Wednesday, July 09, 2014
Beware the activist: Securing files against hacktivism threats
As social activists increasingly use cybercrime techniques to get their messages across, companies and governmental organizations need to secure their files and sites to avoid falling victim.
Brazil's crushing defeat to Germany in the 2014 FIFA World Cup semi-finals wasn't the only tragic incident to strike the country and the wider community during the international sporting event. A number of websites belonging to World Cup sponsors and affiliated with the Brazilian government have fallen victim to hacktivism, with responsibility claimed by the high-profile group Anonymous.
According to Forbes Magazine, Anonymous Brasil created Operation Hacking Cup (#OpHackingCup) to "protest social injustices surrounding the World Cup through a series of DDoS and website defacement attacks." In addition to targeting the Brazilian Federal Police and other public agencies, the group has hacked large corporations that sponsored the events, including Adidas, Emirates airline, Coca-Cola, and Budwieser. Reuters reported that Anonymous has succeeded in conducting a large-scale cybersecurity breach by extracting and posting 333 documents from the Foreign Ministry's network.
Regardless of people's opinion regarding Anonymous's stance on social issues—including the high spending in preparation for the World Cup games—these incidents bring to light larger, looming cybersecurity concerns and the need to keep networks, sites, and documents safe from activists who use hacking to send a message.
Hacktivism on the rise?
Outside of Brazil, Anonymous has also announced intentions to conduct digital attacks against countries it believes are assisting the radical Islamic jihadist group ISIS with funding or arms. Governmental sites in particular will be targeted, according to a separate Forbes article, but individuals and other entities may come under fire in these or similar campaigns.
"We plan on sending a straightforward message to Turkey, Saudi Arabia, Qatar, and all other countries that evidently supply ISIS for their own gain," an Anonymous representative told the magazine. "We are unable to target ISIS because they predominately fight on the ground. But we can go after the people or states who fund them."
It goes both ways, too. Forbes mentioned that ISIS has also been linked to hacking and cyberattacks in efforts to advance its own agenda. The Syrian Electronic Army previously hacked a number of sites, such as The New York Times and Forbes.
Even organizations that are indirectly linked to issues that hactivists want to fight or expose may be pursued for their data or to demonstrate cyberattack abilities. For that reason, entities should make sure that their resources and accounts are strongly secured.
Fortifying systems against hacktivists
While not all cybersecurity incidents are tied to hacktivism, the efforts add to a growing overall threat. CNET reported that a Kaspersky survey revealed 91 percent of organizations had experienced a cyberattack in the previous year. In terms of hacktivism, governmental agenices as well as corporations in key industries—such as the energy sector—are particularly vulnerable.
In addition to implementing solutions that can withstand techniques such as DDoS attacks, companies can avoid falling victim to hacktivist efforts by bolstering their system with secure file sharing and data storage solutions. A proactive stance is a must—Chester Wisniewski of Sophos mentioned to CNET that businesses have shut down because of hacking attacks.
The right tools and expert approaches incorporate leading encryption and security measures to keep data safe from attackers while providing monitoring and account management to assist in the event the network is targeted.