December 20, 2012

Security Trends 2013: Trend #5 Hacktivism Gets Process Driven

Trend #1:  Government Malware Goes Commercial

Trend #3:  Strength in Numbers


Trend #5:  Hacktivism Gets  Process Driven
In 2012, we witnessed changes in the way that Hacktivism operated. In early 2011, Hacktivist groups were focusing their efforts at specific organizations by methodically analyzing and attacking a targets front end—applications and web pages—and breaking them.   In 2012, Hacktivism was down, but not out.

For example, some “hacking incidents” proved to be hoaxes, or, more precisely, PR stunts.  Case in point:  Anonymous claiming to have hacked an FBI laptop hack.

To be effective, Hacktivists need to focus on divulging content or data that can damage their targets.  In our February report on Hacktivism, we detailed the process for stealing data from web applications.  We think this process will continue, but a new variation will emerge.  Specifically, Hacktivists will focus efforts on discovering CMS that are used in public websites via well-established techniques, such as error grabbing and Google dork searches, mapping them to vulnerabilities. Then use automated hacking tools to pull out the database contents as well as sensitive files for public disclosure. This approach, though simple and methodical, will focus on quantity over quality.

For example, the focus of Hacktivist group GhostShellTeam, in the course of 2012, have focused on CMS hacks with automated tools to expose files and data. When looking at the disclosed data, it was very clear that most of the data was captured from a CMS system, and that the extraction method was SQL Injection. How do such attacks work?

  1. Identify and collect vulnerabilities in CMS systems via different sources such as and other exploit databases, some on hacker forums and publications.
  2. Using different techniques to map sites that use these CMS systems and versions via error message grabbing, Google dork searches and other techniques.
  3. Once identified, the targets may or may not be branched into different Hacktivism campaigns depending on the current agenda of the hacktivist group.
  4. An automated tool, such as SQLmap or Havij, is then used to grab the data out of the vulnerable website.
  5. Data is disclosed via social networks, usually alongside a long public letter from the group naming and blaming whoever the campaign targets.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.