Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

What Really Motivated the Breaches of Twitch and Epik? (msn.com) 21

Posted by EditorDavid from the hack-to-the-future dept.
The Washington Post explores recent breaches at Twitch and Epik — and asks whether they really signal an upsurge in "hacktivism": The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies' sins. In celebratory notes released alongside their data dumps, the Epik hackers said they were sick of the company serving hateful websites, while the Twitch hackers used a hashtag criticizing company efforts to confront harassment and said the site had become a "disgusting cesspool...." Allan Liska, a senior intelligence analyst with the cybersecurity firm Recorded Future, said the growing accessibility and sophistication of hacking tools and the ease with which social media can draw attention to a major hack has contributed to a dramatic upsurge in attacks by "hacktivists..."

[The attacks] also showcase how weak the world's cybersecurity defenses remain despite an eruption of concern after this year's major ransomware attacks, including the crippling cyberattack on Colonial Pipeline that brought panic to fuel markets on the East Coast... Troy Hunt, a security consultant in Australia who created the data-breach notification site Have I Been Pwned, said many such hacks are actually crimes of opportunity, with a loftier mission applied later. He recalled a popular information security joke: "The definition of hacktivist is you hack someone, then make up a reason they deserve it."

"Very often the politically motivated reasons we see are convenient excuses," Hunt said.
This discussion has been archived. No new comments can be posted.

What Really Motivated the Breaches of Twitch and Epik? More

What Really Motivated the Breaches of Twitch and Epik?

Comments Filter:

  • The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies' sins.

    Sins? So the devil did make them do it?

    • Re:A cathartic experience. (Score:4, Funny)

      by quonset ( 4839537 ) on Sunday October 10, 2021 @05:43PM (#61878579)

      The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies' sins.

      Sins? So the devil did make them do it?

      God is responsible for plagues, great floods, pandemics. Satan is only responsible for heavy metal bands and orgies.

      • Re: (Score:3)

        by Kisai ( 213879 )

        The problem is that most "hacking" only falls into three categories

        Blackhats = Destruction or Hostage taking of data
        Greyhats = Script Kiddies with tools they don't understand, but use on everyone
        Whitehats = Hardening security and reporting pentesting experiments from the outside/inside

        Blackhats seek only their own personal gain. The same as pirates.

        Whitehats seek to try and protect the services they are either employed by or have any interest in.

        Greyhats are essentially your run-of-the-mill script kiddies w

    • Act (Score:2)

      by JBMcB ( 73720 )

      They are, literally, not doing anything. Their users are. I'm guessing the "hacktivists" want them to stop their users from doing things?

  • portraying their attacks as moral crusades against what they said were the companies' sins

    And what have you taught them? Nothing, because they aren't motivated by a secure model, they are motivated by a beneficial business model. Do the users care that these people were hacked? No. Because you aren't targeting the users, they change their passwords, enable 2FA if need be, and then move on with their lives using the service you attacked. Attacks have become so common place, insecure sites are a given. I mean hells bells everyone here on Slashdot doesn't even pretend. "It's a matter of when

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      In the case of Twitch there is at least an argument that the earning data might prove helpful to some users. In some countries all income is a matter of public record. Some interesting insights have been gleaned from this, such as only the top 0.001% of streamers make decent money from Twitch itself.

      The whole Twitch donation and subscription income system is not great. Most streamers don't make much money out of it, well below minimum wage, and it encourages addictive behaviour from watchers.

      Of course it's

    • Re: (Score:1)

      by deKernel ( 65640 )

      Wish I could add more, but you quite eloquently stated it.

  • Rubbish. (Score:4, Interesting)

    by Gravis Zero ( 934156 ) on Sunday October 10, 2021 @10:52PM (#61879175)

    “Very often the politically motivated reasons we see are convenient excuses,” Hunt said. “In the case of companies like Epik, there’s a case many of us can get behind. But in many cases I would argue there are other ways to achieve those aims without having that level of impact on people and still be able to make your point.”

    I would love to know what other ways their are to expose perpetrators of hate that have gone to great lengths to hide their identity. Not a joke, a serious point. Even with the Epik hack, there are people that went so far as to use false names, info, cryptocurrency, and VPNs which means we still don't know who they are.

    He speaks of "other ways" but the law is lethargic at it's best, fungible at it's worst, and always heavily favors corporations but computation is absolute and immediate. Why would you doubt the motives of "hacktivists" when they are clearly at a massive legal disadvantage?

    • Re: (Score:3)

      by AmiMoJo ( 196126 )

      The usual way to handle this is to give the data to journalists, who are able to then write articles exposing stuff that is in the public interest in a responsible way.

      That's what Snowden and Manning did.

      • Snowden and Manning committed espionage, violated laws they were educated on, didn't follow processes for bringing their concerns to light, and gave classified information to enemies of the United States and then were shocked they were charged with crimes.

        Only shitheads like you think what they did was OK, but then, you hate the U.S.

        • Re: (Score:1)

          by AmiMoJo ( 196126 )

          Snowden tried to raise those issues but got nowhere. He was upholding is oath to defend the United States from enemies domestic and abroad.

        • There's a lesson we Germans learned in the Nuremburg Trials, taught to us by amongs others, the U.S. Americans: if the laws of your current government are discriminating against basic human rights, it's not only "OK" to ignore those laws, but you are in fact encouraged - if not even obliged, to oppose that government.

          • : if the laws of your current government are discriminating against basic human rights, it's not only "OK" to ignore those laws

            Except the laws didn't discriminate against basic human rights therefore you are engaging in a straw man fallacy.

      • Manning definitely didn't do that in a responsible way, he chose to indiscriminately leak whatever he could, no matter its relevance, with the specific intent of causing harm to the US in any way that he could.

      • The usual way to handle this is to give the data to journalists

        But this is after you have hacked them. Troy Hunt jokes that "[t]he definition of hacktivist is you hack someone, then make up a reason they deserve it," which implies that "there are other ways to achieve those aims" is saying that hacking should not be utilized to achieve those goals.

        Troy isn't saying "be a responsible hacker" he's saying, "you don't need to hack servers to get what you want".

  • Give them time to carry out activism at work?
    Get activism.

  • cybersecurity (Score:3)

    by Tom ( 822 ) on Monday October 11, 2021 @03:08AM (#61879541) Homepage Journal

    [The attacks] also showcase how weak the world's cybersecurity defenses remain

    You're kidding me, right?

    They're pathetic and ridiculous. Most "defensive walls" are essentially from paper. I mean that both metaphorically regarding their strength and literally as in: You can get most security-related certifications simply by having your paperwork in order. For example, the process of ISO 27001 certification does not contain a penetration test or any actual technical verification of the quality of your security measures. In fact, it certifies your security management system, not your actual security.

    (that said, it's better than having nothing at all, don't get me wrong)

    The twich.tv leak contains their threat modeling. Have you seen the screenshots? That's pretty pathetic for a company this size. I got better results from a workshop with the only security person in a 30-people company I consulted for.

    I have audited ONE company in the past years who really had their act together and seriously impressed me with the security in the small part that I audited. Others are ok or improving, some are seriously weak.

    That's not because they're all idiots - they aren't - it's because security is hard and with the rapid, constant changes and updates, you just can't keep on top of it if you don't throw serious manpower at the problem (by the time you're done really hardening a server, some of its packages are updated and you need to check what changed and if it means you need to change your rules). And that serious manpower is in high demand, and for some reason companies think they can hire rare experts who need years of experience to be anywhere near good for chump change money. Some of the offers headhunters bring to me are downright insulting. When those positions are finally filled, I'm quite sure the person filling it has nowhere near the qualifications and experience they would need to really improve security. If they had, they'd be working elsewhere for twice the salary.

    sorry for the rant, didn't have time for a proper article or speech...

    • Re: (Score:2)

      by deKernel ( 65640 )

      That wasn't a rant, that was pretty good synopses of the facts. Security is both hard and time consuming just like you said. In my experience, what makes it a true obstacle is that good security starts now and continues on forever which is what really bogs companies down. They like projects that have a completion data where security is an ongoing process...forever. What frustrates me the most is that many companies once they peal back a few layers and realize that this is a forever project just throw up the

  • In celebratory notes released alongside their data dumps, the Epik hackers said they were sick of the company serving hateful websites

    Translation:

    We don't like what people are saying on sites you host so we are going to anonymously and illegally attack you until you make them shut up!

Slashdot Top Deals

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Close