Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

7/21/2020
05:30 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The State of Hacktivism in 2020

Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet.

Hacktivism is alive and well, if a bit weird, in 2020, says Gabriella Coleman, a cultural anthropologist specializing in hacker culture at McGill University.

At the end of June, Twitter banned the account of the Distributed Denial of Secrets (DDoSecrets), a group that leaks documents online, and blocked links to "BlueLeaks," DDoSecrets' data trove of 270 GB of data containing internal records from more than 200 police departments.

The hacktivist collective Anonymous also returned to prominence as its members took actions to support Black Lives Matter protesters, including getting legions of Korean pop music superfans to participate in social media disruptions. 

"BlueLeaks shows that there's still a lot of interest in activist hacking," Coleman says. "In the context of the English-speaking world, DDoSecrets is the hinge between the Wikileaks and Anonymous era and the contemporary movement. They created a platform to keep leaking alive. If it wasn't for them it would be much dimmer. It's still dim because it's such a high-risk behavior."

High-Risk Behavior
While the days of high-risk technical hacks dominating headlines may be gone, the Twitter hijack and BlueLeaks show there are still hackers looking to access secure data — and their reasons remain varied.

One thing that might temper planned hacktivist actions could be "the hammer of the state" in the form of aggressive law enforcement, says Coleman, author of "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous."

DDoSecrets has said they're prepared for the US government to come after them, but Coleman isn't so sure. "The question is whether BlueLeaks will be stamped out in the next few months. But the blocking and censorship makes them more visible," she says.

Organizing groups to participate in social media actions is not prevented under the Computer Fraud and Abuse Act (CFAA), the broad antihacking law that has been amended several times but not dramatically changed since it was passed in 1986. But more technical hacks of networks remain illegal, and prosecutors still have broad leeway in pursuing computer crimes, seven years after the prosecution and subsequent suicide of Internet hacktivist Aaron Swartz under the CFAA. 

Despite the threat of jail time in US federal prison, hacktivists are more willing than ever to risk their freedom for their causes, says Ken Pfeil, a longtime security expert and chief security architect at Tech Democracy, who is moderating an online panel on hacktivism on July 24

"The [Washington Redskins] renaming would've been a ripe target for hacktivism had team sponsors not threatened to take their name off the stadium if the team didn't change [its name]," he says. (The NFL football team decided this month to change its nickname after ignoring 50 years of criticisms that the name was a derogatory term for Native Americans.) However, there are more tools available to hacktivists today than simply taking down or defacing websites, says Pfeil.

"People who don't have the money to influence a company will take other steps. If a hacktivist can take over someone's Twitter account and tie it to Facebook or LinkedIn, the believability takes off from there," he says. "From a disinformation perspective, you can spread severe reputational damage."

Activism as a Disguise?
A report by The New York Times suggests that last week's Twitter breach was perpetrated by a trio of seemingly unconnected individuals, not a group of like-minded hacktivists or a nation-state actor.

However, the attackers wrapped their scam in words chosen to pull at their victims' sense of deserving more, if not justice. The attackers compromised 130 Twitter accounts — including verified users Joe Biden, Barack Obama, Bill Gates, Elon Musk, Kanye West, and others — and sent phony tweets.

"I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled," said one of the scam's tweets. "Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled," said another.

The scam netted over $100,000 in Bitcoin. But whether the hackers had a goal in mind aside from making money remains an unanswered question. 

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:33:58 AM
White Hat to Black Hat
Good article. I feel that Hacktivists walk a very thin line. Their intentions may be altruistic but their impact could cause monumental downstream detriment. 

It's like the saying goes, "The road to hell is paved with good intentions."
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...