What’s a Hacktivist? Det. Joseph Myers – Indiana State Police and Investigative Technologies Section (CITS) WAIT!!! What’s a ??? hack·tiv·ist /ˈhaktəvəst/ (noun) a computer hacker whose activity is aimed at promoting a social or political cause.

2 According to Hollywood…

3 According to Hollywood…

4 hack·er /ˈhakər/ (noun)

A person who uses computers to gain unauthorized access to data.

5 hack·tiv·ist • a computer hacker whose activity is aimed at PROMOTING A SOCIAL OR POLITICAL CAUSE.

• This detail is what makes them different from other categories of • White hat, black hat, , etc. • Other types of hackers are motivated by other goals • Reputation, money, control of systems, protection of systems/assets.

6 Hacktivist? Never heard of her.

• The online Oxford English dictionary states the term originated appeared in the 1990’s;

• Google seems to concur (see below); • Obviously this a newer word/concept/idea.

Use over time for: hacktivist

7 The Hacktovist’s Toolbox • They will use a variety of tactics to obtain their goal(s): • , DDoS attacks, account takeovers, webaite defacement, etc. • Doxing – Obtaining and publicly exposing someone’s personal information • Name, address, telephone, DOB, SSN, OLN, Credit Cards.

• DDoS – Distributed Denial of Service attacks are used to overwhelm systems. • A given system can only handle so much traffic before it breaks • LOIC – Low Orbit Ion Cannon - the script kiddie’s best friend.

8 The Hacktovist’s Toolbox • Web Defacement – removing and/or replacing the legitimate content of a target’s site with something else. • Sometimes they leave a message, usually bragging; • Great way to spread their propaganda.

• Account Takeovers – hacktivists get unauthorized control of their victim’s online accounts, i.e. Facebook, Twitter, email, etc. • Think of the damage that can be done when the hacktivist becomes you, online.

9 What causes do they support? • Pick a topic, any topic. • There’s a hacktivist for nearly any cause you can imagine: • Nuclear armament (one of the first) • WANK (War Against Nuclear Killers) worm • Religious beliefs • ISIS “Cyber Caliphate” Hacks U.S. Military Command Accounts • Environmentalist ideals • targets oils companies’ emails (2012) • Social causes • FBI: Hacktivists targeting US law enforcement

10 • In 1989 a worm infected NASA and DOE computers and caused the above banner to be displayed on infected machines.

• Believed to be linked to protests against the use of nuclear power modules in the recently launched Galileo spacecraft.

11 • Anonymous – a decentralized group of hackers associated with numerous acts of . • The 2012 attack on oil company emails to protest deep sea oil drilling • DDoS attacks during and after the 2014 Ferguson events • Ferguson City Hall’s website and phone lines were disabled. • Doxing • Ferguson police officers wrongly identified as having shot the attacker and personal information was released publicly. • #OpFerguson • Other Anonymous targets: • ISIS, the KKK, pedophiles, even NASA

12 #CyberCaliphate • ISIS tied hackers led by their religious beliefs. • Have hacked social media accounts of several news organizations and others.

• Hacked U.S. Central Command’s (@CENTCOM ) Twitter profile and YouTube account. • They shared several files they claimed to have stolen from US military networks.

13 What can we do?? • Depends on the type of attack: • DDoS – can your IT personnel work with your Internet Service Provider and fix it? Do you need to call in outside help? • Web defacements and account takeovers – Can you regain control or do you need to involve the provider (Facebook, Twitter, etc.) • Do you have a contact at those companies? • Have you discussed security protocols with them for this type of event? • Doxing – Once it’s in the wild, there’s no getting it back • When peronsally identifiable information (PII) gets online, in the clear, it’s never coming back; • You can take steps to protect your identity.

14 Sources https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-aers- hacktivism.pdf 7 - https://en.oxforddictionaries.com/; https://goo.gl/on9i6Z 9 - http://www.theage.com.au/articles/2003/05/24/1053585748340.html

15 Questions or Comments?

Detective Joseph Myers Indiana State Police – CITS [email protected]