Across more than 150 countries, thousands of critical infrastructures and organisations, like British hospitals, Russian railway station, and German train network, were in a state of chaos last week when their IT infrastructures were breached by a devastating ransomware, WannaCry. The ransomware uses the EternalBlue vulnerability that was released to the public by the Shadow Brokers hacktivist group in August 2016 after it had stolen the exploit from U.S. National Surveillance Agency (NSA).
Now that it has gotten the world’s attention (again), the Shadow Brokers have recently resurfaced with another statement promising to release more zero-day exploits for various desktop and mobile platforms starting from June 2017.
The attack left many wondering why the NSA would keep so many potent vulnerabilities without disclosing it to the public, and how organisations could become so vulnerable to the ransomware. Though these are all legitimate concerns that deserve discussions, there is a pressing concern that is being overlooked – hacktivists are increasingly using radical methods to make their point, and their actions have escalated security threats to a whole new level. Yet, a multilateral response towards hacktivism seems to be lacking.
How Hacktivism Has Evolved Over Time
1989
The earliest tool used in hacktivism was computer worms that display with protest messages on infected machines. In 1989, for example, anti-nuclear activists infected the servers of the National Aeronautics and Space Administration and the U.S. Department of Energy with a computer worm dubbed ‘Worms Against Nuclear Killers’ to protest against the launch of a shuttle powered by plutonium.
1990s
Hacktivists started to show off other new capabilities, such as website defacements and denial of service (DoS) attacks. They also began connecting with other like-minded hacktivists, sharing coding knowledge and planning cyber campaigns.
These attacks, though caused disruptions, were mostly expressive in nature as they do not cause serious damages. This was one reason why acts of hacktivism were widely regarded as pranks and annoyances.
2000s
By the new millennium, hacktivism became a popular form of civic protest to bring attention to issues, as seen by the emergence of new hacktivist groups in Asia and other parts of the world, such as the Hong Kong Blondes, the Honker Union, the Red Hacker Alliance, and the China Eagle Group.
Other new hacktivist groups also continued their destructive attacks against governments through principled leaking, a phenomenon that is closely associated with WikiLeaks. It involves publishing government secrets ranging from torture to classified military reports.
In 2003, U.S. Army intelligence warned that WikiLeaks “poses a significant ‘operational security and information security’ threat to military operations” and their actions could “influence operations against the U.S. Army by a variety of domestic and foreign actors.”
2010s
As the nature of the threat evolves, most hacktivist activities became increasingly viewed as a form of cybercrime. Data breaches became prolific, with many organisations and government agencies being targeted. A Verizon report in 2012 revealed that of the 177 million records stolen by cyber criminals in the previous year, 58% were taken by hacktivists. Among those, four hacktivists were convicted in 2012 for taking part in a 2011 DDoS campaign that cost PayPal £3.5 million dollars.
In addition to data breaches, a surge in principled leaking has become a source of political risk in many countries. A notable example was the leak of the Panama Papers in 2016 as a protest against capitalism. This leak exposed corruption in the financial sector and political sphere, implicating several political leaders in corruption scandals. Former Iceland’s Prime Minister was forced to step down last year after the leak, and the incumbent Prime Minister of Pakistan is now facing calls of resignation by the opposition parties. More of such political scandals may surface in the run-up to elections in Europe.
Hacktivists’ DDoS attacks have also grown bolder and more destructive. In 2016, for example, the New World Hackers, a hacktivist collective comprising members in Russia, China and India, allegedly launched a global DDoS attack using Mirai botnet to protest against Ecuador for cutting off WikiLeaks’ founder Julian Assange’s Internet access at its embassy in London. This attack resulted in a massive internet outage across the U.S. and Europe.
More recently, this trend further intensified when the Shadow Brokers decided to release potent exploits stolen from NSA-linked Equation Group to challenge the wealthy elites. This in turn allowed other cyber criminals (or possibly North Korean hackers) to turn the exploits into a powerful cyber weapon that paralysed critical infrastructures underpinning national security.
And if that was not enough, the Shadow Brokers is now threatening to release compromised network data on nuclear programs in North Korea, China, Russia, and Iran. If their threats were true, this would be a major national security threat – many foreign governments and malevolent actors ranging from profit-driven cyber criminals and terrorist organisations might be very interested to get their hands on these data for their own reasons.
Proof of U.S. conducting espionage on foreign nuclear programs might also strain geopolitical ties with Russia and China.
