Revenge Hacking is The New Black in the Cybercrime Underworld
Revenge hacking encompasses the expansive set of motivations behind cybercrime. Every victimized industry has seen some form of cyber-attack backed that links back to their own hostile actions or policies toward the attackers.
Motives range from low profile disgruntled ex-employees to self-publicizing groups like Anonymous providing occasional media updates about their attacks on ISIS cybertargets. Sovereign states have long been suspected of hacking behavior and even Vladmir Putin is reported to be in on the act. Sexual revenge or jealousy was behind the infamous theft of subscriber data from the dating site Ashley Madison, specifically set up to facilitate affairs involving married individuals.
The latest set story circles around the Buzzfeed hack that surfaced in retaliation for identifying an alleged Saudi Arabian member of the OneMore hacking group.
Revenge hacking is not confined to the “outlaws”. Corporations have occasionally felt the urge to strike back at their tormentors, which is probably illegal everywhere in the world. Sometimes it’s considered as a pre-emptive strike to ward off a perceived threat. However, taking out a target server that appears to be the source of a threat could be extremely ill-advised. That server could be a component of a public utility, hospital, municipal authority or anything really. Hackers can compromise a server and use it as a proxy for launching attacks originating from half way across the globe.
No network or website can prevent hacking attempts from taking place. Even brand new simple WordPress blog sites are not immune. Automated systems are constantly probing for easily cracked access credentials. Such systems cost practically nothing to run and represent the bottom end of the attack spectrum. Strong passwords represent the simple and obvious defense, easily available through free online password generators.
At the other end of the scale are what could be considered “professional hackers” and the criminal element. Technically minded individuals with varying degrees of talent but with time on their hands occupy the middle ground. Large corporations present a happy hunting ground because the bigger the IT infrastructure, the greater the number of attack surfaces to be explored and exploited. This is the constant battleground between the security experts and technologies that form the defensive zone, and the attackers.
There is no central record for collating data on thwarted hacking attacks. That makes it impossible to measure the success levels of the security defenses. Security teams are only as good as their last failure, as in many walks of life. However, despite the high-profile names of the victims, the count of those that have not yet suffered the same fate greatly outnumbers the number of victims.
Every new technology and every new online service is highly likely to contain security vulnerabilities. The incessant drive to deliver newer functionality to outstrip the competition will constantly expose weaknesses. New functionality means new systems being exposed. The reality is that the game is loaded in favor of the hackers, who only have to breach a security system once to reach the prize and the headlines.
Corporations will continue to spend on security measures because there is no other option if they are to remain ahead of the risk of attack. Add the unpredictable nature of motivation for revenge hacking and the element of surprise is added to the mix. The only unknown is the motive for the next high profile attack.