On a bitterly cold Monday morning in mid-January, to little fanfare, roughly two dozen human rights advocates assembled outside the headquarters of Combined Systems to rally against the company's manufacture of non-lethal weapons, such as tear gas, which have been used against demonstrators in Egypt and elsewhere. About a month later, another protest against the company occurred, but this time it garnered international media attention – and it didn't require anyone to trudge out in the snow to the rural roadway of Route 58 in Jamestown, Pa., to chant and hold up signs.But it was illegal. From afar, members of the decentralized but powerful online activist collective Anonymous attacked Combined Systems' digital infrastructure, disabling its website and, in the process, revealing the names and email addresses of its employees. The hack was meant to shame a business Anonymous found offensive.
This type of internet vigilantism is becoming more common with each passing week. Hacktivism, which describes using computers to further a political cause, has taken off over the past 18 months. What activists have discovered is that it is a very effective weapon because online attacks can send a strong message – such as knocking a website offline or exposing embarrassing emails about a target – without resorting to violence.“Politically motivated hackers, or hacktivists, have been around for some time,” says Darren Hayes, computer information systems program chairman at Pace University in New York. “In 2008, during the Russia-Georgia conflict in Ossetia, Russian hackers were allegedly responsible for attacks on the Georgian president's website, and also on government Twitter accounts. Closer to home, we have seen hacktivists – most notably Anonymous, AntiSec and LulzSec – launching attacks on government agencies and corporations in support of political causes.”
“ The hacktivism risk is highest for large organizations that have well-known brands.”
– Chris Wysopal, CTO and CISO of Veracode
Chris Wysopal, CTO and CISO of Burlington, Mass.-based Veracode says hacktivism is not exactly a new strategy, but its presence has increased substantially over the past few years. “The hacktivism risk is highest for large organizations that have well-known brands,” Wysopal says. “This is because there is a larger attack surface area.”The bigger the organization, association or brand, the more there is to lose from embarrassment and a loss of trust, he says. “Hacktivism has changed the risk equation for these organizations due to a new substantial threat. It is requiring organizations to work to secure any website that has a brand associated with it.”
And, how effective deterrent efforts are proving is still to be determined. U.S. and international law enforcement bodies are often in the news for their concerted efforts in cracking down on hacktivism. However, the threat still exists, and rather than abating is proving stealthy.In fact, the FBI and Scotland Yard fell victim to those that they were hunting down when Anonymous posted on the internet a 16-minute conference call it purloined between the two agencies.