SlideShare a Scribd company logo
1 of 15
Download to read offline
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Hacktivism Summit
November 6, 2015
Hacktivism
Motivations, Tactics, and Threats
Eric Vanderburg
Director of Cybersecurity, JURINOV
eav@jurinnov.com
@evanderburg
(216) 664-1100
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Where are we and how did we get here?
• Technology makes it easier to disseminate a
wide variety of ideologies
– Some have caught on:
• Freedom of information
• Government and organizational distrust
• Anonymity of the Internet
• Disparity between resources required to attack
vs defend
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
How did we get here?
• Dark web – skills now optional
Image above retrieved from Deepdotweb.com today
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Hacktivism defined
• Hacking to promote a political agenda, religious
belief or social ideology.
– Political
– Religious
– Social ideology
• Human rights
• Free speech
• Freedom of information
• Hacking “clothed” in moral attire
• The morality is subjective
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Real world comparisons
Cyber
• Website defacement and
redirection
• Negative SEO
• Denial of Service
• Information disclosure
Real world (AFK*)
• Graffiti on corporate
building
• Picketing
• Sit in / occupy protest
• Whistleblowing
*Peter Sunde interview for Pirate Bay AFK film
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
How is hacktivism different?
• It’s not about monetization
– Defense cannot be based on cost to exploit
• Hacktivists are willing to spend months on a hack
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
LulzSec (Lulz Security)
• Infragard
• US Senate
• CIA
• FBI Cybercrime conference call
• Group retired in 2011
• Some members arrested
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Anonymous
• International network of hacktivists
• Originated in 2003
• No Leadership
• Released names of supposed KKK members to
pastebin yesterday
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Edward Snowden
• Published NSA files on phone record collection in
2013
• Charged with espionage
Who is your Snowden?
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Wikileaks
• Site that publishes secret information, classified
files, and news leaks from anonymous sources
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Pastebin
• Public data repository
• Anonymous posting allowed
• Commonly find hacker loot and malicious code or copyright
infringement source code
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Stratfor
• “Freedom of Information” hack
• Hacktivists upset that makes some information public but
other information available only to specific clients
• Published emails on wikileaks
• Result to Stratfor:
– PR cost and effort
– Rebuild customer relationships
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Tactics
• DDoS
• Most common hacking methods
• Negative SEO
– Google bombing – associate negative keywords with
your name
– Utilize penalized SEO tactics on your sites / social
media
• Email flooding
• Fax spam
• Phishing, Spam and SPIM
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Action items
• Assess PR statements for hacktivism risk
• FBI warns law enforcement to limit social media use
• You can’t throw money at this problem -- it requires cultural change
– Assess your culture
• Background checks and personality profiling
• Pen test including social engineering
© 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015
Q&A
Don’t be shy…

More Related Content

What's hot

Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Internet anonymity and privacy
Internet anonymity and privacyInternet anonymity and privacy
Internet anonymity and privacyDooremoore
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyICT Watch
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Cyber Threat Management
Cyber Threat Management Cyber Threat Management
Cyber Threat Management Rishi Kant
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 

What's hot (20)

Operating system security
Operating system securityOperating system security
Operating system security
 
Information security
Information securityInformation security
Information security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Internet anonymity and privacy
Internet anonymity and privacyInternet anonymity and privacy
Internet anonymity and privacy
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Cyber Threat Management
Cyber Threat Management Cyber Threat Management
Cyber Threat Management
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance Security
 

Viewers also liked

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgEric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgEric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVEric Vanderburg
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Eric Vanderburg
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 

Viewers also liked (15)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similar to Hacktivism: Motivations, Tactics and Threats

Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17FourthAsAService
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53Silicon Halton
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
FCF June 2014 - 04 evolving our forum
  FCF June 2014 - 04   evolving our forum  FCF June 2014 - 04   evolving our forum
FCF June 2014 - 04 evolving our forum#TheFraudTube
 
Day1 - Cyber threats - Any silver bullet
Day1 - Cyber threats - Any silver bulletDay1 - Cyber threats - Any silver bullet
Day1 - Cyber threats - Any silver bulletSWIFT
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Managing Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the ExpertsManaging Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the ExpertsCareer Communications Group
 
Itag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-fullItag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-fullUsama Fayyad
 
Crowdfunding Tempe Chamber
Crowdfunding Tempe ChamberCrowdfunding Tempe Chamber
Crowdfunding Tempe ChamberTraklight.com
 
