In a week that saw hackers compromise the accounts of 24 million customers of Zappos.com, and Wikipedia plan a one-day “blackout” to protest pending U.S. anti-piracy legislation, two things are clear: “Hacktivism” – the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose – is on a sharp and dangerous rise, and efforts to fight attacks by regulating cybersecurity are controversial, and falling short.
“The fact that Anonymous has targeted media executives who support anti-piracy legislation, such as Jeffrey L. Bewkes, chairman and chief executive of Time Warner, indicates that the group is not simply bent on making a name for itself in the hacking community,” says information security expert John D’Arcy, assistant professor of information technology management at the University of Notre Dame.
D’Arcy says recent Anonymous attacks on Bewkes and others targeted anti-piracy advocates who support the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) currently being considered by Congress. Many critics of the bill – including the White House – have reservations about the bills’ provisions dealing with blocking domain name services, which are intended to combat foreign websites that sell counterfeit American goods. However, the bills could have unintended consequences for legitimate online entities and free-speech considerations.
But D’Arcy sees a troubling development evidenced by the targets of the attacks. Hacktivists are no longer just after customer accounts.
“Anonymous and other hacktivist groups such as LulzSec (a group that claimed responsibility for several high-profile attacks, including the accounts of Sony customers in 2011) have upped the ante and are using the insecure nature of the Internet to make political statements and support political positions.
“What’s next? A logical next step would be for these hacktivist groups to target certain political parties and political candidates. Hacking has shifted from a purely business motive in recent years to these politically driven attacks. The recent hacks on media executives speak to the power of such groups and also highlight the need for more concerted efforts from U.S. and international authorities to combat hacktivist activity.”
In recent research, D’Arcy has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His studies also investigate individual and organizational factors that contribute to end-user security behavior in the workplace. D’Arcy teaches an MBA course on technology risk management and an undergraduate course on computer networking and security.
Media Advisory: D’Arcy’s comments may be used in whole or in part. He is available for interviews and can be reached at 574-631-1735 or jdarcy1@nd.edu