Skip to content

They are Not What You Think They are … They are Hacktivists

by Pierluigi Paganini on May 6th, 2012

Article Published on The Hacker New Magazine – May Edition “They are Not What You Think they Are … they are hacktivists”

During the last couple of years we have witnessed the escalation of operations conducted by the Anonymous group, the hacker group that is expressing a social dissent through cyber attacks.

In today’s society technology plays a crucial role and is used as a new cultural vehicle, and even aggregation element or carrier to express dissent against the policies of governments and private companies.

Groups like Anonymous are maximum expression of a phenomenon defined “Hacktivism” that refers the usage of computers and computer networks to express social protest or to promote political ideology. If you believe that this form of protest is recent you are wrong, the term in fact was introduced for the first time in 1996 by a member of famous group of hackers the Cult of the Dead Cow hacker named Omega. The hacktivists use to attack systems and architectures using legal and illegal tools to perform their operation of protest such as denial-of-service attacks, information theft, data breach, web site defacement, typosquatting and any other methods of digital sabotage. Forms of hacktivism are carried out in the belief that proper use of the technical tools will be able to produce similar results to those produced by regular activism or civil disobedience to promote political ideology.

Anonymous collective is now the incarnation of the hacktivism concept that has monopolized the world wide attention on the phenomenon. The group and its operations are glaring at the center of a heated debate, public opinion and industry experts are divided between those who believe the collective is a group of cyber criminals and those who take due account of the phenomenon, trying to understand the dynamics of its genesis and not neglecting the value added to their participation in social dialogue.

We must consider that Internet world is profoundly changing due the continuous acts of hacktivism, the related operations represents one of the major cyber threats. The attacks of these groups produced the same effects of those perpetrated by cyber criminals or governments to offend strategic objectives, for these reasons cyber protest must be taken into serious consideration in cyber strategies for the defense of a nation.

According the study “Data Breach Investigations Report”, published by Verizon, hacktivists stole almost twice as many records of ordinary cybercrime from organizations and government agencies.

The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide. An impressive number of attacks made by activist with regular frequency have been registered during last year causing a great deal of effort responding to the cyber threat. Cyber activists use hacking techniques to perform their operations involving critical masses made of ordinary people. The type attacks more diffused is without doubts the Distributed Denial of Service (DDoS) attack, which attempt to make a site or service unavailable to its users due an enormous quantity of request sent in a short period. Hacktivists are demonstrating increasing skills in their attacks and we expect increasing in number of their operations with possible extensive damage.

In the past, Anonymous supporters have used a program called LOIC allowing them to join in an attack on a particular website, flooding it with unwanted traffic, the group has also released on the web instructions and videos on how to conduct this king of operations. In terms of media Anonymous group can be a lesson to many. However, the latest attack I believe represents an element of further development for the group, although it is always a DDoS type, the method used has profoundly changed in the conception.

The recruitment campaign for the attack has also served major social media being able to engage in this way an impressive number of participants with devastating consequences for victims. Hence the web and social networks like Facebook and Twitter have been flooded by messages of affiliates to the group, a media campaign in style. Anonymous in this way has raised the bar, even a user without his knowledge by simply visiting a web page without him interaction, has started to flood a victim with unwanted traffic.  The trick is possible simply hiding within the web pages procedures JavaScript developed specifically that the web browser interprets, the unique defense option is to disable JavaScript in the browser.

Hacktivism has made ​​a quantum leap with this new method for two simple reasons:

  • The first is that without a doubt the offensive force has increased dramatically.
  • The second, more subtle but formidable in my opinion, is that from a legal standpoint it is hardly attributable to each user a criminal liability. A user who participates in the attack, unlike what happened before with Loic, today could not always claim to be aware. This subtle aspect could be stimulus for a wide category of undecided who share the ideology of the fear of incurring legal process by participating in operations.

The cyber war between governments and groups of hacktivists such as Anonymous has an important social connotation, popular movements that through technology known their disagreement and fight for the conquest of freedom. The fight for freedom of expression, the total aversion to any form of control and monitoring, reporting of abuse of power and blatant violations are the main arguments that incite to the action groups of hacktivist, however, the boundary between interpretation of an operation as a simple act of protest or as cybercrime is thin. While many operations are limited to DDoS against few web sites in more than one occasion, the disclosure of information acquired through hacking systems have exposed sensitive data to public opinions with serious consequences.