As hacktivists resort to increasingly extreme methods in their attacks, more could become affected by collateral damage. The use of IoT botnets in their attacks and their strong stance against censorship, high-level corruption, establishment hypo
Multilateral Efforts in Combating Hacktivism
Many countries have enacted their own laws to counter hacktivism and other forms of cybercrime. However, the mobility of hackers and the transnational nature of hacktivism means that the digital evidence and perpetrators of the crime may be located in different countries. This calls for the need to deepen cooperation among countries to adequately address this rising threat. Here are some significant initiatives that have been undertaken worldwide:
- The Council of Europe drew up the 2001 Convention on Cybercrime (Budapest Convention), the first international treaty on cybercrimes. It gives police powers to access servers in countries bounded by the treaty to facilitate digital forensic investigations.
- The UN General Assembly Resolution 55/63 (“Combating the criminal misuse of information”), adopted in 2002, provides guidance to countries without an advanced cybersecurity regime. UN’s International Telecommunication Union has also organised workshops aimed at boosting the capabilities of the law enforcement and CERT communities in the area of cybercrime.
- Since 2002, members of the Asia-Pacific Economic Cooperation (APEC) have met to discuss the draft domestic cybercrime laws and strategies for enacting them, and enhance readiness against hacktivists’ cyber attacks. APEC’s Telecommunications and Information Working Group plays a key role in hosting workshops to harmonise domestic laws with the international standards.
- In 2012, ASEAN issued the ‘A Memorandum from the Council for Security Cooperation in the Asia Pacific’, paving the way for the implementation of a regional cyber security task force. The first ASEAN Regional Forum was later held in Malaysia in 2015 to promote a dialogue on enhancing cybersecurity in the region.
- INTERPOL conducted three major multilateral operations between 2012 and 2013 targeting cybercrimes in Europe and South America. The first operation, named Operation Unmask, led to the arrest of 25 hacktivists from the Anonymous collective in Argentina, Chile, Colombia and Spain. The second and third operation were targeted at online child pornography distributors, but they provided good opportunities to build strong working relationships among various law enforcement agencies for future collaborations.
- The INTERPOL Global Complex for Innovation (IGCI) was established in Singapore in 2014 to advocate for stronger intelligence coordination among law enforcers in the region and help countries catch up on cybercrime laws.
- EUROPOL has created a Joint Cybercrime Action Taskforce (J-CAT) in 2014 to coordinate cybercrime operations across its member states.
- The U.S. Department of Homeland Security in 2016 established the National Cybersecurity & Communications Integration Center. It serves as an intelligence sharing centre to monitor, detect, and mitigate cyber threats like hacktivism worldwide.
While there are a few international frameworks in place to foster collaboration, implementation is far from complete. For example, there is no enforcement mechanism to ensure compliance to the Europe Cybercrime Convention. Key countries like Russia and China which account for many politically-motivated cyber attacks have not yet ratified the treaty. Only three Asia-Pacific countries have ratified the treaty.
It does seem clear that the Asia-Pacific region has been particularly slow in developing a unified mechanism to battle hacktivism, as compared with their western counterparts. One reason might be that some countries are more concerned about economic growth than cybercrime. ASEAN’s policy of non-interference is also a serious impediment to regional coordination as countries might be reluctant in offering assistance to countries under cyber attack to avoid violating this policy.
Moreover, some governments may not cooperate in helping to identify hacktivists hiding in their country if they acted out of nationalist sentiment. For example, the Honker Union hacktivist group was responsible for a number of website defacements in the Philippines, Vietnam, and Japan between 2008 and 2012 due to ongoing territorial disputes in the South China Sea, but the Chinese government chose to turn a blind eye.
Efforts and Initiatives by Government and Private Stakeholders
Government-linked and private organisations are also proactively tackling hacktivism and cybercrimes in their own ways:
- Central banks in South Korea and Indonesia identified and blocked IP addresses belonging to hackers to prevent DDoS attacks,
- Companies are paying attention to the social media accounts of hacktivist groups, monitoring for any threats of attack,
- Some companies have shown interest in hiring White Hat hackers and reformed hacktivists who are knowledgeable on the attack strategies of their fellow peers,
- Security companies are sharing industry best practices and newly discovered vulnerabilities through seminars, as well as analysing hacktivists’ attack capabilities (read a post-outbreak report on the WannaCry ransomware).
Further Action Is Needed
The world is now faced with a brand new kind of hacktivism threat that is economically more damaging and has more wide-ranging national security implications. There is a lack in joint efforts in the Asia-Pacific region to help facilitate investigative efforts and crack down on hacktivists. Some developing countries do not even have a robust cybersecurity regime, which makes the road to multilateral cooperation challenging.
Source: Global Momentum