While attention has recently been drawn to the role of organized crime gangs in cyber-crime, politically motivated "hactivism" shows no signs of slowing down. The Anonymous hactivist group has not let arrests by the FBI or other law enforcement agencies take away its mojo.
At first glance these targets don't seem to have much in common. One is a nominally communist state, the other a pair of private industry associations. But they reveal something about the Anonymous group's motives. Hactivists love making a stir, and they also love presenting themselves as heroes to a disgruntled public.
The authoritarian government of China is thoroughly unpopular with the Western public. Among computer users it is widely suspected of involvement in hacking and spam. So while there may be some irony in the Anonymous hactivists hacking Chinese government sites, few will feel sorry for the victim.
In contrast, most of the public has likely never heard of USTelecom or TechAmerica, the trade associations also attacked last month by Anonymous. But "corporations" are always easy targets, and the telecom industry suffers from charging for a generic, commodified service. People may love their smartphones; they rarely love their service provider.
And the trade associations were attacked for supporting a cyber-security bill. The public has learned to be suspicious of measures they regard as attacks on consumer privacy – or the "right" to download music and other content for free.
At bottom, what Anonymous and kindred hactivists thrive on is publicity, and their attacks are largely about self-promotion. You don't have to be an industry giant to be attacked, so long as the hacktivists believe that attacking you might make the news. Protecting your firm's data and Web presence with robust basic security measures is the best way to keep hactivists from stinging you for the sake of publicity.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."