Hacktivism: a pressure tool or a time bomb?

[Father]

Hacker activism or hacktivism (from the English Hacktivizm) is no longer just a phenomenon in information security, but a full-fledged social trend. The fruits of hacktivist activity are encountered daily by tens of thousands of people who, trying to gain access to popular sites, meet unexpected, provocative statements on the websites of news publications.

From a technical point of view, hacktivists use the same methods and technologies as any other hackers. This is also partly true for malicious software that is accessible to activist hackers.

At the same time, hacktivism differs markedly from other forms of hacking in almost all key aspects. In this article, we will analyze the main signs of hacktivism, the prerequisites for its development, and the foreseeable prospects.

Two reasons for the development of hacker activism​

Two factors that influence the development of hacktivism around the world seem to be the most significant and decisive. The first of them is purely social, and is due to the fact that hacker activity acts as a form of protest. This is facilitated by the high level of digitalization of society and the spread of modern technologies.

It turns out that hacktivism is somewhat similar to public statements in social networks, only with a more obvious sense of the result: if the publication can be ignored, then a conditional DDoS attack (especially if it is numerous) will not be overlooked. And if the site "lies down", then the media publicity is almost guaranteed.

Alexander Gerasimov
CISO Awillix

In order to attract the most attention, hacktivists often target the media and state-owned companies. Most attacks are carried out because of religious and political conflicts.

Hacktivists use DDOS attacks to suspend resources, hack websites to get confidential information or a deface. As a rule, hacktivists — individuals with a small technical base, use automated tools for attacks. The damage caused by their attacks is usually comparable to the cost of downtime of the hacked service. Since hacktivists do not always care about their anonymity, they are often found and brought to justice very quickly.

The second component of the development of hacktivism belongs entirely to the world of information security and causes the greatest concern - this is the availability of means of attacking digital resources. Thanks to the development of the service model, you no longer need to understand how HPE works, just simply click a couple of buttons and specify a link to the goal.

Vladislav Luzhnikov
Deception Technology Analyst at R-Vision

Assessing the damage and scale of hacktivist activity is often difficult. Mostly organizations that are confronted with the actions of such groups try not to spread this fact, and especially not to disclose information about the consequences. Primarily because of the risks associated with reputational losses. Today, even one case of data leakage is enough to reduce the authority of an organization. Public demonstration of the victim's inability to resist the threat of intruders undermines confidence in the state, business, or individual.

Activist hackers carry out attacks not so much for financial gain, but to express their political, social or other position. The effectiveness of such actions depends on many factors: motivation, purpose, professionalism, the size of the hacker group, as well as the psycho-emotional state of the subjects of the attacks.

Studies of malicious activity using honeypots (specialized trap applications that mimic real services and collect information about the attacker's actions) have shown an increase in the number of actions involving hacktivists.

In this context, the example of the DDoSia Projekt service is illustrative, which is positioned as a means of testing the load on a resource, but, judging by information from the telegram channels of a number of hacker groups, is used just by hacktivists.

Damage from Hacktivism​

In early November, representatives of the US Federal Bureau of Investigation made a statement that hacktivist attacks practically do not affect the work of critical organizations. However, the situation is twofold, since:

1. Even if the attack did not cause any damage to the infrastructure, it led to an additional burden on specialized specialists. This may not be critical "at the moment", but when there are hundreds of such attacks, the risks increase that specialists will simply miss the target one due to the abundance of typical attacks.
2. Often, the goal of hacktivists is not direct damage, but a statement. In this context, the very fact that the FBI is talking about them is already a success, especially if the information was picked up by the media.

Ivan Chernov
UserGate Development Manager (Information security expert)

As far as we can see, malefactors ' interest in Russian companies and state structures has grown significantly since the beginning of the year. At the same time, attacks become more perfect, and their tactics become more diverse. If earlier lone hackers, guided only by financial gain, usually backed down when faced with a well – organized security system, now new types of cybercrime have appeared on the network-purposeful and persistent. For example, such a phenomenon as "hacktivism" – English Hacktivism-a merger of the words "hacker" and "activism") is an attack organized for ideological reasons.

