The origins of hacktivism and criminal legal counteraction to its manifestations

Efimovskii Andrei Vasil'evich ORCID: 0000-0002-4627-5857 Deputy Head of the Research Department, SaintPetersburg University of the Ministry of the Interior of Russia 198206, Russia, Saint Petersburg, Pilyutov Pilot str., 1, room 406 ave_70@mail.ru

Introduction. The information space permeates all spheres of life of society, government and citizens. The reform of public administration requires public authorities to ensure the transition to an information society by deeply introducing information technologies into their activities.

The lockdown caused by the spread of the COVID-19 pandemic has led to the development of new forms and methods of social life in a continuously developing digital environment.

The possibility of remotely receiving services provided by government organizations, ordering air and train tickets with electronic registration, online banking services, etc. are perceived by everyone as an undoubted benefit.

At the same time, the proportion of crimes involving the use of IT technologies is growing. Among them, the actions of hacktivist groups occupy a special place.

Materials and methods. The research uses axiological and formal legal research methods. The empirical basis of the research is the analysis of special literature on the research problem and statistics on the types and number of cyber attacks on information resources.

The purpose of the article is to describe the principles of hacktivism, the tools used by hacktivists in their destructive activities, and criminal law methods of countering this phenomenon available in Russian criminal legislation.

Discussion. Currently, the world community is facing new global challenges. First of all, it is the redistribution of spheres of influence and the collapse of unipolarity in international relations. However, at the same time, the constant development of the information space leads to the blurring of boundaries both literally and figuratively. This trend carries certain threats and cannot but affect such a sensitive area as cybersecurity.

According to A.I. Smirnov: "The planet is gripped by an unprecedented information revolution. Its phenomenon has created conditions for the formation of a global information infrastructure, which has provided fundamentally new opportunities for socialization of people, their communication and access to the accumulated knowledge of mankind. However, ICTs, being dual-use technologies, have become not only the locomotive, but also the nerve of globalization, because they carry fundamentally new challenges and strategic risks" ^{[1, p. 73]}.

Among the documents defining approaches to ensuring information security in the Russian Federation, it is possible to distinguish:

-         Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection";

-         Federal Law No. 187-FZ dated July 26, 2017 "On the Security of the Critical Information Infrastructure of the Russian Federation";

- "Fundamentals of the State Policy of the Russian Federation in the field of international information security", approved by Decree of the President of the Russian Federation No. 213 dated April 12, 2021;

- "Information Security Doctrine of the Russian Federation", approved by Decree of the President of the Russian Federation No. 646 dated December 5, 2016;

- "Strategy for the Development of the Information Society in the Russian Federation for 2017-2030", approved by Decree of the President of the Russian Federation dated May 9, 2017 No. 203.

These regulatory legal acts define a set of requirements for ensuring information security for information systems. However, the issues of prevention and mechanisms to combat cyber threats are not fully considered.

Kaspersky Lab specialists position cybersecurity as a set of methods and practices for protecting against malicious attacks for computers, servers, mobile devices, electronic systems, networks and data.

O.A. Puchkov offers the following definition of the concept: "Cybersecurity" is a data and information security regime that ensures the security of information from unauthorized authorized digital access" ^[2].

As can be seen from the definitions, cybersecurity permeates all spheres of human activity related to the use of information technologies, including the functioning of public authorities and the life support of the population, which is a set of mutually interrelated measures in terms of time, resources and location aimed at creating and maintaining conditions minimally necessary to preserve life and maintain human health.

The main threat to cybersystems is posed by the actions of intruders trying to circumvent information security systems using various technical means. Such attackers are called hackers.

Kapto A.S. gives the following definition: "Hackers" are computer intruders who penetrate public and private information banks and seek recognition of their technological abilities. Among hackers, there are "crackers" guided by criminal interests and politically motivated "hacktivists" ^[3].

A special military operation on the territory of Ukraine has clearly demonstrated the need for sustainable operation of electronic resources that support it. According to the electronic resource "SecurityLab.ru "even before the start of the special operation, the increasing activity of hacker groups was noticed, the targets of which were various resources of Russian ministries, departments, state corporations, private companies affiliated with the Russian Federation. After the outbreak of hostilities, the number of attacks increased exponentially. In addition to Russian resources, the resources of foreign companies that refused to leave the Russian market were attacked. It can be stated that on February 25, 2022, the beginning of a real cyberwar was laid, which, among others, was joined by the hacktivists of the Anonymous group.

According to Kapto A.S.: "Cyber warfare is one of the new types of warfare based on modern technologies. This is not an independent type of confrontation, cyberwar is always an integral part of information warfare, and in general acts as an element of a full-scale military campaign, including both recently emerged and more familiar ways of fighting" ^[3].

You can trace the chronology of events. On February 26, 2022, more than 50 DDoS attacks with a capacity of more than 1 TB were recorded, as well as a number of professional targeted attacks on the Public Services portal. Channel One also reported difficulties with access to the site, and its representative called DDoS attacks the reason for the failure. Roscosmos State Corporation stated that its website was also subjected to a DDoS attack from abroad. Russian Railways faced the same problem.

The Russian hacktivist group Killnet, in turn, attacked the Anonymous group's website, did not stay away from the outbreak of cyberwar.

