card image

Today, more people at home, in the office, and on the road are getting hacked but did you know there are several types of bad actor groups which each have a specific reason for attacking? The group that I want to talk about in today’s article is the “Hacktivists”. I will share who they are why they attack, whom they will attack when they attack, and for what reasons.

When hacking first started the goal was just to hack into a local computer or small business network, or conjure ways to steal money. Hacktivists are a group of well-funded individuals whose primary mission is to develop methods to influence policy and bring about change.  Thus, in short, a hacktivist is someone who exercises hacking to illicit political and social change in our world. The term “hacktivist”, was originated in the mid-1980s from the hacker group entitled “Cult of the Dead Cow” 

The time I’m referring to is when the world was transitioning from analog and digital dialup modems and a hacker meant someone interested in how the world worked. Many hacks took place including the cDc called Back Orifice which was responsible for establishing the first “hacktivist” campaign created around the fictitious Chinese Hacker Group called the “Hong Kong Blondes” It was after this juncture that the world changed and more people were upset with the political and social policies could start to affect change.

Hacktivists as you can see our a very special group that has a clear focus on what they will and will not do. There are many components hacktivists use to disrupt policy, government, and infrastructure. There is a specific cycle they use starting with the recruiting and operation of the announcement to attack. The next stage is called reconnaissance is known as social engineering, vulnerability scanning of devices and the human targets they affect. After the scanning phase, they proceed to the application/web and mail server attack using scripts writer in XSS (cross-site scripting), SQL (structured query language), and BF (Binary Format) Which is the lowest level of code that can be written as it operates at the machine level.

Now that the basis of the attack has started, they proceed with doxing which means in short dropping dox or known as the act of revealing someone online’ s pi (personal information). PI or personal information refers to their full name, address, phone, email, social security number, account numbers for either credit card or any suppliers they do business with, their passport, or anything else that would allow someone to gain access to who you are.

Then they will usually attempt to initiate a DDoS or distributed denial of service attack. A DDoS is when several online devices send fake traffic to overwhelm a server usually referred to as a botnet. Imagine you had a website it could only handle 5000 visits per minute and suddenly it was now receiving 15,000 requests per minute, thus the server would not be able to respond to requests. Continued traffic of this nature would prevent the server from recovering, crashing, and be unusable. Now imagine that the servers were linked together and the attack spread thus taking down entire networking, or info structure with one or several data centers across the globe.

If you think they are stopping here, think again now it’s time to move on with the social media hijacking and web defacement stage. In this step, they take control of the victim’s social media accounts, and website and post content that may either be not suitable for work or other content to damage their reputation. 

Now the victim will get a 2nd warning about accounts such as FB, Twitter, Instagram, Pinterest, TikTok, etc, and that this is their last warning or further damage will continue. If they ignore it they proceed with more application/webmail server attacks and then another DDoS attack. Next, they are given one more notification called the 3rd warning and you guested it more reconnaissance research. If the victims don’t bow to their requested changes they just keep doing it over and over till their network, info structure, and reputations are destroyed.

Now you know a little about hacktivists and their goals let us take a look at who and why they would engage a target to attack. Pretend there is a company that is making a product and packing it in plastic bags. The hacktivists may choose to attack this company, any other using plastic bags, and the manufacturer of bags because it is damaging to the environment.

Another scenario might be that there is a new power plant and they have switched over to providing 90% from nuclear sources. Since nuclear doesn’t agree with something good for our environment they may choose to attack this power plant.

Thus, hacktivists are well-funded and attack companies, governments, utilities, and other info-structures because they don’t agree with the social or political decisions they are making.  One other thing they love to do is Geo-bombing and this is when the hacktivists add a GPS tag that will share with views where the video was shot. If this is not enough they have many people that just do anonymous blogging to share views about a company that may not be trusted to force them to change.

Remember hacktivists are just one type of bad actor but they do comprise a large percentage of the types of hacks that affect the internet and its many resources connected to it. More articles to follow about other types of hackers and their goals.