The hydra of hacktivism - TechCentral

The hydra of hacktivism

james-francis-180The fallout of the Ashley Madison breach continues. Extortion, even suicides, are being linked to the data dump, which revealed a lot of personal information about the site’s users. It’s an interesting case.

The hackers involved did not try to get money from the site, which facilitates extramarital affairs. Instead, they demanded it be shut down.

At face value, they may be offended by cheating, but the actual reasons appear to lie closer to the business itself. The hackers have accused the site’s parent company of some fairly staggering things — and those digging through the data trove have found at least a few of those accusations can be substantiated.

But such breaches are not unheard of. Several years ago the user profiles from a major porn site were leaked online, all in an effort to embarrass those users. It didn’t really work, mainly because that breach lacked any media profile. Ashley Madison is different and the damage out there so far proves it. Some have even questioned whether the business will survive.

The real story here, though, is that hacktivism is taking on a new character. The idea was first coined in the mid-1990s and stands for cyber attacks that are motivated by political or social principles, not criminality or sovereign power games. It’s essentially a way for the little person to punch above their weight class, taking on the corporate world and governments.

In the regular world that would be called a whistleblower and we’ve seen several events involving digital whistleblowers. Edward Snowden, Chelsea Manning, whoever dumped all those South African secret documents on a USB drive  — all examples of sticking it to the man. Results have varied: Snowden’s revelations shook the foundations of the US, while the South African leaks caused little more than a few red faces — at least publically.

Hacktivist groups have also been more active of late. For the past several years, both Anonymous and Lulzsec were thorns in the side of authority, though they are applying the definition very loosely.

Anonymous has attacked companies for unethical practices, declared war on terrorists and harassed second-rate hip hop performers. Lulzsec was a bit more focused yet still broadly anti-authoritarian, but had to disband after several of its members were jailed. Some groups are far more specific — RedHack, for example, has thrown its weight behind critics of the increasingly autocratic Turkish government.

You can find hacktivists on both sides of the fight. The Islamic State appears to have several hacker groups sympathetic to its brutal regime. So has North Korea, though it is difficult to determine just how much of a role governments play in these movements. Hacking groups have been orchestrating attacks on either side of the Russia/Ukraine conflict. Some may actually be government spooks, but at least a few appear to be genuine digital partisans.

Yet, as mentioned, the trend is evolving. Ashley Madison’s breach may have been an inside job by unhappy employees. Around the same time the cyber espionage firm Hacking Team saw hundreds of gigabytes of its data dumped online, doing serious damage to the company’s trade secrets and operations. Several of its employees are being investigated.

The Ashley Madison data dump has had devastating consequences

The Ashley Madison data dump has had devastating consequences

This leads me to wonder: as data becomes a central currency for companies, just how prolific can the trend become? Not all companies are evil, but many are not saints either. It may not even be about the company, but simply a maligned employee. They will probably get caught and sent to jail, but by that time the damage is done. Look at the Sony Pictures hack (which may have also had inside help): some executives lost their jobs and, more harrowingly for those in the ivory tower, their reputations.

Sony Pictures survived, but Ashley Madison may not. This is going to be a problem. The tech market increasingly wants to move away from silos, unifying everything under one digital roof. But that exposes a lot of data. Companies may have to start thinking about that: should data be segmented, to make sure that nobody can get their hands on most of the critical stuff, not even the executives? It’s already gospel in the security industry that people are the real problem — and exactly how much can you trust your people? Forget them walking off with trade secrets. These days they can dump it online just to prove a point.

At least criminals are easier to understand: they are motivated by greed. But hacktivism has many faces and one of its newest — where anyone with the will and the means can, out of principle, strike a crippling blow to their organisation — is going to become a reoccurring topic.

  • James Francis is a freelance writer whose work has appeared in several local and international publications
  • Author image: Paul McGavin

7 Comments

  1. Great article and some food for thought. Anonymous et al are a new form of jungle justice. On the positive side, hacktavists can’t hide behind the ‘voice of the people’ farce and they may be a balancing force for the majority rules misconception. On the negative side, they’re also answerable to nobody so who watches the watchmen who watch the watchmen?

  2. Good points. That last line of yours in particular worries me. For example, what if I upset the wrong person on a comment thread and they happen to know some hackers who can make my life hell? I’d have no recourse and I may be punished because of someone’s skewed views. So, yeah, watching the watchmen is in itself a problem, as there really is no barrier of entry any more.

  3. One of many reasons why I value internet anonymity. But then I’m told only people with child porn to hide care about anonymity.

  4. Greg Mahlknecht on

    I never got that “something to hide” argument… I feel that the default position should be to keep your privacy, and people have to justify you breaking that. That’s how it is in real life… everyone doesn’t walk around with a name tag for all to see. How would people react if a stranger walked up to them on the street and said “what’s your name? not telling? what are you hiding?”

  5. It’s the same flawed logic often applied around laws: why should I worry about draconian laws if I am a law-abiding citizen? The issue is obviously that there are many grey areas and taking a either/or position on that is a misunderstanding of the underlying complexities.