The Rise of Hactivism, a POLLARA Strategic Insights News bulletin

Employees  Sitting on a Fence

When it comes to hacktivism, close to half of the 1,061 employees surveyed across Canada disagree with this method of illegally obtaining information. This covert method of extracting data has also been referred to by some as Internet terrorism. Based on a Wikepidia definition, hacktivism is " the use of computers and computer networks as a means of protest to promote political ends. " If hacking is considered  "illegally breaking into computers" then we can assume that hacktivism could be defined as "the nonviolent use of legal and/or illegal digital tools in pursuit of political ends". Hacktivism has been regarded as a form of cyber terrorism in some cases due to the inherent possibility of using this medium to inflict malicious or destructive actions against organizations, governments or individuals. However, it can also be argued that the same approach can be used by whistle blowers to bring attention to far more nefarious activities.

According to a recently released report by Verizon Communications, hacktivism, or the use of cyber-hacking to advance political and social objectives, is believed to be at the source of more than half the data stolen in cyber attacks last year. Based on Verizon's annual Data Breach Investigations report, hactivist organizations such as Anonymous and Lulz Security were responsible for 58% of stolen data in 2011. Although criminal groups still perpetrate a majority of cyber attacks on networks, this latest study is in sharp contrast with data breach patterns over the last several years where the majority of attacks were carried out by cyber-criminals whose primary objective was financial gain. The Verizon report cited data from US Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.

The rising number of incidents and increasingly overt visibility of hactivist organizations only emboldens an already intriguing "hip" global movement.  Findings show an increase in the use of hacking and malware as tools of choice used by attackers to steal confidential data, pointing to an increase of 31% in the use of hacking techniques during data breaches which now account for 81% of all losses. 

Verizon's data further reveals that 97% of cyber attacks were avoidable and did not require organizations to resort to difficult or expensive countermeasures. A staggering 96% of attacks were not highly difficult to pull off and 79% were opportunistic.

The rules of the game have changed. "Today, anyone with a $200 laptop can bring about a blockage, essentially silence a Web site into oblivion". This comment was made by Professor Ron Deibert, Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto, who believes that,  "Impingement on free speech is not an appropriate form of political action in a democratic society". Professor Deibert  adds that, "Hacktivism is a civic ethic that I think is integral to a liberal democratic society today, but with one caveat. I don't condone breaking the law." 

Canadians seem to have mixed feelings on this issue. Based on POLLARA's survey with 1,061 employees across Canada, just over half agree with Professor Deibert. When asked if they agreed with the illegal and covert hacking of information if this was used to expose underhanded, unsavory or illegal activity, 54% of respondents did not support this approach; however, almost half either supported these actions or sat on a fence, not knowing which way to turn.

Employees Split on using Personal Computing Devices at Work

Canadian employees are split as to whether the use of  personal computing devices should be condoned or eschewed at work or for work-related activities.

An IBM X-Force 2011 Trend and Risk report released in March speculates that heightened security at companies is forcing cyber criminals to rethink their tactics and shift to new fronts - such as smartphones. The problem is that personal smartphones, laptops and tablets often do not have the same security protection in terms of encryption, autolock and password security as company issued computing devices. Findings from the X-Force report indicate that hackers are increasingly resorting to automated password guessing programs, phishing attacks and attacks on mobile gadgets - putting less protected personal mobile devices at higher risk.

Hacking personally identifiable information (or PII) has become a new mecca for cyber criminals. PII, which can include a person’s name, contact information and Security number, is increasingly becoming a target of choice for cyber theft.  Verizon reported that in 2011, 95% of records lost included personal information, compared with only one percent in 2010. These findings appear to lend some credibility to the notion that enterprises may be increasingly vulnerable to cyber attacks through personal mobile devices. 

One thing which seems certain is that retaining the status quo may prove to carry more risk than benefit. When asked whether employees should be allowed to use their personal mobile devices at work or for work-related activities, close to half of employees in our survey thought that they should. Given the rising popularity of this trend, companies may need to reconsider their current security policies.  

Data for Profit

Who Profits from your Personal Data (other than you)?

We are increasingly entrusting our personal information to organizations such as Google, Apple and Facebook, which in turn can use this collected data to profit from sales of ads or products.  Social networking sites such as Facebook build an advertising profile on every user. These sites collect information on everything from gender to favorite foods and use additional features to denote what your “likes” are, thus enabling advertisers to target ads directly towards individuals. Unless you opt-out manually, .your permission to use personal data for financial gain is often implicit. Based on the Center for Digital Democracy, a digital-marketing watchdog, a significant amount of this data is being harvested and monetized by organizations such as Facebook and its advertisers. 

Recently released information from Facebook's initial public offering in 2011, shows that the company made $3.7 billion in revenues and a profit of $1 billion. Facebook's profits grew 65% from 2010 and revenues were up 88%. The company makes 85% of its profits from advertising and 15% from payments for virtual goods.  Now that it has become a publicly traded company, Facebook is under pressure to prove to investors that it  can make consistent profits every quarter - and the way that it chooses to do this has many observers worried. 

Although Google is clearly the leader of the pack when it comes to ad-related revenue, Facebook’s audience is growing faster than those of other popular websites. It is believed that Facebook now accounts for about one-eighth of the time that people spend online.

Users Clearly Opposed to the use of Personal Data for Profit

Respondents in POLLARA's survey were asked how they felt about the use of their personal data for profit, without their cons