Activist hackers — so-called hacktivists — are getting harder to differentiate from more serious threats such as terrorist groups and nation-state cyber warriors, security researchers say.
Hacktivism is traditionally defined as breaching data to achieve a political or social objective. It can take many different forms, from website defacement to taking over a Twitter account.
“Hacktivists are the Russian Roulette,” said Patrick Peterson, CEO of cybersecurity firm Agari. “They’re the most terrifying for corporations and governments because you can’t actually plot who they are or their motivations. One day, they try to shame a bank, the next day they try to blackmail Ashley Madison and the next day, they’re taking the hoods off the Ku Klux Klan.”
But experts say it’s increasingly difficult to tell the difference between hacktivism and more serious national security threats.
Lacking more sophisticated capabilities, terrorist groups such as the Islamic State in Iraq and Syria (ISIS) are using traditional hacktivist techniques to intimidate, recruit and spread their message.
Other advanced threat actors appear to be hiding their intentions behind hacktivist fronts.
“If someone is doing something illegal in cyberspace to try to influence people, what’s the difference between terrorism and hacktivism?” asked Mike Walls, a former Navy cyber warfare commander who is now managing director of security operations and analysis at the cybersecurity firm EdgeWave.
The unifying factor, experts say, is that hacktivist attacks in all their many forms are motivated by the need for attention — either as a diversion, to spark public action or simply to boost one’s reputation.
In August, a group claiming to be affiliated with ISIS posted unconfirmed personal information for approximately 1,500 U.S. military and government personnel and called for lone-wolf attacks on those individuals.
In March, the self-named Islamic State Hacking Division also posted the personal details of 100 U.S. military personnel supposedly involved in attacks on the terrorist group, calling for followers to “kill them in their own lands, behead them in their own homes, stab them to death as they walk their streets thinking they are safe.”
“That is very much hacktivism,” Peterson says. “They are profoundly successful with their agenda.”
An equally serious threat, experts say, is the growing use of hacktivism as a front for covert operations by nation-states.
In April, hackers claiming to be members of the ISIS hacking arm Cyber Caliphate knocked the French television station TV5Monde off the air and posted materials on its social media accounts protesting French military action in Iraq.
But forensic analysis painted a very different picture, suggesting that hackers connected to Russia were actually behind the attack.
Analysts from the U.S. security firm FireEye suggest that the ruse was likely sparked by the fraying relations between France and Russia over Ukraine.
“Russia has historically used ‘information operations’ to sow disinformation,” said Nick Rossman, a senior program manager in FireEye’s threat intelligence unit. “The cover of the Cyber Caliphate could have been intended as a distraction from political or security events in Ukraine or a test run to see if they could pull off a cyber operation to stop a media company from disseminating news.”
Rossman says that both Iran and North Korea also rely on hacktivism as a cover for operations, as well as employing patriotic hackers to pull one-off jobs.
Recent high-profile hacktivist data dumps in the U.S. have underscored the power of rogue hackers with a cause.
Last week, hacktivists originally thought to be associated with the loosely affiliated hacking collective Anonymous posted a widely discredited list of alleged KKK members, some of which were prominent politicians.
“Cause-driven cyber-attacks are often substantially more damaging and dangerous than those motivated simply by greed,” said Notes Jeff Hill, channel marketing manager of the data security company STEALTHbits, noting the politicians who were falsely named as members of the Klan.
“If hacktivists have taught companies and governments anything over the past few years, it’s that there are much worse fates than financial loss,” Hill wrote in an email.
Anonymous joined lawmakers in condemning the release, saying that it “incorrectly outed” several senators.
Later in the week, Anonymous posted another list of KKK members that appeared to be compiled from publicly available information.
In a separate act of cyber vigilantism last week, the teenage hackers alleged to be behind the breach of CIA Director John Brennan's personal email account released what appeared to be thousands of law enforcement and military personnel's personal information.
The hacking duo, which goes by the name Crackas With Attitude, claimed to have hacked and leaked the data in support of Palestine.
Analysts are divided over whether the U.S. is seeing a rise in the number of domestic hacktivist attacks. While some say that such acts are “random” — if potentially damaging — others are adamant that there’s been an uptick in the last few months.
“I think there’s a case of contagion when it comes to hacktivism,” Peterson said. “I think we’re in for a very interesting end of 2015 and winter of 2016. I think we’ll see some dominos falling and a whole plethora of these stories popping up.”
“All of our adversaries, whether it be a kid in the basement or ISIS, I think hacktivism is going to be a cornerstone of what they do going forward.”