I’m still getting quite a lot of inquiries regarding hactivism, or the use of computers and computer networks as a means of protest to promote political ends. It’s important to be clear on this subject because it can muddy the waters between legitimate political activity and the type of political activity which can cripple businesses.
Easy access to tools such as Metasploit and others, along with an Internet connection, allows anyone to scan for and take over as many systems as they wish for whatever purpose they wish. This provides for the creation of massive scale resources at very lost cost and little risk. Hacktivism is on the increase as more and more of the world is connected and a proportional number of weakly secured systems become available for exploitation.
This capability has given rise to a new form government and commercial foe that is capable of something greater than asymmetric warfare. In essence, there exists little possibility of keeping some secrets truly secret and for the propagation of anarchy at a global scale. Law enforcement’s efforts have little effect on curbing hacktivism. It operates at a scale, anonymity and ease that governments and their laws are incapable of acting upon.
The targets for hacktivism are the classic ones: high profile commercial and government agencies whose public compromise will advance the agenda of the hacktivists. At the other end of the spectrum are businesses and consumers that can be fleeced economically to pay for the efforts of the hacktivists.
Mitigating the Hacktivist Threat
Organizations need to do regular penetration testing and patching of their public facing systems. It’s important to not have any common privileged account credentials in use so that intrusions cannot spread within an organization. Privileged passwords need to be changed regularly and unused accounts (especially superuser), should be disabled when possible. It is also a good idea to consider the implementation of data silos, with appropriate levels of protection to keep outsiders at bay. Consider the use of air gaps for extremely sensitive data so that it is simply not accessible over the Internet.
And, as always, assume that your systems are under attack and some of the attacks have succeeded. What are you going to do next? How are you going find and fix the problem?
Follow us on Twitter.