introduction to hacktivism
DESCRIPTION
Short high level introduction to hacktivism and hacktivist groups in May 2013 to a taught course at a UK university.TRANSCRIPT
1
Introduction to HacktivismMay 2013Phil Huggins
Digital Activism
3
Activism
The policy or action of using vigorous campaigning to bring about political or social change.
4
Digital or Internet Activism
“Use of Technology over large distances to effect change.”
“Grassroots activists using networked technologies for social and political change campaigns.”
“Goal of Political or Social Change + Digital Technology.”
5
Digital Activism - New Actions Maps & Maptivism QR Codes File-Sharing Media Hijacking Trend a hashtag
Search Engine Optimisation
Livestreaming Check-Ins Self-Surveillance Flash Mobs
6
Sources of advice, services and tools for digital activists
Hacktivism
8
Activism vs Hacktivism vs CyberTerrorism
Digital Activism is separated from Hacktivism by Computer Crime Computer Crime is well defined:▪ Unauthorised Access to computer material▪ Unauthorised access with intent to commit further offences▪ Unauthorised acts with intent to impair the operation of a computer▪ Making, supplying or obtaining article for use in computer misuse
offences
Hactkivism is separated from CyberTerrorism by Terrorism Terrorism in this context is well defined▪ Anything designed to interfere with or seriously disrupt an electronic
system and▪ Use or threat to influence government or intimidate the public and▪ Use or threat is made for the purpose of advancing a political or
ideological cause
9
Hacktivism - Actions
Software distribution Website mirroring Defacements Typosquatting Redirects Denial of Service Attacks (DOS)
Web Sit-ins Email Bombs
Distributed Denial of Service Attacks (DDOS) Opt-In Botnets Malware Botnets
Doxing SWATting
Denial of Service
11
DoS
Denial of Service An attempt by an attacker to deny a
victims services to it’s users.1.Exploit that causes victim to fail2.Resource exhaustion:▪ Network Bandwidth▪ Computing Power▪ Memory
12
DDoS
Distributed Denial of Service A Dos launched simultaneously from multiple points Usually a resource exhaustion attack Attackers now build networks (Botnets) of compromised
computers (zombies or loads) from which to launch their attacks Large Botnets are now available for hire or to buy for pocket
money.
1000 Loads 5000 Loads 10,000 Loads
World Mix $25 $110 $200
EU Mix $50 $225 $400
DE, CA, GB $80 $350 $600
USA $120 $550 $1000
13
Online Botnet marketplaces
14
Chimera Botnet
15
Typical DDoS
16
Reflector DDoS
Examples of Hacktivism
18
History
First known Hacktivism recorded in 1989 Worms Against Nuclear Killers Australian Hacktivists Infected VMS DECNet systems
19
Anonymous
Formed in 2003 from the 4chan /b/ message board
Since 2004 4chan is a forced anonymous community
The Btards Initially focused on pranks, trolling and griefing
20
Project Chanology
Anonymous were ‘politicised’ in 2008 following a series of actions involving the Church of Scientology.
Actions inlcuded: Physical protests ▪ Guy Fawkes masks
Prank calls Black faxes DDoS attacks ▪ Low Orbit Ion Cannon (LOIC)
IRC channels used to coordinate attacks.
21
Other major campaigns
Operation Payback (2010) DDoS attacks on the Pirate Bay by
MPAA & RIAA Expands to include other copyright-
related targets Attacks on Paypal, Matercard and Visa
related to Wikileaks
Operation Darknet (2011) Targeted child pornography sites on
the Tor network Release usernames from the site
“Lolita City”
22
What are Anonymous?
Angry Chaotic Constantly changing International Broad themes not specific goals Uncoordinated Unfinanced Differences in philosophy and
undefined subgroups No long term vision
23
Lulzsec
A splinter group formed in 2011 as a result of Operation Darknet known as Lulzsec
50 day rampage Anti-Sec Movement “Demonstrating insecurity to
improve security”
24
Syrian Electronic Army (SEA)
Pro-Syrian Regime Hacktivists First seen May 2011 Targeting major news organisations
BBC Associated Press Guardian CBS News NPR
Also activists Columbia University Human Rights Watch
And oddly … FIFA Sepp Blatter 2014 World Cup
25
BBC hack example
Opsec for Hackers
27
Operational Security
The underground community has learnt lessons from Lulzsec
They have reviewed the evidence presented in court
Developing guidance: Create a cover Work on the legend Create sub-aliases Never contaminate
Produced the “10 Hack Commandments”
blog.blackswansecurity.com