Researchers discover close correlation between civil unrest and hacktivism

News by Steve Gold

Research from Arbor Networks claims to show there is a strong correlation between the actions of real-world hacktivists and online conflict.

The firm came to this interesting conclusion after it tracked a number of DDoS attacks taking place in the Asia-Pacific region, and found that that the attacks mirrored what was happening with civil unrest situations in Hong Kong.

According to Kirk Soluk, a threat intelligence and response manager within Arbor Networks' ASERT research team, there was a hefty 111 percent increase in the number of DDoS attacks targeting Hong Kong related internet properties when analysing the months immediately before and after recent protester demands.

As Hong Kong watchers will have noticed, the latest round of pro-democracy protests in Hong Kong began on September 22 when students from 25 schools and universities went ahead with a boycott to protest Beijing's decision to proceed with indirect elections for Hong Kong's chief executive position.

The protests, says Soluk, ramped up on September 28 when a larger pro-democracy group, Occupy Central with Love and Peace, combined forces with the student demonstrators. And on October 1, he says, protesters vowed to increased the level of civil disobedience if Hong Kong's Chief Executive, Leung Chun-Ying, did not step down.

Since that time, the Arbor response manager says that tensions have increased, with police crackdowns, tear gas, barricades, skirmishes, shutdowns of government buildings and infrastructure, and heavy use of social media to promote both pro-and anti-protest sentiment.

By examining Arbor's Internet-wide attack visibility data, the company says it spotted DDoS attack activity in the APAC region, which correlates strongly with the ebb and flow of protest activity in Hong Kong.

Meanwhile in the West

The correlation between civil unrest in Hong Kong and the Far Eastern online world is not confined to the region, as parallel research from Kaspersky Lab has spotted that 38 percent of companies providing online services also fell victim to DDoS attacks over the last 12 months.

The joint research carried out by B2B International and Kaspersky Lab is said to prove that DDoS attacks are common online business-related events rather than just isolated incidents. That's why, says the security vendor, it is so important to guarantee business continuity by taking steps to protect against DDoS attacks.

Delving into the research reveals that 49 percent of IT firms reported that they had encountered at least one DDoS attack over the last year. But even if the attackers failed to completely block user access to a company's information resources, partial inaccessibility is also a serious problem.

For example, says Kaspersky, 29 percent of respondents reported that they or their users had faced problems conducting online transactions as a result of a DDoS attack. This problem is particularly significant, says the research, for companies working in telecommunications and logistics arena - 49 percent and 45 percent respectively.

"Even though one in three companies has suffered from DDoS attacks, just six percent believe this type of incident is the most dangerous external cyber-threat they face," said Eugene Vigovsky, head of Kaspersky's DDoS Protection operations.

"However, taking down a site or preventing transactions is only the tip of the iceberg. A DDoS attack can lead to reputational losses or legal claims over undelivered services. To ensure that clients have uninterrupted access to their online services, companies need to think in advance about appropriate protection against DDoS attacks," he added.

According to Craig Carpenter, COO of incident response with Resolution1 Security, the findings by Arbor are not that surprising, as they are consistent with what he and his clients are now seeing the world over.

"As a minimum, the line between events in the physical and cyber worlds has blurred, a trend we expect to see continue. It is for this reason our clients approach security holistically, including physical and cyber security as part of their global programme," he explained.

Carpenter's comments were mirrored by Jared DeMott, a security researcher with Bromium Labs, who said he was not surprised to see DDoS attacks being used in real-world situations.

"They were also using tear gas and physical weapons in those events. So certainly cyber-attacks, which have much better anonymity, is typical and only going to ramp up as time goes on," he said.

"Cyber-attacks can confuse, delay, and even destroy things. Malicious parties will certainly use whatever weapons are available.  And cyber-weapons are easier to acquire and deploy than physical weapons. Cyber-attacks will continue to grow in attractiveness to those that would confuse or do harm to others," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews