Cable TV takeovers. Electric car chargers being shut down. Attacks on nuclear sites and government agencies. These are just a few of the latest cyber-attacks being categorized as “hacktivism” surrounding the Russia-Ukraine conflict. Seemingly done by vigilante “do-gooders,” there is a lot of sharing, and even cheering, online when these types of attacks happen.
When they target “the bad guys,” or those we see as the aggressor, it can sometimes feel like these cyber-attacks are for the better. But, what many of us don’t see or consider are the unintended consequences and blowback that these types of attacks often cause.
We spoke with some of our own Cybersecurity People here at IGI, including a CISO, a Certified Ethical Hacker, and a Cybersecurity Sales Strategist, to see what their take was on hacktivism—or hacking to promote a political agenda or social change—and to lay out some of the implications of some of these recent attacks surrounding the Russia-Ukraine conflict that are not being touched on in traditional news reports.
While it often starts off with good intentions, hacktivism is still an illegal activity that adversely affects the intended, and unintended, victims. If you use the example of the electric car chargers in Russia—consider whether that more adversely affects the Russian government, or the average Russian citizen? In this case, and many others, the average citizen is another casualty of whomever they were targeting.
Anonymous’ attacks on the Russian government seem more straightforward since the government itself seems to be singularly impacted by them. But this type of attack can lead to escalating tensions between Russia and the U.S., or other Western countries. Even if it’s not a state-sponsored attack, seeing an attack from a U.S. IP address could be enough to fuel retaliatory cyber warfare. Not to mention, an experienced hacker can also easily spoof their IP address and make it look like it comes from somewhere else—which means the U.S. (or another country) could be engaged in warfare based off an attack orchestrated from a remote part of the world by an unaffiliated party.
When Hacktivism Backfires
Even hacktivism that does exactly what it intended to do, with little to no negative repercussions, still ultimately proves that a system is vulnerable. If the tools exist for the hacker to do this, the next person who wants to retaliate in a more malicious way can likely do it. Once it's been proven to work by one hacker, it is likely to be repeated and abused by another who may not have as favorable intentions.
That means that hacking into Russia’s electric car chargers sets us up to be attacked in the same way. And an attack that takes down Russian cable TV or streaming services can likely take down our media sources as well.
Governments utilize a lot of the same technology as private enterprise; exploits employed and developed during these campaigns are often later repurposed for more nefarious objectives. Russia as the target today could be you, your business, or your country tomorrow.
Hacktivism may feel good to us as we read the headlines, but, ultimately, it creates chaos—especially during wartime. It fuels geopolitical discord, forces governments and people to point fingers, and likely escalates tensions in some way.
Hacktivists also don’t have the same repercussions or consequences as a government carrying out the same types of cyber-attacks. If lives are lost or major crimes are committed, no one is held responsible when an unknown, self-proclaimed hacktivist is to blame.
What do you think? Are hacktivists truly ethical hackers trying to help a country in need, or are they simply creating chaos without personal consequence?