The term “hacktivism” is a combination of the words “hack” and “activism”. It’s a word to describe the intent of specific attackers. A hacker performs various exploits in the name of hacktivism to demonstrate their political or social dissatisfaction with current events. The exploits and threats remain the same, but hacktivists have specific political goals rather than financial reasons to perform attacks.
What Motivates Hacktivists?
Hacktivists can be a single person or a group of individuals with similar ideologies. Because hacktivists mainly target political opponents or social issues, a group of hacktivists shares views and goals. The possible motivations to take on a particular target could be revenge, disruption of stability and continuity of organisations or even countries, protest of current events, or to take down a rival organisation.
Damage from a group of hacktivists could be anything from basic vandalism to data theft to ransomware and blackmail. Hacktivist damage is not much different from a standard exploit, but it’s usually a collaborative effort with a specific target rather than a classic attacker scanning the internet for open vulnerabilities and opportunities.
How Hacktivism Works
Usually, a hacktivism group targets corporations or government entities. They are a group of people who disagree with how a business runs, events that the business backs or the politics of a specific government. Participants in a hacktivist group could be from the same country or located across the globe with similar interests.
The methods used in hacktivist groups depend on their goals. One common method is distributed denial-of-service (DDoS). A DDoS uses a large number of hacked devices to send a flood of traffic to a targeted site. The flood of traffic exhausts server resources, and legitimate traffic cannot complete requests. It cripples business continuity, and a robust DDoS can last for days. DDoS affects revenue when the target cannot process payments or service legitimate customer requests.
For some hacktivists, the destruction of data or business continuity is their goal. They might use ransomware or simple vandalism of a business website to convey their message. Hacktivists aim to bring attention to their cause, so they want a targeted victim to know that they are dissatisfied with a business or government’s actions. Vandalism of a targeted victim’s website shows the hacktivist’s message to the world, and installing ransomware destroys a company’s productivity.
Types of Hacktivism
Because hacktivists aim to destroy their target to bring awareness to an issue, they often have somewhat different approaches to exploiting vulnerabilities. Most hacking is done for monetary gain, but hacktivists aren’t motivated by money. They want targets to understand their displeasure with current events or how targets conduct business.
Here are several types of hacktivism:
- Online blog content: Whistleblowers need protection from revealing their identities, especially if they plan to reveal information about powerful people. An anonymous blog gives a hacktivist an outlet to point to issues without revealing the blogger’s information.
- DDoS: A distributed denial-of-service is an effective way to stop business productivity, impact revenue and customer loyalty and potentially cost businesses millions in lost revenue.
- Doxing: When a targeted individual has their information exposed on the internet, it’s called doxing. Doxing alone is not damaging but can be damaging if the targeted victim has a dubious past. For example, exposing a politician’s past arrests could be damaging to their career.
- Information leaks: Insiders with something to expose in governments or their employers send journalists files or proof of a hacktivist's claims or post information anonymously to avoid detection. The disclosed information could sway public interest and convey the hacktivist’s dissatisfaction.
- Website vandalism: Obtaining control of a website lets hacktivists display their message and deface a corporate site. Vandalism on a popular site gets out a hacktivist’s message and conveys their goals.
- Website cloning: Similar to phishing, hacktivists clone a website and use a slightly different URL to trick users into clicking it. The clone site has the hacktivist's message, but the website retains the same layout as the legitimate business.
In the past decade, the world has seen much more hacktivism as politics plays a significant role on the internet. More people are now on the internet than ever before, so hacktivists can spread their message more effectively than decades ago. Several incidents involving hacktivism have been in the news in the last decade. Some examples are for political reasons, and others are from business actions in the media.
Here are a few hacktivism groups that made headlines:
- Cult of the Dead Cow: One of the first hacktivist groups was Cult of the Dead Cow (cDc), which started in the 1980s. The focus was on media saturation of free information, but it later turned to political hacktivism to combat human rights violations in China. In the 1990s, cDc took a stance against denial-of-service (DoS) attacks, saying it went against the principles of free speech and information.
