Hacktivism and Cyberspies – The New Reality of 2017

| Jeannie Warner
Jeannie Warner
Security Manager, WhiteHat Security

Hacktivism has been a fact of life even before the rise of Anonymous. In 2016, we saw a tidal wave of global hacktivism and cyber spying, and this trend will continue in 2017. The social unrest around the world is ripe for escalating hacktivism, and it is increasingly fueled by goals of propaganda and profit rather than altruism.

We will see the explosion in size of Anonymous-related hacks, as evident by their activity on issues in 2016, like the Dakota Pipeline and Trump’s presidential campaign. Anonymous’ strength: anyone can join for a day; there is no membership criteria; and no knowledge required. Anonymous’ weakness: no organization beyond social media; limited skills in some cases; and relevance to the common citizen. In other words, some of the causes they choose to embrace are either not clearly understood or appreciated and agreed with by the average person on the street. Anonymous has been dedicated to exposing and fighting social and economic injustice, but the public reactions to doxing, an harassment tactic of hacking and publishing a person’s private information, have lessened due to overload. Additionally, the purity of the hacktivist cause has been diluted with the rise in profit-related information theft. As 2017 unfolds, we will see more amateur hackers join Anonymous with noble intent, while the pros head for profit-based groups, either through state-sponsored hacktivism or criminal profiteering, or in some cases both.

It will be interesting to watch the Intelligence Community sort out hacktivism versus cyber spying. Russia’s penetration of the DNC and John Podesta’s personal email account made public a tip of the iceberg of the cyber warfare that has been going on for decades. Having clear evidence of one nation interfering with the political elections of another is unusual; normally nation-state hackers better cover their tracks. In 2016, the evidence of meddling wasn’t shocking enough to create public stir mid-elections in the United States. I foresee this activity will continue in the European Union (EU) during their 2017 election cycle, as nation states that might wish to see that economic block broken up again, will manipulate other nations’ voters toward populist or xenophobic views favoring an EU exit over the next two years.

China and the U.S. government pinky-swore off commercial hacking for profit last November, which is a mutually good practice after the Office of Personnel Management hack that exposed millions of American federal workers and their personal information. Whether or not the Panda groups—known as Deep, Putter, Emissary, Goblin, Numbered, and by extension, Hidden Lynx—were sponsored by the Chinese government, the two nations agreed that kicking one another in the finances and exposing the personal information of government employees was more war-like behavior than either wanted. This agreement will likely hold, but China may lack the ability to find and reign in their own hackers—or lack the basic motivation to do so based on the fiscal rewards of hacking intellectual property and records.

Russia has been more active and blatant now that the media is operating in a paradigm in which people expect hacking activity on a daily basis rather than finding it a threat to national sovereignty. This blasé attitude toward nation-state hacking activity will have some negative repercussions: The Energetic Bear hacker group has largely been targeting energy and commercial businesses. Given the election hacking in the U.S., along with the goal to be seen as a world power, we will see propaganda-driven votes to re-join Russia as an attempt to stabilize economic uncertainty—starting with Ukraine. If Russia has the United States as an ally in 2017, it changes the face of politics in more than one political arena. Ultimately, politically driven hackivism has the capacity to precipitate a war.

Although it is as yet uncertain whether the 2016 distributed denial of service (DDoS) efforts were hacktivism or the first salvo in cyber warfare, they were ominous in terms of the potential damage of infrastructure attacks. The effect on the world’s domain name service (DNS) servers, or more to the point, regional ones, is a way of shutting down Internet access. Whether it is non-state hacktivists or foreign governments deploying these attacks, they represented a sinister turn, as shutting down a nation’s or region’s Internet is a way to create devastating economic impact. What would happen if the NYSE, NASDAQ, London, Tokyo, etc. were all taken offline on command?

So what does all this mean to those of us in the security space? Can we do anything to halt or hinder malicious hacktivism and international cyber warfare? I hope so. There have been strides made with research into natural language processing technology, which examines content in the way computers speak with each other (session layer), and in the application layer, which is how processes and programs share information with the end client. This level of packet analysis is almost like parsing human speech, both predictive and responsive. Natural language processing is already at work in some anti-virus engines and protective technologies, but these are going to have to mature quickly. The search for new ways of filtering malicious text in packets has the capacity to find new families of vulnerabilities and identify application attacks.

All security companies should cooperate with information sharing, participating at least in Oasis and the Open Web Application Security Project (OWASP) to share best practices and establish industry standards, as well as Sector-based information Sharing and Analysis Centers (ISACs) for information sharing across critical infrastructure industries. I’d like to see every Internet-connected device be required to pass not only safety testing, but also mandatory testing of the web-control and mobile-control clients to protect the end user from data sharing and the Internet from DDoS attacks. Finally, there must be a new, government-sponsored push to change the agenda of universities and create security-focused education in computer science and mechanical engineering alike. The world desperately needs technology created without the vulnerabilities of the past.

The Author is Jeannie Warner

Jeannie's path to computer security started with Dell tech support, then into a Unix Helpdesk, followed by Network Ops. She went to work at IBM as they were building out their Security Operations Center in 2001, and after a short while became their tech lead. She moved on to security analysis and forensics from there. After 10 years at IBM Security, she left for Microsoft's Security Research Center for a couple more years before returning to the Bay area to go to work for other players... Read More

Learn more about The Cipher Brief's Network here.


Share your point of view

Your comment will be posted pending moderator approval. No ad hominem attacks will be posted. Your email address will not be published. Required fields are marked *