The term hacktivism was coined more than a decade ago, but not until recently had the notion of a cybercriminal with a political message found its way into the public consciousness. Thanks to the work of groups like Anonymous and Lulz Security, hacktivism has become a common and widely understood term that keeps popping up with each new intrusion into the skeleton closet of big businesses and government agencies and contractors.
But even though these cyberattacks are perpetrated with the greater good in mind, or so those responsible say, hacktivism is a thorn in the side of law enforcement and Internet security officials around the world.
To this point, little good has come from these so-called hackivist activities. The WikiLeaks saga aired the U.S. government's dirty laundry, and the massive data breach Sony suffered served to expose the confidential information of millions of innocent users who have nothing to do with the company's operations. What's more, the month-long down time for Sony's PlayStation Network also knocked gamers offline and dealt a serious blow to the its reputation and bottom line.
However, the most recent campaign carried out by Anonymous – named Operation DarkNet by the group – was a bit different. Hackers associated with the group infiltrated and knocked some 40 child pornography Web sites offline. The group also said it published the names of visitors to one of the sites.
"We decided to seek media attention for this operation so that we may get the resources needed to shut them down on a more permanent basis," a self-proclaimed hacker going by the handle "Arson" said.
Anonymous confirmed its involvement in the cyberattack in a posting on the Web site Pastebin. That lends a level of legitimacy to the hack, as the sprawling nature of the group has made it difficult to decipher which attacks are sanctioned and which are simply the work of individual cybercriminals.
The list, Anonymous said, is fair game for authorities to use in cases against illegal child pornography sites and their visitors.
"If the FBI, Interpol, or other law enforcement agency should happen to come across this list, please use it to investigate and bring justice to the people listed here," the group posted on Pastebin.
Still, data security and law enforcement officials are holding back praise for the work done by Anonymous even if all can agree that child pornography must be stopped by any means necessary. Security researcher Graham Cluley told Forbes that such work should be carried out by the proper international authorities and not "net vigilantes."
Before Anonymous and the like are compared to Robin Hood and his Merry Men, it's important to keep in mind that cybercrime of any sort cannot and should not be endorsed. Overall, millions of Internet users around the world are affected each year by cyberattacks, with many resulting in identity theft and massive financial losses.
As was seen with the Sony incident, hacktivist attacks can be extremely bad for business. Losing customer data to a hacking incident will almost always lead to major hit to the company's reputation, which eventually may translate into lost revenue.
And while hackivists don't appear to be using stolen personal data for anything but to prove a point, they are opening the door for cybercriminals with other things in mind.
"Hacktivism is about raising awareness and swaying public opinion," internet security professional JR Smith recently told ZDNet U.K. "For small businesses especially, different types of criminal activity are much more of a problem. Guys are looking to steal personal information from small businesses or personal details – that's the interesting information for criminals."
Though the lessons may be hard, some are pointing to the fact that good can come out of these widespread and continued cyberattacks. Specifically, the incidents have opened the eyes of many companies to the importance and need to deploy robust data protection measures.
It's true that companies have always taken steps to protect their confidential business data and intellectual property, but many are now learning it is equally necessary to protect the information collected from consumers. Social Security numbers, financial data and other personal information now resides in the cloud for many companies, and the time has come for them to take a more focused approach toward keeping it safe.
"LulzSec, whoever he/she/it/they was/were, expressly stated that their 'hacking' was for fun, because the cybersecurity industry was boring," Paul Ducklin, the head of technology at a data management firm, recently told Computerworld U.K. "If you must find a silver lining to the ugly cloud that is LulzSec, then perhaps it will be that more business managers will see security as having value to be sought, not just as being a cost to be avoided."
Data Security News from SimplySecurity.com by Trend Micro