It’s happened last Christmas when Wikileaks has published with the support of Anonymous more than five millions of email from Texas-based global security think tank company Stratfor, a global intelligence firm.
WikiLeaks and Anonymous,  a strategic partnership between the major expression of hacktivism culture, two forces that together are able to frighten the world’s great, the new alliance against dirty affairs.  The hack of the Stratfor Global Intelligence service was made by the same collective Anonymous who disclosed company website and also the full client list of over 4000 individuals and corporations. They gained access to a subscriber list stored on, and that list contained unencrypted credit card data of the customers. The published email demonstrate that Stratfor company was providing confidential intelligence services to several corporations, such as Lockheed Martin, and also to government agencies such as the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The exposed material shows how Government and diplomatic sources all around the world give Stratfor firm advance knowledge of the events and of the politic strategies, all in exchange for money.  A great spider of informants, government employees, embassy staff and journalists, recruited in everywhere and paid through Swiss banks accounts and pre-paid credit cards. The mutual cooperation had already been manifested when the Anonymous group opposed to the actions tied against the founder of Wilileaks Assange accused of publishing hundreds of Thousands of secret U.S. government cables beginning in December 2010. The US government applied as penalty the block of economic support to the group and PayPal, MasterCard and Visa blocked payments to WikiLeaks, which relied on donations to lease infrastructures. To protest against the penalty, Anonymous arranged massive attacks against these financial institutions. Of course the actions of groups of hacktivists represent a serious threat to private industry and the national security of each country. The group’s attacks have been shown to bring the blocking of services provided by a company, to gain access to sensitive information whose disclosure could undermine the internal balance of a country and its relationship with allied states. And it’s for this reason that hacktivism is considered within a cyber strategy a major cyber threats that can cripple with his attacks critical infrastructures, financial services and government agencies.

Groups of hacktivist are considered as uncontrollable variables in the cyber space capable of surprising us with striking operations worthy of the most skilled cyber army.

Are we able to mitigate the risks of exposure?

The cornerstone of the hacktivism is the recruitment of common people through social media to engage in protests, powerful machine that moves announcing its arrival and producing a loud noise. This undoubtedly provides two advantages:

  1. Knowledge of group policies.
  2. Ability to operate covert actions against strategic objectives by exploiting the group’s operations as a diversionary action.

Governments and law enforcement agencies understood the offensive potential of the group has accelerated the implementation of measures to control the main channels of communication adopted by hacktivist. Monitoring systems increasingly powerful have been implemented and are being acquired, they are tool able to correlate events and activities within main social media and search engines.

My thought is shared in many environments, and many experts are convinced that the phenomenon Anonymous goes analyzed from another perspective in some ways innovative.

Is it possible to use the Group and its function as a cyber weapon? How is it possible?

It is widely believed that it should be carried out intelligence operations aimed at infiltrating the system, become an integral part to affect its operations. Similar operations could benefit the needs of the group has to involve a critical mass of people for their attacks, unthinkable not to leave traces. In a hypothetical phase two does not makes sense to destroy it. It could be more profitable influence their actions against strategic objectives for cyber operations or planning military operations behind a coverage diversionary action conducted by groups like Anonymous. Many consider this approach impractical, while feeling extremely efficient as cyber weapon the model of social protest through new media. At this point there may be fake cells that hacktivists recruiting ordinary people directing attacks against institutions and hostile governments. The group has always been driven by purely political motives, and for this reason, imagining it for strategic planning of operations could destabilize an opponent government exaggerates the tone of the internal political debate. We found in more than one occasion how dangerous it can be a breath of wind of protest through the new social media.

Assumed the possibility of using groups like Anonymous, or rather its model of protest, as a cyber weapon who might be interested in its “recruitment” and what are related risks?

Obviously the idea is very appealing to all governments that tend to conceive cyber definitely aggressive strategies, but that need guarantee a low media exposure.  How to approach the dangerous groups and with what risks?

Intelligence operations and study of the phenomenon are preparatory to the approach, but with regard to the possibility of infiltrating the group of course this could be achieved by conditioning, for example through financial compensation and other benefits, the medium and high level representatives of the groups, those people that define the strategies of protest. The risks are related to the negotiation with unstable and mutable organizations that we know too little, but history teaches that such agreements are possible and have occurred in the past such as between states and criminal organizations.

