Hacktivism: Methods, Motivations, and Impact

Questions and Answers

What is the primary goal of hacktivists?

To disrupt or embarrass opponents

To expose corporate or government wrongdoing (correct)

To promote a particular cause

To access sensitive information for personal gain

What is the term for overwhelming a website or system with traffic?

Data breach

Phishing

Website defacement

Denial-of-service (DoS) attack (correct)

Which of the following is NOT a method used by hacktivists?

Hacking into personal email accounts (correct)

Website defacement

Phishing

DDoS (Distributed Denial-of-Service) attacks

What is the name of the decentralized collective known for high-profile attacks and protests?

Anonymous

What is the primary ethical concern surrounding hacktivism?

Using illegal activities to achieve goals

What is the potential outcome of hacktivism?

Both drawing attention to important issues and causing harm to innocent parties or systems

What is the primary focus of a network infrastructure penetration test in cybersecurity?

Evaluating the security of network devices and infrastructure

What is the purpose of bug bounty programs used by companies?

To identify vulnerabilities and reward responsible disclosure

What is the primary focus of a comprehensive guide for web application testing?

Web application security testing

What tool is useful when performing a network infrastructure penetration test?

Nmap

What U.S. government regulation must a contractor understand before performing cybersecurity vulnerability assessments for a local health clinic facility?

HIPAA

What is a key element an employee must have before conducting penetration tests for compliance in several financial institutions in Europe?

Compliance with EU's GDPR

When a vulnerability is identified, what is the next step?

Verify the vulnerability to determine its impact

What is the primary function of the Common Vulnerability Scoring System (CVSS)?

To score the severity of a vulnerability

What type of attack involves redirecting users to a malicious website?

DNS poisoning attack

What is the Browser Exploitation Framework (BeEF) used for?

To exploit vulnerabilities in web browsers

What is the purpose of a DNS resolver cache?

To speed up DNS lookups

What is an on-path attack also known as?

Man-in-the-middle attack

Which legal document specifies the expectations and constraints, including quality of work, timelines, and cost, for a cybersecurity professional?

Statement of Work

What is the primary purpose of a Non-Disclosure Agreement (NDA) in the context of penetration testing?

To protect sensitive client information

What is the purpose of Rules of Engagement (ROE) in penetration testing?

To define the scope and boundaries of the test

What is the primary function of WHOIS in internet governance?

To track IP address ownership

Why would a penetration tester perform a passive reconnaissance scan instead of an active one?

To avoid detection by the target's security team

What is the purpose of host enumeration when beginning a penetration test?

To identify open ports and services

Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints?

Statement of Work (SOW)

What is the primary purpose of a Non-Disclosure Agreement (NDA) in the context of penetration testing?

Protect sensitive information

What is the primary function of WHOIS in internet governance?

Manage domain name registrations

Why would a penetration tester perform a passive reconnaissance scan instead of an active one?

To avoid detection

What tool could be used to gather DNS information passively?

Passive DNS

What type of server is a penetration tester enumerating when they enter the nmap -sU command?

UDP server

What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test?

It may not reveal all vulnerabilities

In which circumstance would a penetration tester perform an unauthenticated scan of a target?

When the test is being conducted as a black-box test

What is the primary purpose of verifying a vulnerability after a penetration test?

To prove the existence of the vulnerability

Which system is used to uniquely identify vulnerabilities?

CVE

What is the primary goal of a watering hole attack?

To compromise a specific group of users by exploiting a vulnerability in a website they frequently visit

Why would a threat actor use the Social-Engineering Toolkit (SET)?

To compromise a network through social engineering

What type of attack involves altering a host file to redirect users to a malicious website?

DNS poisoning attack

What is the primary function of the Browser Exploitation Framework (BeEF)?

To exploit vulnerabilities in web browsers

What is a characteristic of a DNS poisoning attack?

Redirecting users to a malicious website

What is a pass-the-hash attack?

An attack that uses stolen password hashes to gain access to a system

What is the primary purpose of OpenVAS?

To identify vulnerabilities in a network

Which of the following best describes threat actors in cybersecurity?

Malicious entities that exploit vulnerabilities for personal gain

What is the primary focus of a network infrastructure penetration test in cybersecurity?

Evaluating the security of a network infrastructure

What is a key element an employee must have before starting a penetration test assignment for several financial institutions in Europe?

A certification in penetration testing and compliance

What is the purpose of bug bounty programs used by companies?

To pay individuals for identifying and reporting vulnerabilities

Which U.S. government regulation must an Internal Revenue Service office in New York follow when moving some services to a cloud computing platform?

