Hacking: For Money or Change

A few years back, I became slightly obsessed with the show Black Mirror. One of it’s episodes, “Shut Up and Dance,” thoroughly freaked me out and got me paranoid about whether hackers could see what I was doing on my laptop screen or see my face while I was on my laptop (I covered up my webcam with a sticky not afterwards).

This episode got me thinking more about the topic of hacktivism, which can be defined as “the use of computer technology to achieve a political or social agenda through legally ambiguous means.” [1] On one hand, what the main character in the episode did was disgusting and illegal (child pornography), but on the other hand, what the hacker did was an insane invasion of privacy. I decided to take a deeper look into the world of hacking, both for profit, and for social and political change.

TechCrunch labels 2016 as the year where hacktivism started becoming more of a trend. New technologies began giving protesters a ”convenient and powerful means to spread their messages and mobilize action globally.” [2] As a result, hackers began to target state and local governments, as well as large organizations in order to accomplish the digital equivalent of street protests and sit ins. But unlike cyber criminals who hack into networks and computers for money, most hacktivists don’t hack for financial gain. Instead, they see themselves as hacking and fighting for justice; they go after everyone from foreign governments and corporations to drug dealers and pedophiles.

What have hacktivists done so far? [3]

  • Launched a cyberattack against the state of Michigan’s website to draw attention to the Flint water crisis
  • Targeted North Carolina’s government websites to protest a controversial state law that required transgender people use bathrooms that match their sex on their birth certificate
  • Attacked Baton Rouge’s city websites after the fatal police shooting of a black man
  • Took down Baltimore’s main website after Freddie Gray’s death while in police custody

What tools do Hacktivists use?

  • Hack into private emails or confidential records and make them public
  • Doxing: compile personal information about targets such as police officers, CEOs, or government officials and publish them online
    • Can include information such as address, phone number, family member names and info
  • Denial-of-service attacks: flood a website with traffic in order to cause it to freeze and prevent people from using it

Now, let’s look beyond just hacktivism and compare two hacking organizations, one of which hacks for money and one which hacks for “change and justice:”

 

Anonymous – For Justice!

By now, I’m sure most of people have heard of the group Anonymous (and seen their representative Guy Fawkes mask). But to recap, Anonymous is a “loosely affiliated group of hackers, specializing in everything from private data retrieval to shutting down networks.” [4] Anonymous has the reputation of an anti-establishment group, and it’s targets have ranged from big businesses and foreign governments to child abuse sites. [5]

A year ago, Anonymous promised to destroy the online recruitment methods of ISIS, and as a result, “cripple” the terrorist group’s ability to brainwash potential members. Since then, it has taken down more than 1,000 terrorist sites. [5]

Fin7 – For Money!

Fin7 is a billion-dollar hacking group that has been behind some of the most famous data heists in the past few years and has stolen millions of credit and debit card numbers from companies such as: Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle, Saks Fifth Avenue, and Lord & Taylor. [6]

Interestingly, “while lots of criminal hacking gangs are simply out to make money, researchers regard Fin7 as a particularly professional and disciplined organization.” [6] Members of the group work around a surprisingly normal business schedule, and have nights and weekends off. It has developed its own malware tools and attack styles, and has a well-funded R&D department that helps the group evade detection. And according to Dmitry Chorine, cofounder of Gemini Advisory, Fin7 operates as a business entity, with managers, money launderers, software developers, and software testers. Overall, Chorine estimates that the company makes around $50 million a month. If I didn’t know any better, it almost seems like a Silicon Valley tech company!

 

I’ll end this post with a quote from Doug Robinson, executive director of the National Association of State Chief Information Officers: “We are all vulnerable, and hacktivism is going to continue as long as we have these crises or events where political activists want to make a statement, whether it’s a police shooting or a city’s decision to remove camps for the homeless.”

References

[1] https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/Hacktivism/what.html

[2] https://techcrunch.com/2017/02/22/the-dramatic-rise-in-hacktivism/

[3] https://www.pbs.org/newshour/nation/hacktivists-launch-cyberattacks-local-state-governments

[4] https://www.businessinsider.com/what-is-anonymous-2015-11

[5] https://www.thesun.co.uk/news/3885265/anonymous-guy-fawkes-mask-hackers-nasa-claims/

[6] https://www.wired.com/story/fin7-carbanak-hacking-group-behind-a-string-of-big-breaches/

2+

Users who have LIKED this post:

  • avatar

One comment on “Hacking: For Money or Change”

  1. What an interesting piece on hacking!
    I’ve always thought that white hat hacking is so cool because they are actually hacking for good. And they still get to feel the great feeling when they conquered a system. Sometimes I feel like black hat hackers are so talented, they are wasting their skills to purposefully hack base on personal interest. They could be using those skills to make a change in the world, not by these means, but through proper channels. That would be truly disruptive, yet beneficial.

    Anonymous could be the grey hat hackers, they have value and they have principles, and I respect that. Usually, these kind of hacks aren’t as harmful as those who target hospitals or infrastructures, but I still believe that there is always another way to their goal. That fine line is so hard to define though as mentioned by the author, they also took down terrorist brain-washing websites. In that case, it seems that it is totally rational to do it. But other times, not quite.

    It truly depends on what their intentions and values are. They are like mercenaries/ cyber militants, soldiers that volunteer to fight the good fight. As for others, they simply have other agendas.

    0

Comments are closed.