There are many types of cybercriminals today. While most cyber criminals are looking to steal data and information for a profit, hacktivists hack for politically or socially motivated purposes. Seen as vigilantes to some, hacktivists aim to send a message through their activities and gain visibility for a cause.
Hacktivists often target government agencies and large corporations whom they perceive as bad or go against a moral position. Among the famous hacktivists, groups and individuals include Anonymous, DKD and Wikileaks by Julian Asange.
Hacktivist groups such as Anonymous Malaysia are based on loose membership with members joining and leaving at any point in time and may also form alliances with other hacking groups for certain hacking campaigns.
Their attacks include defacing websites, blocking access, and even exposing stolen data to the public. Hacktivist attacks can take the form of any of the following:
- Web defacements (changing the content of the website to show the hacktivists’ message)
- Dos (denial of service) attacks (to render the website inaccessible to users)
- Data leaks (as most websites contain databases, the malicious players are able to access the data when they deface websites)
- Doxing (revealing personal information such as addresses and phone numbers, mostly of notable public figures such as politicians or celebrities)
Hacktivists normally do not have a very high degree of technical proficiency compared to an experienced pen tester. But this lack in technical ability is compensated by their use of various hacking tools, coordinated effort to scan for vulnerable websites and sharing of information between members.
In the end, because of the volume of probing hacktivists carry out, they would likely be able to perform a successful attack. This is probably the biggest challenge for security professionals, as it only takes a single successful hack for the attackers to claim victory.
To help minimise the impact of a hacktivist campaign, organisations need to make sure that all relevant parties are alerted. The in-house staff and third-party service providers should be included in briefings and be put on-call, ready to resolve any security incident.
As it is almost impossible to determine what will be attacked and how it is important to be ready to resolve the issue and make the successful hack as short-lived as possible.