Hacktivism: good or evil?

IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics

Wikipedia is always a good source of definitions for technology-related issues. It defines hacktivism as “the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics”. As with any technology, “hacking” and therefore hacktivism can be a force for good or evil.

As websites become ever more secure, so those “hacking” them become more sophisticated in their methods. Over the years, many of the more sophisticated hacks have been carried out by groups of hackers or nation states, rather than individuals. 

LulzSec

Two of the most widely known groups are Anonymous and Lulz Security (more commonly abbreviated to LulzSec). 

However, in the case of LulzSec, the group has (allegedly) disbanded and some of its members arrested. Nevertheless, given the disparate structure of these organisations and the transient nature of their members, it is unlikely that all the members have been caught.

Early attacks

The range of targets for these organisations has been wide. One of Anonymous's earliest targets was the Church of Scientology. The initial attack consisted of making prank telephone calls to the organisation and sending black sheets of paper by facsimile transmission.

This tactic was then added to by its internet equivalent – a denial-of-service attack. This involves sending multiple simultaneous requests for information to the target website, causing it to crash. While some regard a denial of service as relatively simplistic and, indeed, a denial of freedom of speech, it is nevertheless effective. 

Is hacking worse than a physical attack?

Whether hacking is worse than a physical assault, such as sending large numbers of useless facsimiles or holding a mass protest outside the buildings of the Church of Scientology, depends on your point of view. Is it worse? At first sight it might seem so, since those protesting electronically invariably do so anonymously.  

However, some of those protesting physically do so wearing hoods or masks. Of course, like many protests, innocent bystanders can be hurt. During the campaign against Scientology, a secondary school in the Dutch municipality of Deventer and a 59-year-old man from Stockton, California were incorrectly included as targets. 

Unexpected fall-out

Unintended consequences can follow hacktivist attacks. In 2011, LulzSec made an attack on the internet pornsite www.pron.com. LulzSec published 26,000 email addresses and associated passwords, in an apparent attempt to embarrass users. These appeared to include two Malaysian government officials and three members of the US military. 

This triggered an unexpected response from Facebook, which prevented users with the same email address from accessing their Facebook account. Facebook automatically assumed that those users might have the same passwords. 

During the 2013 Zimbabwean election, hacktivist group Anonymous Africa attacked and closed down 50 websites, including those associated with the ruling Zanu PF party

Political hacking 

Many targets of hacktivist groups are of a more overtly political nature. LulzSec, in its short “career”, attacked InfraGard a partnership between businesses and the Federal Bureau of Investigation in the US. It successfully attacked the US Senate and the Central Intelligence Agency websites.

It defaced the InfraGard website, damaged the Senate by releasing some “secure” information, and hit the CIA by taking its site down for over two hours. It also attacked the UK National Health Service, but in this case it performed a public service, merely sending the NHS an email informing it of the security vulnerability it had found. 

Other countries have also suffered from hacking attacks. In Portugal, for example, the websites of the Bank of Portugal, the Portuguese parliament and the Ministry of Economy, Innovation and Development have all been attacked.  

This was apparently in response to police brutality at public protests against austerity measures held on 24 November 2011. But, as with many such attacks, it is not always possible to identify the causes conclusively. 

Hacktivism and the Arab Spring

Not all hacktivists work in secret. In 2011, at the start of the Arab Spring, the Egyptian government tried to shut down the internet. This provoked a response from Google, Twitter and SayNow.  

They collaborated and in a very short time produced a “Speak2Tweet” service allowing anyone, inside or outside Egypt, to leave a message on certain telephone numbers. The messages were then immediately placed on Twitter. The stated motive was: “We hope this will go some way to helping people in Egypt stay connected at this very difficult time.” 

There are other examples of hacktivism against states. When, in 2009, Iranians protested unsuccessfully against perceived widespread election fraud, Anonymous set up an information exchange website called Anonymous Iran. More recently, the Turkish government has taken an increasingly sharp swing to authoritarianism. 

This prompted what, to many people, is an example of “good” hacktivism by Turkish hacktivist group Redhack.  

China has been accused of attacking Japanese sites in its continuing dispute regarding sovereignty over the Senkaku/Diaoyu islands

Giving protestors a voice

Redhack suggested that protesters alleged to have sent illegal messages by Twitter should say their account had been hacked into by Redhack. Redhack said it would “take the blame [for Twitter users targeted by the state] with pleasure”.  

Redhack also advised activists to use Twitter rather than Facebook or Skype because the latter two services confirmed the identities of their users to the authorities, whereas Twitter does not. 

The previous targets of Redhack have included the Turkish Council of Higher Education, the country's police force, army, Türk Telekom and the National Intelligence Organisation. After it offered to assist those targeted by the authorities, the number of followers of Redhack's Twitter account numbered more than 600,000. 

Hacktivism in Africa

A recent example of hacktivism concerns the activities of hacktivist group Anonymous Africa. During the 2013 Zimbabwean election, it attacked and closed down 50 websites, including those associated with the ruling Zanu PF party as well as those of the regime newspaper The Herald.  

Some justified this by pointing out that president Robert Mugabe’s regime was allowed plenty of airtime on state TV to support its own message, while giving none to the opposition. 

