|
|
|
- by Claudiu Popa I suspect I'm not the only one expecting a politically charged computer worm to emerge any minute. Hacktivism, or 'electronic civil disobedience' as it has been called is not a new phenomenon. More than 6 years ago, Chinese engineers hijacked a government communications satellite and propagated their own content over the airwaves (or through the ether). That was just the beginning. The dust had started accumulating on the once-sexy concept of the hacker and a new paradigm was needed: hacking for political ideals. This concept got some press and actually materialized, although never to the theoretical degrees that were thought to be possible. Since 9/11 we have seen all sorts of groups express themselves by breaking into Web servers and changing their contents to get their political viewpoints across. Most notably, Brazilian and Asian hackers who target popular sites in an effort to maximize their impact in the same way that billboard ads try to distract us on the Gardiner Expressway. Website defacements now occur on a daily basis. As a security professional, I don't pay much attention to them. They don't tend to be destructive and the situation is easily rectified with a site refresh, patch application and password change. In most cases, they're simply crimes of opportunity committed by anyone who follows a simple formula: locate vulnerable sites by using popular search engines (Google is often hackers' best friend), use a documented bug in the server software to gain access to it and replace site pages with your own. Usually accompanied by poor grammar and shocking images, the messages are typically anti-government but we have seen a number that denounce the wearing of fur and environmental causes. Ultimately, they are ways to embarrass and intimidate the victim as seen in this archive of recent government site defacements. Now following the hotly contested U.S.Presidential Election which illustrated strong differences of opinion among voters and people in general, one can't help but expect some kind of activity from incensed 'hacktivists'. Thousands of civilians have been killed in terror attacks and more notably in various war-related situations in Iraq. This has ostensibly produced anger and a need to speak out, making the Internet the tool of choice for private opinion and public outcry. In the past, we have seen hacker activity from countries like Spain, Brazil, Russia, Pakistan most of which are opposed to the current administration's policies to some degree. It certainly wouldn't be far-fetched to expect a few unfriendly messages on hacked sites... For the most part, it seems that we are seeing mostly distinct groups flex their 'hacking' muscles. The Muslim Council of Britain has reported being bombarded with thousands of hate emails. With the Iraq and Israel conflicts, there is some indication that groups in countries such as Morocco, Turkey, Saudi Arabia and Kuwait are joining forces to cover more ground and perhaps create attacks that have a greater impact. The thing that should be a concern is the fact that the threats have changed. It is now really easy for anyone to confuse search engines with cloaking software and get to the top of listings or even to use a simple virus creation kit to get their message across. More sophisticated (read: connected) hackers can now use 'bots' and 'botnets' to control hundreds and sometimes thousands of computers to knock just about any target off the Internet with a coordinated, distributed denial-of-service attack (DDOS). Ever more serious would be attacks on public utilities or 'critical infrastructure' such as nuclear plants - now directly connected to the Internet - that have been described as inherently insecure by many experts. So what's next from the outspoken groups that seem to command more Internet resources than average people? Will it be an eruption of civil electronic disobedience (see this interesting press release from earlier this year) or will we see just a few website defacements and maybe a computer worm with a chip on its shoulder? I'm leaning towards the latter scenario. I believe we will see some evidence of discontent, but it will be in short, disorganized bursts. Most viruses tend to be largely ineffective and quickly subdued. Site defacements are usually carried out by individuals - not groups - in an effort to show off and spray paint some digital graffiti on someone else's property. Web servers today are much better prepared to withstand hacking attacks than they were even 2 years ago. Most importantly, hackers with a true agenda are usually after money, so they tend not to expose their valuable botnets and resources, especially in light of the fact that governments today are much better funded and more aware of information security threats and countermeasures. About the author: -30- |
