Hacktivists emerge as key security trend
This year is likely to see an increase in attacks against companies and governments that operate in a “shady” manner.
This is according to Daniel Cuthbert, assessment manager at SensePost, who says activists can take control of Web applications at the click of a button.
Kaspersky Lab identified the rise of hacktivism as one of the key security trends of 2011, while Time magazine named 'the protester' person of the year.
Last year, groups like Anonymous, LulzSec and TeaMp0isoN instituted various operations against law enforcement agencies, banks, governments, security companies and major software vendors, says Kaspersky Lab expert Costin Raiu.
According to Raiu, whether working together or against each other, these groups emerged as among the main actors of 2011. He says incidents that brought them into the spotlight include breaches of networks belonging to the United Nations, security intelligence firm Stratfor, FBI contractor IRC Federal, US Defense contractor ManTech and the CIA.
A glance at 2011
One notable incident of 2011 was the exposure of an underground child pornography Web site by hacktivist group Anonymous. The group hacked into systems accused of hosting Lolita City, a child porn site, and published the names of alleged users.
In a more controversial attack, Anonymous teamed up with TeaMp0isoN in a bid to take money out of US bank accounts and donate it to charities.
In SA, various hacks were carried out against the African National Congress Youth League's Web site. In a separate incident, after a majority of MPs voted in favour of the Protection of Information Bill (POIB), in November, sections of Wikipedia's article on the African National Congress (ANC) were temporarily blacked out. Defacing the article was viewed by some as a demonstration of how information could be censored “to protect ANC members from scrutiny”, if the Bill were to come into effect.
Ease of access
Cuthbert argues that the ease of gaining access to networks has contributed to the rise of hacktivism.
According to Raiu, some of these incidents revealed major security problems, such as the storing of CVV numbers in unencrypted format, or extremely weak passwords used by administrators.
Cuthbert says many of last year's major hacks - that did not have a criminal element - were easy to carry out. He argues that Sony showed a disregard for security, making a breach easy, while the attacks on HBGary Federal, Endgame Systems and Stratfor were all rather basic in their approach.
Other contributors to the rise of hacktivism include the growth of the Web and a general dissatisfaction with big business and governments, notes Cuthbert.
He points out that people are increasingly pushing their entire existences onto the Web. Added to this, due steps and checks are not implemented to protect this information, which results in security breaches.
Kaspersky Lab also warns that this year will see an increase in targeted attacks.
“If 2011 was anything to go by, 2012 will see an increase in attacks against companies or governments [that] operate in a shady manner,” says Cuthbert.
According to him, targeted attacks like Duqu and Stuxnet demonstrated that attacks that blend business and hacking will become the norm. “Duqu's main aim was to steal secrets from the chemical industry. Stuxnet was an attack against one government's nuclear infrastructure, rumoured to be another government,” he explains.
“Your average activist can now use tools, once deemed hard to understand and operate, to take control of Web applications at the click of a button,” warns Cuthbert.