Street demonstrations and looting have long been common features of protests. But over the past year, and especially in recent months, protests have played out in increasingly brazen cyberattacks online.
Now many analysts say as social unrest continues around the world, cyberattacks in the name of political or commercial causes will only increase.
“The same mentality and discontent that motivates someone to take to the streets is easily transferred to cyberattacks against governments and major corporations,” said Scott Hammack, CEO of Prolexic Technologies, a company that helps protect websites from cyberattacks.
The hacker group Anonymous has already become nearly synonymous with such “hacktivism.” The loosely organized group first gained notoriety for targeting Amazon after it dropped WikiLeaks as a client, and Sony blamed Anonymous for a mass data breach earlier this year.
In response to San Francisco transit authorities’ decision to shut down cell service in train stations to head off planned protests, Anonymous has hacked a Bay Area Rapid Transit website, stolen user information, and instigated street protests.
On Wednesday the group escalated its feud with BART by posting partially nude photos of the agency’s chief spokesman online.
“It’s interesting to note that more and more threats received from hacktivists are not financially motivated. It is a power play, plain and simple,” Hammack said in an emailed statement. And such cyberattacks are only becoming more effective, even as the list of potential targets grows, he said. “Hacktivism is not something that will quietly fade away.”
It makes sense that activists, for better or worse, would take their protests online, said Kevin Haley, a director in Symantec’s security-response division. He said that hacktivism has been around for some time, but Anonymous’s exploits over the past year have raised the level of concern.
“Everybody else has gone to the Internet, so why wouldn’t hactivists?” Haley said in an interview. “It’s fast and inexpensive. You can do it from anywhere. And if your goal is to get your name in the paper, you can do it by staging an attack online.”
Despite claims that cyberattacks are in the name of protecting rights or protesting injustice, many cybersecurity analysts just see more threats. The rise in such activity over the past weeks prompted Prolexic to raise its internal threat indicator from “elevated” to “high,” the company said in a statement.
Some longtime hackers say it doesn’t have to be that way.
The headline-grabbing stunts performed by Anonymous and other groups give the term hacktivism a bad name, Oxblood Ruffin, an old-school hacker from Canada, wrote on TechRadar.com.
“Hacktivism, real hacktivism, has always managed to get things done without upsetting the apple cart,” said Ruffin, a member of the Cult of the Dead Cow, a group that he describes as an “opinion leader in the computer underground since 1984.”
Decrying what he sees as irresponsible attacks by groups claiming to be protesting political issues, Ruffin says they undermine the privacy of innocent people.
“The practice of hacktivism was developed in accordance with the original intent of the Internet and with a wise eye to international law,” he wrote. “Anonymous relies primarily on three tactics: web site defacements; distributed denial of service (DDoS) attacks; and data theft. All are illegal. The first two violate free speech and the third is clearly cybercrime. Some Anons have claimed that DDoSing is a form of civil disobedience, but that argument is difficult to swallow.”