Introduction to Hacktivism


Published on

Short high level introduction to hacktivism and hacktivist groups in May 2013 to a taught course at a UK university.

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Activism often involves peaceful protest. The social trade-off is that the protesters are arrested when they break the law and get their day in court to argue their case.Technology & Change are the key themes in digital activism.A potential lack of identity of ‘digital protestors’ is an increasing problem for a definition of a digital peaceful protest.
  • Traditional activism actions can almost all be translated to the digital arena.Gene Sharp – The Politics of Nonviolent Action (1973)Three volumes, Volume 2 was The Methods of Nonviolent Action.198 methods of activism defined.GoogleBombs
  • – Web – Email & – Blogs and – – Web - – Meetups and trainingThe Guardian Project – Android Mobile apps
  • Term Hacktivism first coined in 1995Computer Misuse Act (1990) Part 5 of the Police and Justice Act 2006 (Sections 35 – 38)UK Terrorism Act (2000)Not clear there has ever been a Cyberterrorist incident.The use of Hacktivism and CyberTerrorism blurred.
  • Software distributionPhil Zimmerman – PGPHacking tools under EU Cybercrime law?Website mirroring is an issue of Hacktivism if the content is ‘illegal’.SWATting usually relies on some form of caller ID spoofing.
  • Lethal Packets – ping of death. Aimed at bugs in the operating system or networking code.High impact Packets Crypto processing Less of a concern now due to excess of processing power
  • Malware as a service
  • Russian Cybercrime-as-a-service exposed by the BBC in 2009Includes an MP3 player!Zeus crimeware kit
  • Master zombies & slave zombiesNot immediately obvious it’s an attack if there are potential high-volume uses of the service.Spoofed IP packets common, hard to filter and harder to track back.They don’t need to receive data back.
  • Reflectors are uninfected machines.Requests from Slaves to reflectors look like connection requests from the victim.Reflectors respond to the victim as though it had tried to connect to them.Tend to be much bigger attacks.
  • First hacktivistDDoS may have been the Zippies on Guy Fawkes Day in 1994 protesting the Criminal Justice Bill.Email bomb – large volumes of email.Code for DoSsynfloods published in 1996 in 2600. First publicly reported case was Panix an NY ISP..
  • 4chan was created by ‘moot’ a member of the Something Awful forums that spawned the Goons, another group of trolls and griefers between 2003 and 2004.Habbo Hotel was an isometric avatar driven ‘hangout for teens’. Originally a target of the Goons it drew the attention of Btards.Habbo Raid July 2006, Black avatar wearing a suit with an affro. They would congregate in large numbers and block access to the swimming pools claiming they were closed due to aids, they also often formed up into large swastikas. Disruptive but unfocused.
  • Video on Gawker of Tom Cruise praising the religion led to a cease-and –desist letter. V for Vendetta. – Anarchist revolutionary.
  • HBGary Federal attack (Qinetiq leak)SQL injection on the website CMS Grabbed the database – usernames, email, passwords Admins at HBGary used their same passwords everywhere (Twitter, linkedin, the email server, shell server) Social engineered another administrator using a high privileged email account.HBGary had been investigating Anonymous and made some public claims about their ability to identify admin access.
  • Concerns have been shown to focus on civil liberty and privacy.See themselves as doing evil to avoid a greater evil.Some informal links to Occupy.
  • Anti-Sec Goes back to 1999 with EL8 and Project MayhemHector Monsegur, Sabu, turned federal witness againstLulzsec and Anonymous. Reused anonymous usernames and mixed identities Logged into IRC without anonymising his connection Leaked personal information in conversations Mentioned a Whois record with his real name and address while using an alias Used a stolen credit card to send goods to his home addressStratfor, corporate intelligence firm, emails subsequently distributed by Wikileaks.SQL injection again.Credit card detailsMade donations to charities using credit cards from HBGaryBackfired on the charitiesBecause SABU had been turned he was able to record the entire hack and related conversations which led to the downfall of Lulzsec
  • Facebook PageWebsite Registered by Syrian Computer Society – Headed by al-Assad in the 1990s Hosted on Syrian government networks Claims that a Syrian owned Dubai company is funding the attacksNot clear that only Syrians are involved as there has been a recruitment drive via social media.Suspicion of technical support from Russia.Targeted facebook pages and now twitter accounts.Phishing attacks used. Breaches are more extensive than the twitter posts suggest.
  • The Associated Press hack described a successful bomb attack on President Obama.$130bn value dropped off the stock market.Dow Jones Industrial dropped 145 points.Stock markets recovered.
  • Search on for Opsec for HackersNever reveal your operational detailsNever reveal your plansNever trust anyoneNever confuse recreation and hackingNever operate from your own houseBe proactively paranoid, it doesn’t work retroactivelyKeep personal life and hacking separatedKeep your personal environment contraband freeDon’t talk to the PoliceDon’t give anyone power over you
  • Introduction to Hacktivism

