Activism often involves peaceful protest. The social trade-off is that the protesters are arrested when they break the law and get their day in court to argue their case.Technology & Change are the key themes in digital activism.A potential lack of identity of ‘digital protestors’ is an increasing problem for a definition of a digital peaceful protest.
Traditional activism actions can almost all be translated to the digital arena.Gene Sharp – The Politics of Nonviolent Action (1973)Three volumes, Volume 2 was The Methods of Nonviolent Action.198 methods of activism defined.GoogleBombs
Techtoolsforactivism.orgOx4.org – Web hostingAktivix.org – Email & VPNsNetwork23.org – Blogs and webhostingRiseup.net – EmailTachanka.org – Web hostingIndy.im - MicrobloggingHacktionlab.org – Meetups and trainingThe Guardian Project – Android Mobile apps
Term Hacktivism first coined in 1995Computer Misuse Act (1990) Part 5 of the Police and Justice Act 2006 (Sections 35 – 38)UK Terrorism Act (2000)Not clear there has ever been a Cyberterrorist incident.The use of Hacktivism and CyberTerrorism blurred.
Software distributionPhil Zimmerman – PGPHacking tools under EU Cybercrime law?Website mirroring is an issue of Hacktivism if the content is ‘illegal’.SWATting usually relies on some form of caller ID spoofing.
Lethal Packets – ping of death. Aimed at bugs in the operating system or networking code.High impact Packets Crypto processing Less of a concern now due to excess of processing power
Malware as a service
Russian Cybercrime-as-a-service exposed by the BBC in 2009Includes an MP3 player!Zeus crimeware kit
Master zombies & slave zombiesNot immediately obvious it’s an attack if there are potential high-volume uses of the service.Spoofed IP packets common, hard to filter and harder to track back.They don’t need to receive data back.
Reflectors are uninfected machines.Requests from Slaves to reflectors look like connection requests from the victim.Reflectors respond to the victim as though it had tried to connect to them.Tend to be much bigger attacks.
First hacktivistDDoS may have been the Zippies on Guy Fawkes Day in 1994 protesting the Criminal Justice Bill.Email bomb – large volumes of email.Code for DoSsynfloods published in 1996 in 2600. First publicly reported case was Panix an NY ISP..
4chan was created by ‘moot’ a member of the Something Awful forums that spawned the Goons, another group of trolls and griefers between 2003 and 2004.Habbo Hotel was an isometric avatar driven ‘hangout for teens’. Originally a target of the Goons it drew the attention of Btards.Habbo Raid July 2006, Black avatar wearing a suit with an affro. They would congregate in large numbers and block access to the swimming pools claiming they were closed due to aids, they also often formed up into large swastikas. Disruptive but unfocused.
Video on Gawker of Tom Cruise praising the religion led to a cease-and –desist letter. V for Vendetta. – Anarchist revolutionary.
HBGary Federal attack (Qinetiq leak)SQL injection on the website CMS Grabbed the database – usernames, email, passwords Admins at HBGary used their same passwords everywhere (Twitter, linkedin, the email server, shell server) Social engineered another administrator using a high privileged email account.HBGary had been investigating Anonymous and made some public claims about their ability to identify them.Rootkit.com admin access.
Concerns have been shown to focus on civil liberty and privacy.See themselves as doing evil to avoid a greater evil.Some informal links to Occupy.
Anti-Sec Goes back to 1999 with EL8 and Project MayhemHector Monsegur, Sabu, turned federal witness againstLulzsec and Anonymous. Reused anonymous usernames and mixed identities Logged into IRC without anonymising his connection Leaked personal information in conversations Mentioned a Whois record with his real name and address while using an alias Used a stolen credit card to send goods to his home addressStratfor, corporate intelligence firm, emails subsequently distributed by Wikileaks.SQL injection again.Credit card detailsMade donations to charities using credit cards from HBGaryBackfired on the charitiesBecause SABU had been turned he was able to record the entire hack and related conversations which led to the downfall of Lulzsec
Facebook PageWebsite Registered by Syrian Computer Society – Headed by al-Assad in the 1990s Hosted on Syrian government networks Claims that a Syrian owned Dubai company is funding the attacksNot clear that only Syrians are involved as there has been a recruitment drive via social media.Suspicion of technical support from Russia.Targeted facebook pages and now twitter accounts.Phishing attacks used. Breaches are more extensive than the twitter posts suggest.
