards. www.ictgozomalta.eu has links to free cyber awareness resources for all age groups. To promote Maltese ICT to the world, we encourage all ICT Professionals to register on the ICT GM Skills Register and keep aware of developments, both in Cyber Security and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace at dave.pace@ictgozomalta.eu.

Sig. Paganini, Security Specialist CISO Bit4ID Srl, is a CEH − Certified Ethical Hacker, EC Council and founder of Security Affairs

Mr Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited.