The hacktivism phenomenon

This happened last Christmas when Wikileaks published, with the support of Anonymous, more than five million e-mails from Texas-based global security think tank company Stratfor, a global intelligence firm. The exposed material shows how government and diplomatic sources all around the world give Stratfor clear advanced knowledge of events and of the politic strategies, all in exchange for money. A great web of informants, government employees, embassy staff and journalists, has been recruited everywhere, and paid through Swiss bank accounts and pre-paid credit cards. On the other hand of course, the actions of groups of hacktivists represent a serious threat to private industry and the national security of each country. The group’s attacks have been shown to bring about the blocking of services provided by a company, to gain access to sensitive information whose disclosure could undermine the internal balance of a country and its relationship with allied states. And it’s for this reason that hacktivism is considered within a cyber strategy as a major cyber threat which can cripple, with its attacks, critical infrastructures, financial services and government agencies.

Groups of hacktivist are considered as the uncontrollable variables in cyber space, capable of surprising us with striking operations worthy of the most skilled cyber army.

Is it possible to use the group and its popularity as a cyber weapon? How is it possible?

Several intelligence agencies believe that it could be more profitable to influence the operations against strategic objectives. Let’s imagine fake hacktivist cells that recruit ordinary people to direct attacks against institutions and hostile governments. We found, on more than one occasion, how dangerous a breath of wind of protest through the new social media can be.

Intelligence operations and studies of the phenomenon are preparatory to the approach, but with regard to the possibility of infiltrating the group, this could of course be achieved by conditioning, for example through financial compensation and other incentives, the medium and high level representatives of the groups − those people that define the strategies of protest. There are risks related to negotiation with unstable and mutable organisations that we do not fully understand, but history teaches that such agreements are possible, and have indeed occurred in the past, such as between states and criminal organisations. In some ways this approach is similar to what can occur when government intelligence agencies discover a weakness in existing cyber infrastructures and, rather than report and assist to repair the weakness, they allow the weakness to remain so as to be able to exploit it for their own offensive purposes now or in the future. This is different to ‘ethical hacking’ where a person (such as co-author of this article Pierluigi Paganini) hacks to find weaknesses in a system for the purpose of identifying and removing the weakness, and to help build defences. Ross Anderson, the well known professor in Security Engineering at Cambridge University, is reported to have asserted that the “lions’ share” of the UK government’s cyber budget is allocated to develop cyber offence capabilities.

Is hacktivism only a threat or also a voice to listen to? What can we expect for the future?

Some forms of hacktivism protests are certainly illegal, but we must consider that they are expressions of dissent shared between large communities; they are the voice of masses. The demonstration is in the number behind each attack. These guys are not alone, they have a lot of common people behind them. The main events of protest in history were always characterised by elements of illegality due to their connotation of opposing the governments in question. From a legislative perspective, we must distinguish a hacktivist from a cyber criminal. Although the damages are to be considered in high regard, there are countless methods of judgment regarding the actions of Anonymous and similar groups. In terms of security, the group is without doubt considered a threat due to the capabilities shown and the objectives selected. In another sense they do bring to public awareness some of the clear vulnerabilities in existing cyber systems, and thinking people will be asking themselves, and hopefully others, “Why are our critical cyber systems so vulnerable?” Hacktivism can therefore be seen as helping to motivate a shift towards much needed improvements. Politically, I think that Anonymous is a voice to be taken into account. Ideologies could not be repressed with the arrests, and what is possibly unique about Internet enabled social activism, such as the Arab Spring, is that it can reflect a widespread shift or evolution in popular opinion or consciousness.

These observed attacks should give us cause to reflect. I think the group is currently in a state of transition which, despite having reached a critical mass of supporters, has began to split into numerous cells scattered throughout the world. For now, these cells appear to be driven by common goals, but what will happen tomorrow?

In a heterogeneous scenario, the risk that external agents can infiltrate the group influencing policy is concrete. New operations can be organised in the name of the group with unpredictable consequences, foreign states or law enforcement may involve masses of people and convince unaware hacktivist to conduct ideological battles. The time of hiding, in the form of protest, could begin to decline and, to give strength to their operations, hacktivists would be obliged to make public appearances, presenting their vision and political programmes to the world through their representatives. The groups are aware that their attacks may begin to serve a third cause, not just their own.

Analysing for example the Anonymous case, we must distinguish two phases of Anonymous phenomenon, the first one that I define “Here I am, know me and learn to live with my judgment” is the one we are leaving − in this phase the group introduced itself to the world, showing its offensive capabilities but also enjoying broad support. The second phase, named “Openness”, is the one we will live in the coming months. In this phase the group will try to talk with institutions, will operate on the internet, but also in the street. The stage is very delicate. Because of the heterogeneous nature of the groups, many hacktivists will not accept the openness of institutions, deciding instead to pursue a policy separate from the line indicated by the collective, perhaps seeing themselves as victims who, through becoming loose cannons in the web, could stage indiscriminate and unethical attacks.

This is the worst scenario, where chaos may reign on the web, where regulations cannot keep up with social change, and where some government and corporate bodies are trying to create a sense of security and trust in the cyber environment, while others seek to exploit what some world class security experts state is a history of generations of deployments of insecure cyber systems, with subsequent endless security patching.

It is time to revert to the fundamentals, to insist only on cyber systems that are built secure from the ground up, and in the meantime we can also continue to support the call for more openness in government and corporate management, whereby it would not fall to hacktivist groups to be, at times, the ones to have to expose actions and attitudes by people and organisations in positions of trust failing to satisfy democratic principles and working counter to future harmonious international relations. When all is said and done, a secure and resilient cyber domain should be a universal and fundamental right, along with honesty and transparency in both government and corporate governance. No doubt the future will see more hacktivism and hopefully other less disconcerting forms of Internet enabled social activism to achieve these constructive objectives.

ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded by the Ministry for Gozo, Eco Gozo Project, and prize winner in the 2012 Malta Government National Enterprise Innovation Awards. has links to free cyber awareness resources for all age groups. To promote Maltese ICT to the world, we encourage all ICT Professionals to register on the ICT GM Skills Register and keep aware of developments, both in Cyber Security and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace at

Sig. Paganini, Security Specialist CISO Bit4ID Srl, is a CEH − Certified Ethical Hacker, EC Council and founder of Security Affairs

Mr Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited.

Mr Pace is Project Manager of the ICT Gozo Malta Project and an IT Consultant