I’m still getting quite a lot of inquiries regarding hactivism, or the use of computers and computer networks as a means of protest to promote political ends. It’s important to be very clear on this subject because it can muddy the waters between legitimate political activity and political activity which has potential to cripple businesses.
Easy access to tools such as Metasploit and others, along with an Internet connection allows anyone to scan for and take over as many systems as they wish for whatever purpose they wish. This provides for the creation of massive scale resources at very lost cost and little risk in order to pursue all sorts of endeavors – both good and evil. Hacktivism is on the increase as more and more of the world is connected and a proportional number of weakly secured systems become available for exploitation.
This capability has given rise to a new form government and commercial foe that is capable of something greater than asymmetric warfare. In essence, there exists little possibility of keeping some secrets secret and for the propagation of anarchy at a global scale, with little in the way of tools to protect the status quo. Law enforcement’s efforts have had little effect on curbing hacktivism since it operates at a scale, anonymity and ease that current governments and their laws are incapable of comprehensively acting upon.
The targets for hacktivism are the classic ones: high profile commercial and government agencies whose public compromise will advance the agenda of hacktivists. At the other end of the spectrum are businesses and consumers that can be fleeced economically to pay for the efforts of the hacktivists.
Mitigating the Hacktivist Threat
Organizations need to do regular penetration testing and patching of their public facing systems. It’s important to not have any common privileged account credentials in use so that intrusions cannot spread within an organization. Passwords need to be changed regularly and unused accounts (especially superuser), should be disabled where possible. It is also a good idea to consider the implementation of silos of data with appropriate levels of protection to keep outsiders at bay. Consider the use of air gaps for extremely sensitive data so that it is simply not accessible over the Internet via means.
And, as always, assume that your systems are under attack and some of the attacks have succeeded. What are you going to do next? How are you going find and fix the problem?