“Hackers of the world are uniting and taking direct action against our common oppressors—the government, corporations, police, and militaries of the world,” LulzSec stated in a release. The hacking collective claimed they hacked and posted online confidential files from the Arizona Department of Public Safety, including e-mails and intelligence documents because of Arizona’s unfair racial profiling of immigrants. LulzSec and other hacking groups have recently targeted many organizations including the FBI and PBS. Could you also be a target of hactivists?
The most common targets of “cyberprotests” or “hactivists” are organizations that have traditionally faced physical protests—typically for some perceived unfair treatment (e.g., of the environment or workers), or those with political stances that others find objectionable. But whereas groups in the past needed a critical mass of opposition to pose a real threat or cause a public relations stir, a handful of today’s cyberprotestors can cause a crisis. The result is that some companies have been surprised they’ve been hit by hactivists—assuming they were not large enough or did not possess a sufficiently high profile to be targets. Social networking complicates matters by helping to quickly multiply force levels of hactivists, according Gunter Ollmann, vice president for Damballa, a network security firm.
Potential targets should review how well they are prepared to respond on a technical level to the tactics embraced by hactivists: Web site defacement, DDoS attacks, Spam/email campaigns, and perhaps tactics that exploit common vulnerabilities, such as cross-site scripting.
On a broader scale, it suggests that security personnel might want to be more proactive in monitoring what is being said about them on the Web. Services that monitor commentary on blogs and in social networks can help identify the extent to which an organization may become the target of cyberprotests.
Read More @ www.iofmonline.org
