Hacktivists are generally known to carry out cyberattacks for, what they perceive to be, the greater good of society. They’re a bit like the Robin Hoods of the internet. However, in recent years, the nature of hacktivism has changed and as such is potentially becoming more of a threat to you and your business.
What is a hacktivist?
The term “hacktivist” comes from combining the word “hacking” – the use of technical hacking skills – and “activist” – someone who fights for a specific purpose or to expose an injustice. As a result, they differ from cybercriminals as they act out of a wider purpose or shared belief in doing good, rather than committing a purely selfish crime for financial gain.
Typically, hacktivists will target government agencies, multinational corporations or powerful individuals who they deem to be going against societal interests. The main motivations for hacktivism are:
- Political: To overturn a government or political agenda that goes against their beliefs
- Social: To expose social injustices including censorship or human rights issues
- Religious: To try and discredit a specific religious ideology or spiritual belief system
What does hacktivism look like?
Hacktivists’ main aim is to cause disruption rather than to make a profit, so their methods include website defacement or redirects, DoS or DDoS attacks, anonymous blogging or – in the most extreme cases – data leaks.
Some well-known examples of hacktivism
Some of the most famous hacktivist groups include Anonymous, LulzSec and WikiLeaks and they have undertaken several hacktivism attacks over the last 20 years. For example, in 2008 Anonymous launched a DDoS attack on the Church of Scientology in protest of censorship after the church removed a video that showed Tom Cruise confirming his membership.
Another high profile hacktivist attack was in 2010 when WikiLeaks – a whistleblowing organisation led by Julian Assange – published confidential government documents about the US war in Afghanistan with the aim of promoting freedom of information and government transparency.
And in 2011, LulzSec committed a string of cyber attacks against Sony which ended up compromising the information of 1m users. Their aim was to highlight the weakened cybersecurity systems and poor privacy protections of the company. In the end, Sony ended up having to pay USD 600K to recover from the disaster.
Why should you care about hacktivism?
Firstly, if you are one of the key targets for hacktivism, then it’s important to be vigilant and have systems and processes in place to protect against any kind of cyberattack.
But, even if you believe in the cause of hacktivists, in recent years, the line between true hacktivism and state-backed cyber attacks is becoming blurred. It’s not uncommon for hacking groups, with the backing of different states, to commit cybercrimes in the name of a particular cause. In reality, these attacks are more like “false flags” done on behalf of governments as a means of attacking their enemy.
And, even on a smaller scale, whilst these attacks might be carried out by true hacktivists with good intentions, people can get caught in the crossfire, and your data could be leaked to malicious actors.
Ultimately, hacktivism isn’t going to go away and, because of the way it has changed, it is sensible for organisations to treat all hacktivists as if they were potential threats.