Hacktivism and website defacement: motivations, capabilities and potential threats

Wednesday 4 October 16:00 - 16:30, Red room

Marco Romagna (The Hague University of Applied Sciences)
Niek Jan van den Hout (The Hague University of Applied Sciences)

Hacktivism and website defacement seem often to be linked: websites are defaced by hacktivists on a daily basis for many different reasons. However, due to a lack of studies of this phenomenon, it remains unclear as to what, exactly, their their socio-psychological motivations are, what their modus operandi is, and whether the combination of these factors poses a serious threat to corporations and governmental organizations.

In order to answer these questions, this paper provides a qualitative analysis of the motives and intentions of hacktivists, and a qualitative analysis of the modus operandi of hacktivists. It seems that hacktivists who deface websites have multiple ideological and psychological reasons for their actions. Although the socio-political motivations appear to be the most important, other triggers - such as thrill seeking and increasing self-esteem - occupy a relevant position. The investigation into the modus operandi has revealed that hacktivists often use known and relatively unsophisticated vulnerabilities and techniques. In addition, they use publicly available tools, but are also able to create their own. The targets seem to be chosen based either on how easy they are to hack and/or on the potential amount of attention the defacement is likely to receive. The methodology of this research involves an extensive review of the existing literature on the topic, corroborated by several interviews with hacktivists and experts in the field of information and cybersecurity. The researchers conducted an analysis of forensic data gained from a honeypot server created ad hoc for this research, and examined technical data from over 7 million defacements based on the dataset of the Zone-H archive.

 

Marco-Romagna-web.jpg

Marco Romagna

Marco Romagna was born in Italy in 1986. After completing the LL.M. (Trento University) in 2012, and in 2014 gaining an M.A. in global criminology (Utrecht University), he worked as an intern for the Cyber Security Academy and Eurojust in The Hague. He later joined the digital anti-fraud team at Nike, and since January 2016 he has been a lecturer and researcher for the Centre of Expertise Cyber Security within The Hague University of Applied Sciences, as well as a Ph.D. candidate at Leiden University within the Institute of Security and Global Affairs. The subject of his Ph.D. is hacktivism and the perception of this phenomenon among hacktivists and members of governments and law enforcement agencies. In his research and teaching activities he has focused on cybercrime, legal and criminological aspects of cybersecurity, and criminal law. He likes reading, travelling and participating in different sports.

@MarcoRomagna86

 

Niek-van-den-Hout-web.jpg

Niek Jan van den Hout

Niek Jan van den Hout was born in The Netherlands in 1995 and lived in several places, including one year abroad in Boston, Massachusetts. He studied information security management in The Hague and received nation-wide media attention for projects related to social engineering and web application hacking. He interned at several places, including the Dutch House of Representatives and the Centre of Expertise Cyber Security. He is currently a researcher and instructor at The Hague University of Applied Sciences and is planning to do his M.S. in crisis and security management. In his spare time, he enjoys participating in activities of his student association.



VB2018 MONTREAL!

VB2017 OVERVIEW

VB2017 SPEAKERS

VB2017 PROGRAMME

VB2017 PHOTOS

2017 PÉTER SZŐR AWARD


Other VB2017 papers

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…