Why Hacktivists Are Fighting The WikiLeaks War
Most hackers work in secret for money. The hacktivists punishing WikiLeaks’ enemies are different, says Noa Bar Yosef
Hacktivism is the use of cyber attacks and sabotage to communicate politically motivated causes; it is as old as the internet.
Solo hacktivists have always acted in an individual manner to demonstrate their protest using various attack methods. One popular attack has been, and continues to be, the defacement of websites- Microsoft’s website, for example, was replaced with a Saudi Arabian flag in 2007.
Something else happens when hacktivists group together; they commonly perform what’s called a Distributed Denial of Service (DDoS) attack. With the increased number of participants they are able to flood the targeted website with traffic so that the server becomes overloaded. As the site attempts to process the large volume of malicious traffic it denies access from legitimate users and often crashes altogether.
Hacktivists punish WikiLeaks’ opponents
The attacks have become automated, thus making them more powerful and harder to track, and have advanced in their techniques, however, the effect remains the same. Let us take a look at Operation Payback, which has gained notoriety in the past few months.
Operation Payback is a series of DoS attacks carried out by hacktivists. Their initial goal was to bring down anti-piracy sites, such as the recording and media companies who attempted to act against illegal file sharers, and a UK government intellectual property site.
They even attacked law firms who threatened to bring the illegal downloaders to court. In the latest chain of activities they have also started targeting organizations that have spoken against Wikileaks’ activities or any other form of “Internet censorhip”. MasterCard, for example, was attacked by the hacktivist group ‘Anonymous’ when it refused to process donations to the whistle-blowing site.
Attacks put together swiftly
Hackers, in short order, build attack software designed to take down websites and services. This software is then made easily available for download by other hactivists.
Once installed on a user’s machine it sits idly waiting for the attack command, and when the time is ripe for the attack a “wake up” call is issued to the malware on the hacktivist’s machine. At that stage the machine will start spurting out the malicious traffic to the specific site.
Using the power of the community, i.e. all involved hacktivists, the target is inundated with voluminous traffic which causes the servers to crash.
When looking at this specific group, we can see that social factors have a part to play. As the activities of Operation Payback received more media attention, the number of hacktivists joining the specific hacktivist network increased.
What is the motive?
Modern hacking, in general, is motivated by data theft. Stolen credentials, credit card numbers and so forth are highly valued on the black market. Data is the currency of cyber crime so staying invisible is essential.
In contrast to other forms of cybercrime hacktivism is not motivated by money and actively seeks to gain as much attention as possible; high visibility is the key.
Hacktivists are motivated by revenge, politics, ideology, protest and a desire to humiliate their victims- what would be the point of embarrassing someone if they didn’t know who performed the attack?
Another attention-grabbing DDoS attack was executed in June 2009 by hacktivists protesting against the Iranian elections. In this attack hacktivists operated from outside of Iran and targeted government and other state-sponsored websites. As a result, the Iranian government blocked access to different social network sites to prevent netizens from providing coverage regarding the current state of affairs on the street.
The current chain of events show that the industrialisation of hacking (ie hacking-for-profit), as witnessed in the past couple of years, will continue to increase.
Although there are threats originating from state-sponsored attacks, for example, North Korea DDoSing South Korea and US sites, there still remains another group of attackers.
These individuals remain in the background of the threat landscape as the aforementioned threats take the front seat. But every once in a while, they raise their head to protest in unison, carrying out their acts through the Internet channels. With the right power and means they may create much havoc and attention.
Noa Bar Yosef is a senior security strategist at Imperva