“Hacktivism” has been around since the Cult of the Dead Cow in the 1980s; only the names have changed. Where we once heard about Chaos Computer Club and the Legion of Doom, we now have high-profile examples like Anonymous, Anti-Sec and Lulzsec.
This is not a comparison – 35 years ago it was mostly demonstrations and denials of service. Now, attacks have become exponentially more intrusive and destructive.
With this escalation in damages comes a new name. Cyber terrorism is a term that the media has been using quite frequently. There have also been countless articles on the so-called Cyber Caliphate, Cyber Berkut, and even various disparate groups of “cyber freedom fighters” around the world.
Is changing “hacktivism” to “terrorism” the government and media’s way of upping the ante on hacking? Indeed, what is the difference between hacktivism and cyber terrorism, if there is one?
After all, they both seek out pretty much the same targets. They both have a singular purpose, in its simplest definition – to cause damage to an entity, organisation or group. So what sets these two categories of hackers apart? Is the answer in their motivation? Can we really view one as “good,” and the other “bad”, or is it simply a matter of personal opinion?
Anonymous is a loose association of activist networks that has an informal and decentralised leadership structure. Beginning in 2003, on the bulletin board 4Chan, Anonymous began to recruit and train young people interested in hacking for a cause.
Throughout the years, they have run cyber attacks, mostly distributed denial of service (DDoS) attacks, against the financial, healthcare, education, religious organisations, oil, gas and energy industries – pretty much everything. They have also earned a spot on that distinguished list of attackers who have targeted consumer electronics giant Sony.
Anonymous has really changed the nature of protesting. In 2013, Time magazine listed it as one of the top 100 influential “people” in the world. Supporters have called the group “freedom fighters” and even compared them to a digital Robin Hood.
Others, however, consider them little more than cyber terrorists. In the public’s eye, it depends on their motivation, following and targets. The bottom line: This could either be a case of malicious activity masked by political motivation, or pure malicious activity.
Cyber Berkut is a modern group of hacktivists and claims its name from the Ukrainian special police force “Berkut”, formed in the early 1990s. This pro-Russian group made a name for itself by conducting DDoS attacks against the Ukrainian government and Western corporate websites conducting business in the region.
The group has also been known to penetrate companies and attempting to retrieve sensitive data. Following a heist, they would post on public-facing pastebin sites or their own non-English website, which includes a section called “BerkutLeaks”.
Cyber Berkut was most recently credited for attacks against the Chancellor of the German Government, NATO, Polish websites and the Ukrainian Ministry of Defence. The group has been compared to Anonymous based on its methods of protest and political targets.
Viewed as passionate about its targets, Cyber Berkut has a clear agenda. However, the group’s ideology in no way diminishes the amount of intended damage that might be inflicted on potential victims.
Cyber Caliphate, as the name implies, is a hacker group that associates with the Islamist terrorist group ISIS. It has attacked many different government and private industry entities, and claims responsibility for multiple website defacements and data breaches.
The group has hacked various websites and social media accounts, including those of military spouses, US military command, Malaysia Airlines, Newsweek and more. Indeed, Cyber Caliphate is hungry for media attention.
This raises the question: does Cyber Caliphate believe in its stated cause, or is this just opportunistic hacking under the cover of a cause for media attention? What if the group is just looking for fame and fortune? What if the group is not a group at all, but the work of one or two people collaborating with different contributors for specific targets?
Motive doesn’t matter
Is this really cyber terrorism, hacktivism or just another set of hackers trying to get famous by jumping on the media’s hot topic of the month?
In some cases, it may seem romantic when people claim to be fighting for a cause – rather than more nefarious intent, or even just for a laugh. But the fact remains that cyber attacks are cyber attacks, whether they are motivated by politics, money or a distorted idea of fame.
The key to fighting back – after ensuring that your organisation’s security is up to snuff – is threat intelligence.
Threat intelligence gathering is the key to keeping up with the actions of these groups and their potential targets with impartial, straightforward news, gathered by specialists.
Staying abreast of potential hacktivist attacks requires a proper investment in intelligence groups with the proper tools, people, processes and other resources to deliver up-to-date information. And not just about the groups, but the techniques they might be using.
Information sharing among intelligence groups from different industries and countries also will help expedite the reverse engineering of malicious code and assist in the building of signature content and correlation logic that is deployed to our security technologies.
So once attacks are observed globally, defences can be quickly built, detection logic integrated – and information disseminated to the security specialists on the front line who may be all that stands in the way of the kind of corporate meltdown that nearly sank Sony Pictures in December last year.