A quick recap of the top online security stories in 2016 include a significant increase in ransomware emergencies, scary growth in online fraud such as whaling, terrorist use of social media and a long list of new malware threats.
But the surge in hacktivism trend has brought about the deepest and widest global cybersecurity impact, in my view.
As our offline and online worlds merge together as never before, hacktivism has become a weapon that brings global media attention and offers protestors a cyber “march on Washington” without large numbers of people. No doubt, the hacktivism topic moved onto center stage this past week with the release of hacked Democratic National Committee (DNC) emails by WikiLeaks.
Global anti-establishment causes have turned to hacktivism to release information that furthers their cause(s) in various ways. And these causes can be very diverse and range from national elections to offshore financial accounts to the Flint water emergency. What complicates matters is that many hackers do not fit neatly into legal and illegal categories, and the same people may hack for a variety of financial reasons or societal causes.
Many believe that nation states may have joined these causes — even if hacktivist leaders, and leaders in countries such as Russia, deny the charge. Organizations like WikiLeaks claim that they are helping society by being a data broker and releasing information that the public “needs to see” in their view.
Here are a few recent headlines to consider regarding the hacktivist activity:
This Stanford article describes hacktivism as the marriage between hackers and activism. The article also outlines some boundaries and differences between different types of online activities.
According to TechTarget, Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist.
With our online and offline worlds coming together as never before, hacktivism brings protest rallies and marches into cyberspace. Recently these protests have involved releasing information, such as private email or confidential bank records, into the public domain. Other hacktivists have shut down companies with distributed denial of service attacks (DDOS) or defaced websites. Most of these are hacking actions are considered to be illegal acts.
As you would expect, different hacktivist groups have different rules, preferences and techniques that they follow. For example, Edward Snowden recently disagreed with WikiLeaks over how to release data.
“While Assange appears to generally favor releasing troves of information in full (although WikiLeaks does traditionally make redactions), Snowden is more careful, choosing to work alongside specific journalists to release data in a calculated manner.”
The New York Times described the soul of the hacktivist this way back in 2012:
Leaderless, multinational and known by the ubiquitous, sly Guy Fawkes mask, Anonymous is fueled by a raft of causes, from repression in Tunisia to animal rights in Tennessee to a defense of the whistle-blower site WikiLeaks.
Whatever the cause, its message is amplified by the Internet itself, as is its impact. At a time when life, commerce and statecraft have gone digital, hacktivists can threaten governments, or they can just as easily dump innocent people’s credit card numbers on the Internet for more common criminals to steal.
“The weapon is much more accessible, the technology is more sophisticated,” said Chenxi Wang, a vice president in charge of security at Forrester Research. “Everything is online — your life, my life — which makes it much more lethal.”
Anonymous, for its part, has spawned a variety of spinoffs. Anybody can be Anonymous. And anybody who calls himself Anonymous can carry out an attack in its name. One hacker in Britain last week, calling himself a member of Anonymous, stole the health records of thousands of women registered with an abortion service provider in Britain. His boasts on Twitter put other Anonymous members in an awkward position, considering that Anonymous also took credit for attacks on the Vatican.
Some factions of Anonymous use brute force to shut down target Web sites. Other factions break into systems and steal data.
They have threatened to take down Internet root servers — part of the Web’s basic infrastructure — on April Fools’ Day, which would effectively shut down the global Internet.
Another more recent journal article from Georgetown on the rise of hacktivism said this in September 2015:
“Hacktivism, including state-sponsored or conducted hacktivism, is likely to become an increasingly common method for voicing dissent and taking direct action against adversaries. It offers an easy and inexpensive means to make a statement and inflict harm without seriously risking prosecution under criminal law or a response under international law. Hacking gives non-state actors an attractive alternative to street protests and state actors an appealing substitute for armed attacks. It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.”
Mr. Robot: Every Movement Needs a Television Show
So how can the average person gain an understanding of what a vigilante hacker (or hacktivists) does, and how they do it? One way is to watch the TV show (or shows). Check out this trailer for the USA TV show Mr. Robot — where hackers take on Evil Corp.
In this interview, the creator of Mr. Robot explains its hacktivist and cult roots — describing how the individual human element is so important in understanding hacktivists. Here’s an excerpt:
“Your thoughts on some hackivists being labeled “terrorists”?
The word “terrorism” gets tossed around a lot when there's a threat people don't quite understand. It's not unusual, as it's a great way to oversimplify one's fears and reduce anxiety. But the label is about as useful as calling them “the bad guys.”
What are your thoughts about hacktivists? And do you think in the future they — inspired by WikiLeaks, Cypherpunks, Hammond, Anonymous and others — will upend the political and economic order?
Activism, in general, is almost necessary when you want to bring about justice or change in society. The added complication that hacktivism can throw into the equation is that it may (and often does) require illegal activities, which can quickly turn this all into a murky ethical debate.
However, wars like the American Revolution would have never happened if it weren't for the specific decision to break what they deemed unfair laws. And let's face it, sometimes that is the only path to justice. Even Snowden's actions — whether you disagree with him or not — led to some startling and relevant revelations about our government's surveillance programs that otherwise may not have happened had he not broken the law.
So, historically, these complicated, extreme measures are often at the heart of any dramatic change to political and economic order. That's my long-winded way of saying my thoughts on hacktivism is that it's ethically complicated, but sometimes necessary for justice to prevail. Can it lead to a massive change in society? It already has, and will most certainly continue to do so because all it really requires at the end of the day is a computer, wifi and one passionate person with a drive to make a difference in the world.
Wrap-up on the Surge in Hacktivism
If I were writing a 2016 year-end cybersecurity summary headline right now, it would include strong words about the growing power of global hacktivists. We have five months to go, but perhaps 2016 will even be: “The year of the hacktivist.”
But we are only at Aug. 1, and plenty of cyberincidents lie ahead in the next five months. Big questions remain about new WikiLeaks (or other) data releases that may impact the U.S. presidential election for either side. Back in March I asked: Can the election be hacked?
Some will say that this hacktivism trend is not new. They will point to the fact that Wikileaks paired with Anonymous to publish intelligence firm’s dirty laundry back in 2012 — and similar cyberactivities go back more than a decade. While they have a valid point, this hacktivism trend is certainly accelerating rapidly and has moved to the top list of cyberissues in late 2015 and now in 2016.
Last year, I wrote this related article for TechCrunch on the growing trend of “hacking for a cause” — which is a more descriptive name that I like better than hacktivism. I started that article with a long list of top stories and asked the reader to connect the dots — which all point to hacktivism. Here is that list of major cyberheadlines:
“The Sony Pictures hack: Everything we know so far; Anonymous hackers release emails ordering bear cubs be killed; Hackers threaten to release names from adultery website; How Latest Snowden Leak Is Headache for White House; How DID hackers steal celebrities’ private iCloud photos? Connecting the dots yet?
If not, here are two more headlines to tip you off: Hackers Remotely Kill a Jeep on the Highway — With Me in It and Hacktivists taking aim at Dallas-Fort Worth police departments.”
The title “Hacking For A Cause” goes back to a paper written in 2006 by Brian Still from Texas Tech. Here is an excerpt from his overview:
“The weapons of this war are words and technology. Hackers use rhetoric to try to establish them as politically conscious fighters for the little guy, and corporations and governments try to frame the hacker as an unproductive, if not destructive, menace.”
It certainly appears that we have now entered a new period where "hackers with a cause" will shape the global dialog on everything from international relations to financial reporting to local politics in the same ways that protesters shaped such topics as civil rights and climate change in the past.
In a sentence: Hacktivism is becoming the new “March on Washington, D.C.”