'Cool' image, messaging gain hacktivists public support

Hacktivist groups are increasingly gaining popular support due to their causes being seen as legitimate and the "cool" image portrayed in the media, security insiders point out. Such support can deter people from working in the security industry and lead to even more breaches, they warn.

Uri Rivner, head of new technologies at RSA, pointed out in an interview with ZDNet Asia at the recently concluded RSA Conference that hacktivists were becoming "mainstream"--gathering public support to say that their victims "deserve it", such as illegal organizations, targets who were not well-liked by the public and companies whose security flaws needed to be exposed.

Elaborating, Misha Glenny, a U.K.-based journalist specializing in global organized crime, observed during one of the conference keynotes that hacktivist groups such as Anonymous were very effective at getting their messages across, even entertaining the public through YouTube videos and codes on pastebin.

Hacktivist groups always present their causes as legitimate cases, making the public think that they are doing the right thing in helping companies expose their loopholes or bringing down organizations or individuals that are not popular, Alexandu Catalin Cosoi, chief security researcher at BitDefender noted.

On the other hand, people and businesses often do not see law enforcers as their partner against cybercrime but their adversaries, said Mark Goudie, Verizon's managing principal for Investigative Response in Asia-Pacific.

He explained that it was a "natural reaction" as businesses sometimes feel that by being transparent to law enforcers, they are inviting strict government scrutiny on their business transactions both online and offline.

Cosoi also added that the public support for hackers stemmed from the influence of Hollywood movies, such as Swordfish or Hackers where hackers had been portrayed as "cool" people, with "tremendous power at their fingertips". Alternatively, they were also portrayed as people who eventually helped law enforcers even though they started off as "bad characters", he remarked.

Rising odds against law enforcers
"While hackers have a 'cool' image, there are very few movies about cybercops and what they are up against, so the public may not identify with them," he said.

However, with increasing public support for hacktivists, there will be a lack of people who want to work in the security or law enforcement industry because they did not see it as an "exciting or cool" industry to be in, Cosoi warned.

He added that the public should not be supporting hacktivists because there are more legal ways to protest for a certain cause, instead of exposing confidential data of thousands of people worldwide and making companies lose money.

There will also be an increase in hacktivist attacks due to public support, and there will now be more potential data breach targets, Goudie added.

"The [odds] are stacked against the defenders as they need to defend against all attackers at all times, [while] an attacker has only to breach the information security once to successfully initiate a data breach or hacktivist attack," he said.

Promote IT security image, engage with public
The "coolness" of working in security should be promoted, including areas such as the challenges faced, and the "on-going cat and mouse game" between security specialists and hackers, Cosoi advised.

He also noted that people still tended to see security as a technical job, but the IT security profession must be seen as working for a cause instead.

"If people will want and believe in security, and will want to take part in this 'awesome' field, we might see people joining security companies rather than hacktivism," he said.

Law enforcers should also engage creatively with the public, he said, such as developing interesting cybersecurity videos and advertisements that "tell a story" and "support a cause" so that people can identify with them, he added, pointing out that such techniques are similar to how hacktivists have promoted themselves and their causes.

The Singapore Police Force (SPF) also told ZDNet Asia that it carried out public education talks in schools and communities through grassroot organizations, to increase awareness of cybercrime issues and deter individuals from committing such crimes. Public advisories are also issued through online and print media to alert members of the public when a new cybercrime trend is detected.

"Cybersecurity entails more than simply the prevention of cybercrime, but also amalgamating efforts of public and private sectors agencies to promote a positive cyber security culture," Yvoone Edwin, an SPF spokesperson said. "As such, holistic cyber security education in Singapore requires a concerted effort."