- How it Works
- How it Works
- Motivations
- Hacktivists vs Hackers
- Examples
- Defense
What is a Hacktivist?
A hacktivist uses hacking methodologies, such as DDoS and other cyberattacks, as a form of activism. These motivations are often political but can also be fueled by social, ethical, or other reasons. The term is a combination of the word "hacker" and "activist," with origins dating back to the mid-1990s. Hacktivism is alive and well, seeing a surge in the 2020s as the world becomes more connected and global conflicts continue to arise.
How Does Hacktivism Work?
Hacktivism takes on many shapes and methods. Common techniques used by hacktivists include:
- DDoS: A DDoS attack is an attempt to exhaust network capacity, application compute, or other resources to the point of bringing a website, application, or service down. This is done to inhibit the ability to serve customers or spread information, leading to reputation damage, financial losses, or denial of access.
- Doxing: The act of providing personally identifiable information to the public with malicious intent is called Doxing. This can be related to an individual or organization. This is most commonly done
- Leaks: Leaks are popular with hacktivists, whether it be sensitive or strategic information or internal documents. Leaks are similar to doxing but typically target the organization as a whole instead of an individual.
- Site Defacing: Hacking into a public-facing website and changing the content to demean the message of the organization is another popular tactic. Hacktivists do this by injecting their own code to override the appearance of a webpage.
- RECAP: This software enables users to access documents that would typically require payment to the U.S. Federal Court to read. This removes a barrier many hacktivists believe should not exist to begin with. It is worth noting that RECAP is a perfectly legal tool and is supported by the non-profit Free Law Project.
- Website Mirroring: When federal rules lead to the censorship of a website, hacktivists can mirror that website onto another domain to make it accessible. This is most often done in countries with strict internet censorship laws.
Hacktivists also make a strong effort to conceal their identities to protect against punishment for their activities. This is done via proxy servers, secure VPNs, Tor browsers, and other tactics. Maintaining anonymity is paramount to achieving the objective.
What are the Motivations Behind Hacktivism?
Hacktivist motivations can vary greatly from political to social to ethical and beyond. Political motivations are among the most prevalent, as groups often attack on behalf of or in support of nation-states in response to global geopolitical conflicts. Policies, trades, aggression, or other actions can activate hacktivists.
Social movements can also motivate hacktivists to take action. Whether the actions are to promote a social cause, human rights campaign, or protest, hacktivists can use their methods to spread the message of their position or against the opposition.
Ethical motivations for hacktivists vary greatly. One ethical motivation could be to teach an organization or government agency a lesson for perceived wrongdoings. These motivations can also be counter-terrorist, blocking donations or communications for known terror groups.
Hacktivists vs Hackers
The biggest difference between hacktivists and traditional hackers is motivation. Hacktivists hack on behalf of a cause, regardless of intent. Traditional hackers, however, hack for other motivations, such as personal gain.
Hacktivists and hackers both carry negative connotations in the media due to their nefarious activities and sometimes questionable intent. That said, hacktivists are perceived less negatively than the traditional "hacker in a black hoodie" is.
No matter which side a hacker or hacktivist stands on, hacking and DDoSing is illegal and is met with legal ramifications should one get caught.
Hacktivism Examples
Hacktivism is rampant throughout the world. NETSCOUT's ASERT Team has covered many hacktivist movements when tied to DDoS in geopolitical conflicts. Some examples include:
- Spanish DDoS Attacks (July 2024)
- Hacktivists Target Romania in Latest Surge in Geopolitical DDoS Attacks (July 2024)
- South Korea Enduring a Wave of Geopolitical DDoS Attacks (June 2024)
- Moldova Faces a Wave of DDoS Attacks (May 2024)
- Sweden Continues to be a Prime DDoS Target as They Join NATO (May 2024)
- DDoS Attacks Against Poland Skyrocket in Wake of New Prime Minister's Election (February 2024)
- 100% Increase in DDoS Attacks Against India (April 2023)
- DDoS Attacks Targeting NATO Members Increasing (April 2023)
Included in this coverage is the identification of notable hacktivist groups. These include, but are not limited to:
- NoName057(16) (January 2024)
- Anonymous Sudan (November 2023)
- CyberDragon
- CyberArmy of Russia
- EXECUTOR DDOS
Outside of DDoS, some of the most notable hacktivist groups exist. Some examples of these are Anonymous and WikiLeaks. These groups employ more methodologies than just DDoS, though that is well within their arsenal.
How can You Defend Against Hacktivists?
For enterprises, governments, and service providers, a strong DDoS protection solution is a necessity to maintain availability. Along with defending against DDoS attacks, a cybersecurity solution that enables comprehensive, scalable network visibility is another key to preventing adversaries from gaining a foothold in your network.
NETSCOUT's Impact
NETSCOUT actively tracks DDoS activity across the globe. Our industry-leading visibility into the global internet allows us to discover the actions of the most prevalent DDoS hacktivists. NETSCOUT’s technology protects most of the largest networks on the planet including 95% of Tier 1 Carrier Service Providers and many of the world’s largest financial institutions.