Following its defacement to the Massachusetts Institute of Technology (MIT) website (mit.edu) in January earlier this year, hacker group Hack the Planet (HTP) have once again done damage to the organisation.
Earlier this year, the group not only performed an anti-Anonymous troll defacement on the MIT homepage, but they managed to intercept and gain full control of the Institute’s incoming and outgoing e-mail by compromising its domain. Although this claim was initially denied by MIT spokespeople, a later statement proved it to be accurate.
Since then, the hacktivists have managed to maintain access to MIT’s EDUCAUSE domain and have, according to one of their previous newsletters (HTP Zine 5), “entrusted the login credentials of nearly every EDU domain to hackers worldwide”. Links to downloadable ZIP files of the login credentials were also made available in the newsletter.
As it stands, HTP claims to still have active access to MIT’s information, although they have not disclosed any details as to the techniques they used to do so.
The above incident is one of many examples attributable to a steady rise in hacktivism. Up until a few years ago, hacking existed very much as means to procure illicit funds as part of a growing “underground economy”. Almost all cybercriminal incidences were centred around monetary gain.
However, nowadays with the likes of LulzSec, Anonymous and as illustrated above HTP, hacktivist groups are cropping up in growing numbers, their sole purpose being to cause damage via targetted attacks. Much of the time, these attacks are in accordance with some political agenda, but in many cases, these groups are gaining access to high profile organisations for their own enjoyment or, as many of them claim, to teach the target “a lesson in security”.
On the one hand, the rise in popularity of these types of attacks have had a positive influence in the industry, as they have forced many organisations to increase their corporate information security tenfold, something that security companies have been urging them to do for years.
On the other hand, damages to some organisations’ reputations have been irreversible and members of the public are increasingly showing distrust towards the companies that handle their online transactions and information.
To safeguard yourself and your company from damage caused by hacktivist groups such as HTP, we believe it is extremely important to take proactive steps in protecting all facets of your network on a continual basis. This will ensure peace of mind that your organisation is protected from even obscure attacks such as this one.