Is there ever a circumstance when committing a crime can be justified? Picture a scenario where authorities apprehend an individual for hacking into a massive database and publishing the exfiltrated data. As he is put into cuffs, the defendant states, “It was for a good cause.” This defense could very likely be the creed of a committed hacktivist, who firmly believes in the righteousness of their cause. Hacktivism, as the term suggests, converges hacking with activism.

In this domain, computer-savvy activists engage in a form of digital protest, targeting private entities or national governments to propel social transformation or advance a specific political agenda. They often work independently but there are some organized groups that work in cohesion on a united front. Whether you deem them activist or threat actors, their endeavors are creating havoc upon businesses and government organizations.

Recent Examples of Hacktivism

The current landscape of hacktivism can be described as chaotic, a situation exacerbated by the Russian-Ukraine conflict. This tumultuous environment has led digital activists to confront adversaries supporting the opposing side. For instance, cyber partisans launched a ransomware attack on a railroad company that was known to be transporting Russian troops. Additionally, various hacktivist collectives are targeting oil companies to advance climate change agendas. One group even hacked the website for a UN convention on climate change and publicly disclosed the personal information of attending delegates in protest to the arrest of fellow protesters. Among the most notable incidents of information disclosure is Julian Assange’s establishment of WikiLeaks, which exposed confidential documents related to the U.S. engagement in Afghanistan and leaked emails from the Democratic National Committee.

Hacking vs. Hacktivism

Supporters of a particular cause may describe hacktivist activities as gallant examples of civil disobedience while others view them as a crime that must be punished. While the end results may be the same for both, there are subtle differences between the two. Hacking is traditionally conducted for personal gain, be it financial, information, or reputational notoriety. Even when not acting on their own, hackers hired for corporate, or nation-state espionage are highly compensated. Hacktivism on the other hand is inherently ideological. While hackers and hacktivists alike are involved in illegal activities, the public and media sometimes perceive hacktivism more sympathetically depending on the issues they stand for. While hacktivists may intend not to harm anyone outside of those they specifically target, that is not always the case.

Hacktivist Threats to Your Business

Despite what the intent of an attack may be, hacktivism is just as much a threat to your business as any traditional cyberattack. With the wide availability of hacking resources online and various “as-a-Service” attack tools accessible even to amateurs, your business stands a good chance of being in the crosshairs one day of someone’s principled attack. In some cases, your business may not even be aware it is part of the fray. For small or medium sized businesses with a diverse technology stack, this presents a real challenge. Here are some of the more common types of attack methodologies used by hacktivists.

• Leaking information: Often perceived as whistleblowing, this method involves accessing and releasing confidential data to expose alleged wrongdoings, influence public opinion, or raise issue awareness. While it might be framed less criminally, it essentially involves unauthorized seizure or theft of information. The leaked information is then publicly disclosed using digital platforms such as social media.

• Website defacement: This is comparable to spraying protest graffiti on a building and involves altering a website’s content to convey a political message. Hacktivists may leave a signature message while simultaneously causing embarrassment to the organization and potentially impairing the website’s functionality.

• Doxing: This prevalent technique involves researching and publicizing private or identifying information about a targeted individual such as the CEO of an oil company or a nominee for the Supreme Court. Details can include the individual’s contact information or address to harass them or enact retribution. Besides the concerning privacy issues, doxing can also create unintended consequences for those targeted, including physical harm.

• DDOS Attack: This approach is frequently chosen for its ability to disrupt a target’s operations temporarily without causing lasting damage to the infrastructure or involving data theft. In this scenario, assailants inundate a business’s digital systems with an excessive volume of internet traffic, effectively blocking legitimate user access by overwhelming the system.

Hacktivism Should be Taken Seriously

Hacktivists often claim to act under some sort of ethical standard and limit the blast zone of their attacks. Of course, extreme hacktivists may resort to traditional attack methods such as ransomware to inflict harm upon their antagonists or compromise the information of parties with no involvement in their cause. These are even more reasons why the threat of hacktivism should not be taken lightly.

It is also important to remember that hacktivist causes can be attractive to a wide audience, including people within your own organization. This type of insider threat is very real and constitutes a prevention program to protect against it. While a non-malicious hacktivist may not have the intention to inflict harm to a business, their actions could potentially expose vulnerabilities to other threat actors who have more malevolent intentions.

Conclusion

When many businesses often think they are off the radar of traditional hackers, it is understandable why they may deem hacktivism an even lesser threat. While your organization may not be part of an actionable agenda, hacktivism is just one of the many threats that you must prepare for and mitigate because malicious actors are everywhere. The best way to counter multiple diverse threats is a multi-layer defense strategy that includes 24/7 monitoring, supported by a team of experienced cyber defense specialists.

Increasingly, small, and medium-sized businesses (SMBs) are engaging third-party Security Operation Centers (SOCs) to provide these crucial services and expertise. Those who have outsourced their SOC operations often realize both security and financial advantages. Ultimately, the intent behind a cyberattack matters less than its potential impact, which is why you must be fully prepared for it.