Many media outlets labelled 2011 the “year of the hacker”, and for good reason. The hacktivist group Anonymous started us off in January with Distributed Denial of Service (DDoS) attacks on Tunisian and Egyptian government websites. In February they not only added Iran to that list, but made it clear that even small organizations could incur their wrath, with the hack of a Westboro Baptist Church website during a live interview with one of the church members. RSA (the company, not the cryptographic algorithm) had a network breach in March which resulted in the replacement of 40 million RSA SecureID tokens.
In May, LulzSec burst onto the scene with a number of high-profile hacks over the course of 50 days. It seemed nobody was immune to their attacks, with Fox, PBS, and of course Sony all falling to the small but dedicated hacker group. Many more hacks happened throughout the year; far too many to list here, although a simple Google search will return some decent lists.
So, what can we expect from 2012? It’s hard to tell, since the motivations behind the hacks of 2011 were so varied. Some were political; retaliation for the oppressive regimes that dominate the Middle East. Others were commercial, targeting companies that many perceived as “evil” for various reasons (for instance, LulzSec attacked Sony in response to the company suing George Hotz). Some attacks it seems were simply carried out “for the lulz”, or to point out potential errors in a system without actually causing any harm, as LulzSec did with the NHS and Nintendo.
Given the variety of motivations, it seems absurd to think that 2012 will be “hack free”, however I predict that less of the attacks we’ll see in the next 12 months will be aimed at Middle Eastern countries, partly due to the success of the Arab Spring in taking down a number of corrupt regimes. This isn’t to say that hackers won’t continue to target countries that are still perceived as oppressive (such as Iran), but I believe that the majority of attacks will hit targets closer to home. The USA is currently court-martialling alleged whistleblower Bradley Manning over actions that the majority of hacktivists see as heroic, and of course we can’t ignore the whole business over SOPA, a bill that has the potential to censor the Internet. Not only that, but if the UK extradites Julian Assange to Sweden, both countries may come under the cross-hairs of hacktivist groups.
Politically motivated attacks aside, one in my profession would hope that the majority of companies have gotten the message by now that security isn’t something you can overlook, but is in fact one of the most important things a business has to deal with, especially in the online world. Sadly, I don’t believe this is the case (at least not yet). As long as companies continue to mistreat their customers and employees, they will be the target of hacktivists.
2011 was the “year of the hack”, and 2012 probably won’t be much different. We may see yet another reincarnation of LulzSec, or perhaps a new and even more determined group. Will hacktivists start using more complex techniques like Advanced Persistent Threats (APTs) and social engineering? Maybe. What we can say for certain is that hacktivists aren’t running scared; in fact, they may be even more motivated than ever.
With that said, I hope that you all have a hack-free 2012!