White House report accuses hacktivists of "economic espionage"
Some of these groups have targeted the websites of American companies in distributed denial of services (DDoS) attacks, temporarily knocking the sites offline as a form of protest.
This highlighting of hacking collectives as part of the online threat to America is part of the White House’s “Administrative Strategy on Mitigating the Theft of U.S. Trade Secrets” (PDF).
Holder told the assembled reporters that "Disgruntled insiders [may leak] information about corporate trade secrets or critical U.S. technology to 'hacktivist' groups like WikiLeaks,” who could “develop customized malware or remote-access exploits to steal sensitive U.S. economic or technology information," according to CNET.
The statement seems to indicate either an ignorance of what these groups have done so far and why, or a desire to make a point on the vaguely sinister implications of the groups’ names in the public mind.
Whether you think it is ethically allowable, politically effective, both or neither, if you’re familiar with these groups’ activities you know that they have yet to hack an American business to steal, or enable the theft, of money or trade secrets.
When Anonymous hacked the bank HSBC, for instance, it did so as a protest for the bank’s role in blocking payments to WikiLeaks, which had published secret military information allegedly lent to it by indicted Army private Bradley Manning.
The administration’s strategy document lists “hacktivists” under the heading of “Game Changers,” alongside “Hackers for hire.”
“Political or social activists also may use the tools of economic espionage against US companies, agencies, or other entities. The selfstyled (sic) whistleblowing group WikiLeaks has already published computer files provided by corporate insiders indicating allegedly illegal or unethical behavior at a Swiss bank, a Netherlands-based commodities company, and an international pharmaceutical trade association. LulzSec—another hacktivist group—has exfiltrated data from several businesses that it posted for public viewing on its website.”
This month, as part of the problematic OpLastResort, Anonymous released “the usernames, passwords, and affiliations of 4,600 banking executives,” as we reported elsewhere. Certainly this qualifies as theft, but of “trade secrets,” which the strategy seeks to address? That is less certain.
The press conference follows the news of large-scale trade and diplomatic hacking enterprises like Red October and the operation allegedly sponsored by China’s People's Liberation Army, which Holder also directly addressed.
But as the administration steps up efforts to strengthen cybersecurity and protect U.S. businesses against these threats, hacktivist groups and their supporters may also find themselves swept up in the increased hacking investigations and prosecutions Holder called for Wednesday.
Image by AK Rockefeller/Flickr