Operation Payback and hacktivism 101

Data from over 200 Pen Tests Shows Most Common Vulnerabilities. Learn more now.

Hacktivism is the use of cyber attacks and sabotage to communicate and promote politically motivated causes. It has been around as long as the internet.

Sole hacktivists have always acted in an individual manner to demonstrate their protest, using a variety of different attack methods. One such popular attack has been, and continues to be, the defacement of websites- Microsoft’s website, for example, was displaced with a Saudi Arabian flag.

While these individual acts of hacktivism are inconvenient, something else happens when hacktivists group together – they commonly perform what’s called a Distributed Denial of Service (DDoS) attack. With an increased number of participants they are able to flood a targeted website with traffic so that the server becomes overloaded. As the site attempts to process the large volume of malicious traffic it denies access from legitimate users and often crashes altogether.

Techniques have advanced to automate the process, making the attacks more powerful and thus more able to bypass security controls – the effect, however, remains the same. Let us take a look at the recent Operation Payback which has gained notoriety in the past few months.

Operation Payback is a series of DoS attacks carried out by hacktivists. Their initial goal was to bring down anti-piracy sites, such as the recording and media companies who attempted to act against illegal file sharers. They even attacked law firms who threatened to bring those who illegally downloaded files to court. In the latest chain of activities they have also started targeting organizations that have spoken against Wikileak’s activities or any other form of “Internet censorship”. MasterCard, for example, was attacked by the hacktivist group “Anonymous’ when they refused to process donations to the whistle-blowing site.

How does this group of hacktivists operate? Hackers, in short order, build attack software designed to take down websites and services. This software is then made easily available for download by other hactivists. Once installed on a user’s machine it sits idly waiting for the attack command, and when the time is ripe for the attack a “wake up” call is issued to the malware on the hacktivist’s machine. At that stage the machine will start spurting out the malicious traffic to the specific site. Using the power of the community, i.e. all the involved hacktivists, the target is inundated with voluminous traffic which causes the servers to crash.

When looking at this specific group, we can see that social factors play a significant role. As the activities of Operation Payback received more media attention, the number of hacktivists joining the specific hacktivist network increased.

Modern hacking, in general, is motivated by data theft. Stolen credentials, credit card numbers and so forth are highly valued on the black market. Data is the currency of cyber crime and staying invisible is essential. Hacktivism is not motivated by money and actively seeks to gain as much attention as possible – high visibility is the ultimate goal. Hacktivists are motivated by revenge, politics, ideology, protest and a desire to humiliate their victims- what would be the point of embarrassing someone if they didn’t know who performed the attack?

Another attention-grabbing DDoS attack was executed in June 2009 by hacktivists protesting against the Iranian elections. In this attack hacktivists operated from outside of Iran and targeted government and other state-sponsored websites. As a result, the Iranian government blocked access to different social network sites to prevent netizens from providing coverage regarding the current state of affairs on the street.

A similar hacktivist incident occurred in August 2009 when Russian hacktivists brought down social network services such as Facebook and Twitter. This was their retaliation campaign against a controversial Georgian blogger who had accounts on these networks.

Today, most hacking focuses on financial gain and uses mass-attack techniques to exploit as many victims as possible. Operation Payback, however, shows that, although hacking today is mostly focused on financial gain, techniques for mass attacks, or industrialized hacking, can be cross-bred for hacktivism. Operation Payback is not the first time mass DDoS attacks have been used, as North Korea’s DDoSing South Korea and US sites illustrated. Operation Payback is one of the most successful examples of hacktivism, giving political cyber protests a major boost of adrenalin and inspiration.