Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

7/21/2020
05:30 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The State of Hacktivism in 2020

Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet.

Hacktivism is alive and well, if a bit weird, in 2020, says Gabriella Coleman, a cultural anthropologist specializing in hacker culture at McGill University.

At the end of June, Twitter banned the account of the hacker collective Distributed Denial of Secrets (DDoSecrets) and blocked links to "BlueLeaks," the group's data trove of 270 GB of data containing internal records from more than 200 police departments.

The hacktivist collective Anonymous also returned to prominence as its members took actions to support Black Lives Matter protesters, including getting legions of Korean pop music superfans to participate in social media disruptions. 

"BlueLeaks shows that there's still a lot of interest in activist hacking," Coleman says. "In the context of the English-speaking world, DDoSecrets is the hinge between the Wikileaks and Anonymous era and the contemporary movement. They created a platform to keep leaking alive. If it wasn't for them it would be much dimmer. It's still dim because it's such a high-risk behavior."

High-Risk Behavior
While the days of high-risk technical hacks dominating headlines may be gone, the Twitter hijack and BlueLeaks show there are still hackers looking to access secure data — and their reasons remain varied.

One thing that might temper planned hacktivist actions could be "the hammer of the state" in the form of aggressive law enforcement, says Coleman, author of "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous."

DDoSecrets has said they're prepared for the US government to come after them, but Coleman isn't so sure. "The question is whether BlueLeaks will be stamped out in the next few months. But the blocking and censorship makes them more visible," she says.

Organizing groups to participate in social media actions is not prevented under the Computer Fraud and Abuse Act (CFAA), the broad antihacking law that has been amended several times but not dramatically changed since it was passed in 1986. But more technical hacks of networks remain illegal, and prosecutors still have broad leeway in pursuing computer crimes, seven years after the prosecution and subsequent suicide of Internet hacktivist Aaron Swartz under the CFAA. 

Despite the threat of jail time in US federal prison, hacktivists are more willing than ever to risk their freedom for their causes, says Ken Pfeil, a longtime security expert and chief security architect at Tech Democracy, who is moderating an online panel on hacktivism on July 24

"The [Washington Redskins] renaming would've been a ripe target for hacktivism had team sponsors not threatened to take their name off the stadium if the team didn't change [its name]," he says. (The NFL football team decided this month to change its nickname after ignoring 50 years of criticisms that the name was a derogatory term for Native Americans.) However, there are more tools available to hacktivists today than simply taking down or defacing websites, says Pfeil.

"People who don't have the money to influence a company will take other steps. If a hacktivist can take over someone's Twitter account and tie it to Facebook or LinkedIn, the believability takes off from there," he says. "From a disinformation perspective, you can spread severe reputational damage."

Activism as a Disguise?
A report by The New York Times suggests that last week's Twitter breach was perpetrated by a trio of seemingly unconnected individuals, not a group of like-minded hacktivists or a nation-state actor.

However, the attackers wrapped their scam in words chosen to pull at their victims' sense of deserving more, if not justice. The attackers compromised 130 Twitter accounts — including verified users Joe Biden, Barack Obama, Bill Gates, Elon Musk, Kanye West, and others — and sent phony tweets.

"I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled," said one of the scam's tweets. "Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled," said another.

The scam netted over $100,000 in Bitcoin. But whether the hackers had a goal in mind aside from making money remains an unanswered question. 

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:33:58 AM
White Hat to Black Hat
Good article. I feel that Hacktivists walk a very thin line. Their intentions may be altruistic but their impact could cause monumental downstream detriment. 

It's like the saying goes, "The road to hell is paved with good intentions."
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Digital Clones Could Cause Problems for Identity Systems
Robert Lemos, Contributing Writer,  8/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8913
PUBLISHED: 2020-08-12
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a dir...
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183