The threat of cybercrime and those made ​​by the actions of protest of groups of hacktivists are sources of considerable concern. Gen. Keith Alexander, current director of the National Security Agency warned regarding the possibility that groups of hacktivist will have the ability in short term to bring cyber attacks to the national power supplies causing a limited power outage in the US. .
Power supplies are just one possible target together with telecommunications systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems and emergency services.  The profile of cyber assaults against US government and corporate targets is increasing manifesting high skill in the cyber strategy of the attacks. Gen. Alexander declared :

If forces like those of hacktivist have the technical capacities and critical mass such that they can influencing foreign policy, are we sure that among their goals there are critical infrastructures?

Why we intend to define the components of Anonymous cyber-terrorists and cyber criminals?

Mr. Richard Stiennon, Chief Research Analyst at IT-HARVEST, draws some distinctions in the definitions as well. A cybercriminal is generally motivated purely by profit. That is a different goal than cyber espionage, which seeks to access intellectual property for military or industrial strategic advantage, or cyberwar, which focuses on actually sabotaging infrastructure, disrupting critical systems, or inflicting physical damage on an enemy.

Do you recognize anonymous in one of these definitions? Does Anonymous want this?

In an official message to the Wall Street Journal Anonymous regarding the accusation has written

“Ridiculous! Why should Anonymous shut off power grid? Makes no sense! They just want to make you feel afraid.”

in the past weeks I had anticipated the possibility that someone could use the name Anonymous in other operations, from cybercrime to intelligence operations made by hostile governments, that is why I defined Anonymous a cyber weapon.
The reputation of the group may paradoxically create many problems to the group itself, the audience to which the collective targets is not in fact capable of distinguishing false messages, and infiltration attempts that are occurring and will occur with increasing frequency.
A mud machine could be set up to discredit the group, or the operation made by unscrupulous criminals who try to benefit from favorable situation for criminal activities, such as to spread of malware, useful for realization of fraud. Third hypothesis is anything but fiction that one foreign government is exploiting the emotional involvement in the collective to collect an impressive amount of information on participants in operations.

Is hacktivism only a threat or also a voice to listen?

Some forms of protest are for sure illegal but we must consider that they are expression of dissent shared between large communities, they are the voice of masses. The demonstration is inside the number behind each attacks, this guys are not alone, they have a lot of common people behind. The main events of protest in the history were always characterized by elements of illegality due their connotation of opposing the governments in question. From legislative perspective we must distinguish hacktivist from cyber criminal. Although the damage of the shares are to be considered in high regard, there are countless methods of judgment about the actions of Anonymous and similar. We must consider the reasons on genesis of this type of movements, otherwise we will not have framed what I consider a historical phenomenon.

In terms of security, the group is without doubt to be considered as a threat due the capabilities shown and objectives selected, politically I think that Anonymous is a voice to be taken into account. Ideologies do not repress it with the arrests.

What we will aspect for the future?

These attacks observed should lead us to some reflections, I think the group is a time of transition, despite having reached a critical mass of supporters began to split into numerous cells scattered throughout the world. For now, these cells appear to be driven by common goals, but what will happen tomorrow? In a heterogeneous scenario the risk that external agents can infiltrate the group influencing policy is concrete.  New operations can be organized in the name of the group with unpredictable consequences, foreign states or law enforcement may involve masses of people and convinced unaware hacktivist to conduct ideological battles. What guarantees the group can provide to its supporters? Will the core of the group like Anonymous be able to capillary check any communication made globally with its brand? Of course not!

I think for this reason that the groups of hacktivists should change their strategies, they are obliged to appear in new forms, probably in the future presented itself to the world with their representatives. The time of hiding, in the form of protest could begin to decline. The groups are aware that their attacks may begin to serve to a third cause, not only their own. Analyzing for example the Anonymous case, we must distinguish two phases of Anonymous phenomenon, the first one that I define “Here I am, know me and learn to live with my judgment” is the one we are leaving, in this phase the group introduced himself to the world, showing their offensive capabilities but also a broad support enjoyed by. The second phase, named “Openness”, is the one we will live in the next months, in this phase the group will tries to try to talk with institutions, will operate on internet but also in the street. The stage is very delicate because of the heterogeneous nature of the groups, many hacktivists will not accept the openness to institutions becoming active in a loose, loose cannons in the web that could stage striking and unethical attacks.

This is the worst scenario, the web may soon reign in the chaos and regulations such as the one under discussion certainly would not be able to govern.

About the Author :

Pierluigi Paganini, Security Specialist

CEH – Certified Ethical Hacker, EC Council

Security Affairs ( )

Email :

(Security Affairs – Hacktivism)