With this week's CENTCOM hack said to have been carried out by hacktivists what, precisely, is the difference between this kind of hacking and an attack by a nation or state-backed cyber army and does it matter?
Hacktivism refers to a politically or socially-driven online activism carried out by a loosely-affiliated group. The term is often confusing because even though the activity is usually illegal hacking isn't always involved. For example, a popular type of attack carried out by hacktivists is denial of service (DDoS) that bombards websites with requests but requires no hacking as such. The brand-name hacktivist group is, of course, Anonymous.
Today, Anonymous is mostly a hacktivist brand under which various unrelated groups operate. In fact, many hacktivist groups operate with an independent name and with one major goal – propaganda. To accomplish this goal, many hacktivist attacks will include falsified and fabricated information, as was the case in the CENTCOM incident, simply because it's effective and easier than scoring real achievements.
Hacking into social media accounts of high-profile targets is also a popular method of operation to maximise this effect. While there are some capable hacktivist groups, most do not have the ability to cause any real damage, making the claims of hacking into US networks and releasing highly classified documents nothing more than a scare tactic.
As for nation/state-backed cyber armies, most countries today are assumed to have one or more units dedicated to waging cyber warfare and espionage. From stealing intellectual property or trade secrets, to spying on citizens to shutting down nuclear reactors, government supported cyber warfare is much more lethal than any mere hacktivism.
In August 2014, a company called Gamma International was hacked and its internal data was publicly shared. Gamma International was the company behind FinFisher, a Trojan developed for the sole use of governments and law enforcement. Among the treasure trove of published information, researchers were able to point out that among their customers were repressive regimes that targeted their own citizens. Additionally, cyber security firm FireEye announced that they had seen evidence that attacks originating in Iran were increasing in sophistication when targeting US defence organisations as well as Iranian dissidents.
If hacktivists focus on propaganda and less on technical achievements, we should still remember that for the victims, the damage from an attack is devastating, regardless of who carried it out.
Posted by Uri Brison, CEO LogDog