FedRAMP

What is the primary focus of an ethical hacker?

Conducting penetration tests to identify weaknesses

What is the primary characteristic of a known environment penetration test?

It is a test conducted in a controlled environment

What is the primary goal of hacktivists?

To raise awareness about social and political issues

What is the primary goal of a hacktivist?

To create a sense of social justice or to draw attention to a political/social cause

What is the primary characteristic of an ethical hacker?

They are security experts who help organizations improve their cybersecurity

What is the primary focus of a threat actor in cybersecurity?

To exploit vulnerabilities for financial gain or malicious purposes

What is the primary purpose of a network infrastructure penetration test?

To identify vulnerabilities in network devices and infrastructure

What is the purpose of bug bounty programs used by companies?

To identify vulnerabilities and report them to the organization

What U.S. government regulation must a contractor understand before performing cybersecurity vulnerability assessments for a local health clinic facility?

HIPAA

Which U.S. government regulation must an Internal Revenue Service office in New York follow when moving some services to a cloud computing platform?

FISMA

Which legal document specifies the expectations and constraints, including quality of work, timelines, and cost, for a cybersecurity professional?

Statement of Work

What is a key element an employee must have before conducting penetration tests for compliance in several financial institutions in Europe?

Permission from the institutions' management

What is the primary purpose of Rules of Engagement (ROE) in penetration testing?

To define the scope of the test

What is the purpose of host enumeration when beginning a penetration test?

To identify hosts on the network

Why would a penetration tester perform a passive reconnaissance scan instead of an active one?

To evade detection

What is the primary purpose of the General Data Protection Regulation (GDPR)?

To protect personal data

What tool could be used to gather DNS information passively?

PassiveDNS

In which circumstance would a penetration tester perform an unauthenticated scan of a target?

When the target is unknown

What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test?

It may not provide accurate results

What type of attack involves altering a host file to redirect users to a malicious website?

Host file redirection attack

What is the primary function of the Common Vulnerability Scoring System (CVSS)?

To score the severity of vulnerabilities

What is the purpose of verifying a vulnerability after a penetration test?

To prove the existence of the vulnerability

What is a characteristic of a DNS poisoning attack?

Redirecting users to a malicious website

What is the primary purpose of OpenVAS?

To identify vulnerabilities

What is an on-path attack also known as?

Man-in-the-middle attack

What is the primary goal of a watering hole attack?

To redirect users to a malicious website

Why would a threat actor use the Social-Engineering Toolkit (SET)?

To launch a phishing attack

What is the purpose of a DNS resolver cache?

To speed up DNS resolution

Study Notes

Definition and Characteristics

• Hacktivists: individuals who use hacking and cyber-attack techniques to promote a political or social agenda
• Blend of hacking and activism, often involving illegal or unauthorized access to computer systems
• May use tactics such as website defacement, data breaches, and denial-of-service (DoS) attacks

Motivations and Goals

• Hacktivists often aim to:
  • Expose corporate or government wrongdoing
  • Bring attention to social or political issues
  • Disrupt or embarrass opponents
  • Support or promote a particular cause
• May target organizations, governments, or individuals seen as opposing their values or goals

Examples of Hacktivist Groups

• Anonymous: a decentralized collective known for high-profile attacks and protests
• LulzSec: a former group known for hacking and exposing sensitive information
• WikiLeaks: a organization that publishes classified and sensitive information

Methods and Tactics

• Website defacement: altering a website's content to display a message or symbol
• Data breaches: unauthorized access to sensitive information
• Denial-of-service (DoS) attacks: overwhelming a website or system with traffic
• Phishing: using social engineering to obtain sensitive information
• DDoS (Distributed Denial-of-Service) attacks: coordinated attacks from multiple sources

Ethical and Legal Considerations

• Hacktivism often involves illegal activities, raising ethical and legal questions
• May be seen as a form of civil disobedience or vandalism, depending on the context
• Governments and organizations may view hacktivists as a threat to national security or integrity

Impact and Effectiveness

• Hacktivism can:
  • Draw attention to important issues and spark public debate
  • Embarrass or disrupt opponents
  • Reveal sensitive information or wrongdoing
• However, hacktivism can also:
  • Cause harm to innocent parties or systems
  • Be used as a form of revenge or vandalism
  • Undermine trust in institutions and online systems

Description

Explore the world of hacktivism, including its definition, motivations, and goals. Learn about the methods and tactics used by hacktivists, as well as the ethical and legal considerations surrounding this phenomenon. Understand the impact and effectiveness of hacktivism in promoting social and political change.