- Anonymous: The Anonymous hacktivist group is probably the most popular. It rose to fame in the late 2000s but began in 2003 on the imageboard 4chan. Many hacktivists claim to be Anonymous, so it has become more of an idea rather than an organised group. They use doxing, DDoS and media to announce their latest targets.
- WikiLeaks: Julian Assange launched the website WikiLeaks to expose government activity and documents relating to the U.S. war in Afghanistan. It’s grown to be a site where anyone can post government secrets anonymously. It has a clearnet version but is primarily active on its onion site using Tor.
- LulzSec: A few Anonymous group members spun a new hacktivist group called LulzSec in 2011. After its inception, LulzSec immediately took down the U.S. Federal Bureau of Investigation's (FBI) website, which resulted in the arrest of several hacktivists involved in the compromise.
- Syrian Electronic Army: Hacktivists supporting Syrian president Bashar al-Assad gained attention in 2013 and aimed to protect the Syrian government. They defaced and used DDoS attacks against several U.S. governments and posted misinformation across social media.
Hacker vs. Hacktivist
Hackers and hacktivists use the same tools and attack vectors, but their motives differ. A hacker may exploit vulnerabilities for amusement or to steal data for monetary gain. Most attacks are for financial gain, but it’s not the main focus for a hacktivist. Hacktivists perform cyber-attacks based on personal opinions on specific government and corporate actions.
Although motivations differ, both hacker and hacktivist activity remains the same. They use the same exploits and search for the same vulnerabilities. Hacktivists usually target a specific government or corporation, but they might target several similar entities to express their dissatisfaction. However, hackers performing attacks for monetary gain might cast a wide net to find any vulnerable entity to steal data. Stolen data may be sold on darknet markets, but hacktivists might steal data to share with opposing governments or corporate competitors.
Hacktivism Groups and Organisations
Hacktivist groups exist across the globe. Every hacktivist group has its own goals and methods to publicise its message and make itself heard. Here are a few groups to be aware of:
- Legion of Doom: The earliest group of hacktivists was created in 1984. They developed the Hacker Manifesto to inspire a new generation of hackers.
- Masters of Deception: Also an early 1990s hacker group, Masters of Deception (MoD), exploited telephony companies.
- Chaos Computer Club: The first large hacktivist group, Chaos Computer Club, had over 5,000 members and started in Europe. They push to have more transparency in government information.
Why Should Businesses Care?
Every organisation should be aware of the latest threats in the wild, and hacktivist groups and goals are no different. Hacktivists might have specific targets, but an enterprise organisation could be a hacktivist group’s next target. The methods used are the same as any other attacker, but hacktivists can be much more aggressive in finding vulnerabilities for a specific enterprise.
A DDoS can completely cripple an organisation's productivity and revenue, so enterprises should have the proper defences in place to detect and stop them. Defacement of an enterprise website can make news headlines and affect customer loyalty and trust. Customers want to know that a business has effective cyber-defences to protect its data, and a successful attack against a web application establishes distrust among the public.
No amount of cyber-defences completely remove risk, but awareness of hacktivists and their goals helps businesses install effective cybersecurity infrastructure to stop aggressive attacks. Insider threats are also a primary concern with hacktivism, so organisations should have monitoring tools in place to detect suspicious internal user activity.
How to Prevent Hacktivism Attacks
Organisations can take several steps to stop hacktivism against their infrastructure, software and customer data. A few ways administrators can protect data:
- Discover all vulnerable assets and risks to the environment.
- Audit the environment for any changes and keep a log of asset inventory.
- Use multi-factor authentication (MFA) on all account access.
- Install cybersecurity infrastructure to track and block unauthorised traffic.
- Offer employee training to educate them on common threats (e.g., phishing and social engineering).
- Incorporate incident response and disaster recovery into standard cybersecurity strategies.
Ransom DDoS Extortion Actor “Fancy Lazarus” Returns
Proofpoint researchers are tracking renewed distributed denial of service (DDoS) extortion activity targeting an increasing number of industries.
What Is a Threat Actor?
A threat actor is a term used to describe individuals whose purpose is to engage in cyber-related offences. Learn the definition, types, motivations, and more.
What Is Hacking?
Hacking is a term used to describe the myriad of criminal activities carried out using a computer, network, or another set of digital devices.