Harder to justify was the attack on the website of South Africa-based Independent Newspapers. This was targeted following a pro-Mugabe opinion piece in one edition. Some say the action, an unsophisticated denial-of-service attack, was an unjustified erosion of freedom of speech.  

Others equate Mugabe, who in a judgment by the Council of the European Union on 26 January 2009 was said to be “responsible for activities that seriously undermine democracy, respect for human rights and the rule of law”, with Hitler and applaud the attack.

State-sponsored hacktivism

Hacktivism is sometimes state-sponsored. One large-scale state-sponsored instance, called Titan Rain, occurred over a three-year period commencing in 2006. The attacks seemed to be targeted at US defence contractors' websites and were widely alleged to be the work of the Chinese military.  

While the stories of “Unit 61398” of the Chinese Army are numerous, a larger and, in many respects, more insidious example of state-sponsored hacktivism is that undertaken by Russia. 

The Saudi national oil and gas company, Saudi Aramco, had 30,000 of its computers infected with the Shamoon computer virus

In 2007, in a row between Estonia and Russia over the relocation of a statue in the Estonian capital, Tallinn, another massive cyber-attack took place. Given the complexity of this attack, it is widely believed to have been sponsored by the Russian state: this allegation was made by at least two Estonian ministers of state. 

In the attack, considerable interruptions were caused to many state-related entities in Estonia, also including Estonian financial institutions.  

Russian attacks against Georgia

Stronger evidence pointing the blame at Russia emerged during the conflict with Georgia in 2008, during which Russia re-established its earlier “annexation” of Abkhazia and South Ossetia. Georgian targets included the Parliament and the Ministry of Foreign Affairs websites, which suffered a cyber attack. 

A subsequent study by network security firm Greylogic in March 2009 concluded: "The available evidence supports a strong likelihood of GRU/FSB planning and direction at a high level while relying on Nashi intermediaries and the phenomenon of crowd-sourcing to obfuscate their involvement and implement their strategy."  

In March 2014, during the Russian invasion of Crimea, the Ukraine’s Security and Defence Council stated: “There was a massive DoS [denial of service] attack on communication channels of the National Security and Defence Council of Ukraine, which was apparently aimed at hindering a response to the challenges faced by our state." 

The Ukrainian state-run news agency, Ukrinform, has suffered a similar attack. In the same way that the physical presence of the Russian army was not immediately obvious, because many did not wear uniforms, so too did Russia's cyber attacks take place surreptitiously. 

Chinese military hacking units

Another example of state-sponsored hacktivism is an attack on a number of US companies and federal agencies. The internet security company Mandiant published detailed evidence showing the Chinese Army’s Unit 61398 to be the source of this hacking. Many of the world’s conflict zones are also associated with political hacktivism. 

Like most weapons, hacking can be used for good or bad, to defend freedom or attack it

One that is often reported is the Israeli-Palestinian conflict, but others include India-Pakistan (which began in May 1998, when Pakistan-based hackers attacked the Indian Atomic Weapons Research Establishment in Mumbai) and China’s attack on pro-Tibetan Independence websites, as well as on Taiwan.   

China has also been accused of attacking Japanese sites in its continuing dispute over sovereignty over the Senkaku/Diaoyu islands. China-based hacking has also been suggested as the cause of the demise of the once-huge Canadian company Nortel, which lost a large number of its corporate secrets through hacking emanating from China. 

In a recent UK-related incident, the firm Dattatec, based in Sante Fe, Argentina, launched an arcade-style shooting game in April 2013 in which police on the Malvinas (Falklands) fought British “terrorists”. The Argentine company was then forced to face another battle: a denial-of-service attack from the equivalent of 5,000 computers at once. This attack may have been the work of a lone individual. 

Stuxnet and Iran 

A game-changing event was the development and release of the Stuxnet virus. The virus was uncovered in June 2010, but not until it had caused the centrifuges in Iran’s uranium enrichment programme to spin out of control. It specifically targeted the Siemens control systems for the centrifuges.

While many in the West may applaud the motives behind this attack on Iran’s nuclear ambitions, it undoubtedly changed the rules by causing real physical damage.

While there has never been any formal acknowledgment that Israel and the US were behind the Stuxnet virus, Eugene Kaspersky, co-founder of the Kaspersky Anti-Virus Company, has estimated that the development cost behind Stuxnet was of the order of £10m.

It is therefore unlikely that anyone would have the means to create such an entity without the backing of a nation state.   

Iran launches Shamoon

It did not take the Iranians too long to retaliate. In August 2012, the Saudi national oil and gas company, Saudi Aramco, had 30,000 of its computers infected with the Shamoon virus. This computer virus renders hard drives unusable by writing spurious data over the files stored on them. 

An unknown Hacktivist group, Cutting Sword of Justice, claimed responsibility, but the Iranian state is widely believed to have been behind this highly sophisticated attack. The Saudis have long been allies of the Israelis in trying to thwart Iran's nuclear ambitions. 

So, is hacktivism good or bad? That  depends on your perspective. Like most weapons, hacking can be used for good or bad, to defend freedom or attack it. Perhaps only time will tell whether hacktivism earns a reputation for net detriment or net benefit. 

 


Dai Davis is a chartered engineer and solicitor. He has Masters degrees in physics and computer science.  Previously national head of IT law at Eversheds, he is now a partner in his own law firm. He can be contacted at [email protected]

  

Read more on Hackers and cybercrime prevention