Security threats explained: Hacktivism

Advanced perimeter defence and improved security policies needed say experts

In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today. We’ve looked at social engineering and internal negligence and continue the series by speaking to security experts about the problem of hacktivism.

Hacktivism, according to Quest Software, is politically motivated hacking conducted by groups such as Anonymous and LulzSec. For example, in May 2012, Anonymous claimed it had hacked the United States Bureau of Justice Statistics and released 1.7 gigabytes of data including internal emails and database information.

In a statement, the group said it was releasing the data to “spread information, to allow the people to be heard and to know the corruption in their government.”

Top 10 Influential 2011: The rise and fall of LulzSec.

The threat of hacktivism

According to IDC Australia senior market analyst, Vern Hue, while some hacktivists were out to prove a political statement, the majority of hacktivists did not have an intended target or cause, and retrospectively justified the hack once they had success infiltrating a website.

“Hacktivists often seek out for vulnerabilities, most often by means of exploiting a Web application vulnerability on a website,” he says. “These threats are very real and scary as these attacks have no logical and predictable trend.”

Hue added that every organisation, ranging from governments to enterprises, were vulnerable to the attacks.

IBM Australia security systems business unit executive, Jason Burns, says hacktivism is becoming a threat--not only to organisations but individuals as well-- because of the methods used by hacktivists.

“Hacktivists are increasingly resorting to automated password guessing programs, attacks on mobile gadgets and phishing attacks that trick people into downloading viruses or revealing sensitive information,” he says. “These attacks pose a serious threat to any organisation.”

Sourcefire US vice president of security strategy, Jason Brvenik, likened the hacktivism climate to civilians being the target of warfare.

“Everything and everyone is a target, there are no boundaries and there is no moral code,” he says.

Brvenik adds that hacktivism has come to mean criminal use of technology to attack something the hackers don't agree with.

“This hurts ordinary people, damages the perception of the hacktivists, and results in ordinary people being hurt,” he says.

Extent of the threat

In order to prove their point, hacktivists are out to either de-face an organisations' webpage or steal valuable data from the server, says IDC’s Hue. “Currently, their main form of attack comes in the way of malware and hacking,” he says.

“In some cases, hacktivists also launch distributed denial of service [DDoS] attacks in order to bring a webpage down to prove their point.”

For the organisation targeted, a DDoS attack would cause a disruption in daily operations and potential financial losses, due to a loss of confidence in the business.

According to IBM’s Burns, the attacks can leave a business exposed with sensitive information out in the public domain.

“From an individual perspective, these attacks have a way of manipulating information to make specific individuals look or appear to look bad, when this might not be the case,” he says.

Addressing hacktivism

Hacktivism in its proper form is, in theory easily addressed, according to Sourcefire’s Brevnik by not making business decisions that challenge the rights of the people.

“This is never as easy as it sounds. As people we make mistakes and don't always see the downstream impacts of our actions,” he says.

In addition to designing interal systems that were easily audited and applying appropriate security controls to customer information and intellectual properties, Brevnik added that some adjustments to corporate culture might be needed.

“Develop a corporate culture that values the customer, values their rights, and strives to find the balance between business and people in an acceptable way.”

IDC’s Hue warns that because anyone can be a target of hacktivists, the best way of addressing hacktivism is to maintain a high level of security fortitude.

“The first thing organisations need to do is to perform a network configuration to block the attack by using intrusion detection and prevention systems [IPS],” he says.

According to Hue, the appliances had the ability to detect where the attack is coming from and with the right configuration, automatically block the attack traffic.

“It is also vital that organisations take a proactive step into ensuring that the proper logging is configured in all security devices, so that in the event of an attack, the log data can be examined and handed over to law enforcement agencies,” he says.

IBM’s Burns says that two areas need to be addressed within organisations to combat possible hacktivism attacks.

The first is to implement a security awareness program. “Education and awareness of security threats throughout any organisation is key to minimising threats and reducing risk,” he says.

According to Burns, the security policies need to come from C-level executives and be distributed throughout the organisation.

“The policies should also include shareholders and directors of the company, as these attacks can sometimes target individuals,” he says.

Once the security policies were in place, the implementation of integrated security products that map back to the policies was essential to reducing the risk of threats.

“All of these elements must be in sync and working together to give organisations a much greater chance of minimising threats,” Burns says.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

More about Cisco SecurityCisco SecurityetworkIBM AustraliaIBM AustraliaIDC AustraliaIPSQuest Software

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place