Hacktivism and security: where are we now

The affair-enabling social-networking site Ashley Madison was recently hacked, and the subsequent exposure of millions of users’ data was a shocking example of how few are totally safe from the efforts of enterprising hackers. The Ashley Madison disaster was a particularly eyebrow-raising example of this vulnerability, as one of the company’s core selling points was anonymity and security of personal information. It raises new questions about the power dynamics between individuals and traditionally dominant institutions: if a loosely-aligned group of anonymous hackers can effectively maim a huge corporation, then who is really immune from such attacks, and who is the next target?

These paranoid questions are worth asking””the rise of “hacktivist” groups and the culture of using computers and manipulation of networks to commit electronic burglary and exposure has become more prevalent over the last decade. A portmanteau of the words “hacker” and “activist,” hacktivists generally penetrate electronic security and distribute of secure data to progress a political or ideological agenda, usually freedom of speech or transparency issues. I believe “hacktivist” is a particularly appropriate term to describe the individuals and groups encountered in recent years such as Anonymous, LulzSec and arguably figures such as Julian Assange and Edward Snowden. The increased roles of social media, smartphone technology and valuable data stored online all contribute to the rise of these hacktivists and strengthen their attacks. In addition, widespread computer illiteracy and the power gap between those who understand network security and those who post cat pictures on Facebook has made those with knowledge much more powerful than the average internet user.

A good example of this power gap is the 2011 hacking of Aaron Barr, former CEO of HBGary, a technology security company. Barr claimed to know the inner details of a group of Anonymous hackers, and said as much on Twitter. Just one day later, Anonymous infiltrated the HBGary corporate website and posted Barr’s personal information and thousands of corporate documents were leaked onto the internet. If a company specializing in tech security isn’t safe from attack, that’s a problem.

The attack in question is notable because most of the real damage was done as a result of Barr using an extremely simple password for his corporate accounts.

Not only did he use a weak password on his account for his company’s entire email network, he then reused that same password for many of his personal accounts online. It just goes to show that a quality password is worth taking the time to memorize.

Just like the actions of many old-fashioned activists, many of the exposures committed by these groups are illegal, and some are considered treasonous””this leads some to argue a more appropriate name for the hacktivists is “cyberterrorists.”

Regardless of the name people use to describe them, the most high-profile hacktivists claim to promote freedom of speech, human rights, and transparency in government and policy.

Whatever truth resides in these claims, companies, institutions and individuals who represent or practice secrecy and opacity are more likely to feel the sting of an attack than everyday people.

As for ways to avoid getting compromised, there are far better resources than this article for improving security. To keep it brief: don’t routinely reuse passwords for multiple sites, make sure you go for password length over password complexity (a short password of random numbers and characters can be brute-force hacked fairly easily, while a less-complex long password might take several years to unravel).

The Ashley Madison hack is a good reminder of the prevalence of hacktivism today, and it remains to be seen which governments, schools or individuals have the wherewithal to develop the skills to .avoid being the next target.