The role of the “hacktivist” in keeping cyberspace secure

A “hacktivist” is a person (or group) who hack into systems for political reasons or with a “socially-motivated” interest. In terms of the latter, the idea for some is to raise awareness of weaknesses so they can be plugged.

Last year for example, the Hungarian Human Rights Foundation (HHRF) website was accessed by a “hacktivist”. The cyberhacker said that they were able to access 20,000 accounts including personal information; but it was not an act borne from malicious intent…

The hacker reportedly had access to a 20,000-strong database which apparently also included information relating to the U.S. government. The hacktivist only leaked some aspects of the accounts, allowing the cybersecurity team to rectify the issue. In fact, the hacker himself contacted the organisation to report the flaw.

Human rights are of course very important, so a human rights foundation suffering a leak is a huge thing.

A “hacker with a heart”

Compared to other cyberhacks, the difference here is that this individual is reportedly a “hacker with a heart”. In an interview, he said that his primary motivation was to make administrators and security teams realise the flaws in their systems to help them become more secure.

In a Security Affairs interview, he didn’t think that any of his previous hacks had been particularly challenging. He answered, “all websites that I managed to breach were just simple SQLi [sql injection attacks]”

This begs the question: why are such systems so easy to hack into? Do organisations have strong enough cybersecurity to protect their users’ personal details? The obvious answer to this question appears to be “no”.

Technicalities of the hack

The cyberhacker was able to carry out the data breach with an SQL injection. This hacking technique allows hackers to execute malicious coding that can control the web application’s database server. This can make the server vulnerable and can allow the hacker(s) access to the contents of an entire database.

The database may include sensitive data such as personal information and financial information of their customers/users.

Wake-up call

The HHRF may have been grateful that the hack wasn’t done with malicious intent. It’s a nudge and reminder that if they leave their cybersecurity guard down, they may have to face the consequences.

In the hacker’s opinion, he believes Government agencies are most exposed to cyberattacks. The data they hold could be highly confidential and include sensitive data such as state-secrets. If malicious hackers or non-state actors get hold of the information, this could jeopardise a country’s safety.

As such, the role of the “hacktivist” is actually vital in the opinion of some. These so-called “white hat hackers” can and have stopped real malicious hacks before they can ever happen…