Anonymous, LulzSec and the Trouble with Hacktivism

Thursday, July 14, 2011

Rafal Los


If anyone doubts that political and social activism is alive and well, clearly they haven't been reading the news over the past year. 

The havoc the causes have created has left carnage across the Internet, in board rooms, and on the fore-front of consumers' minds. 

There are two main issues, from a defender perspective that concern me in these causes though - predictability and the "tag-along" effect.


The first issue, predictability, always concerns me from an enterprise intelligence perspective.  While we the industry of security professionals collectively have a spectacular array of technology available to us, only lately is any of this technology evolving to be able to give us any type of predictability support. 

Beyond technology, let's face it - these types of groups are almost unpredictable.  They will take up causes on a whim, and as seen with LulzSec, they were taking phone calls and suggestions on what cause or organization to go after next.  If you're sitting staring at an IDS/IPS console somewhere, this should send shivers down your spine.

Predictability has long been the holy grail of intelligence platforms from military to Wall Street, and each has developed their own system of artificial and human intelligence to build as much predictability into their mechanisms as possible to achieve their ends.  The cyber world is a little similar, yet very different. 

It is most closely related to the military world where assets can be cultivated to provide information, groups can be infiltrated, and intelligence gathered before, during, and after an attack.  The problem when it comes to hacktivist groups is that they're often entirely unpredictable... and that is partly to do with their modus operandi, and part to do with my second point. 

At any rate, you as the defender of your organization are left with the task of knowing when they're coming and being ready when they're knocking down your doors.  Good luck.

Good, predictable intelligence these days involves having a network of intelligence-gathering devices and analysts, fed to a complex system which tries to make sense of the information, and a delivery mechanism to you which is consumable and actionable... and let's not forget the last piece of this puzzle - stopping power. 

If you're relying on your IPS signatures to protect you, or your other slow-adaptive devices, you're in for a world of pain.  So clearly organizations can't achieve this on their own... so you turn to the vendors you trust to help you with this. 

I urge you to look carefully at the intelligence networks that the company you trust to protect you is cultivating.  Your future as a company, and your CEO's job may just depend on it.

Now, there's this matter of the "tag-along" effect, also referred to as the "me too" syndrome... there's a term for this I can't think of right now.  You see, in any crowd there is a core belief and operating mode for the group. 

That small group is eventually joined by many, many people, all who will perform actions the core group would never condone or do, all under the guise of the cause.  Hacktivism isn't exempted from this. 

While the hacktivists hack and take down organizations they specifically target for their ideological cause, others will use the name of their cause to hack and destroy... but organizations and things that have nothing to do with the cause.

This causes two major issues - cause confusion and severe unpredictability.  It causes the 'cause' to become erratic, unpredictable, and seemingly out of control.

The hijacking of a cause like 'social injustice' can lead to hacking of government, government sympathizers, and then who-knows-what if rogue agents from within the crowd jump in. 

This makes predictability and intelligence almost impossible... unless you have a brilliant system of intelligence backing the effort.  So... hacktivism then, like every other type of active threat, require excellent intelligence to protect against. 

Intelligence at your perimeter, on your internals, from your users and from the 'field'... collectively brought to you in an actionable platform.  Otherwise...

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
Network Security Anonymous Hacktivist hackers IDS/IPS Lulzsec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.