Hackers With a Conscience? Ideological Attacks Complicate Cyber Defense

In the pre-Anonymous world when life was simpler, most cyber attacks were opportunistic in nature, carried out by cyber criminals who just wanted to make a quick buck.

Today, Corporate America is scrambling to shift its virtual shields in response to a sweeping change in the motive behind cyber attacks that is being been driven by the rise of "hacktivist" groups like Anonymous.

The evolution toward ideologically-motivated cyber strikes has changed the type of attacks companies need to be on guard for and shoved onetime happy-go-lucky companies into the crosshairs of powerful digital adversaries.

“They are looking at technology as a means to get out a human-rights message,” said Dave Marcus, director of security research for McAfee Labs. “They see themselves as Robin Hoods and champions of lots of different things.”

Anonymous Creates Headaches

The stakes are high. Failure to protect against an attack can do serious reputational and financial damage to companies, especially those that rely on websites to interact with consumers and customers.

While hacktivism is hardly new, it has undergone a dramatic transformation over the past two years that companies and investors need to be aware of. Nowhere is that more clear than Anonymous, the hacker group that was formed in 2003 but has successfully carried out attacks in recent months on a number of major U.S. companies.

In a show of support for the controversial WikiLeaks whistleblower organization, Anonymous launched denial of service attacks last year against companies that it deemed hostile to the WikiLeaks cause.  The attacks targeted MasterCard (NYSE:MA), Amazon.com (NASDAQ:AMZN) and Visa (NYSE:V), bringing down several of their websites.

“You can agree or disagree with their political motivations or their goals, but they’re remarkably agile at knocking targets offline. They’ve shown themselves to be a skilled opponent,” said Marcus.

Changing Motive Alters Attack Style

Previously, security at many companies focused on preventing attacks that sought to impact systems' confidentiality or integrity. However, the rise of hacktivism has shifted the emphasis decidedly toward preventing availability incidents like denial of service attacks that are aimed at bringing down systems such as websites.

When trying to prevent availability attacks, “your level of security is totally different” because “you need to zombie-proof the house,” said Carl Herberger, vice president of security solutions at Radware (NASDAQ:RDWR), which helped the Hong Kong Stock Exchange stave off an attack in August.

These attacks are also more difficult to defend against because they often take place in “real-time,” allowing little chance to benefit from analysis, Herberger said.

“It’s a devastating attack if you’re a company that does their business on the front end,” said Marcus.

EBay’s (NASDAQ:EBAY) PayPal has successfully fended off hacktivist attacks and kept its website online because it has had an “almost maniacal focus” on securing against availability threats, Herberger said. Clearly, PayPal’s virtual transaction services would be worth little to businesses and consumers if they went down in a cyber attack.

To protect a system against availability attacks, Marcus pointed to the need for thorough penetration testing, good disaster recovery capabilities, solid bandwidth monitoring systems and said denial of service protection is “probably more important than ever before.”

Target List Expanded to Unlikely Companies

Sony (NYSE:SNE) knows firsthand the downsides to not taking a threat seriously. The company suffered a massive public-relations black eye earlier this year and is estimated to have lost tens of millions of dollars after it came under attack from Anonymous that brought down its PlayStation 3 system. In this attack, the hacker group was protesting Sony’s decision to file a lawsuit against PS3 users who illegally tampered with their systems.

“It’s a devastating attack if you’re a company that does their business on the front end."

- Dave Marcus, director of security research for McAfee Labs

“Sony saw itself as a happy-go-lucky company. Who would attack Sony?” said Herberger.

The Sony experience underscores the fact that the new ideological motive seen behind cyber attacks has opened the door to a much greater number of target companies.

In today’s hacktivist world, virtually any brand can see itself as the target based on how it is perceived as conducting itself as a corporate citizen.

The oil and gas industry, which tend to be disliked by environmentally-conscious groups, have found themselves under a harsher cyber spotlight in this new world.

“Overnight, they’ve become the poster children for attacks,” said Herberger.

In an operation dubbed “Operation Green Rights/Project Tarmageddon,” Anonymous set its sights in July on ExxonMobil (NYSE:XOM), ConocoPhillips (NYSE:COP) and other companies that support the extraction of oil from sand in Alberta, Canada – a process that environmental activists condemn.

“Anonymous will not stand by idly and let these environmental atrocities continue. This is not the clean energy of the future that we are being promised,” the group said in a press release at the time.

More recently, Anonymous began targeting Goldcorp’s (NYSE:GG) Montana Exploradora de Guatemala, which owns the Marlin gold mine that activists say is responsible for human-rights violations and negative health side-effects.

“If you find yourself in their crosshairs, you better make sure you have your I’s dotted and your T’s crossed,” said Marcus. “Take their threats seriously.”