Firms need vigilance in hacktivism age

Motivations behind recent high-profile attacks not new, security experts note. Organizations must be on guard as underground economy allows exchange of hack tools and information, adds one.

Traditional motivations associated with hacking are making a comeback, but while stealth attacks remain more dangerous than hacktivism, organizations must still be on their guard and take precautions against the resurgence of not-for-money attacks, security observers noted.

In the early days, those who created malware or hacked into systems did it for fun and boasting rights. Over time, cybercrooks realized such acts are lucrative and begun to exploit vulnerabilities and security loopholes.

With the emergence of individuals and groups such as Anonymous and LulzSec, non-monetary forms of motivation have again been thrust into the spotlight.

Macky Cruz, technical communications specialist at Trend Micro's TrendLabs, noted that people used to term hackers as "benign creatures" who could easily provide a sophisticated solution to any computing problem or are equipped with "programming prowess".

"These [forms of] attacks are still being seen now, albeit with increasing variations in techniques and varying degree of notoriety," Cruz said in an e-mail. "Today we see a bigger range of attacks that are now done on a wider scale."

Toolkits and expansion packs, exploit pages and botnet services are common items sold in the cybercriminal underground world. This has expanded the scope of hacktivism, which had traditionally been limited to people with specific skill sets, Cruz pointed out.

Today, both veterans and novices can easily exchange information and engage in organized crime which has also contributed to the shifting motivation of hackers, she added.

Guillaume Lovet, senior manager of FortiGuard Labs threat response team at Fortinet told ZDNet Asia that hacktivism is under the spotlight recently "mostly because of the public stunts of groups such as [the] Lulzsec collective".

"Rather than a shift, this is a resurgence of a 10-year-old trend," he said in an e-mail, explaining that hacking for fame, political or pseudo-political reasons was also quite popular in the early 2000s.

However, Lovet pointed out that 99 percent of illegal actions performed on networks are still done either for money or strategic reasons.

Rob McMillan, research director for security and risk at Gartner, concurred that the trend is not new. Hacktivism has been here longer than what most people recall, he said in a phone interview, citing the Internet Liberation Front's use of the Internet in 1994 to voice its displeasure as an example. The WikiLeaks incident represents a newer forms of hacktivism, but the sending of messages via a public platform with a wide reach has been around for a very long time.

Therefore, the motivations of hackers have not shifted but the causes have differed slightly--such attacks these days tend to be for political purposes, McMillan noted.

Hacktivism is all about political messaging, he added. Hackers, he explained, are using the Internet to get their message across, similar to protesters demonstrating at a building.

Stealth hackers "most dangerous"
On which hackers organizations need to be more concerned with, McMillan replied that it would be the ones who do not seek publicity as they are "hard to find". He cited the Stuxnet incident as an example--prior to being made public, it had been "doing its work quietly" and causing danger to users without their knowledge.

In contrast, hacker group Anonymous is "very high profile" but it is not the "most dangerous" group of hackers as "groups like that come and go", he noted.

"With some law enforcement groups at work recently, the group has had its stay in the sun," he said. "It's becoming famous but members of the group are getting identified and arrested so they are slowly losing."

Cruz of Trend Micro warned, however, that while attacks can happen for a variety of reasons, the impact they inflict on affected companies can be brutal.

"It is not which group of hackers is the most dangerous but the fact that the tools they have at their command, whatever their motivations are, are easily available to other groups and cybercriminals," she said. "[These tools] are actively sold and traded in underground forums."

Cruz added that organizations not only have to understand who hackers are in the current context, but also be prepared that their networks will be hacked. Quoting Rik Ferguson, Trend Micro's director of security research, she advised: "Encrypt your data, develop securely, configure correctly, test your defenses effectively, use complex passwords, shield your vulnerabilities and build your systems under the assumption that a breach will happen."

Gartner's McMillan added that corporate entities ought to be vigilant, have up-to-date security and monitor any Web presence purporting to represent their brands. "This is about knowing what kind of messages people will put up about you and how you will refuse those messages," he said.

"It's not really about security, but communication."