Future Watch I: The impending dangers of Hacktivism and political hacking
Hacktivism is a rising threat to cyber security that we are sure to see more of in the coming years. Out of the 174 million reported cyber crimes in 2011, around 100 million of them are related to hacktivism. This term refers to the hacking of networks or websites by a group for a political or social cause. ‘Anonymous’ is the most widely recognized hacktivist organization and their targets have been picked due to reasons like human rights abuse, privacy concerns, social messages and other related issues.
The threat scenario once a target is picked translates either to a security breach or a DDoS (Distributed Denial of Service) attack. Apart from this, data theft is also a serious concern. When enterprises or Governments are targeted, the financial loss or data loss risk is insurmountable. Website defacement is one of the most common attack vectors. It usually occurs in the shape of a condemning or accusatory message on the homepage of the breached website.
Some hacktivist threats are carried out by Governments for privacy and censorship measures. This leads to file content viewing, keylogger program installation, screenshot captures, information sent to remote IP addresses and email/social media account hacking. Private lives of prominent people and public figures are also under public scrutinization.
In the coming years, the convergence of hacktivism and social media seems imminent. The reach of networks like Facebook, Twitter etc. could lead to large scale coordinated attacks and in some instances, physical demonstrations. Hacktivists have already shown their prowess in the case of the Syrian President (targeted by Anonymous). The case of Egyptian protests utilizing social media also demonstrated the power that hacktivists possess.
|December 2010||MasterCard and Visa websites||Anonymous||Shutting down of payments to WikiLeaks|
|January 2011||Tunisian Govt and Egyptian Govt||Anonymous||In support of anti-censorship and the opposition respectively|
|April 2011||Sony PlayStation Network||Unknown||Unknown|
|July 2011||Monsanto (a biotech firm)||Anonymous||Protest against oil companies|
|July 2011||News Corp||Lulzsec||For the phone hacking scandal|
|July 2011||Apple||Antisec||Exploited security flaw in software|
|August 2011||RIM||Team Poison||Protest against RIM helping police track BlackBerry’s used in London riots|
|August 2011||Govt of Syria||Anonymous||Calling for downfall of the President|
|October 2011||40 child pornography sites||Anonymous||Operation Darknet|
|January 2012||Dept of Justice, FBI, MPAA and Universal Music||Anonymous||In support of SOPA/PIPA and opposing the shutdown of ‘megaupload’|
|February 2012||United Nations||Casi||Hackers posted vulnerabilities|
|February 2012||Foxconn||Swagg Security||Protest against abuse of human labor rights|
|February 2012||Syrian President||Anonymous||His emails were revealed to the world|
|February 2012||Symantec||Unknown||Tried to extort $50,000|
|February 2012||Texas police, Boston police and Salt Lake City police||Anonymous||Reasons related to child porn, anti-graffiti bills and Occupy Boston|
|May 2012||Indian Congress and Supreme Court website||Anonymous||In support of Pirate Bay and free speech on the web|
While hacktivists have been targeting enemies of privacy and free speech so far, the fact remains that these organizations are acting like masked vigilantes. At times they have no clearly stated goals so conflict of interest becomes inevitable. These techniques could be used for extortion and harassment. For instance, Anonymous is a faceless group and the identities of its members are unknown so there is no telling what their motives are.
Hence, it becomes important to distinguish between different kinds of hackers. White-hat hackers breach networks for altruistic reasons while grey-hat hackers have questionable ethics and can use their skills for non-altruistic purposes. Black-hat hackers are the worst of the kind since they utilize their hacking skills for criminal purposes only.
With all kinds of different threats looming around, one needs multi-layered protection that will help protect not only from malware and viruses but also from such new generation threats. Both Quick Heal Internet Security and Quick Heal Total Security are products that provide the right mix of multi-layered protection.
- Recent Blog Posts
Content spoofing is carried out by an attacker to trick their victims into visiting a fraudulent site that looks like the real one.