Introduction to Hacktivism
•Descargar como PPTX, PDF•
0 recomendaciones•317 vistas
This document discusses digital activism and hacktivism. It defines digital activism as using technology over large distances to effect political or social change through grassroots campaigns. Hacktivism is separated from digital activism by involving computer crimes like unauthorized access or impairment of computer systems. Early examples of hacktivism included attacks in 1989 promoting anti-nuclear messages. Anonymous emerged in the 2000s and became politicized through protests around Scientology in 2008. Major hacktivist operations since then have included Payback targeting copyright enforcement and Darknet targeting child pornography sites. Lessons from these events have led to guidance for underground communities on operational security.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (18)
Destacado
Destacado (20)
Similar a Introduction to Hacktivism
Similar a Introduction to Hacktivism (20)
Último
Último (20)
Introduction to Hacktivism
- 1. 1
- 3. The policy or action of using vigorous campaigning to bring about political or social change. 3
- 4. “Use ofTechnology over large distances to effect change.” “Grassroots activists using networked technologies for social and political change campaigns.” “Goal of Political or Social Change + DigitalTechnology.” 4
- 5. Maps & Maptivism QR Codes File-Sharing Media Hijacking Trend a hashtag Search Engine Optimisation Livestreaming Check-Ins Self-Surveillance Flash Mobs 5
- 6. 6
- 8. Digital Activism is separated from Hacktivism by Computer Crime Computer Crime is well defined: ▪ UnauthorisedAccess to computer material ▪ Unauthorised access with intent to commit further offences ▪ Unauthorised acts with intent to impair the operation of a computer ▪ Making, supplying or obtaining article for use in computer misuse offences Hactkivism is separated from CyberTerrorism byTerrorism Terrorism in this context is well defined ▪ Anything designed to interfere with or seriously disrupt an electronic system and ▪ Use or threat to influence government or intimidate the public and ▪ Use or threat is made for the purpose of advancing a political or ideological cause 8
- 9. Software distribution Website mirroring Defacements Typosquatting Redirects Denial of Service Attacks (DOS) Web Sit-ins Email Bombs Distributed Denial of Service Attacks (DDOS) Opt-In Botnets Malware Botnets Doxing SWATting 9
- 11. Denial of Service An attempt by an attacker to deny a victims services to it’s users. 1. Exploit that causes victim to fail 2. Resource exhaustion: ▪ Network Bandwidth ▪ Computing Power ▪ Memory 11
- 12. Distributed Denial of Service A Dos launched simultaneously from multiple points Usually a resource exhaustion attack Attackers now build networks (Botnets) of compromised computers (zombies or loads) from which to launch their attacks Large Botnets are now available for hire or to buy for pocket money. 12 1000 Loads 5000 Loads 10,000 Loads World Mix $25 $110 $200 EU Mix $50 $225 $400 DE,CA, GB $80 $350 $600 USA $120 $550 $1000
- 13. 13
- 14. 14
- 15. 15
- 16. 16
- 18. First known Hacktivism recorded in 1989 Worms Against Nuclear Killers Australian Hacktivists InfectedVMS DECNet systems 18
- 19. Formed in 2003 from the 4chan /b/ message board Since 2004 4chan is a forced anonymous community The Btards Initially focused on pranks, trolling and griefing 19
- 20. Anonymous were ‘politicised’ in 2008 following a series of actions involving the Church of Scientology. Actions inlcuded: Physical protests ▪ Guy Fawkes masks Prank calls Black faxes DDoS attacks ▪ Low Orbit Ion Cannon (LOIC) IRC channels used to coordinate attacks. 20
- 21. Operation Payback (2010) DDoS attacks on the Pirate Bay by MPAA & RIAA Expands to include other copyright- related targets Attacks on Paypal, Matercard andVisa related toWikileaks Operation Darknet (2011) Targeted child pornography sites on the Tor network Release usernames from the site “Lolita City” 21
- 22. Angry Chaotic Constantly changing International Broad themes not specific goals Uncoordinated Unfinanced Differences in philosophy and undefined subgroups No long term vision 22
- 23. A splinter group formed in 2011 as a result of Operation Darknet known as Lulzsec 50 day rampage Anti-Sec Movement “Demonstrating insecurity to improve security” 23
- 24. Pro-Syrian Regime Hacktivists First seen May 2011 Targeting major news organisations BBC Associated Press Guardian CBS News NPR Also activists Columbia University Human RightsWatch And oddly … FIFA Sepp Blatter 2014World Cup 24
- 25. 25
- 27. The underground community has learnt lessons from Lulzsec They have reviewed the evidence presented in court Developing guidance: Create a cover Work on the legend Create sub-aliases Never contaminate Produced the “10 Hack Commandments” 27
Notas del editor
- Activism often involves peaceful protest. The social trade-off is that the protesters are arrested when they break the law and get their day in court to argue their case.Technology & Change are the key themes in digital activism.A potential lack of identity of ‘digital protestors’ is an increasing problem for a definition of a digital peaceful protest.