The activity of "hacktivists" is not associated with the search for commercial benefits, it is aimed at achieving a result – the mandatory infliction of targeted damage to specific objects and systems of state and commercial organizations. This means a much higher degree of danger of such attacks, and therefore dictates its own special approach to protecting against them.

Based on the fact that hacktivists rarely have high technical competencies, and are mainly aimed at the media result of their actions, we can distinguish two main tools for their attacks:

1. DDoS attacks. These are usually low-level denial-of-service attacks. They are simple and quite automated. After installing the stressor, the user needs just a couple of minutes to start up.
2. Defacement. A "deface – is a replacement of the content of one or more pages of a site with "author's content", a statement of intent from a hacktivist group, or other message.

Pavel Korostelev
Head of Product Promotion Department of the Security Code Company

A lot depends on how many hacktivists there are, how strong their interest in the goal is, and how organized they are. You can also add a skill level, but this is rather a secondary parameter: if there are a lot of hacktivists, if they are organized and motivated, they can bring a lot of problems.

These problems can be expressed, for example, in constant DoS attacks, because if there are a lot of users, then the Dos protection system will work poorly. However, it should be understood that hacktivism is wave-like, so at a certain point, attacks fade out.

Hacktivists are distinguished by two things: first, there are a lot of them, and second, they have a wide range of qualifications, although the average level is usually not very high. Accordingly, they also use tools that do not require serious skills.

Also, speaking of hacktivists, we can note the lack of planning, that is, their attacks are not as well thought out as those of full-fledged groups. However, there can be" surprises", because if you are picked by a thousand ants, then someone will somehow get through.

Separately, we can distinguish professional hackers who participate in the activities of hacktivists (usually as coordinators). They use a wider range of technologies, including the development of a new HPE. So, recently, the Azov viper became "sensational", the creators of which tried to substitute world-class well-known information security specialists, writing them down as the authors of the malware.

The danger of hacktivism as a phenomenon​

Ivano Korol
Anwork Software Developer

The most massive data thefts can ruin a company, as the costs will be in all of these areas. Therefore, the total amount of damage can be calculated by adding up the costs for each source of expenses. In 2022, the cost of damage reached record levels, increasing to 4.35 million dollars or approximately 265,611,000 rubles. This is 2.6% more than in 2021 and 12.7% more than in 2020.

The main danger of hacker activism is seen in the long-term perspective, since such activities may well be the" entry point " to hacker activity. First of all, because hacktivism "flirts" with the opinion of certain social groups or parts of society, it looks at least not reprehensible in its eyes.

There is a high risk that a person who started his" career " with hacktivism will later be drawn into much more dubious activities. For example, it will start using the acquired knowledge and skills, along with social engineering methods, for personal enrichment, or engage in phishing, carding, or other illegal activities.

Given the fact that thousands of people around the world are currently engaged in hacker activism, even one percent of them who will decide to continue developing in this direction are hundreds of potential hackers in a few years, and dozens of potentially highly qualified representatives of professional groups in the fairly foreseeable future.

Why You Should Think Twice before becoming a Hacktivist​

Ultimately, hacktivism is a personal choice. However, it is important for any person to correctly understand the possible prospects. And in the context of hacker activity, everything is not as cloudless as it may seem.

Here it is important to mention the difference between legitimacy and legality. Legitimacy is when the founder of the hacker group Killnet is invited to an interview by big pro-state channels, such as Duma TV. And news about the group's attacks is not only replicated by leading news agencies, but also met with public approval.

Legality is the letter of the law. And in no country is hacktivism considered a positive phenomenon. There is no prescribed gradation that separates resources that can or can't be attacked. Thus, a hacktivist and a hacker are equal for the law, which means that the risk of criminal prosecution becomes real immediately after launching HPE on your device.

To illustrate the possible perspectives, we can use an analogy: what happens if a group of people perform an uncoordinated "denial of service" in a physical way, that is, they simply keep the doors of a particular company, embassy, or government organization locked? The reaction in cyberspace may not be immediate, but it is quite tangible. For example, in the form of an extradition order, a fine, or a ban on entry to a particular country.