Hackers and Hacktivism

Hackers and Hacktivism
Each student will post a thoughtful follow-up comment to the relevant discussion forum for one of these news postings. Comments should be at least 3-4 paragraphs in length and should contain links to other relevant online articles.

Resources:

Security News Video 2 – Hackers and Hacktivism

Welcome to IST-456 Online security news video 2. This is Dr. Gerry Santoro and our topic today is hackers and hacktivism.

Information security managers have to deal with many possible threats to information and communication assets. One of these is the possibility of the intentional compromise of network or system security. The agent of this threat has come to be known as the ‘hacker.’

Hackers use a variety of methods to compromise network and application security. Hacking toolkits and malware development kits are available to support their activities. Hacking organizations have web sites and hold conferences – although the conferences are most likely attended by security professionals as opposed to criminal hackers.

Hacking has many goals – organized crime may sponsor hacking to steal information such as credit card numbers. Nation-sponsored hackers may be after military or economic information. Individual hackers may be trying to gain notoriety or exact revenge against an organization for some perceived transgression.

An analysis of 250,000 hacker conversations from a hacker forum revealed some interesting information regarding hacker methods. For example, in a discussion of attack methods 19% of the discussions were about SQL injection, while another 22% were about denial of service.

The most popular topics discussed were beginner hacking (25%), hacking tools and programs (22%), and web site and forum hacking (22%).

http://net-security.org/secworld.php?id=11794

The threat from hackers is very real and growing. A few examples:

In October of 2007 and July of 2008 hackers used the connection from a ground station to affect the operation of the Landsat 7 and Terra satellites – which are used for Earth observation. It is believed that the attacks came through a commercial satellite station in Norway. It is also believed that the hacking originated from China.

http://www.guardian.co.uk/technology/2011/oct/27/chinese-hacking-us-satellites-suspected

Symantec Corp., a major security firm, announced in October of 2011 that hackers had targeted at least 48 chemical and military-related companies in an effort to steal trade secrets. The attacks used e-mail in an attempt to plant malware dubbed “Poison Ivy” on company computers.

http://articles.boston.com/2011-11-01/business/30346840_1_symantec-chinese-man-security-firm

Symantec also revealed, in early January 2014, that a hacker had stolen, and published, some of the Norton Anti-Virus source code.

http://www.zdnet.com/blog/btl/symantec-confirms-hacker-theft-of-norton-anti-virus-source-code/66367?tag=nl.e540

During Fall of 2011, a Swedish hacker hijacked the Twitter account of a prominent member of Parliament and released details of more than 90,000 private e-mail accounts in a crusade to “let people know they handle their information wrongly.”

http://www.guardian.co.uk/world/2011/oct/27/sweden-hacking-twitter-hijack

Adding to the hacker danger is the rise of the ‘hactivist.’ This is a hacker, who may or may not be a member of a loosely-configured organization, and whose goals are more aligned with social or political activism as opposed to financial or strategic gain.

The most popular example of a hactivist organization is Anonymous, which derives it name from anonymous postings on the 4Chan blog. Anonymous has made the news lately with a number of high-profile attacks.

In February of 2011, it was revealed that Anonymous had hacked the accounts of HB Gary President Aaron Barr. HB Gary is a major security consulting firm whose customers include the US Government. They then revealed a large amount of sensitive information – including how HB Gary had failed to follow even basic security procedures.

http://www.guardian.co.uk/technology/2011/feb/07/anonymous-attacks-us-security-company-hbgary?INTCMP=ILCNETTXT3487

In early Fall 2011, Anonymous hacked a number of ISP’s that hosted child pornography sites in what was called ‘Operation Darknet.’ They then made account details of 1,589 users public.

http://net-security.org/secworld.php?id=11831

In late Fall 2011, it is believe that Anonymous members hacked the security organization Stratfor – compromising SSNs and e-mail information for defense, intelligence and police officials in the US and UK.

http://www.guardian.co.uk/technology/2012/jan/08/hackers-expose-defence-intelligence-officials?newsfeed=true

The thing about hactivist organizations that makes them especially scary is that their motivations are not always clear. An organization could become a target due to some perceived transgression, as happened to Visa and Bank of America when they cut off funds to Wikileaks. Or, an organization could become collateral damage if its ISP is targeted for some other reason.

This concludes IST-456 Online security news video number 2. Please check the syllabus for the due date if you wish to respond to this video.

From University Park, this is Dr. Gerry Santoro hoping that you will ‘Live long and Prosper”