The Dark Side of the Force: Hacktivism Takes Center Stage in 2016

Wednesday, December 21, 2016

Dan Lohrmann

1fec6881fe864bc30369edb548ea22b1

Rogue One: A Star Wars Story is certainly well-timed — epitomizing outsiders joining together to bring down powerful enemies, against great odds, to steal confidential plans. This plot, in many ways, reminds me of hacktivist agendas over the past year.

Any summary of 2016 must start by recognizing that a global anti-establishment mood brought upsets that defied "expert" predictions — both online and offline. The surprising Brexit vote, Donald Trump’s shocking election victory and Italy’s "no" vote in a referendum on constitutional reform are just a few examples of how this "anti" trend stunned the world in major events led by anti-elitist uprisings.

Online, hacktivists engaged in a long list of diverse acts of hacktivism — even prior to the election, which took center stage in supporting (or opposing) a vast array of causes that range from anti-Wall Street to anti-free trade to anti-corruption to anti-fill-in-the-blank. This is not just about distributed denial of service (DDoS) attacks, but stealing data in a variety of ways — for their causes.  

As I sit here, a number of questions are swirling about election hacking: who knew what and when, Russian involvement and motives in picking winners and losers, President Obama’s promised retaliation, and much more. What is clear is that this major, end-of-the-year hacking story, will bleed well into 2017 and beyond. 

"Hackers will hack" for an overabundance of reasons, and plenty of black hats were, and still are, trying make a buck or two via old-fashioned online robbery, extortion and stealing credentials from Yahoo and many others. Still, the top hacker impacts revolved around politics and wealthy people being exposed for hiding money in offshore accounts in the Panama Papers — which some experts called history’s biggest data leak ever.

From Clinton campaign emails revealed by WikiLeaks to DDoS attacks against governments, banks and other corporations, the dark side of the Web never slept in 2016.

The Top Cyber Stories For 2016  

Without question, the top cyber trend in 2016 was hacktivism. Specifically, the uncovering of hidden information went into hyper-drive — with groups such as Anonymous, WikiLeaks and DC Leaks shaping the news and impacting global dialogue, while undermining trust in digitally stored information.

Second was the growth in ransomware attacks. The overall numbers were up a staggering 6,000 percent according to IBM — with hospitals, governments and many others experiencing major cyber incidents.

As CNBC reported: “The problem is, the business model works: 70 percent of business victims paid the hackers to get their data back, the study found. Of those who paid, 50 percent paid more than $10,000 and 20 percent paid more than $40,000. …”

Third, overall data breach numbers and incidents remained high. Yahoo topped the list, with announcements about two huge breaches that actually happened a few years back. Other notable data breaches in 2016 occurred with Olympic athletes, the IRS, Wendy’s, Medstar and the Justice Department. 

Fourth, Distributed denial of service (DDoS) attacks brought down large parts of the Internet using Internet of Things devices. 

Fifth, Power grids and other significant infrastructure cyberattacks made headlines. 

Sixth, the so called "Apple vs FBI encryption battle" foreshadows future arguments over privacy of data versus national security. 

Seventh, whaling and online fraud schemes make social engineering attacks a top FBI issue for cybercrime. There were many stories about the people side of cyber fraud, one of which highlights whaling (phishing 3.0), while others point to social engineering attacks.

Finally, there were no cyber 9/11 or crippling Internet surprise that lasted days. This is actually good news. Most technology worked well, and we recovered well from security and infrastructure outages. While some want to see Russian hacking here or other nation-state cyber battles, I am grouping those still-debated topics under #1 — with more to come on that front below.   

Why 'Hackers with a Cause' Compare to the Heroes of Rogue One

On a global stage, hacktivism took the spotlight in 2016, and that is why it is my #1 cyber story for the year. Some will say that many of these hacks were sponsored by major world powers such as Russia. Foreign government involvement is likely the case, but there is disagreement in the intelligence community over who was behind which hacks and what their motives were.

In Rogue One: A Star Wars Story, unknown rebels accomplish unpredicted results. Yes, the story is science fiction, but the similarity lies in the way hackers stole center stage from powerful establishment organizations that were overconfident in 2016.  

"In a time of conflict, a group of unlikely hero’s band together on a mission to steal the plans to the Death Star, the Empire's ultimate weapon of destruction. This key event in the Star Wars timeline brings together ordinary people who choose to do extraordinary things, and in doing so, become part of something greater than themselves."

This could very well describe the global hacktivists view of the world in 2016.

Note: the "Death Star plans" are synonymous with any data, plan, information or emails that hackers deem are relevant to achieving their wider cause.

Regardless of whether you can relate to any cyber analogies thrown at you, hacking for a cause is set to explode into a complex set of state and local government challenges.

Final Thoughts

What have we learned over the past year? Sadly, we’re not winning more global cyber battles. The bad guys are still outgunning the good guys.

While many cyber defenses are improving in global enterprises, the number of bad actors is also growing rapidly. As the list above shows, the breadth and depth of cyber threats and online vulnerabilities continues to grow online — especially with new Internet of Things (IoT) devices coming onto the market.

The U.S., our allies and foreign adversaries are progressively engaging in sophisticated cyberbattles that equate to a cyber cold war and cybersecurity arms race. New relationships, partners in cyberspace and causes are evolving in unpredictable ways, and third-world hackers are teaming with first-world experts to achieve desired results.

What's disconcerting to me is the new thinking that is emerging regarding right, wrong and ethics in cyberspace — with hacktivists all around the world. The mix of fake news, misinformation, ransomware websites that come and go, and other hacker dirty tricks results in a diminishing of the public’s trust and legitimacy of data — both online and offline. This trend is impacting governments, mainstream news media, private corporations and global relationships.

A new world of hacking motivations and causes is starting to develop — along with convenient, easy-to-use tools for computer novices to do many dangerous things online. Who knows what "Death Star plans" the hacktivists will go after next.

Possibly Related Articles:
14188
Infosec Island Enterprise Security Security Awareness Security Training
Encryption Phishing DDoS hacktivism cyberattacks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked