What is the difference between ‘hacktivism’ and ‘cyber terrorism’? Despite sharing a singular purpose – to cause damage to an entity, organisation or group – what sets there two categories of hackers apart? Is the answer in the motivation or is it simply in the eye of the beholder? Stephen Coty, chief security evangelist, Alert Logic argues why the motivation ultimately doesn’t matter and the importance of threat intelligence groups to work together to stay ahead of hacktivists.
Hacktivism has been around since the Cult of the Dead Cow in the 80s; only the names have changed. Where we once heard about Chaos Computer Club and the Legion of Doom, we now have high-profile examples like Anonymous, Anti-Sec, and Lul-Sec. This is not a comparison—35 years ago it was mostly demonstrations and denials of service. Now, attacks are exponentially more intrusive and destructive.
With this escalation in damages comes a new name. Cyber Terrorism is a term that the media has been using quite frequently. There have been countless articles on Cyber Caliphate, Cyber Berkut, and Cyber Freedom fighters that are fighting for the rights of freedom and free information around the world. Is changing “hacktivism” to “terrorism” the media’s way of upping the ante on hacking? What is the difference between hacktivism and cyber terrorism? They both seek out the same targets. They have a singular purpose, in its simplest definition—to cause damage to an entity, organization or group. So what sets these two categories of hackers apart? Is the answer in their motivation? Is one viewed as “good,” while the other “bad”? Or is it simply in the eye of the beholder?
ANONYMOUS is a loose association of activist networks that has an informal centralized leadership structure. Beginning in 2003, on the bulletin board 4Chan, anonymous began to recruit and train young people interested in hacking for a cause. Throughout the years, they have run cyber attacks, mostly DDOS (Distributed Denial of Service), against the Financial, Healthcare, Education, Religious Organizations, Oil, Gas and Energy industries. They have also earned a spot on that distinguished list of attackers who have targeted SONY in the past. Anonymous has really changed the nature of protesting, and in 2013 Time Magazine called them one of the top 100 influential people in the world. Supporters have called the group “freedom fighters” and even compared them to a digital Robin Hood. Others consider them cyber terrorists. In the public’s eye, it depends on their motivation, following and targets. The bottom line: This could either be a case of malicious activity masked by political motivation, or pure malicious activity.
CYBER BERKUT, a modern group of hacktivists, claims its name from the special police force “Berkut,” formed in the early 1990s. The pro-Russian group made a name for itself by conducting DDOS attacks against the Ukranian government and western corporate websites conducting business in the region. The group has also been known to penetrate companies and retrieve sensitive data; they would post on public-facing paste sites or their non-English website that includes a section called “BerkutLeaks.” Cyber Berkut was most recently credited for hacking attacks against the Chancellor of the German Government, NATO, Polish websites as well as the Ukrainian Ministry of Defence. The group has been compared to Anonymous based on its methods of protest and political targets. Viewed as passionate about its targets, Cyber Berkut has a clear agenda that it aims to accomplish. However, the group’s ideology in no way diminishes the amount of intended damage that might be inflicted on potential victims.
CYBER CALIPHATE, a hacker group claiming association with terrorist group ISIS, has attacked many different government and private industry entities in the name of the freedom-fighting group. Caliphate is responsible for multiple website defacements and data breaches. The group has hacked various websites and social media accounts, including those of military spouses, US military command, Malaysia Airlines, Newsweek and more. Cyber Caliphate has proven itself efficient and hungry for media attention. This raises the question: Does Cyber Caliphate believe in its stated cause, or is this just opportunistic hacking under the guise of a cause for media attention? What if the group is just looking for fame and fortune? What if the group is not a group at all, but the work of one or two people collaborating with different contributors for specific targets?
MOTIVE DOESN’T MATTER
Is this cyber terrorism, hacktivism or just another set of hackers trying to get famous by jumping on the media’s hot topic of the month? We can wax poetic about standing up for a cause, but the fact remains that attacks are attacks, whether they are motivated by politics, fortune, or fame. And the key to fighting back is Threat Intelligence. Threat Intelligence gathering is key to keeping up with the actions of these groups and their potential targets. Staying ahead of future attacks requires a proper investment in intelligence groups who have the proper tools, people and processes to deliver up-to-date intelligence. Information sharing among intelligence groups from different industries and countries will help expedite the reverse engineering of malicious code and assist in the building of signature content and correlation logic that is deployed to our security technologies. So once attacks are deployed globally, defences have been created and detection logic has been integrated.
By Stephen Coty
Chief security evangelist