In a week that saw hackers compromise the accounts of 24 million customers of Zappos.com, and Wikipedia plan a one-day “blackout” to protest pending U.S. anti-piracy legislation, two things are clear: “Hacktivism” – the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose – is on a sharp and dangerous rise, and efforts to fight attacks by regulating cybersecurity are controversial, and falling short.
“The fact that Anonymous has targeted media executives who support anti-piracy legislation, such as Jeffrey L. Bewkes, chairman and chief executive of Time Warner, indicates that the group is not simply bent on making a name for themselves in the hacking community,” says information security expert John D’Arcy, assistant professor of information technology management at the University of Notre Dame.
D’Arcy said recent Anonymous attacks on Bewkes and others targeted anti-piracy advocates who support the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) currently being considered by Congress. Many critics of the bill – including the White House – have reservations about the bills’ provisions dealing with blocking domain name services, which are intended to combat foreign websites that sell counterfeit American goods. However, the bills could have unintended consequences for legitimate online entities and free-speech considerations.
But D’Arcy sees a troubling development evidenced by the targets of the attacks: Hacktivists are no longer just after customer accounts.
“Anonymous and other hacktivist groups such as LulzSec (a group that claimed responsibility for several high-profile attacks, including the accounts of Sony customers in 2011) have upped the ante and are using the insecure nature of the Internet to make political statements and support political positions.
“What’s next? A logical next step would be for these hacktivist groups to target certain political parties and political candidates. Hacking has shifted from a purely business motive in recent years to these politically driven attacks. The recent hacks on media executives speak to the power of such groups and also highlight the need for more concerted effort from U.S. and international authorities to combat hacktivist activity.”
Meanwhile, says D’Arcy, online companies such as Wikipedia are using the Internet to make their own political statements, albeit in a less aggressive manner; for example, Wikipedia’s plan to “go dark” on Wednesday to make a statement against the proposed anti-piracy legislation.
In recent research, D’Arcy has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His studies also investigate individual and organizational factors that contribute to end-user security behavior in the workplace. D’Arcy teaches an MBA course on technology risk management and an undergraduate course on computer networking and security.
Assistant Management Professor John D’Arcy can be reached at (574) 631-1735 or firstname.lastname@example.org.