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017FourthAsAService
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence +  SIEM: A Force to be Reckoned WithThreat Intelligence +  SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSecPositive Hack Days
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsThreatConnect
 

Similar to Hacktivism: Motivations, Tactics and Threats (20)

Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
cyber warfare
cyber warfarecyber warfare
cyber warfare
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53Enemy at the Gates - Silicon Halton Meetup 53
Enemy at the Gates - Silicon Halton Meetup 53
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
FCF June 2014 - 04 evolving our forum
  FCF June 2014 - 04   evolving our forum  FCF June 2014 - 04   evolving our forum
FCF June 2014 - 04 evolving our forum
 
Day1 - Cyber threats - Any silver bullet
Day1 - Cyber threats - Any silver bulletDay1 - Cyber threats - Any silver bullet
Day1 - Cyber threats - Any silver bullet
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Managing Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the ExpertsManaging Cyber Threats: A Cyber Security Conversation with the Experts
Managing Cyber Threats: A Cyber Security Conversation with the Experts
 
Itag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-fullItag usama bigdata-6-2015-full
Itag usama bigdata-6-2015-full
 
Crowdfunding Tempe Chamber
Crowdfunding Tempe ChamberCrowdfunding Tempe Chamber
Crowdfunding Tempe Chamber
 
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence +  SIEM: A Force to be Reckoned WithThreat Intelligence +  SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSec
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgEric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking   Chapter 12 - Encryption - Eric VanderburgEthical hacking   Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking   Chapter 12 - Encryption - Eric VanderburgEthical hacking   Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 

Recently uploaded (20)

PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 

Hacktivism: Motivations, Tactics and Threats

  • 1. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism Summit November 6, 2015 Hacktivism Motivations, Tactics, and Threats Eric Vanderburg Director of Cybersecurity, JURINOV eav@jurinnov.com @evanderburg (216) 664-1100
  • 2. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Where are we and how did we get here? • Technology makes it easier to disseminate a wide variety of ideologies – Some have caught on: • Freedom of information • Government and organizational distrust • Anonymity of the Internet • Disparity between resources required to attack vs defend
  • 3. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How did we get here? • Dark web – skills now optional Image above retrieved from Deepdotweb.com today
  • 4. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Hacktivism defined • Hacking to promote a political agenda, religious belief or social ideology. – Political – Religious – Social ideology • Human rights • Free speech • Freedom of information • Hacking “clothed” in moral attire • The morality is subjective
  • 5. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Real world comparisons Cyber • Website defacement and redirection • Negative SEO • Denial of Service • Information disclosure Real world (AFK*) • Graffiti on corporate building • Picketing • Sit in / occupy protest • Whistleblowing *Peter Sunde interview for Pirate Bay AFK film
  • 6. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 How is hacktivism different? • It’s not about monetization – Defense cannot be based on cost to exploit • Hacktivists are willing to spend months on a hack
  • 7. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 LulzSec (Lulz Security) • Infragard • US Senate • CIA • FBI Cybercrime conference call • Group retired in 2011 • Some members arrested
  • 8. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Anonymous • International network of hacktivists • Originated in 2003 • No Leadership • Released names of supposed KKK members to pastebin yesterday
  • 9. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Edward Snowden • Published NSA files on phone record collection in 2013 • Charged with espionage Who is your Snowden?
  • 10. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Wikileaks • Site that publishes secret information, classified files, and news leaks from anonymous sources
  • 11. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Pastebin • Public data repository • Anonymous posting allowed • Commonly find hacker loot and malicious code or copyright infringement source code
  • 12. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Stratfor • “Freedom of Information” hack • Hacktivists upset that makes some information public but other information available only to specific clients • Published emails on wikileaks • Result to Stratfor: – PR cost and effort – Rebuild customer relationships
  • 13. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Tactics • DDoS • Most common hacking methods • Negative SEO – Google bombing – associate negative keywords with your name – Utilize penalized SEO tactics on your sites / social media • Email flooding • Fax spam • Phishing, Spam and SPIM
  • 14. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Action items • Assess PR statements for hacktivism risk • FBI warns law enforcement to limit social media use • You can’t throw money at this problem -- it requires cultural change – Assess your culture • Background checks and personality profiling • Pen test including social engineering
  • 15. © 2015 JurInnov, Ltd. All Rights Reserved Hacktivism Summit – November 6, 2015 Q&A Don’t be shy…