    1. 1. 1
    2. 2. The policy or action of using vigorous campaigning tobring about political or social change.3
    3. 3. “Use ofTechnology over large distances to effect change.”“Grassroots activists using networked technologies for socialand political change campaigns.”“Goal of Political or Social Change + DigitalTechnology.”4
    4. 4.  Maps & Maptivism QR Codes File-Sharing Media Hijacking Trend a hashtag Search EngineOptimisation Livestreaming Check-Ins Self-Surveillance Flash Mobs5
    5. 5. 6
    6. 6. Digital Activism is separated from Hacktivism by Computer Crime Computer Crime is well defined:▪ UnauthorisedAccess to computer material▪ Unauthorised access with intent to commit further offences▪ Unauthorised acts with intent to impair the operation of a computer▪ Making, supplying or obtaining article for use in computer misuse offencesHactkivism is separated from CyberTerrorism byTerrorism Terrorism in this context is well defined▪ Anything designed to interfere with or seriously disrupt an electronic systemand▪ Use or threat to influence government or intimidate the public and▪ Use or threat is made for the purpose of advancing a political or ideologicalcause8
    7. 7.  Software distribution Website mirroring Defacements Typosquatting Redirects Denial of Service Attacks (DOS) Web Sit-ins Email Bombs Distributed Denial of Service Attacks (DDOS) Opt-In Botnets Malware Botnets Doxing SWATting9
    8. 8. Denial of Service An attempt by an attacker to deny a victimsservices to it’s users.1. Exploit that causes victim to fail2. Resource exhaustion:▪ Network Bandwidth▪ Computing Power▪ Memory11
    9. 9. Distributed Denial of Service A Dos launched simultaneously from multiple points Usually a resource exhaustion attack Attackers now build networks (Botnets) of compromised computers(zombies or loads) from which to launch their attacks Large Botnets are now available for hire or to buy for pocket money.121000 Loads 5000 Loads 10,000 LoadsWorld Mix $25 $110 $200EU Mix $50 $225 $400DE,CA, GB $80 $350 $600USA $120 $550 $1000
    10. 10. 13
    11. 11. 14
    12. 12. 15
    13. 13. 16
    14. 14. First known Hacktivism recorded in 1989 Worms Against Nuclear Killers Australian Hacktivists InfectedVMS DECNet systems18
    15. 15. Formed in 2003 from the4chan /b/ messageboardSince 2004 4chan is aforced anonymouscommunityThe Btards Initiallyfocused onpranks, trolling andgriefing19
    16. 16.  Anonymous were ‘politicised’ in 2008 following aseries of actions involving the Church ofScientology. Actions inlcuded: Physical protests▪ Guy Fawkes masks Prank calls Black faxes DDoS attacks▪ Low Orbit Ion Cannon (LOIC) IRC channels used to coordinate attacks.20
    17. 17. Operation Payback (2010) DDoS attacks on the Pirate Bay byMPAA & RIAA Expands to include other copyright-related targets Attacks on Paypal, Matercard andVisarelated toWikileaksOperation Darknet (2011) Targeted child pornography sites on theTor network Release usernames from the site “LolitaCity”21
    18. 18.  Angry Chaotic Constantly changing International Broad themes not specific goals Uncoordinated Unfinanced Differences in philosophy and undefinedsubgroups No long term vision22
    19. 19.  A splinter group formed in 2011 as a result ofOperation Darknet known as Lulzsec 50 day rampage Anti-Sec Movement “Demonstrating insecurity to improvesecurity”23
    20. 20.  Pro-Syrian Regime Hacktivists First seen May 2011 Targeting major news organisations BBC Associated Press Guardian CBS News NPR Also activists Columbia University Human RightsWatch And oddly … FIFA Sepp Blatter 2014World Cup24
    21. 21. 25
    22. 22. The underground community has learnt lessonsfrom Lulzsec They have reviewed the evidence presented incourt Developing guidance: Create a cover Work on the legend Create sub-aliases Never contaminate Produced the “10 Hack Commandments”27