“The deteriorating economic situation will lead to growing discontentment among the young generation, and graduate unemployment will lead to the formation of professional groups like Anonymous” - Miloslav Kucera.
Hacktivism has been on the rise with famous groups such as Anonymous going after countries, politicians, and even crypto CEOs like Kwon Do-Hyung of Terraform Labs, the company behind the Terra blockchain. Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals or groups who engage in hacktivism are known as hacktivists. Hacktivism is meant to call the public's attention to something the hacktivist believes is an important issue or cause such as: freedom of information, human rights, or religious expression. Hacktivists frequently express their support of a social cause or opposition to an organization by defacing or taking down the websites of target organizations. The most common methods used by hacktivists include denial-of-service attacks, doxxing, defacement, and geobombing.
Due to the frequency of these events it's important to understand how hacktivism incidents will likely impact the Web3 space. This report examines the history and techniques of hacktivism in Web3, the laws and regulations developed in response to Web3 hacks, and looks at several case studies that are most famous for their hacktivism. The rise of Web3 has increased opportunities for effective hacktivism, as high-value targets exist in an online space that magnifies the effect of a statement. The “Wild West” crypto era pits hacktivists against nation-states and private sector businesses, and increases the risks of escalation, collateral damage, and misattribution. Vigilante hacktivism that comes in the form of white hat hacking of major platforms to prove a point have become more popular in the past two years as well, and a detailed report on this trend is forthcoming.
Common targets for hacktivists include government agencies, multinational corporations, or any other entity perceived as morally opposed to the stated goals or ethics of a hacktivist group or individual. Hacktivism is primarily driven by an individual or group’s perception of what they consider to be “wrong” or “unjust.” Motivations include revenge, political or social incentives, ideology, protest, a desire to embarrass certain organizations or individuals within those organizations, and sometimes plain old vandalism.
According to Miloslav Kucera, from the Czech Technical University, at the Information Security Solutions Europe (ISSE) conference in Brussels in 2012, what hacktivists and other forms of activism have in common are:
The hacktivist group Anonymous has been behind some of the largest attacks in recent history. 2011 saw a surge in activity targeting institutions threatening to censor the Internet. That year coincided with the start of the Arab Spring, which led to operations such as Operation Tunisia and Operation Egypt where the Egyptian government websites were hacked and shut down by Anonymous until President Hosni Mubarak stepped down. Along with disabling government security sites, Anonymous also breached the servers of a number of corporations and security agencies, stole sensitive information such as credit card details, and defaced commercial websites. According to the group, they were not carrying out these acts for their own financial or personal gain but for the greater good in showing opposition against internet censorship and control.
Additional notable groups include LulzSec, an offshoot of the Anonymous group, which carried out attacks against Fox.com, the Sony Playstation Network and the CIA, who had sensitive passwords and private user data stolen as well as networks taken offline by the group. In 2010, hacktivists from the message board 4Chan, Anonymous, and other WikiLeaks supporters retaliated against Amazon, PayPal, Visa, Mastercard and other companies as part of the Operation Payback campaign. These companies moved to cut off WikiLeaks’ ability to collect donations and distribute information which was met with a backlash from the site’s supporters. The retaliation came in the form of distributed denial-of-service (DDoS) attacks that shut down these sites causing large scale company losses. Although financial losses have not been made public, the attacks resulted in various degrees of downtime for the targeted sites. For example, MasterCard's site was unavailable for hours after the attacks and the attacks against PostFinance resulted in more than 33 hours of downtime for the firm.
Cryptocurrency has enabled users to easily donate to sympathetic groups directly. The war in Ukraine is a recent example of the utility of cryptocurrency. People from across the globe have donated approximately $60 million of cryptocurrency to the Ukrainian war effort since the start of the war. Other hacktivist groups such as KILLNET have supported Russia's geopolitical interests all over the world. KILLNET claims to have executed more than 550 attacks between late February and September, 2022. In September, the group targeted Japan for the first time due to Japan’s support for Ukraine.
Threat intelligence firm Fortinet categorizes the methods used to carry out hacktivist attacks into a few different groups:
In a DOS attack the hacker sends a massive amount of traffic to a victim’s computer and shuts it down. Although the website’s content isn’t changed, they can flood the site with requests, clogging its server and rendering it useless. A DDoS attack is a larger DoS attack since there are multiple systems targeting a single system. An example of this type of attack happened in 2011 after Sony initiated a legal battle against George Hotz for publishing information on how to run pirated games on the Playstation 3. Anonymous then took the Playstation Network offline with a DDoS attack.
DDoS attacks often form a key part of hacktivist attacks, as they knock the target offline and render their service unreachable. DDoS attacks have risen dramatically with an increase of 203% in the first two quarters of 2022 compared to the same period in 2021. According to Kaspersky experts, the number of DDOS attacks between 2022’s third quarter compared to Q3 2021 rose by 47.8%. Below is a graphic based on the numbers found by Kaspersky’s report highlighting the Q3’s difference between 2020 and 2022:
Doxxing is the act of revealing identifying information about someone online and making it public. Depending on the types of documents being made available, doxxing may result in anything from embarrassment to compromising military strategies if secret plans are revealed. One of the main ways of doxxing is through phishing scams. If the target uses an insecure email account or falls victim to a phishing scam, the hacker then can uncover sensitive emails and post them online.
Hackers have exploited Discord and Telegram channels that many crypto projects use to communicate with their community. Phishing attacks are a daily occurrence and have resulted in major losses. Between April and September 2022, CertiK recorded 93 phishing scams that were found in the wild in the Web3 space. The websites connected to crypto projects are also useful targets, and they can be hacked by exploiting third party internet infrastructure.
Hacktivists also leak information for publicity. The media has given a lot of attention to hacktivist groups, movements, or publications, like WikiLeaks, which in turn gives the hacktivists recognition, and sometimes earns the respect of the general public.
Anonymous blogging is a method of speaking out to a wide audience about different issues like human rights issues, government oppression, etc., which utilizes various web tools such as free email accounts, IP masking, and blogging software to preserve a high level of anonymity. These anonymous blogs are usually used to make a statement after the hacking has occurred and/or to recruit other hackers to investigate a situation.
A hacktivist uses the geo-location function to allow viewers of a video to reveal where it was shot. This is often used to let viewers see where political prisoners or human rights activists are being held. This technique is widely used on YouTube videos by different hacktivists so that the location of the video can be displayed in Google Earth or any other type of mapping software.
When a website gets censored, hacktivists may copy the content of the site and publish it under a different URL. It’s mainly used as a circumvention tool to bypass censorship blocks on websites. Once that main website has been copied, hacktivists can post it to other domains and subdomains that are not censored, making it available to the public.
This method is used when hacktivists change a website's code to redefine the image and message of an organization. To gain access to the site’s administrator credentials, the hacker may use keylogger software or fake websites (such as phishing sites) to steal login information until they are able to impersonate an admin and alter the code.
In a fortcoming post, we'll go over some of the major cases of hacktivism in recent years and look ahead at how hacktivism may impact the Web3 space.