Hacktivism is a term used to describe the use of hacking or cybersecurity techniques to advance a political or social agenda. Hacktivists use their technical skills to target websites or computer systems in order to disrupt or raise awareness about matters they deem important.

While hacktivism is often associated with illegal activity, some hacktivists argue that they use civil disobedience to challenge oppressive systems and promote social change. However, there have been negative consequences, the line between lawful and illegal has been crossed several times, putting IT systems and sensitive data at risk.

Unlike cybercriminals, hacktivists do not seek profit from stolen data or successful attacks, their goals are social, political or even religious, and they seek resonance or even destabilization.

Evolution of hacktivism

If we can find one of the very first examples of hacktivism already in 1989, when an Australian group against the use of nuclear energy was responsible for an attack on the NASA computer system with the worm called "Worms Against Nuclear Killers" it is at the beginning of the 2000, with the birth of Anonymous that we really start talking about and studying the phenomenon. In those early days, hacktivism was associated with groups that acted according to the wishes of individual members without a well-planned structure or common project, whose members were welcomed regardless of personal political positions. In fact, this had been the strength of Anonymous, which in 2011 was defined as "a new actor on the global scene", which experienced a particularly wide diffusion thanks to the fact that it was never tied to a particular cause, or to a political identity specific: from the campaigns against Israel to the denunciation of human rights violations in Guantamano to the attacks on PayPal, MasterCard and Visa.

In recent times however, things seem to be changing. Various analyzes and studies confirm the growth of the phenomenon and the reality of the threat. The current geopolitical situation, with different war scenarios starting from the Middle East to Ukraine, has seen the birth of more defined, organized and active deployments. The targets are mostly European countries, Israel, the United States and large multinationals. This situation sees various groups acting on the IT scenario that share the same political ideology, but also a structured and defined leadership and well-developed recruitment processes. Also in the selection of the target the groups act united not only within themselves but often also collaborating with each other, to obtain a greater impact.

Main characteristics of the current hacktivism model

According to the Check Point researchers, who have analyzed the phenomenon by noting its evolution and trends in the world, five main characteristics of the current hacktivism model emerge.
The political ideology, which is consistent and uniform, even with well-defined manifestos or regulations.
The hierarchical structure, with commanders and small groups carrying out orders received.
Recruitment processes structured and also based on minimum requirements.
The provision of tools by groups to their members for more effective actions.
A solid presence on websites and a stronger public relations structure.

The case of Killnet

This is a group that formally appeared in February last year, at the beginning of the war between Russia and Ukraine. The targets of the attacks were predominantly Ukrainians, later broadening to support Russian interests around the world, so much so that ultimately only 10% of the attacks conducted would be aimed at Ukrainian targets. If the real impact is difficult to estimate, in fact government, financial and airport sites have been involved in the attacks. Websites have been made inaccessible with DDos attacks causing inconvenience and disruption.

Killnet appears to have a military-type hierarchical structure, with over 89,000 subscribers to the Telegram channel, organized into teams ready to act on specific orders. The acquisition of new members is also organized and subject to minimum requirements, with pre-screening and the search for experienced people.

What techniques do hacktivists use

Hacktivists use a variety of techniques to achieve their goals, which can vary from group to group and individual to individual. Some of the more common techniques used by hacktivists include:

Distributed Denial of Service (DDoS) attacks: These are flooding a website or server with traffic to overwhelm it and make it unavailable to users.

Doxxing: consists of disclosing personal or compromising information to the detriment of public figures or organizations.

Defacement: it is an attack that affects websites by modifying their graphics or the integrity of the data.

Left B - Web Idea

newsletter image