Fighting Hackers With Public RelationsUnderstanding Hacktivists' Goals is Key to Thwarting Attacks
If there's one thing all security experts agree on, it's that hacktivism isn't going away. In fact, socially and politically motivated online attacks will only escalate, and security and fraud teams need to be vigilant about protecting systems and data.
Anton Chuvakin, a security and fraud analyst at Gartner, says companies that don't anticipate attacks waged by hacktivists are being short-sighted.
Organizations that proactively address missteps or security breaches or any other potentially reputation-damaging event are more respected by the public as well as the hacktivist community.
"Almost all entities, organizations, companies, etc., might have somebody on this whole planet who hates them," Chuvakin says.
Ongoing investments have to be made to protect corporate and online perimeters, and detection systems have to be in place to ensure that intrusions, when they hit, are picked up sooner rather than later.
But there's another piece to the hacktivism fight that many organizations fail to appreciate - the value of good public relations.
Why Hacktivists Attack
Hacktivists usually attack because they want to embarrass their targets. This week, Anonymous took credit for hacking a server at the United States Bureau of Justice Statistics, copying 1.76 GB of data and posting it online.
Why? "... to spread information, to allow the people to be heard and to know the corruption in their government. We are releasing it to end the corruption that exists, and truly make those who are being oppressed free," hackers claiming to be part of Anonymous posted on AnonNews.org.
Another example: this week's takedown of WHMCS, a UK-based online billing platform used by Web hosting providers throughout the world. (See Attack Highlights Third-Party Risks .)
The hacktivist group known as UGNazi took credit for a breach of WHMCS's database - a breach that likely exposed details on 500,000 payment cards. The group also launched a denial of service attack on one of WHMCS's servers, which ultimately took the platform's site down for 24 hours and disrupted service to its global client base.
Why? UGNazi says it targeted WHMCS because the company refused to address security vulnerabilities.
In a May 23 post on Pastebin, UGNazi hacker Cosmo says WHMCS's database was leaked because the company ignored UGNazi's warnings about security concerns linked to its Web hosting provider, HostGator.
Cosmo writes: "It is now 2 days after the attack from us and the site is back up and it still remains on HostGator after Matt knows it is insecure. ... We laugh at your security."
UGNazi hackers reportedly socially engineered customer service reps at HostGator into coughing up admin credentials to WHMCS's servers.
How could WHMCS have avoided this attack? Perhaps by publicly responding to the threats and admitting it needed to enhance security.
Reputations at Stake
Gregory Nowak, principal research analyst for the Information Security Forum, an independent global authority, says hacktivists attack reputations. And that creates a public relations challenge.
Companies that are forthcoming, admitting their mistakes and acknowledging they have improvements to make, fare far better in the long run.
And it has to be a team effort: Every department, from security and fraud to legal and public relations, has to be on the same page.
Organizations that proactively address missteps or security breaches or any other potentially reputation-damaging event are more respected by the public as well as the hacktivist community. Those that say nothing run the risk of enticing the hacktivists to strike again.
The 'no-comment' days of the old corporate structure are not well received by the public, and they shouldn't be.
As a journalist, I've found companies can improve their images by being proactive when something bad happens. I've worked with some progressive public relations sources who've actually contacted me when security breaches occur to give me statements and response before the news becomes widespread.
That's not the norm. But trust me, it's a benefit for those companies.
By reaching out, the company ensures its side is heard. And the proactive approach helps maintain a company's reputation.
In the banking sector, this is a hard pill to swallow. Banks, in particular, have not historically been forthcoming when it comes to security lapses, for obvious reasons. But the days of just ignoring media inquiries - and outright attacks against their brands - are over.
It's time for a new way of thinking about the role PR and communications play in security and risk mitigation.