This page contains a Flash digital edition of a book.
@InfosecEditor


Shades of Gray A


llow me to let you in on a little secret. More often than not, I see the world in black and white. Very rarely


do I see shades of gray. I tend to categorize things into boxes according to right, wrong, love, hate, agree, disagree. I am very aware that this isn’t necessarily a good quality to have. I blame my mum.


When once in a blue moon, something or someone comes along that I struggle to instantly categorize, I take a back seat and say nothing. It is for this reason alone that, until now, I’ve avoided writing about hacktivism in my editorials. Hacktivism is most certainly gray. What I’m going to try and do is pick out aspects that are black and white. Few information security professionals can even agree on what hacktivism is. Wikipedia says: “Hacktivism is the use of legal and/or illegal digital tools in pursuit of political ends.” Sounds about right. Legal – OK; illegal – not OK. So far, this is easy.


Wikipedia goes on: “These tools include website defacements, redirects, DDoS attacks, information theft, virtual sit-ins and virtual sabotage.” Again, this one isn’t too taxing. This sits fi rmly in the ‘wrong’ box. On the very next line of the Wikipedia


entry, a sea-change happens: “Hacktivism could be understood as the writing of code to promote political ideology: promoting expressive politics, free speech, human rights, and information ethics through software development.” As clearly as the former sentence belongs in the ‘wrong’ box, this sits happily in the ‘right’ category.


There are two ways to look at hacktivism.


The fi rst: as malicious, destructive acts that undermine the security of the internet as a technical, economic, and political platform. The fi ercest proponents of this mindset construe the act as cyberterrorism.


4


In the other


corner, we have those who believe hacktivism is electronic direct action that might work toward


social change by combining programming skills with critical thinking. In theory, hacktivism marries technology and programming with political protest – two of the important and wonderful characteristics of our generation. In reality, though, it’s rare that the fallout from such attacks is solely political, instead causing data loss and theft.


The year 2011 is renowned for being the year that hacktivists out-stole cybercriminals to take top honors according to the Verizon data breach report. Of the 174 million stolen records it tracked in 2011, 100 million were taken by hacktivist groups. Suddenly, things are looking black and white again. Regardless of political motivation or intent, if there are victims of the attacks they perpetrate, then hacktivism has crossed the line. Not OK. What I don’t understand about hacktivists, and perhaps the most telling thing of all, is how they choose to protest. Personally speaking, if I feel strongly enough about


took to the streets of London in opposition of increasing the cap on tuition fees. Protesters smashed windows and waved anarchist fl ags from the rooftops. Over the course of these protests, 135 people were arrested. While I’m certainly not condoning


violence in protest, what I do respect is this: Those 50,000 students felt strongly enough to embark on political protest, and were happy to do it openly on national TV. The same cannot be said of Anonymous, LulzSec, or other hacktivist groups. Their mission is the same, the stakes are just as high, yet their identities remain masked and protected. Their commitment to their political protest is limited to what they can get away with – as a result, I would argue them to be ineffective agents of revolution or change. As far as I know, the greatest, most


respected political protests in history have been by activists who have been willing to put their neck on the line for what they believe in. I can’t imagine Emmeline Pankhurst protesting through anonymous mail – be it electronic or postal – nor can I imagine Martin Luther King hiding behind a pseudonym. Protest over time will evolve – and technology will be used to aid protest. The issue is not with the electronic means of protest, but with accountability. As


As long as hacktivists continue to operate in a cloak-and-dagger fashion, their cause cannot be taken seriously


something to protest, then I’m willing to put my face and name to it. Protest is a healthy, legal and important human right. Method of protest is often where things get messy. In the physical world, if the actions of political protest result in damage, theft, or injury, then this is not tolerated. When the same is true online, why are we more tolerant?


Perhaps it has something to do with the ability to make the protesters accountable? In the winter of 2010, up to 50,000 students


long as hacktivists continue to operate in a cloak-and-dagger fashion, their cause cannot be taken seriously.


So to return to my black and white philosophy, here is how I see hacktivism. Protest – Good; malice and crime – bad; activism – OK; anonymity – not OK. I guess I managed to cut out most of those shades of gray after all. Enjoy the issue and take care,


Eleanor Dallaway, Editor May/June 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52