Hello and welcome to the era of things that sound made up but are real and often terrible. To your left you will see millionaire YouTuber Jake Paul, to the right is an infected herd of zombie deer, and coming straight at you from every corner of the globe is the website-downing, business-sabotaging work of a group of hacktivists.
Yes, hacktivists – a growing threat to governments and businesses alike. It used to be that in order to be disruptive and garner attention for their causes, activists would have to mobilize for marches and other demonstrations. Now, all it takes is an internet connection and a bit of know-how to bring an organization to a standstill, and many businesses are paying a steep price for it.
A History Of Hacktivism
While hacktivism has only recently entered the common lexicon, the practice of it actually dates back decades to 1995 when the French government’s website went down in the face of an Italian collective incensed at France’s nuclear policy.
However, it is only the past few years that hacktivists have truly begun to make their mark, and it’s largely because of increased digital firepower and ever-evolving technical capabilities combined with increased social and political awareness. The two main weapons of choice for hacktivists are distributed denial of service (DDoS) attacks and vulnerability scanners that could allow politically-motivated groups to steal data from intelligence agencies and other high-profile government groups.
Hacktivists have notably taken to their computers in the Tunisian revolution, the Arab Spring, to fight against web censorship in China, to bring attention to the water crisis in Flint, Michigan, and to protest the police shooting and death of unarmed black teenager Michael Brown. The list could go on. While all of the above-mentioned hacktivist efforts have been for worthy causes – and many hacktivist efforts are – there are problems with these digital demonstrations and disruptions, and as hacktivist capabilities grow, so too do the consequences.
The Problems With Online Activism
There will always be a bill that accompanies DDoS attacks as well as data breaches. For DDoS attacks on government websites, those bills are going to be picked up by the taxpayers, and considering a successful DDoS attack can cost anywhere from $20,000 to $100,000 for every hour of mitigation and remediation efforts, those bills can add up. Relatedly, government websites being unavailable could leave citizens without access to essential information or services.
Hacktivists would probably be quick to argue that these are acceptable consequences for a just cause. Traditional sit-ins or demonstrations would disrupt business and operations the same way DDoS attacks do, but accomplishing a protest online removes the possibility of anyone being harmed in a clash with the authorities.
However, it becomes more complicated once you start to consider how easy hacktivism is, and how widespread it’s getting. While the attacks on the Michigan government websites in support of Flint children are the ones that make the news and garner the support, there are all kinds of so-called hacktivism going on when businesses and other organizations receive bad publicity or even just bad reviews.
It’s now easier than ever to launch DDoS attacks. If a person is willing to pay for a DDoS for hire service, it requires just the barest of internetting capabilities (signing up, making a payment, and entering a URL). This means that outrage of any kind could be reason enough for someone to do real damage to a business, all in the name of hacktivism. While taxpayers can absorb DDoS bills for government entities, many businesses will find themselves struggling to deal with the financial and reputational damage done by these attacks.
A Hacktivism Response Plan
Instead of struggling to deal with the aftermath of attacks, businesses and organizations that have previously been targeted or could foresee themselves being targeted in the future need to get real about the odds that they could be seriously hurt by a hacktivist attack and then get proactive when it comes to dealing with these threats. Essential steps include:
1. Creating A Response Plan
In the event of an attack, who does a business need to notify? Which security solutions need to be activated? Which IT or security employees need to be called in? Who will handle communications with customers, the public and the media? Is there a back-up or offline system? What is going to serve as the war room where IT and security personnel will strategize? How will the organization communicate if online communication systems are down? These are just some of the questions that need to be addressed when it comes to an in-the-eye-of-the-storm response plan.
2. Checking For Vulnerabilities
Attackers routinely use vulnerability scanners to find weak points in a target’s networks and systems, and a red team or other security staff should be working even harder to find potential points of entry that could allow for malware or viruses to be unleashed or data to be stolen. This very much includes the cloud.
3. Improving Security
For many businesses and organizations, protection against distributed denial of service attacks now needs to come in the form of a managed, professional service. Attackers are too sophisticated, IoT botnets are too powerful, and it is simply too costly to have IT personnel dealing with these attacks at the expense of all over IT operations. Improved access management is also a must for many organizations, as are web application firewalls.
4. Monitoring Social Media
Forewarned is forearmed, and if an organization is at risk of hacktivist activity, it’s worth dedicating some time and effort to poking around on social media and seeing what is being said as hacktivists will often discuss plans, including attack specifics that can help an organization easily fend off what’s coming. (As a side note, monitoring social media to see what grievances are being aired about an organization can also help an organization with its public relations strategy and perhaps avert these situations in the first place.)
In this particular era of things that sound made up but are real and often terrible, there’s little to no chance that hacktivist activity is going to decrease anytime soon. However, by taking some proactive
steps, organizations can make themselves less vulnerable and at least make hacktivism less of a threat. The same cannot be said for millionaire YouTuber Jake Paul.