Hacktivism has gained considerable popularity and dominance both in the internet and society. Lately, “anonymous” hacking group added more popularity to this word, “hacktivism”, by launching series of cyber attacks against various governments worldwide compromising and publicly disclosing the classified data. Government officials recognize hacktivism as a form of cyber terrorism but many call it a non-violent way of protest, no blood, no tear gas while protesting against weak government policies.
In the past, Internet has observed many cyber attacks from hacktivist groups including Distributed Denial of Service (DDoS), website defacements and full-disclosure of confidential information to the public domain. Until “anonymous” hacking group came into existence in 2008, most of the reported cyber attack incidents included website defacement or mass defacements and few incidents of DDoS. Even “anonymous” group started their operations with DDoS and defacements but sooner the strategy shifted to disclosing high volume of confidential data to public domain. Such high volume of data used to be downloaded from the compromised targets those either belonged to the government or private organizations which process or store classified data having national interest associated to it. Posting such classified data into public domain helped civilians recognize the weak policies of the government and corruption in the system. The idea was to bring awareness in the society and the idea worked to a great extend.
Later, DDoS and website defacements were preserved as a power-play options in a cyber attack by the hacktivists but focus was kept on data disclosures, at few instances the opportunity was shared with Wikileaks as well which follows the same notion on bringing awareness about screwed policies of different governments to the society.
Media played a considerable role in providing visibility to the “anonymous” hacking group and more youngsters were attracted to participate in the protests worldwide. Group leaders started offering free hacking classes on various online channels to the new comers on hacking techniques and methods to maintain anonymity while hacking. The hacking operations used to be organized online utilizing social media or private channels to target a specific country's infrastructure, government department or a private organization and every member would participate passionately.
Moreover, many hackers or small hacking groups across the world started to launch their “anonymous” style operations without even knowing who are the part of the “anonymous” group and without any directions from the group leaders or organizers. Such isolated hackers or groups simply did the job of attacking the targets and posted the slogans of “anonymous” group on the defaced websites or along with the disclosed data and started proudly treating themselves as part of the group or protest. Sooner, federal departments busted few anonymous leaders to give a temporary halt to the group activities but they appeared to be unstoppable and the operations continued, though the magnitude of the attacks appeared to be lowered down than before.
“Anonymous” and other hacking groups using “anonymous” as an umbrella name like to stay in mainstream media with the news about their disclosures or achievements to gain confidence of the society, attract more youngsters and showcase their strength to the governments worldwide. Chances of hacktivists to start targeting critical information infrastructure of various countries in the very near future becomes simply predictive since it clearly meets their objectives and gets them more than desired. Shifting the attack paradigm from website defacement or data disclosures to taking down industrial control systems or critical infrastructure can be next agenda for most of the hacking groups worldwide. Where website defacements or DDoS attacks don't make a noise in every part of the society, bringing down a critical infrastructure would disturb the governments with a great force than ever and become international breaking news in no time.
There have been incidents where public disclosures were made on easy hacks to compromise SCADA systems running nation's critical infrastructure. Stuxnet, marked as a state funded operation to disrupt the Iranian nuke plant, is an old story by now but acted as a good case study for the hacktivist groups. Though, launching Stuxnet kind of operations without getting state involvement is a costly afair for hacktivists but it helped in understanding the difference in impact of taking down a website and a critical information infrastructure.
No country is actually fully geared up to protect their critical infrastructure from cyber attacks in its true essence and many countries don't even recognize the threat. It has become need of the hour for the national cyber security or critical information infrastructure protection agencies to revisit their action plan before it brings embarrassment to them and their nation.
“You can't stop others from attacking you, but can very well secure yourself!”