- Traditional activism actions can almost all be translated to the digital arena.Gene Sharp – The Politics of Nonviolent Action (1973)Three volumes, Volume 2 was The Methods of Nonviolent Action.198 methods of activism defined.GoogleBombs
- Techtoolsforactivism.orgOx4.org – Web hostingAktivix.org – Email & VPNsNetwork23.org – Blogs and webhostingRiseup.net – EmailTachanka.org – Web hostingIndy.im - MicrobloggingHacktionlab.org – Meetups and trainingThe Guardian Project – Android Mobile apps
- Term Hacktivism first coined in 1995Computer Misuse Act (1990) Part 5 of the Police and Justice Act 2006 (Sections 35 – 38)UK Terrorism Act (2000)Not clear there has ever been a Cyberterrorist incident.The use of Hacktivism and CyberTerrorism blurred.
- Software distributionPhil Zimmerman – PGPHacking tools under EU Cybercrime law?Website mirroring is an issue of Hacktivism if the content is ‘illegal’.SWATting usually relies on some form of caller ID spoofing.
- Lethal Packets – ping of death. Aimed at bugs in the operating system or networking code.High impact Packets Crypto processing Less of a concern now due to excess of processing power
- Malware as a service
- Russian Cybercrime-as-a-service exposed by the BBC in 2009Includes an MP3 player!Zeus crimeware kit
- Master zombies & slave zombiesNot immediately obvious it’s an attack if there are potential high-volume uses of the service.Spoofed IP packets common, hard to filter and harder to track back.They don’t need to receive data back.
- Reflectors are uninfected machines.Requests from Slaves to reflectors look like connection requests from the victim.Reflectors respond to the victim as though it had tried to connect to them.Tend to be much bigger attacks.
- First hacktivistDDoS may have been the Zippies on Guy Fawkes Day in 1994 protesting the Criminal Justice Bill.Email bomb – large volumes of email.Code for DoSsynfloods published in 1996 in 2600. First publicly reported case was Panix an NY ISP..
- 4chan was created by ‘moot’ a member of the Something Awful forums that spawned the Goons, another group of trolls and griefers between 2003 and 2004.Habbo Hotel was an isometric avatar driven ‘hangout for teens’. Originally a target of the Goons it drew the attention of Btards.Habbo Raid July 2006, Black avatar wearing a suit with an affro. They would congregate in large numbers and block access to the swimming pools claiming they were closed due to aids, they also often formed up into large swastikas. Disruptive but unfocused.
- Video on Gawker of Tom Cruise praising the religion led to a cease-and –desist letter. V for Vendetta. – Anarchist revolutionary.
- HBGary Federal attack (Qinetiq leak)SQL injection on the website CMS Grabbed the database – usernames, email, passwords Admins at HBGary used their same passwords everywhere (Twitter, linkedin, the email server, shell server) Social engineered another administrator using a high privileged email account.HBGary had been investigating Anonymous and made some public claims about their ability to identify them.Rootkit.com admin access.
- Concerns have been shown to focus on civil liberty and privacy.See themselves as doing evil to avoid a greater evil.Some informal links to Occupy.
- Anti-Sec Goes back to 1999 with EL8 and Project MayhemHector Monsegur, Sabu, turned federal witness againstLulzsec and Anonymous. Reused anonymous usernames and mixed identities Logged into IRC without anonymising his connection Leaked personal information in conversations Mentioned a Whois record with his real name and address while using an alias Used a stolen credit card to send goods to his home addressStratfor, corporate intelligence firm, emails subsequently distributed by Wikileaks.SQL injection again.Credit card detailsMade donations to charities using credit cards from HBGaryBackfired on the charitiesBecause SABU had been turned he was able to record the entire hack and related conversations which led to the downfall of Lulzsec
- Facebook PageWebsite Registered by Syrian Computer Society – Headed by al-Assad in the 1990s Hosted on Syrian government networks Claims that a Syrian owned Dubai company is funding the attacksNot clear that only Syrians are involved as there has been a recruitment drive via social media.Suspicion of technical support from Russia.Targeted facebook pages and now twitter accounts.Phishing attacks used. Breaches are more extensive than the twitter posts suggest.
- The Associated Press hack described a successful bomb attack on President Obama.$130bn value dropped off the stock market.Dow Jones Industrial dropped 145 points.Stock markets recovered.
- Search on slideshare.net for Opsec for HackersNever reveal your operational detailsNever reveal your plansNever trust anyoneNever confuse recreation and hackingNever operate from your own houseBe proactively paranoid, it doesn’t work retroactivelyKeep personal life and hacking separatedKeep your personal environment contraband freeDon’t talk to the PoliceDon’t give anyone power over you