SlideShare une entreprise Scribd logo

Hacktivism: Motivations, Tactics and Threats

Télécharger en tant que PPTX, PDF
Eric Vanderburg
Eric Vanderburg

This document summarizes a presentation on hacktivism given by Eric Vanderburg. It defines hacktivism as hacking to promote a political, religious, or social ideology. It discusses how technology and anonymity on the internet have enabled hacktivist groups like Anonymous and LulzSec to conduct cyberattacks. Common hacktivist tactics discussed include DDoS attacks, website defacement, negative SEO, doxxing, and information disclosure. The document advises organizations to assess their culture and risks from hacktivism through background checks, social engineering tests, and limiting social media use.

Technologie
1  sur  15
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism Summit November 6, 2015 Hacktivism Motivations, Tactics, and Threats Eric Vanderburg Director of Cybersecurity, JURINOV eav@jurinnov.com @evanderburg (216) 664-1100
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Where are we and how did we get here? • Technology makes it easier to disseminate a wide variety of ideologies – Some have caught on: • Freedom of information • Government and organizational distrust • Anonymity of the Internet • Disparity between resources required to attack vs defend
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How did we get here? • Dark web – skills now optional Image above retrieved from Deepdotweb.com today
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism defined • Hacking to promote a political agenda, religious belief or social ideology. – Political – Religious – Social ideology • Human rights • Free speech • Freedom of information • Hacking “clothed” in moral attire • The morality is subjective
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Real world comparisons Cyber • Website defacement and redirection • Negative SEO • Denial of Service • Information disclosure Real world (AFK*) • Graffiti on corporate building • Picketing • Sit in / occupy protest • Whistleblowing *Peter Sunde interview for Pirate Bay AFK film
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How is hacktivism different? • It’s not about monetization – Defense cannot be based on cost to exploit • Hacktivists are willing to spend months on a hack
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 LulzSec (Lulz Security) • Infragard • US Senate • CIA • FBI Cybercrime conference call • Group retired in 2011 • Some members arrested
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Anonymous • International network of hacktivists • Originated in 2003 • No Leadership • Released names of supposed KKK members to pastebin yesterday
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Edward Snowden • Published NSA files on phone record collection in 2013 • Charged with espionage Who is your Snowden?
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Wikileaks • Site that publishes secret information, classified files, and news leaks from anonymous sources
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Pastebin • Public data repository • Anonymous posting allowed • Commonly find hacker loot and malicious code or copyright infringement source code
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Stratfor • “Freedom of Information” hack • Hacktivists upset that makes some information public but other information available only to specific clients • Published emails on wikileaks • Result to Stratfor: – PR cost and effort – Rebuild customer relationships
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Tactics • DDoS • Most common hacking methods • Negative SEO – Google bombing – associate negative keywords with your name – Utilize penalized SEO tactics on your sites / social media • Email flooding • Fax spam • Phishing, Spam and SPIM
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Action items • Assess PR statements for hacktivism risk • FBI warns law enforcement to limit social media use • You can’t throw money at this problem -- it requires cultural change – Assess your culture • Background checks and personality profiling • Pen test including social engineering
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Q&A Don’t be shy…

Recommandé

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
Cybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive MeasuresCybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive Measures
Aditya Ratnaparkhi
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Thanuja Seneviratne
 

Recommandé

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
Cybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive MeasuresCybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive Measures
Aditya Ratnaparkhi
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Thanuja Seneviratne
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
Dr David Probert
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
James Neo
 
Edward Snowden Data-Breach
Edward Snowden Data-BreachEdward Snowden Data-Breach
Edward Snowden Data-Breach
Deepak Kumar (D3)
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
OSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigacionesOSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigaciones
emilianox
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
OSINT
OSINTOSINT
OSINT
Apurv Singh Gautam
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

Contenu connexe

Tendances

Tendances (20)

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
 
Edward Snowden Data-Breach
Edward Snowden Data-BreachEdward Snowden Data-Breach
Edward Snowden Data-Breach
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
OSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigacionesOSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigaciones
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
OSINT
OSINTOSINT
OSINT
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

