In a week that saw hackers compromise the accounts of 24
million customers of Zappos.com, and
Wikipedia plan a one-day “blackout” to protest pending U.S. anti-piracy
legislation, two things are clear: “Hacktivism” – the act of hacking, or breaking into a computer system, for a
politically or socially motivated purpose – is on a sharp and dangerous rise,
and efforts to fight attacks by regulating cybersecurity are controversial, and
fact that Anonymous has targeted media executives who support anti-piracy
legislation, such as Jeffrey L. Bewkes, chairman and chief executive of Time Warner, indicates
that the group is not simply bent on making a name for themselves in the hacking
community,” says information security expert John D’Arcy, assistant professor
of information technology management at the University of Notre Dame.
D’Arcy said recent Anonymous attacks on Bewkes and others
targeted anti-piracy advocates who support the Stop Online Piracy Act (SOPA)
and the Protect IP Act (PIPA) currently being considered by Congress. Many critics of the bill – including the White
House – have reservations about the bills’ provisions dealing with blocking
domain name services, which are intended to combat foreign websites that sell
counterfeit American goods. However, the bills could have unintended
consequences for legitimate online entities and free-speech considerations.
But D’Arcy sees a troubling development evidenced by the targets
of the attacks: Hacktivists are no longer just after customer accounts.
“Anonymous and other hacktivist groups such as LulzSec (a
group that claimed responsibility for several high-profile attacks, including
the accounts of Sony customers in 2011) have upped the ante and are using the
insecure nature of the Internet to make political statements and support
“What’s next? A logical next step would be for
these hacktivist groups to target certain political parties and political candidates.
Hacking has shifted from a purely
business motive in recent years to these politically driven attacks. The
recent hacks on media executives speak to the power of such groups and also
highlight the need for more concerted effort from U.S. and international
authorities to combat hacktivist activity.”
Meanwhile, says D’Arcy, online companies such
as Wikipedia are using the Internet to make their own political statements,
albeit in a less aggressive manner; for example, Wikipedia’s plan to “go dark”
on Wednesday to make a statement against the proposed anti-piracy legislation.
In recent research, D’Arcy has examined the effectiveness of
procedural and technical security controls in deterring computer abuse. His
studies also investigate individual and organizational factors that contribute
to end-user security behavior in the workplace. D’Arcy teaches an MBA course on
technology risk management and an undergraduate course on computer networking
Assistant Management Professor John D’Arcy can
be reached at (574) 631-1735 or email@example.com.