New 'Hacktivism' Highlights Growing Problem
We all saw what the concentrated efforts of a group of politically minded hackers could accomplish in 2007 when Russian attackers took a wide swath of Estonian Web sites offline in response to perceived affronts against the Russian national image by its smaller neighbor.
In the wake of the event, as the Estonian government and ISPs in the region struggled for several days to get their sites back to normal, many cyber-security experts predicted that the incident would serve as a model for future acts of so-called hacktivism through which people would turn to technology, namely the Web, to support their political beliefs via such campaigns.
While there was a fair amount of malware and hacking activity carried out during the 2008 U.S. presidential campaign, most of that activity seemed aimed more at spreading threats than attacking any political movement. This week saw a return of the pure hacktivism model as more than 300 Israeli Web sites were found defaced just a few days after Israeli forces bombed Gaza.
Self-identified as a tool of "propaganda war," the defacements mostly involved sites being amended to display anti-Israeli and anti-U.S. lingo, though some people went as far as to launch phishing attacks on the hacked URLs.
As a result, some experts are once again speculating that larger numbers of politically motivated hackings will begin occurring worldwide during 2009 and beyond.
Gary Warner, director of research in Computer Forensics at the University of Alabama, observes in his blog that the first instances of hacktivism actually appeared as far back as May 2001 when tens of thousands of U.S. sites were defaced by China-based hackers angered when a Chinese fighter jet collided with a U.S. Navy plane.
Warner contends that hacktivism will continue to spread in the coming years unless site masters do more to protect themselves, and he also predicts that sites of all sizes will be successfully targeted.
"One interesting aspect of a cyber-propaganda war is that it doesn't matter what size the Web site is, or how important it is. It only matters where the Web site is. In the current situation, the hackers supporting Gaza clearly believe Israel and the U.S. are culpable. That means American Webmasters may wish to be especially vigilant right now," Warner wrote on his blog on Jan. 30.
"Webmasters need to decide on a strategy. For many Web sites, it's enough to have a daily review of your content to ensure that nothing has been changed. For more important Web sites, it would be worth investing in having your Web site professionally tested for weaknesses," he said.
In a blog post on Trend Micro's site, researchers pointed out that there have been other recent incidents of hacktivism carried out between opponents in India and Pakistan.
"The Web is no longer an avenue to gain profits, but also to express political and religious beliefs, whether be it through legitimate, harmless ways, or not," wrote Trend Micro tech communications specialist Bernadette Irinco. "And we can certainly expect the Internet to be a battleground for political, cultural and other all sorts of dissenting opinions -- well into the future."
There is certainly never a shortage of conflicts around the globe that pit groups of people against each other who truly despise their opponents.
Only time will tell how ubiquitous hacktivism will become as a tool of destruction in those types of scenarios, but it would seem likely that it will become more popular as it remains a fairly cheap, safe, available and high-profile manner of embarrassing one's enemies.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.