7 11 2011

Hacking has been around for as long as there have been computers.  For whatever reason, it seems many of those with considerable computer skills are irresistibly drawn toward breaking things.  Of course, hacking does not need to be a bad thing; penetration testing is all about breaking systems and then fixing them.  Often though, we see news stories about the darker side: e-fraud, identity theft, and DDOS attacks to name a few (some might call these people crackers instead of hackers, but I’m not getting into that argument here).  These attacks usually have pretty basic goals, such as monetary gain or sabotage.  However, recently we have seen more coverage about hacking for political or idealistic purposes.  This concept is called hacktivism.

Hacktivism and hacking in general has surged to the forefront of media coverage in recent years, but it is not a recent movement.  The earliest instance of hacking a computer system for political motives came in 1989 when machines at the US Department of Energy and NASA were hit with the WANK (Worms Against Nuclear Killers) worm, which replaced the login screen with an anti-nuclear message.  The worm originated from Australia, which had a strong anti-nuclear sentiment at the time, so you can at least understand the reason behind the attack [1].  In the last few years, we have seen more instances of activity like this, for various reasons and with varying legitimacy.  One of the most prominent examples came in 2011 when hackers broke into Sony’s Playstation Network and stole personally identifiable information from some 77 million accounts [2].  The attack came soon after Sony’s legal action against a hacker who posted information online about how to jailbreak the Playstation 3.  Sony went as far as to collect IP addresses of people who visited that site, inciting the fury of the internet [3].  Sony found out first-hand how far some will go to protect the perceived anonymity of the internet.

While there has been no arrest in the PSN hacking case, many believed it to be the work of Anonymous, the shadow cabal that the media seems to think is something akin to a terror network.  Many other actions have been attributed to Anonymous, including attacks on Mastercard and PayPal in support of WikiLeaks [4], the release of personal information about executives of various banks in alignment with the Occupy protests [5], and an attack on a child pornography network which led to several pages being taken down for a time and the release of information on those who visited the sites [6].  These types of attacks are the prime examples of hacktivism as it exists now.  Some group (or possibly just a single person) on the internet takes issue with some entity’s actions, so that entity is attacked.

There are different ways you can look at this kind of behavior.  In cases like the child pornography hack, it certainly seems like the hackers did the right thing.  Honestly, who could fault them for trying to eliminate such a network?  Well, as it turns out, it might not have been the wisest thing for them to do.  According to one security expert, such attacks may interfere with investigations and compromise evidence that could have otherwise led to convictions [7].  Other attacks seem politically or ideologically motivated on the surface, but really amount to little more than childish vandalism.  With the distributed nature of many of these hacker ‘organizations’ it’s likely that many that participate in the attacks are merely doing it for fun, and don’t really care about the overall goal.  Sure, there may be a few that legitimately believe in the cause, but I would be willing to bet most just do it for the chaos.  Some attacks even seem hypocritical, as the goal may be to promote freedom of speech but the method involves taking down the website of someone who said or did something controversial, as in the Mastercard/PayPal hack.

There have been many instances in history where protests or other movements have enacted positive social change, but this recent hacktivism movement does not seem to be heading in that direction.  Many attacks are ineffectual, with a website going down for a time with little damage.  The other end of that spectrum, incidents like the PSN hack, is not much better as they involve damage to innocent people (i.e. possible identity theft).  Attacks like that toe the line between activism and terrorism.  This speculation is all beside the fact that the DDOS attacks that are so commonly used by hacktivists are illegal, as are many of their other methods.  So is hacktivism a legitimate way for people to effect change, or is it simply hackers trying to justify themselves?