←All Posts Posted on May 16, 2016 By admin
Most hackers these days are motivated by money and are out to steal your bank or credit card details. Hacktivists have a more noble calling, they seek to use their activities to draw attention to political causes.
Perhaps the best known hacktivist groups are Anonymous and Lulz Security (LulzSec), these groups have carried out high profile attacks against targets as diverse as porn sites, government and financial institutions. Most often, they carry our denial of services attacks to take down websites, but they also attempt to steal sensitive data that can prove useful to their cause or lead to embarrassment for public figures.
Whilst some people compare hacktivism to a form of cyber-terrorism, we don’t believe this to be correct. Most of the time their activities are disruptive rather than destructive, more akin to a form of electronic civil disobedience. To stretch the analogy, the hacktivist is sitting down on the electronic superhighway, not trying to blow it up. Hacktivism doesn’t always operate in the shadows, as evidenced by its contribution to the ‘Arab Spring’ when the Egyptian government tried to shut down internet and technology companies collaborated to create a ‘Speak2Tweet’ service.
In the media the hacktivist is often painted as some sort of misfit with poor real-world social skills, young, disaffected and venting their frustration with society. Whilst this might be partly true, some of these characteristics also apply to a sizeable portion of IT professionals who are successful in their professional and personal lives.
There is also the spectre of state sponsored hacktivism attempting to manipulate public opinion. This is usually attributed to China and Russia, but it would be naïve to think that western nations don’t use these techniques too.
From the forensic investigator’s angle, establishing the motive for hacking is a key part of the investigative strategy. The effects of hacktivism can be just as severe and damaging as those of other forms of hacking.
For companies, avoiding a hacktivist attack means taking technical countermeasures to stay secure. They should also leave their public representation to PR professionals to avoid behaviour and public statements that might anger the community. They should also monitor social networks for negative comment.