Enterprise IT Watch Blog

Feb 10 2011   12:01PM GMT

At RSA 2011, Hacktivism is (again) a corporate threat

Michael Morisy Michael Morisy Profile: Michael Morisy

Prepping for RSA, my days this week have been jam-packed with pre-briefings. Most of the announcements I’ve come across have been rather ho-hum: Product line updates, new partnerships, sales goals completed (Got something more exciting? Drop me a line). But one thing that has come up again and again is a more widespread awareness of the dangers of politically or ideologically-motivated attackers, or “hacktivists.” Much of the interest is, of course, stemming from WikiLeaks‘ Cablegate release as well as the planned bank disclosures. But the halo affect has hit far beyond the central players involved: PayPal suffered disruptions, as did a security firm that helped root out the identities of Anonymous attackers.

Several analysts I’ve talked to have said that this awareness is going all the way up to the C-level, and that it brings some real measurable impacts in how attacks are carried out:

  • For one, the attacks are not typically planned in the back channels that financially-driven attacks are, but often out in the open, in forums and Facebook.
  • All press is bad press: One security-minded firm stated that companies are complaining that any mention in the major media is driving attacks.
  • While the tools are often the same (DDoS attacks, data leakage), the participants are a different class, operating from both the inside and the outside in ways that opt more towards disruption and high-profile publicity rather than sustained effort.
In some ways, this is hacking come full circle: For years, security professionals have been discussing that the threat had moved from “fame seeking” attackers to more organized, professional attackers seeking financial profit. The organized crime has not diminished, but we are seeing a resurgence in the former class, particularly at the low-end “script kiddy” level with tools like the Low Orbit Ion Cannon making it easy and, in some circles, “cool” to mindlessly help bring down servers and networks.
Look for a lot of announcements specifically dealing with these threats next week at RSA, particularly if the solutions can also ably handle the more traditional attackers as well.
Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Cloud Security Wrap-Up - Enterprise IT Watch Blog
    [...] At RSA 2011, Hacktivism is (again) a corporate threat [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: