What is Hacktivism? | CrowdStrike

What is Hacktivism?

Hacktivism is a combination of the words “hack” and “activism.” Hacktivists engage in disruptive or damaging activity on behalf of a cause, be it political, social or religious in nature. These individuals or groups often see themselves as “virtual vigilantes,” working to expose fraud, wrongdoing or corporate greed, draw attention to human rights violations, protest censorship or highlight other social injustices.

Hacktivism attacks have increased exponentially in recent years. The rise in this activity is due in part to our collective reliance on the internet, social media and other forms of digital communication, as well as an emotionally-charged global political landscape.

Though many hacktivists claim to have noble intentions and often work in pursuit of equality, justice or improved human rights, it is important to remember that hacktivism falls into the category of cybercrime. It is illegal regardless of the hacker’s motivations or the attack’s outcomes.

Who Do Hacktivists Target?

Hacktivists target entities that they believe violate their values or stand in the way of their agenda. Common targets may include:

• Nation states
• Government agencies
• Corporations
• Religious institutions
• Terrorist organizations

Common Forms Of Hacktivism

Hacktivists rely on a variety of both legal and illegal activities to carry out their agenda. Common techniques include:

Denial of Service (DoS) Attacks:

Malicious, targeted attacks that flood a network with false requests in order to disrupt business operations. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

Doxing:

Exposing personal identifiable information, or incriminating evidence, usually with the intention of having others use that information to harass, intimidate or scare the subject.

Data theft:

Stealing data, intellectual property (IP) or other proprietary information, typically with the intention of carrying out a ransomware attack or selling the data on the dark web.

2022 CrowdStrike Global Threat Report

Download the 2022 Global Threat Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.

Download Now

Examples of Hacktivism

Anonymous

One of the most famous hacktivist groups is Anonymous, or Anon. Formed in 2008, Anonymous rose to fame for their attacks on the Church of Scientology, which first involved leaking private video footage of celebrity members and later involved a DDoS attack on the organization’s website.

In recent years, the Anonymous hacking group has claimed responsibility for some of the largest hacktivist attacks, including those on a number of prominent corporations and government agencies. Perhaps their most infamous hacktivist campaign is “Operation Tunisia”, which targeted several government websites in support of the Arab Spring movement in 2010.

LulzSec

Another well-known hacktivist organization is LulzSec, which was formed by members of Anonymous.

Similar to Anonymous, LulzSec has successfully hacked a number of corporations and police servers for the purpose of stealing data or defacing the site. Some of LulzSec’s most ambitious targets are Fox.com, Sony and the CIA.

Wikileaks

Wikileaks is a political whistleblower site known for leaking classified information or other sensitive data. Wikileaks also waged DDoS attacks against Amazon, PayPal, Visa and Mastercard as a form of retaliation against those organizations for preventing supporters from donating to their cause. The attacks reportedly led to significant corporate losses due to disruption of web services.

How to Prevent Hacktivist Attacks

Given the unique nature of hacktivist attacks, it is important to develop an incident response plan that specifically outlines the process the organization will take to minimize the damage of a hacktivist attack and remediate it as quickly as possible. As part of that plan, organizations should keep in mind that many hacktivists will announce their intention to carry out an attack in advance of such activity. As such, the organization should develop a comprehensive strategy that accounts for the threat of an attack as well as the attack itself.

In terms of prevention, inoculating the organization from hacktivist attacks relies on many of the cybersecurity best practices we recommend for protecting against malware, ransomware and other cybersecurity threats. Our recommendations include:

1. Train all employees on cybersecurity best practices.
Employees are on the front line of your security. Make sure they follow good hygiene practices — such as using strong password protection, connecting only to secure Wi-Fi and being on constant lookout for phishing — on all of their devices. This will make it more difficult for a hacktivist to penetrate the network or computer system and carry out an attack.

2. Keep the operating system and other software patched and up to date.
Hackers are constantly looking for holes and backdoors to exploit. By vigilantly updating your systems, you’ll minimize your exposure to known vulnerabilities.

3. Use software that can prevent unknown threats.
While traditional antivirus solutions may prevent known ransomware, they fail at detecting unknown malware threats and other obscure tools used by hacktivists. The CrowdStrike Falcon® platform provides next-gen antivirus (NGAV) against known and unknown malware using AI-powered machine learning. Behavior-based indicators of attack (IOAs) are leveraged to prevent sophisticated fileless and malware-free attacks like ransomware. Rather than attempting to detect known malware iterations, Falcon looks for indicators of attack (IOAs) to stop ransomware before it can execute and inflict damage.

4. Continuously monitor the environment for malicious activity and IOAs.
CrowdStrike® Falcon Insight™ endpoint detection and response (EDR) acts like a surveillance camera across all endpoints, capturing raw events for automatic detection of malicious activity not identified by prevention methods and providing visibility for proactive threat hunting.

For stealthy, hidden attacks that may not immediately trigger automated alerts, CrowdStrike offers Falcon OverWatch™ managed threat hunting, which comprises an elite team of experienced hunters who proactively search for threats on your behalf 24/7.