Hacktivism and Professional Attackers

Hacktivism

The word hacktivism is a combination of hacking and activism. A hacktivist is someone who uses system penetration to propagate a political, social, or religious message. The targets of such individuals are mostly high profile Web server environments where as many people as possible see their message.

The level of such a hacktivist is often that of the script kiddy. Because the whole exercise is done to promote the message and not to attack the system, the process of penetration itself is not of particular interest to the hacktivist.

This holds true for most hacktivism. Lately, especially in the conflicts between the United States and China, hacktivism obtained a new face. Hacker groups or individuals ranging from script kiddies and crackers to Black Hats started attacking and defacing Chinese Web sites. The Web pages of political organizations in Afghanistan became targets for hundreds of attackers after the terrorist attacks on the World Trade Center and Pentagon in September, 2001.

Hacktivism of this sort is likely to be performed in a professional manner. The attackers sometimes build teams and attack not only the primary target but also the perimeter devices in its network to achieve maximum impact.

Although many hacker groups have released statements saying that they do not support this kind of hacktivism and have asked the hacker community not to use the worldwide data networks as a place of war, I assume this kind of hacktivism will grow in the future. The cracker groups penetrating systems nearly every day are able to outperform most system administrators of propaganda Web sites, and they know it.

Professional Attackers

Conflicts such as the ones discussed above do not only interest patriotic crackers. According to military sources, every nation has by now at least a small military department that is tasked with information warfare. Most secret services around the world have increased the number of information security professionals they employ and leverage the fact that many systems can be reached remotely.

Agencies and the military in every nation are spending money to build up and train their professional attackers. Although the defense of computer systems has been on the task list for many years now, the attack strategies are relatively new. The huge difference between all other groups and the professional group is the amount of money and organizational back-end support that is available. These groups have laboratories and everyday training. They do not have to be the most expert hackers in the world (although some may be); because there is money, there is always some experienced Black Hat who is willing to train them.

The reader will probably doubt the statements above because not much is known about such groups or the action they take. But this is exactly how it is supposed to work. Spy networks such as the one known as Echelon have been in place for a long time now, and still nobody really knows what they do and do not do. The same applies to information warfare and how much of daily business operations is actually subjected to espionage of one form or another. The truth is, one can only estimate from past experiences with other groups such as the huge cryptography teams working at the National Security Agency, with regard to how much energy is put into the information warfare groups of the leading agencies around the world.