Activism via hacking is alive and growing with new attack strategies in 2020. Hacktivists are breaking into websites to promote their social agenda by defending someone else. In this attempt, these actors go on to publish or leak information stolen from compromised websites.
A dive into history
- According to Blueliv, several hacktivists have emerged during the last 12 months - between May 2019 and May 2020.
- These hacktivists primarily operate through Twitter to exchange ideas and information.
- Some of the popular hacktivists’ names include ‘#Oplcelsis,’ ‘#OpChile,’ ‘#OpBeast,’ ‘#OpDeathEaters,’ and ‘#OpPedoHunt.’
- They were found relying on the same Tactics, Techniques, and Procedures (TTPs) that have been in use since 2012.
- The TTPs typically consist of using open-source tools to execute DDoS attacks, web defacement attacks, and finding vulnerable databases to steal information from them.
The present state
- In June 2020, an activist group named Distributed Denial of Secrets (DDoSecrets) had published 269 GB of data stolen from U.S. law enforcement agencies and fusion centers. The data was made available on a portal called ‘BlueLeaks’.
- However, the U.S. federal authorities seized the portal by the end of June and Twitter banned the account of the notorious group for violating the policy on distribution of hacked data.
- In July 2020, another group of hacktivists that goes with the online name of ‘Ghost Squad Hackers’ exploited a server-side request forgery vulnerability to deface a website of the European Space Agency (ESA). The website was compromised for the second time in a week.
- Three Idaho government sites were also hacked and defaced by Ghost Squad Hackers to display a message and a GIF image.
- Unknown actors tied with a broader influence campaign dubbed ‘Ghostwriter’, have been found leveraging spoofed emails and fabricated news articles and quotes to push anti-NATO themes aligned with Russian security interests.
Though hacktivism stems from a legitimate cause, it does not take much for a few of the hacktivist groups to turn into cybercriminals.
- In a blogpost published, CheckPoint detailed a hacktivist group named ‘VandaTheGod’ cementing its transition to cybercriminals.
- The group targeted the U.S. healthcare sector by hacking the sites for US Health and Life, Putnam Health, National Employees Health Plan, and Texas Women’s Health Services.
- In one case, the hackers claimed to sell stolen medical records of 1 million New Zealanders’, for a price of $200 per record.
As far as hacktivism is concerned, many of these operations are carried out with support from a lot of activists raising their voices on various issues. In order to support their cause, they further go on to destroy the reputation of organizations either by launching DDoS attacks or by defacing websites. Therefore, it is important to remain vigilant and be aware of new groups and individuals practicing such activities.