Gadgets Portal
 
Sign up for the weekly gadgets newsletter and get all the news and reviews delivered straight to your inbox.
VIRTUAL PRESS OFFICESTM
(011) 807 3294   itnews@itweb.co.za | Advertise on ITWeb   Wed, 24 May, 15:37:16 PM

Hacktivism and what we can learn from it

Activism has always been present in society, as people have always been revolting against something. Now, according to Bevan Lane of Infosec Consulting, as socio-economic problems get worse, more and more people are finding ways to react against their circumstances.

Sitting ducks

We are all constantly hearing of new attacks, but very few of us are actually reacting.

Explaining why, within the last year, hacktivism has suddenly become so public, Lane says it's a symptom of the current environment people find themselves in, especially in the US, where many highly-qualified people are suddenly finding themselves unemployed, not knowing what to do, and are finding ways to react to that ā€“ hacktivism being one such way.

“Defining hacktivism can be tricky,” says Lane, adding there can be socio-political motivations, a moderate outlaw orientation and sometimes just a humour objective.

“Just walking around the office of any tech company, you are likely to see employees with Anonymous screensavers and backgrounds. So clearly, within the tech community, there are many people who support what Anonymous stands for. But you have to question the motives,” says Lane.

According to Lane, the term “hacktivism” was coined in 1996, but it's a concept that has existed for much longer. Citing numerous old movie titles such as War Games and Sneakers, Lane says, for the most part, hackers were always seen as glorified heroes. Now, however, films such as We Are Legion actually pose the question of what lawful protest on the Web is, as well as the morality of hacktivism.

Some of the current modus operandi used by hacktivists include “doxing” (stealing of personal information with the intention to embarrass the target), swatting (feeding police false information on a target), phishing, social media attacks and social engineering.

When it comes to targets, Lane says hacker groups such as Anonymous have very long memories. For example, in the rationale for the attack on F1, the group mentioned that F1 was one of the only sporting events that did not shun SA during the apartheid era. “So they become a target because they are seen to be an organisation that acts against the principles of fairness and equality ā€“ something hacktivists like to think of themselves as protecting,” says Lane.

Hacktivists vs cyber criminals

Lane questions the distinction between hacktivists on the one hand, and cyber criminals on the other: “The derivative between them is very interesting. I question why we should differentiate between them, when clearly, hacktivists are doing illegal activities.”

Lane says that, according to statistics from Verizon, in 2011, 98% of all data breaches were perpetrated by outsiders. “Don't be a sitting duck,” Lane warns companies. “We are all constantly hearing of new attacks, but very few of us are actually reacting.

“You need to analyse your risk profile ā€“ look at what your track history is with consumer groups,” says Lane, using the example of Facebook hate groups.

“Companies must also develop a proactive communication mechanism through social media, and use traditional press to gain support.”

Lane says FNB is an example of a company that has a good approach to proactive communication. “When the bank went down recently, the CEO immediately took to Twitter to engage with customers and ensure they were kept informed. If they had simply kept quiet and left consumers in the dark, the scenario might have been quite different.

“You should also review your controls, and design and implement them in a way that is better suited to dealing with these modern-day attacks. This should be formalised in company policies and procedures, so in the event of an attack, you aren't running around like headless chickens.

“How you react to a breach will make a massive difference to public perception,” advises Lane. “Effective communications can limit damage, while constant denial and backtracking is a disaster.

“Following a data-centric security approach leverages the business value of data to determine and implement the appropriate level of overall IT security and focuses it in the right areas.”


Our comments policy does not allow anonymous postings. Read the policy here




 
 

 

 



 



Clever clock
The Bonjour Smart AI Alarm Clock from Holi has voice-controlled artificial intelligence that turns it into a personal assistant, while also serving as a smart hub for home automation.

Copyright (c) 1996 - 2017 ITWeb Limited. All rights reserved.
Would you like to see your news here? Contact us for more details at itnews@itweb.co.za

Striata Rackspace Sophos
 
 
  Newsletters

Our free daily and weekly newsletters offer the latest IT and telecommunications news, information and commentary.
  IT Directory

Our annual online ICT Directory. Click here
  Brainstorm

ITWeb Brainstorm is a monthly magazine for decision-makers and other intelligent people. Brainstorm offers content on burning business issues that is fresh, controversial, independent and valuable.
 
Follow ITWeb
 
careerWeb iFashion myDigitalLife defenceWeb Copyright (c) 1996 - 2017 ITWeb Limited. All rights reserved.