Hacktivism

A portmanteau of hack and activism, hacktivism is the term coined to describe activists who choose to make their stand via the computer. Often hacktivists are portrayed neutrally, occasionally even sympathetically by the media, with a clear distinction made between “hacktivism” and “cyberterrorism”. This is most probably due to the issues many hacktivists hack against. Often the media and the hacktivist will find themselves on the same side, notable cases being the defence of WikiLeaks [http://www.bbc.co.uk/news/technology-11935539], the rebellion in Egypt [http://www.msnbc.msn.com/id/41407082/ns/technology_and_science-security/], and many other key political issues.

Due to the media’s previous history of vilifying all forms of hackers and hacking, hacktivists are treading new, uncertain territory. For a while now hacking and the cyberworld have been changing the way wars are fought, introducing the acts of data warfare, secret stealing, and cyberfighting. Yet these hacktivists are also changing who these wars are fought by. Hacktavists aren’t exclusively versed hackers. Often versed hackers will create and upload hacking tools and programmes, programmes that can be downloaded and used by anyone, turning any computer into a hacktivist device, and anyone into a basic little hacktivist. Below is a copypasta list of the most common tools used by hacktivist;

 

1. Defacing Web Pages Between 1995-1999 Attrition.org reported 5,000 website defacements. In such a scenario, the hacktivist will significantly alter the front page of a company’s or governmental agency’s website.

2. Web Sit-ins In this form of hacktivism, hackers attempt to send so much traffic to the site that the overwhelmed site becomes inaccessible to other users in a variation on a denial of service.

With the advent of geotagging and the ability to geo-bomb Google Earth with YouTube videos, an alternative definition of a web sit-in can be the targeting of a particular locale such as a government building with an overwhelming amount of geo-tagged videos.

3. E-mail Bombing Hacktivists send scores of e-mails with large file attachments to their target’s e-mail address.

4. Code Software and websites can achieve political purposes. For example, the encryption software PGP can be used to secure communications; PGP’s author, Phil Zimmermann said he distributed it first to the peace movement. Jim Warren suggests PGP’s wide dissemination was in response to Senate Bill 266, authored by Senators Biden and DeConcini, which demanded that “…communications systems permit the government to obtain the plain text contents of voice, data, and other communications…”. WikiLeaks is an example of a politically motivated website – it seeks to “keep governments open”.

5. Website Mirroring is used as a circumvention tool to bypass censorship blocks on websites. It is a technique that copies the content of a censored website and posts it to other domains and subdomains that are not censored.

6. Geo-bombing is a technique in which netizens add a geo-tag while editing YouTube videos so that the location of the video can be displayed in Google Earth.^[8]

7. Anonymous blogging is a method of speaking out to a wide audience about human rights issues, government oppression, etc. that utilizes various web tools such as free email accounts, IP masking, and blogging software to preserve a high level of anonymity. [Wikipedia]

 

There are many different forms of hacktivists, hacktivists who hack for their homeland, hacktivists who hack against oppression, hacktivists who hack for one issue, and one issue alone. More recently however we have seen the rise of online, mass hacktivist groups, the most notable being the group called Anonymous.

 

 

 

 

The Lush Affair

Late in December 2010, the Poole-based cosmetics company Lush released a statement saying they’d been hacked. They claimed anyone who placed an order online with them between the 4^th of October and the 20^th of January (this included me, FYI) were now at risk of having their credit card data stolen. Many old media outlets were quick to vilify the hackers, or sketchy in their articles [http://www.bbc.co.uk/news/uk-england-dorset-12248992], but some chose to quote the public, those affected by the attack. “Graham Cluley, a senior technology consultant, said: ‘Why was the customer credit card information not encrypted? If it had been strongly encrypted then, although a hack might have been embarrassing, customers would not necessarily be at risk of fraud.

All companies need to treat the security of their customers’ personal information and credit card data seriously to reduce the chances of hackers being able to cause harm and corporate embarrassment.’” http://www.dailymail.co.uk/news/article-1349513/Thousands-bank-details-risk-hackers-hit-Lush-website.html

This quote, and many more like it, shows that many modern day citizens are v

ersed in computer safety, and believe it to be the resoposability of the website to protect and care for consumers data. Many new media outlets took a very firm stance against the company. They pointed out that the “Lush’s statement leaves plenty of questions unanswered, not least how many records were exposed by the attack and what went wrong with its UK site” [http://www.theregister.co.uk/2011/01/21/lush_cosmetics_hack_attack/], indicating that the time span in which data was put at risk indicate severe incompetence by the company. New media outlets report how “Noa Bar-Yosef, senior security strategist at Imperva, said: “It seems that Lush online application is riddled with vulnerabilities. They even comment on continuing to be a target and so they’re taking the website down. So it’s not just one sole vulnerability that could have been quickly fixed, but lots of security issues which would require a security overhaul.”

He said it appeared that the attack “clearly shows that L

ush was in breach of PCI DSS compliance,” – the regulations that bind etailers who accept Visa and Mastercard payments.” [http://www.internetretailing.net/2011/01/hacked-lush-site-seems-to-have-been-riddled-with-vulnerabilities/]

This difference in media portrayal shows the differen

ce between the uneducated old media, quick to vilify the hackers and victimise the webshop, and the slightly more hacker savvy, slightly more understanding new med

 

ia outlets, who hold unprotected websites and badly designed webshops accountable, calling them out as being careless and flawed. It is in cases like this that we see the start of the fracture separating the media’s portrayals.