The Associated Press hack described a successful bomb attack on President Obama.$130bn value dropped off the stock market.Dow Jones Industrial dropped 145 points.Stock markets recovered.
Search on slideshare.net for Opsec for HackersNever reveal your operational detailsNever reveal your plansNever trust anyoneNever confuse recreation and hackingNever operate from your own houseBe proactively paranoid, it doesn’t work retroactivelyKeep personal life and hacking separatedKeep your personal environment contraband freeDon’t talk to the PoliceDon’t give anyone power over you
Introduction to Hacktivism
The policy or action of using vigorous campaigning tobring about political or social change.3
“Use ofTechnology over large distances to effect change.”“Grassroots activists using networked technologies for socialand political change campaigns.”“Goal of Political or Social Change + DigitalTechnology.”4
Maps & Maptivism QR Codes File-Sharing Media Hijacking Trend a hashtag Search EngineOptimisation Livestreaming Check-Ins Self-Surveillance Flash Mobs5
Digital Activism is separated from Hacktivism by Computer Crime Computer Crime is well defined:▪ UnauthorisedAccess to computer material▪ Unauthorised access with intent to commit further offences▪ Unauthorised acts with intent to impair the operation of a computer▪ Making, supplying or obtaining article for use in computer misuse offencesHactkivism is separated from CyberTerrorism byTerrorism Terrorism in this context is well defined▪ Anything designed to interfere with or seriously disrupt an electronic systemand▪ Use or threat to influence government or intimidate the public and▪ Use or threat is made for the purpose of advancing a political or ideologicalcause8
Software distribution Website mirroring Defacements Typosquatting Redirects Denial of Service Attacks (DOS) Web Sit-ins Email Bombs Distributed Denial of Service Attacks (DDOS) Opt-In Botnets Malware Botnets Doxing SWATting9
Denial of Service An attempt by an attacker to deny a victimsservices to it’s users.1. Exploit that causes victim to fail2. Resource exhaustion:▪ Network Bandwidth▪ Computing Power▪ Memory11
Distributed Denial of Service A Dos launched simultaneously from multiple points Usually a resource exhaustion attack Attackers now build networks (Botnets) of compromised computers(zombies or loads) from which to launch their attacks Large Botnets are now available for hire or to buy for pocket money.121000 Loads 5000 Loads 10,000 LoadsWorld Mix $25 $110 $200EU Mix $50 $225 $400DE,CA, GB $80 $350 $600USA $120 $550 $1000
First known Hacktivism recorded in 1989 Worms Against Nuclear Killers Australian Hacktivists InfectedVMS DECNet systems18
Formed in 2003 from the4chan /b/ messageboardSince 2004 4chan is aforced anonymouscommunityThe Btards Initiallyfocused onpranks, trolling andgriefing19
Anonymous were ‘politicised’ in 2008 following aseries of actions involving the Church ofScientology. Actions inlcuded: Physical protests▪ Guy Fawkes masks Prank calls Black faxes DDoS attacks▪ Low Orbit Ion Cannon (LOIC) IRC channels used to coordinate attacks.20
Operation Payback (2010) DDoS attacks on the Pirate Bay byMPAA & RIAA Expands to include other copyright-related targets Attacks on Paypal, Matercard andVisarelated toWikileaksOperation Darknet (2011) Targeted child pornography sites on theTor network Release usernames from the site “LolitaCity”21
Angry Chaotic Constantly changing International Broad themes not specific goals Uncoordinated Unfinanced Differences in philosophy and undefinedsubgroups No long term vision22
A splinter group formed in 2011 as a result ofOperation Darknet known as Lulzsec 50 day rampage Anti-Sec Movement “Demonstrating insecurity to improvesecurity”23
Pro-Syrian Regime Hacktivists First seen May 2011 Targeting major news organisations BBC Associated Press Guardian CBS News NPR Also activists Columbia University Human RightsWatch And oddly … FIFA Sepp Blatter 2014World Cup24
The underground community has learnt lessonsfrom Lulzsec They have reviewed the evidence presented incourt Developing guidance: Create a cover Work on the legend Create sub-aliases Never contaminate Produced the “10 Hack Commandments”27