According to IBM hacktivist attacks that resulted in quantifiable damage to the victim has declined by 95 percent since 2015. According to the data provided by IBM’s X-Force threat intelligence unit between 2015 and 2019 shows that the number of hacktivist attacks dropped from 35 in 2015 to 24 in 2016 and only 5 in 2017. In 2018, only two incidents were recorded and no attacks have been observed by IBM so far in 2019. The threat intelligence team noted that the data collected only includes attacks observed by reliable sources, only instances where someone took responsibility, and only if the attack resulted in quantifiable damage. In this instance, hacktivism can then be defined as the act of hacking a website or computer network in an effort to convey a social or political message.
2016 was a bumper year for the hacktivist group Anonymous that help bring the group to the public’s attention. From Operation Icarus, which was a series of Distributed Denial of Service attacks on banks to cyber attacks launched against the Thai police. This was followed in 2018 by a series of attacks on the Spanish government. Despite the associated press with the attacks it did not result in others been inspired to follow the path set by other hacktivists. IBM has contributed this decline to a variety of reasons. Central to the decline is the decrease in Anonymous activities over the years. IBM attributed this decline to the loss of key leaders within the organization and public relations failings. In 2016 during the US presidential election, a debate among Anonymous members spilled over into the public domain. While some members advocated for attacks against candidate websites, others strongly disagreed, arguing that the group does not support a particular political ideology and criticizing proposed attacks as “cringe-worthy.”
Regular hackers have also looked to legitimize their activities by masquerading as Anonymous members which undoubtedly called the ethical character of the movement into question. In 2016 a video was published online by certain Anonymous members warning of “fake anons” and claiming that governments and individuals were acting in the name of the group in an attempt to “damage the name of Anonymous and [post] propaganda of their own ideologies,” or profit financially by using the group’s name as clickbait to attract traffic to advertising webpages.
The attempt to decrease the number of “fake anons” seemed to backfire and reduce the amount of legitimate and illegitimate anonymous members overall. From their founding in 2010 to their high water mark in 2016, their fall from grace is uniquely shown in the number of attacks conducted in 2018, which in total was one using IBM’s data requirements.
Not Just Self-Inflicted
According to IBM the arrests and legal warnings issued by law enforcement has also acted as a successful deterrent. Law enforcement agencies in the U.S., U.K., and Turkey have arrested at least 62 hacktivists since 2011. We suspect the actual number is greater than those publicly announced. Three of the arrested hacktivists received sentences in 2018 and 2019. Those receiving prison terms received prison time of three years or greater, including one with a 10-year prison sentence. The individual receiving the 10-year prison sentence hit a Boston Children’s Hospital with DDoS attacks in 2014 and was arrested in February 2016, the individual was also fined 443,000 USD. According to security experts the punishments handed down are a successful deterrent. According to the linked article an expert stated,
“A lot gets publicized as far as the breaches, but the follow up of accountability when the attacker gets found and sentenced - those things don't get the same level press notoriety. From the standpoint of accountability, that type of press, those types of sentences and fines are going to stop nuisance hackers - the individuals and small criminals that are doing things out of the opportunity.”
Ultimately pursuing a hacktivist agenda is a volatile act. Not only is it volatile it is also incredibly hard to predict if this massive downturn in activity signifies the end of hacktivism. As researchers at IBM pointed out,
“Acute social justice issues, greater organizational capabilities among hacktivist groups and a stronger shift to areas that lay beyond the reach of law enforcement all have the potential to dramatically change the face of hacktivism in a relatively short period of time. More likely than not, we are experiencing a lull in hacktivist activity rather than a conclusion.”
It can also be predicted that the lull may end in 2019 as there have already been suggestions of politically motivated attacks on Saudi newspapers in January to DDoS attacks on Ecuadorian government websites following the arrest of Julian Assange. So far the attacks have not fitted the definition of hacktivism used by researchers at IBM but in a world that is experiencing political distress and a questioning of authority it would be premature to declare hacktivism dead. More often than note when something is declared dead it emerges from its coffin to prove the detractors wrong. When many within the InfoSec community declared ransomware dead it had merely changed tactics and ransomware operators are still extorting cryptocurrency to this day. When Coinhive ceased operations detections of cryptominers decreased markedly when compared to the surge of popularity in 2018, however instance of cryptominers are still been used to mine cryptocurrency illegally. Rather researchers at IBM wisely concluded that,
“For the time being, the world appears to be experiencing a relative respite from hacktivist attacks, perhaps freeing defensive resources to focus on more pressing threats, such as malicious actors’ use of PowerShell, Spectre/Meltdown and inadvertent misconfiguration incidents.”