En vedette

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

En vedette (15)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similaire à Hacktivism: Motivations, Tactics and Threats

FCF June 2014 - 04 evolving our forum
FCF June 2014 - 04 evolving our forum FCF June 2014 - 04 evolving our forum
FCF June 2014 - 04 evolving our forum
#TheFraudTube
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
Managing Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the ExpertsManaging Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the Experts
Career Communications Group
 
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
FourthAsAService
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSec
Positive Hack Days
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 

Similaire à Hacktivism: Motivations, Tactics and Threats (20)

Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
cyber warfare
cyber warfarecyber warfare
cyber warfare
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
FCF June 2014 - 04 evolving our forum
FCF June 2014 - 04 evolving our forum FCF June 2014 - 04 evolving our forum
FCF June 2014 - 04 evolving our forum
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Managing Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the ExpertsManaging Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the Experts
 
Itag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-fullItag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-full
 
Crowdfunding Tempe Chamber
Crowdfunding Tempe ChamberCrowdfunding Tempe Chamber
Crowdfunding Tempe Chamber
 
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSec
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
The Future of Hacking
The Future of HackingThe Future of Hacking
The Future of Hacking
 

Plus de Eric Vanderburg

Plus de Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Hacktivism: Motivations, Tactics and Threats

  • 1. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism Summit November 6, 2015 Hacktivism Motivations, Tactics, and Threats Eric Vanderburg Director of Cybersecurity, JURINOV eav@jurinnov.com @evanderburg (216) 664-1100
  • 2. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Where are we and how did we get here? • Technology makes it easier to disseminate a wide variety of ideologies – Some have caught on: • Freedom of information • Government and organizational distrust • Anonymity of the Internet • Disparity between resources required to attack vs defend
  • 3. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How did we get here? • Dark web – skills now optional Image above retrieved from Deepdotweb.com today
  • 4. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism defined • Hacking to promote a political agenda, religious belief or social ideology. – Political – Religious – Social ideology • Human rights • Free speech • Freedom of information • Hacking “clothed” in moral attire • The morality is subjective
  • 5. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Real world comparisons Cyber • Website defacement and redirection • Negative SEO • Denial of Service • Information disclosure Real world (AFK*) • Graffiti on corporate building • Picketing • Sit in / occupy protest • Whistleblowing *Peter Sunde interview for Pirate Bay AFK film
  • 6. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How is hacktivism different? • It’s not about monetization – Defense cannot be based on cost to exploit • Hacktivists are willing to spend months on a hack
  • 7. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 LulzSec (Lulz Security) • Infragard • US Senate • CIA • FBI Cybercrime conference call • Group retired in 2011 • Some members arrested
  • 8. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Anonymous • International network of hacktivists • Originated in 2003 • No Leadership • Released names of supposed KKK members to pastebin yesterday
  • 9. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Edward Snowden • Published NSA files on phone record collection in 2013 • Charged with espionage Who is your Snowden?
  • 10. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Wikileaks • Site that publishes secret information, classified files, and news leaks from anonymous sources
  • 11. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Pastebin • Public data repository • Anonymous posting allowed • Commonly find hacker loot and malicious code or copyright infringement source code
  • 12. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Stratfor • “Freedom of Information” hack • Hacktivists upset that makes some information public but other information available only to specific clients • Published emails on wikileaks • Result to Stratfor: – PR cost and effort – Rebuild customer relationships
  • 13. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Tactics • DDoS • Most common hacking methods • Negative SEO – Google bombing – associate negative keywords with your name – Utilize penalized SEO tactics on your sites / social media • Email flooding • Fax spam • Phishing, Spam and SPIM
  • 14. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Action items • Assess PR statements for hacktivism risk • FBI warns law enforcement to limit social media use • You can’t throw money at this problem -- it requires cultural change – Assess your culture • Background checks and personality profiling • Pen test including social engineering
  • 15. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Q&A Don’t be shy…