It is natural for us as human beings to believe and wholeheartedly support certain causes as we grow and learn more about the world. While there are many ways to help further these ideals or movements, such as through volunteer work and fundraisers, others choose to put their skills to use.
Thus, with the rise of the internet, a new form of activism has emerged called hacktivism, the marriage of hacking and activism where activists leverage their cybersecurity skills to achieve political agendas via legally ambiguous means. Although hacktivism does not necessarily aim to cause significant financial loss or permanent injury, nor is it motivated by financial gain, its goal of disrupting normal computer activities and its associated operations can certainly affect not just governments but also businesses.
Below, we take a brief look at hacktivism and how it can lead to dire consequences for organisations of all sizes in all verticals and industries.
Hacktivism is defined as using digital tools for malicious purposes to promote a sociopolitical agenda, make a statement, disrupt those who go against a certain moral stance, and many other reasons. At its most innocent, hacktivism is simply a form of ‘digital vandalism’ intended to inconvenience or frustrate government and corporate entities. Conversely, on the other end of the spectrum, hacktivism may lead to leaking sensitive information, hijacking of corporate assets, and systematic dismantling of an organisation's reputation.
Hacktivism has been around for many years, but it only became recognised in the public eye back in 2011 when infamous groups like WikiLeaks and Anonymous made headlines. Fast forward to this day, and hacktivism-style attacks continue to become more and more prevalent, especially in these tumultuous times where large-scale conflicts all around the world seem to continue popping up one after another.
Without a doubt, hacktivism has become a latent threat nowadays. The greater connectivity of modern digital devices, the lower skill ceiling for hackers due to generative AI, and the wider stage that encourages participation in cyber operations are reasons why organisations must stay up-to-date with hacktivism.
Although there have been countless activities where hacktivism has achieved objectively good things, it has just as many exploits that have led to more negative results.
Take, for instance, the Sony vs Hotz case that took place back in 2010 when researcher and then-teenager George Hotz managed to reverse-engineer Sony's private key and published it online. In doing so, he gave everyone the means to rewrite Sony's firmware and mask themselves as developers when accessing its network, which gave them full access to Sony's entire online game catalogue. This action adheres to the philosophy that many hackers (and even hacktivists) share, which is that all information should be free, even those that are proprietary.
Sony sued Hotz in response and ultimately attracted the attention of hacktivists, who then targeted the company with DDoS attacks and a data breach. This breach exposed the credit card details of millions of the company's customers along with music codes and coupons from its music branch, resulting in massive financial losses that Sony estimates to be around $173 million. Ultimately, no matter what the goal may be, gaining unauthorised access to a company's network and digital assets is illegal, and the response of hacktivists, in this case, was objectively wrong.
Now, what does all of this mean for business owners and organisations? While it may seem like the attack mentioned above is few and far between and that hacktivism mainly involves political and more prominent organisations, it is prudent not to assume that you will never be affected by the actions of hacktivists. Even with all these attacks and demonstrations going on in the background of our daily lives, it is wise to constantly evaluate the security of our data.
After all, waiting to act only when something happens is a recipe for disaster. Whether updating your IT disaster recovery plan to use AI or leveraging cutting-edge cybersecurity solutions, all organisations must continuously address areas for improvement in their cybersecurity posture and stay on top of emerging threats. Seeing as the way we do business changes every day, having the mentality to always be ahead of the curve better ensures the safety, security, and availability of your data and other digital assets.
Hacktivist attacks are ideological in nature. As such, exposure will be inevitable for most businesses (especially those who operate in the public sector), and a few may find themselves targeted for simply existing. Moreover, the customers, suppliers, and partners of targeted businesses may get caught in the crossfire, which means nowhere is safe. Thus, as with regular cyber threats, it is best to think of hacktivist-led cyberattacks as not a matter of if but when.
That said, there are many steps that businesses can take to limit their exposure or at least the risk that comes with being swept up in a hacktivist attack. For starters, ensuring robust data backups significantly limits the damage of ransomware attacks and makes the threat of deletion or tampering of data by hacktivists a non-issue. Regular cyber awareness training for employees also contributes a lot to mitigating the effectiveness of phishing tactics, lookalike domains, and the increasing number of attacks that target the weak human element in the cybersecurity chain.
Hacktivism can have many different effects on cybersecurity, both positive and negative. Given its potential to cause significant harm to businesses under the guise of doing so for a 'good' cause means it is a difficult and complex threat that could strike at any time even when you do nothing wrong. Hence, it is normal to be concerned about the prospects of being targeted, but thankfully, help is always available.
GROUP8 is an industry leader in offensive-inspired solutions that covers the entire cybersecurity ecosystem. From data loss prevention and hardware-secured digital vaults to vulnerability assessment and penetration testing services, we are your one-stop shop for effective cybersecurity services that keep you well-defended today and well into the future. To learn more about our services, don't hesitate to contact us at hello@group8.co today.