Hackers Shift From Petty Thuggery to Large-Scale Data Heists
Cyber-attacks have dominated headlines this summer as government agencies, large organizations and small businesses have been hit by malware, distributed-denial-of-service attacks and network intrusions. On the personal front, individuals' email and social networking accounts have been hijacked.
Most cyber-attackers are motivated by money, whether it's by looting bank accounts or selling stolen information to other criminals, said Josh Shaul, CTO of Application Security. However, there's been a surge in politically motivated attacks in the past few months as a number of groups including the notorious hacker collective Anonymous turned to cyber-attacks as a form of protest.
PandaLabs researchers predicted this past December that the cyber-protests that have added the word hacktivism" to the English language will continue to grow in frequency because it's been so effective in getting attention.
In the past few months, even hacktivism has been transformed as tactics and motivations have evolved. In the past, cyber-protesters generally defaced Websites or launched DDoS attacks to express their discontent.
In these DDoS attacks, Websites were overwhelmed with large volumes of server and database requests and became inaccessible to legitimate site visitors. For the most part, the majority of hacktivists relied on low-tech techniques for its activities, Shaul said.
Anonymous encouraged supporters to download the Low Orbit Ion Cannon tool and to "fire" millions of packets at the targeted site. The program didn't do anything overly complex other than to use an automated script to repeatedly send a simple request to the target Web server in a very short period of time.
Some of their past targets included "anti-piracy groups," such as the Motion Picture Association of America and the Recording Industry Association of America; businesses that cut off ties with WikiLeaks; or even the totalitarian regimes in North Africa facing pro-democracy demonstrations.
Things changed when Aaron Barr, then-CEO of HBGary Federal, bragged about having unmasked the identities of several Anonymous members. Some members breached HBGary Federal's email server in February and posted stolen emails and sensitive documents onto a wiki, WikiLeaks-style.
Several researchers told eWEEK that the attack on HBGary Federal was a sign of hacktivists adopting new and more aggressive tactics to express their displeasure.