Hacking Motivations – Hacktivism
Hacktivism is a term which describes the use of hacking for political, non-violent activism. As with any other form of activism, people’s perceptions will differ; some see hacktivism as a necessary tool against oppression, while others see it as nothing more than cyber-terrorism.
It is important to note that Hacktivism is not something new. In 1989, a group of Australian hackers allegedly created the worm WANK (Worms Against Nuclear Killers). This was one of the earliest recorded hacking events used for activism, although the term itself was reportedly coined by author Jason Sack in 1995.
A number of recent cases have led to a revival of the term Hacktivism. Groups like Anonymous and LulzSec launched a number of attacks on high profile targets this year with a high rate of success.
What is the incentive for these attackers?
Anonymous is a group allegedly made up of numerous individuals that are not bound by any hierarchy. They simply work together to achieve a common goal. Anonymous has a large number of hacktivism instances attributed to them this year, most in protest against the actions of some high profile organizations that went against Anonymous’s philosophy. These include:
- Sony suing GeoHot for the PlayStation 3 compromise
- The alleged Iranian election vote rigging
- Various companies’ hostile action against WikiLeaks
- HB Gray Federal actions against the group
LulzSec, which stands for Lulz Security – ‘laughs’ Security – is a group of hackers which for 50 days launched a number of hacking campaigns. The group’s motivations were a bit of a mystery. The members of LulzSec are allegedly reported as saying that their motive was the reveal lax security and they were only doing it for a laugh.
While most of their attacks do not appear to be politically motivated, some are – such as the defacement of PBS’s Frontline report with a message to free Bradley Manning. The group also attacked a large number of online games releasing countless user accounts and passwords.
The high rate of success is quite worrying. It is hard to say if this was due to their skills or lapses in security. Either way, it makes you wonder how many successful hacks go unnoticed simply because the perpetrator has no interest in the attack being made public.
Hacktivism is another wakeup call to reminds us that not maintaining a good balance between security and freedom for your employees can in itself be a security risk. In the last days of their hacking rampage, LulzSec started accepting requests for potential targets to hack next. Disgruntled employees might be inclined to offer their own workplace as a target in retribution for what they might perceive as oppression. If there was one lesson the HB Gray story taught us, it was that if a hacker group targets your organization and goes all out, they can seriously harm your company’s reputation and possibly put you out of business.
One of LulzSec’s goals has been to stress upon the importance of security and, although they went about doing this the wrong way, the message itself is very valid. Taking security seriously is very important for the long term survival of any organization.
Whether or not you agree with all, some, or none of these hacktivist motivations for aggression, they do raise an unarguable point about not taking any hole in security for granted. If it’s sensitive, encrypt it. If you feel like your measures are being compromised, go through and reconstruct them accordingly. If someone arbitrarily decides they don’t like what you’re doing or how you’re doing it, you can be put at great risk.
Excellent point about how many of these are going on without us knowing about them because nobody’s standing up and taking credit. Quite the scary thought.
In my opinion the terms hacktivism and hacktivists were just coined by individuals who want to legitimize their illegal hacking activities.
We should also remember that hacktivism involves politically motivated state-sponsored attacks. Take for instance the cases involving China. Officially, China does not tolerate this kind of hacks. But technically speaking, most of these “hacktivists” are “motivated” by their country.
You have strong words there Bob. Hacktivists have unpersonal motives. They don’t get compensated by their actions. They’re individuals who want to level the playing fields.
One great example of this is when Sony sued GeoHot. GeoHot is alone – by himself – against the giant multinational corporation. Sony dominated the game when they pinned down GeoHot. As a retaliation, Anonymous did what it has to do and attack the websites of Sony, which for me, is just fair and square.
I understand your reasoning Andrew but you have to realize there are a lot of unintended consequences with any action, hacktivism included.
Taking your GeoHot example, the intention of those attacks might have been simply to get back at Sony for going after GeoHot, but what about collateral damage?
Let’s focus on the DDOS attack, that’s the one with the less collateral damage but it still had some. Who got hurt with the DDOS attack? Sony may have gotten some bad press and maybe lost a few clients over that, but it was really nothing that bad to force them to close or really hurt them. On the other hand, people responsible for keeping the network up and running have potentially lost their job or gotten in a lot of trouble for not doing their job properly. The people most inconvenienced by attack were actually the people who make use of the PSN portal who were not able to play. They may have bought a Sony product but actually had nothing to do with GeoHot.
Then there was the PSN hack with the subsequent dissemination of account details. Again who was the real victim here? I am sure Sony suffered quite a bit and had its reputation trashed as a result, but again the real victims are the customers who most likely used those credentials everywhere which any malicious hacker probably has downloaded and abused now. They’re also in danger of identity theft (depending on the amount of information stored on the PSN network). And once again, Sony employees who had nothing to do with decision to go after GeoHot are likely to have lost their jobs.
Irrespective of Sony’s actions, hacktivism has its own consequences. It is a good thing to stand for what you believe in and I appreciate these were a group of people who wanted to help fight the big scary corporation in defence of the little guy who was possibly being treated unfairly. But there’s a way and another way to do things. It would be good if hacktivists try and make sure they do not get innocent people in the cross fire especially when those actions could potentially ruin lives (like with the identity theft risk and credential compromise).
Just like in the real world you’re more likely to get people to see eye to eye with your cause if you simply raise awareness peacefully then if you start rioting and causing damage. Likewise I believe hacktivism has a great chance of succeeding if their collective know how and abilities are used to raise awareness about issues rather than cause damage.
It’s always difficult to characterize these types of contexts.
In a way most hackers hack simply because they enjoy the challenge – there’s no doubt about that. If their chosen target is based on an ideology I would consider it as hacktivism even if it may be a subconscious justification by the individual.
Whatever the case, Hacktivism is not a justification that can make one’s actions legally correct.
I see Hacktivism as a term which refers to hackers who choose targets based on an ideology.
Its idealism vs the establishment. Just think about the fat security budgets those corporations have and yet they are so easy to hack. When you have a motivated army of idealists on one side (i.e.hactivists) vs a demotivated army of employees who often care only about their paycheck and couldn’t care less if they do their job well, the result is easy to see. Also, with the complexity of software and hardware today, even if you do care about your job and aspire to do things properly, there are always holes you can’t cover and hactivists take advantage of this. Corporations have gone too powerful to be controlled the conventional ways and hactivists come to fill the gap – or at least this is what they think.