Even as the chorus against black money and corruption is getting louder in India, hacktivism, a coinage created of activism and hacking, is creating mayhem in the virtual world. Also referred to as Electronic Civil Disobedience, documented instances of hacktivism can be traced back to almost two decades. However, recent high-profile hackings of Sony, Google, Citigroup, International Monetary Fund (IMF) and the cyber-attack on the Senate website today are raising security stakes, caution experts.
A new video, purportedly by the hacker group Anonymous, has called for the resignation of Federal Reserve Chairman Ben Bernanke for “crimes against humanity”, failing which it has threatened to use a distributed denial-of-service (DDoS) attack to shut down the US central bank’s website. The video refers to a campaign known as Operation Empire State Rebellion, which will start from today.
Closer home, hackers claiming to be from the Anonymous group (which ‘Anonymous’ group supporters later denied), defaced the National Information Centre (now shut for maintenance) in June and posted its logo and a message addressing the Indian Prime Minister, protesting against the recent police crackdown on supporters of Ramdev. The Indian army website, too, was defaced but quickly restored after outrage by Indians on Facebook and Twitter against the attacks.
In April, hackers reportedly compromised two servers created by Congress general-secretary Rahul Gandhi, and redirected users to an engineering college website. The Delhi Police is investigating the case.
Way back in 1998, a group called milworm hacked into the Bhabha Atomic Research Centre (BARC), replacing the organisation’s website with an anti-nuclear message.
The motivations behind hacktivism are varied and include protests related to anti-globalisation, animal rights, labour movements, biotech and genetically modified foods, anti-war movements and environmental causes, according to Kent Anderson, managing director of Encurve – a Portland, Oregon-based, independent risk consulting firm. In a 2009 paper, he noted that: “These attacks are often combined with or support with action in the real world.”
More From This Section
"We read about these instances but nobody here appears to be taking e-security seriously. We erroneously presume that if management processes are in place, companies will be secure. The mere fact that the top e-security companies in India make most of their revenue from training rather than selling security solutions, is proof that we are not thinking about security," rues Vijay Mukhi, a leading cyber-security expert.
The threat, however, remains very real. The Kaspersky Lab Q2 2010 Malware report recorded nearly half-a-billion infection attempts. The countries most targeted were China (17.09% of all attacks), Russia (11.36%), India (9.30%), the USA (5.96%) and Vietnam (5.44%). Cybercriminals, according to Kaspersky, are now also exploiting the popularity of social networking sites with new scams. A new survey conducted by Microsoft India corroborates this trend. It reveals that 74 per cent online users fear hacking of their social networking account followed by loss of personal data. The number is significant given that around 50 per cent of Indians spend close to five hours on the internet every day.
The survey adds that nearly one fourth of Indians (over 23 per cent) have suffered as the victims of cyber-attacks. A new McAfee report, too, indicates that "it’s been a busy start to 2011 for cybercriminals”. It notes that fake anti-virus software had a very active quarter (January-March 2011) as well, reaching its highest levels in more than a year, totaling 350,000 unique fake-alert samples in March 2011.
This June, a post by Eric Grosse, engineering director at Google's Security Team on the official Google blog, acknowledged the threat when it was at the receiving end. "... Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
Governments, meanwhile, are trying to hit back by arresting ‘Anonymous’ hackers. But the group, which also calls itself ‘The Legion’, is very difficult to trace given the unstructured architecture of the internet. Graham Titterington, principal analyst at Ovum, cautions "there is no magic bullet to prevent a cyber-attack”. He suggests that monitoring data movements, data encryption, and data loss prevention systems can reduce the loss of information directly from electronic systems, particularly with regard to high volume theft. He adds: "However, the technologies themselves are not universal panaceas, even when the vulnerabilities have been dealt with."