Hacktivism: A tool against oppression or nothing more than cyber-terrorism?

Hacktivism is a term which describes the use of hacking for political, non-violent activism. As with any other form of activism, people’s perceptions will differ; some see hacktivism as a necessary tool against oppression, while others see it as nothing more than cyber-terrorism.

It is important to note that Hacktivism is not something new. In 1989, a group of Australian hackers allegedly created the worm WANK (Worms Against Nuclear Killers). This was one of the earliest recorded hacking events used for activism, although the term itself was reportedly coined by author Jason Sack in 1995.

A number of recent cases have led to a revival of the term Hacktivism. Groups like Anonymous and LulzSec launched a number of attacks on high profile targets this year with a high rate of success.

What is the incentive for these attackers?

Anonymous is a group allegedly made up of numerous individuals that are not bound by any hierarchy. They simply work together to achieve a common goal. Anonymous has a large number of hacktivism instances attributed to them this year, most in protest against the actions of some high profile organizations that went against Anonymous’s philosophy. These include:

  • Sony suing GeoHot for the PlayStation 3 compromise
  • The alleged Iranian election vote rigging
  • Various companies’ hostile action against WikiLeaks
  • HB Gray Federal actions against the group

LulzSec, which stands for Lulz Security – ‘laughs’ Security – is a group of hackers which for 50 days launched a number of hacking campaigns. The group’s motivations were a bit of a mystery. The members of LulzSec are allegedly reported as saying that their motive was the reveal lax security and they were only doing it for a laugh.

While most of their attacks do not appear to be politically motivated, some are – such as the defacement of PBS’s Frontline report with a message to free Bradley Manning. The group also attacked a large number of online games releasing countless user accounts and passwords.

The high rate of success is quite worrying. It is hard to say if this was due to their skills or lapses in security. Either way, it makes you wonder how many successful hacks go unnoticed simply because the perpetrator has no interest in the attack being made public.

Hacktivism is another wakeup call to reminds us that not maintaining a good balance between security and freedom for your employees can in itself be a security risk. In the last days of their hacking rampage, LulzSec started accepting requests for potential targets to hack next.

Disgruntled employees might be inclined to offer their own workplace as a target in retribution for what they might perceive as oppression. If there was one lesson the HB Gray story taught us, it was that if a hacker group targets your organization and goes all out, they can seriously harm your company’s reputation and possibly put you out of business.

One of LulzSec’s goals has been to stress upon the importance of security and, although they went about doing this the wrong way, the message itself is very valid. Taking security seriously is very important for the long term survival of any organization.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.