Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools
These notifications give defenders a chance to prepare their response. Without them, a hacktivist runs the risk of the affected organization attributing the attack to criminals or equipment outages. For a hacktivist, that’s a fail—the attention is just as important to them as the shutdown.
The real problem with hacktivists perpetrating DoS attacks is the use of illegally subverted computers (pwned bots) woven into Distributed Denial-of-Service (DDoS) botnets. It’s much harder to claim the moral high ground when you DDoS someone using stolen computing resources. Some hacktivists have tried to frame DDoS attacks as legitimate forms of protest although, so far, this hasn’t held any water as a legal defense.5
We have come to expect the mostly symbolic protest gestures from groups like Anonymous, such as their DDoS attacks on Holocaust Remembrance Day6 or Canada Day.7 What is new is groups like New World Hackers claiming responsibility for the largest DDoS attack in the history of the Internet.8 The California State Threat Assessment Center (STAC) has issued warnings of a ramp-up of several different hacktivist groups that are planning DDoS attacks against government sites.9 DDoS as a protest tool is normalizing and spreading.
Defacement
Website defacement—changing the visual appearance of a site—was also an early and popular form of hacktivism, essentially taking the form of political graffiti across Internet. It reached an early apex of popularity in 2001 when a mid-air collision between a Chinese fighter plane and a U.S. spy plane occurred. Chinese hackers retaliated by hacking into and defacing nearly a thousand U.S. websites, and American hacktivists responding in kind.10 Website defacement still happens, often to take the hacktivist’s message directly to “the people.”
But, stepping back from tampering with the visual appearance of websites, there are more insidious forms of hacktivist defacement. In its purest form, defacement is what we security professionals call an attack against data integrity; that is, someone has corrupted our systems by electronic tampering. But, defacement can go beyond websites. Many other kinds of electronic systems can be subverted to send a political message.
Online polls have been hacked to skew results, although most of the time it has been done as a prank.11 This calls into question any online political polling. Followers of social media such as Twitter12 or Facebook13 are also easily subverted, further corrupting the viability of any online political campaigns. Political Bots, a research team that investigates the impact of automated propaganda on the public, explains, “Bots are social media accounts that automate interaction with other users, and political bots have been particularly active on public policy issues, political crises, and elections.14 In a separate post, the research team noted that in the week prior to the 2016 U.S. presidential election, 19 million bot accounts sent tweets. “The U.S. election saw perhaps the most pervasive use of bots in attempts to manipulate public opinion in the short history of these automated political tools.”15 Entire platforms for political communication and discourse are being defaced, notably sometimes invisibly, to skew influence.
You Can’t Punch a Swarm of Bees
Hacking allows anonymous attacks from small groups or individuals to command an unprecedented level of attention in society. Part of that power is in the protestors’ ability to blend into a faceless, amorphous group. Beyond the Anonymous group, which revels in striking from the shadows, there are many other protest movements banding together solely based on goals and a set of techniques. These include Resist, BLM, Occupy, and Arab Spring. While some of these groups have some leadership, involvement is more about hashtags than membership cards. Online tools not only facilitate, they also encourage ad-hoc associations and actions around a cause.
An inability to point to a specific leadership in an offending organization can make retribution, containment, and negotiation very difficult. For example, even when a large crackdown against hacktivists occurs, it still represents a small fraction of the actual movement. When the FBI arrested 14 members of Anonymous, the movement quickly regrouped and began taunting law enforcement anew.16 These flash mob style swarms of attacks can be quite exasperating for targeted organizations and, for the same reason, can be very attractive for protestors who want to modulate their involvement in the cause. The deployment of opt-in DDoS tools like the Low Orbit Ion Cannon (LOIC)17 can provide hacktivist movements with a way to arm spur-of-the-moment protestors with powerful cyber-weapons.
Digital crowdsourced protests also provide deniability for egregious actions taken. If the movement wants to preserve some legitimacy, it can also easily disavow any illegal actions by these spontaneous hacktivists. That’s just as well, because there are some hacktivists who truly don’t believe in any particular cause beyond causing general mayhem to authority figures. Unfortunately, these vandals can easily slip in and out of hacktivist movements to harass and sabotage under the aegis of “making the world a better place.”
One can also look at these as situations in which the respective governments are either encouraging (or not discouraging) the hacktivist actions. Hacktivism can be seen as a form of slightly firmer political “soft power”—a way of flexing muscles without actually causing any permanent damage. The web defacements regarding a politically charged sports ruling could easily fit this paradigm.18
Conclusion
The problem with cyber protesting is that anything technological can be automated and mass-scaled, which means grassroots campaigns can be quickly co-opted into AstroTurf campaigns— usually by the very authorities being protested.
CISOs, build your threat models accordingly. Anyone can get angry at you. Hacktivists won’t play fair and merely picket your building and sue you in court. Be sure you have done adequate risk analysis around leaks of email and doxing attacks against staff, sustained DDoS attacks, and defacement of Internet applications.
Source link
lol
These notifications give defenders a chance to prepare their response. Without them, a hacktivist runs the risk of the affected organization attributing the attack to criminals or equipment outages. For a hacktivist, that’s a fail—the attention is just as important to them as the shutdown. The real problem with hacktivists perpetrating DoS attacks is the…