Despite devoting resources and making arrests, authorities seem little closer to stopping the new face of social protest, reports Jim Romeo.

On a bitterly cold Monday morning in mid-January, to little fanfare, roughly two dozen human rights advocates assembled outside the headquarters of Combined Systems to rally against the company’s manufacture of non-lethal weapons, such as tear gas, which have been used against demonstrators in Egypt and elsewhere. About a month later, another protest against the company occurred, but this time it garnered international media attention – and it didn’t require anyone to trudge out in the snow to the rural roadway of Route 58 in Jamestown, Pa., to chant and hold up signs.

But it was illegal. From afar, members of the decentralized but powerful online activist collective Anonymous attacked Combined Systems’ digital infrastructure, disabling its website and, in the process, revealing the names and email addresses of its employees. The hack was meant to shame a business Anonymous found offensive.

This type of internet vigilantism is becoming more common with each passing week. Hacktivism, which describes using computers to further a political cause, has taken off over the past 18 months. What activists have discovered is that it is a very effective weapon because online attacks can send a strong message – such as knocking a website offline or exposing embarrassing emails about a target – without resorting to violence.

“Politically motivated hackers, or hacktivists, have been around for some time,” says Darren Hayes, computer information systems program chairman at Pace University in New York. “In 2008, during the Russia-Georgia conflict in Ossetia, Russian hackers were allegedly responsible for attacks on the Georgian president’s website, and also on government Twitter accounts. Closer to home, we have seen hacktivists – most notably Anonymous, AntiSec and LulzSec – launching attacks on government agencies and corporations in support of political causes.”

“ The hacktivism risk is highest for large organizations that have well-known brands.”

– Chris Wysopal, CTO and CISO of Veracode

Chris Wysopal, CTO and CISO of Burlington, Mass.-based Veracode says hacktivism is not exactly a new strategy, but its presence has increased substantially over the past few years. “The hacktivism risk is highest for large organizations that have well-known brands,” Wysopal says. “This is because there is a larger attack surface area.”

The bigger the organization, association or brand, the more there is to lose from embarrassment and a loss of trust, he says. “Hacktivism has changed the risk equation for these organizations due to a new substantial threat. It is requiring organizations to work to secure any website that has a brand associated with it.”

And, how effective deterrent efforts are proving is still to be determined. U.S. and international law enforcement bodies are often in the news for their concerted efforts in cracking down on hacktivism. However, the threat still exists, and rather than abating is proving stealthy.

In fact, the FBI and Scotland Yard fell victim to those that they were hunting down when Anonymous posted on the internet a 16-minute conference call it purloined between the two agencies.

“Law enforcement’s efforts have had little real effect on curbing hacktivism since it operates at a scale [of] anonymity and ease that current governments and their laws are incapable of comprehensively acting on,” says Phil Lieberman, president of Lieberman Software in Los Angeles. Hacktivism, he adds, is on the increase as the world becomes more and more connected, with a proportional number of weakly secured systems available for exploitation.

And as with traditional cyber crime, law enforcement efforts to curb hacktivism seem to be falling flat. “In the past two years, we have seen some high-profile, successful attacks, and some high-profile arrests as well,” says Rob Malan, co-founder and CTO of Arbor Networks in Ann Arbor, Mich. “The fact remains that the rise of hacktivism and the increasing frequency of attacks is far outpacing law enforcement’s ability to deal with the problem.”
There are a number of reasons for this, he says. Arbor customers say at the top is  the continuing lack of confidence in law enforcement’s capabilities and willingness to investigate online attacks.

And, there are many other challenges beyond law enforcement’s capabilities, Malan says. Of chief concern is the distributed nature of attacks, which often leads to confusion around disclosure.

Further, the profits may also be a motivator for those launching what seem like politically motivated attacks, says Jerry Irvine, CIO of Chicago-based Prescient Solutions and a member of the National Cyber Security Task Force. “Cyber crime is a multi-hundred-billion-dollar industry, and as a result, many individuals, organizations and even countries are involved,” he says. “Hacktivism is a growing issue, not just due to unstable political and economic situations, which need to be addressed, but also because the lines between hacktivism and cyber crime have blurred and become indistinguishable.”

As an example, late last year Anonymous compromised the global affairs firm Stratfor. At first, the company may have thought it was a conventional hack whereby the perpetrators sought data for financial gain. As it turned out, however, the hackers stole credit card numbers so they could make donations to charities, but their main goal was to get access to emails that they hoped would reveal shady communications among military and intelligence officials.

To defend against web attacks, whether they are politically motivated or not, most organizations rely heavily on perimeter defense tools, such as anti-virus, firewalls and intrusion detection systems. But, the exploits are ever changing and these solutions cannot prevent everything, says Jason Mical, director of network forensics, at AccessData Group in Lindon, Utah. “So while these perimeter defense technologies are critical to securing an organization’s network, a fundamental change in our approach to cyber intelligence and response is where we should be putting our focus.”

As it is now, an organization usually has multiple teams, each using different tools to address one aspect of a much larger process, he says. These teams must collaborate more efficiently and correlate their findings to see the whole picture, Mical says.

“To be able to verify threats and determine the impact level sooner, the solution is not just a shift in process, but requires technology that facilitates this collaboration and integrates the analysis,” he says.