Here is a small enumeration of the activity of the Killnet grouping:

April 15, 2022 – attacks on the German Ministry of Defense https://www.bmvg.de / (stopped after 5 hours), Cologne/Bonn International Airport (Germany) http://www.koeln-bonn-airport.de / (stopped after 14 hours);

April 16, 2022 – attacks on Gatwick Airport (United Kingdom) https://www.gatwickairport.com / (stopped after 5 hours), UN https://www.un.org / (stopped after 5 hours), OSCE https://www.osce.org (stopped after 4 hours), German bank Commerzbank https://www.commerzbank.de / (stopped after 1 hour), German bank KFW https://www.kfw.de/ (stopped after 4 hours);

April 21, 2022 – attack on the NATO Cyber Center https://ccdcoe.org / (stopped after 3 hours).

Also, in a short period of time, the Killnet group carried out attacks on the network infrastructures of Ukraine, Poland, the Czech Republic, Romania, Moldova, Estonia, Latvia and Lithuania. On May 1-3, 2022, a repeated massive attack on the German network infrastructure was carried out. The targets of the attacks were information resources and network communications of government agencies, air transportation, railway communications, banking structures, and public service portals.

On April 13, 2022, Killnet announced the creation of the "International Hacktivist Alliance". In its memorandum, the International Hacktivist Alliance^[1] states the following goals of its creation: the destruction of fascism on the Internet; preventing the expansion of NATO, including by destroying part of the infrastructure during hacker attacks; the destruction of Internet resources of terrorist groups, including sites for recruiting mercenaries and official accounts in messengers and social networks; the creation of a single a monitoring center to ensure Internet security with the help of new technologies. First of all, the center will collect data on neo-Nazi sects, after which they will be attacked and the use of appropriate force against them); the creation of 60 Internet representative offices in friendly countries that will provide communications with the population of these states; assistance to victims of fraud on the Internet through a special charitable foundation.

In April 2022, the hacktivists of the Anonymous group also carried out a number of attacks against the information and network resources of the Russian Federation and the Republic of Belarus. First of all, attacks on the network resources of airports and railways are highlighted, which complicates transportation and leads to disruption of logistics chains. Banking structures were also hit, which also leads to disruption of payments and, as a result, disruption of supplies.

Anonymous attacked: the Electrocentromontazh energy organization, which is engaged in the design, testing, construction, installation and maintenance of electrical equipment for power generation and transmission facilities in Russia; the St. Petersburg Social Commercial Bank, one of the largest Russian banks in terms of assets; a customs broker for companies of the ALET fuel and energy complex, exporting and customs clearance of energy resources (coal, crude oil, hydrocarbon products and refined petroleum products). More than 6 TB of data were uploaded to the appeal through the non-profit Distributed Denial of Secrets (DDoSecrets) website, which publishes various leaks.

I.N. Panarin in the monograph "Information War and Elections" designated "hacktivism" as "disinterested" hacking for the purposes of political activism ^{[4, p. 345]}.

However, "Hacktivism" is not necessarily "selfless" hacking, we rather believe that "hacktivism" is hacking for political and military purposes. Moreover, politically engaged hackers are increasingly at the service of government and political structures, receiving not only ideological support, but also financial incentives ^[5].

Hacktivist campaigns are aimed at achieving political, social or religious justice in accordance with the goals of the group. The term "hacktivism" was first used in 1996 by a hacker under the nickname Omega, who was a member of the Cult of the Dead Cow organization.

Hacktivism is anonymous, hacktivist groups work rarely revealing their members.

It is clear from the definition of hacktivism that the goals pursued by hacktivists are quite good. However, the methods by which these goals are achieved are far from ideal. Attacks on some digital resources can lead to difficulties in the life support of the population, and sometimes to the threat of emergency situations.

During the existence of the hacktivists, they conducted a number of successful operations, the most sensational among them were the following:

1. Anonymous has not carried out attacks for many years. The group was talked about again in 2020, after the death of George Floyd. She sharply opposed police brutality in support of the socio-political movement Black Lives Matter (BLM) on Twitter. The group carried out a series of DDoS attacks that briefly brought down the official website of the Minneapolis Police Department and the government website of the city of Buffalo in New York State, USA.

2. The Syrian Electronic Army (SEA) conducted operations using phishing and DDoS attacks to hack the websites of a number of US government agencies, private companies and major media groups. The hacker group successfully posted a false tweet on Twitter about the explosion in the White House and the injury of the US president, as a result of which the Dow Jones index fell by 140 points.

3. In 2016, the WikiLeaks group, created by Julian Assange, shared emails from the Democratic National Committee. The leaked emails affected Hillary Clinton's election campaign and many caused her to lose the presidential election.

4. The hacker group Worms Against Nuclear Killers (W.A.N.K.), in the wake of anti-nuclear protests, introduced two worms W.A.N.K and OILZ into the DECnet computer network owned by the National American Space Agency NASA. The worms prevented access to network accounts and files and performed password changes.

There are four types of hacktivism:

- political – has the task to influence the population in achieving certain political goals;

- social – aims to bring about social change in society;

- religious – may be aimed at both recruitment into a religious organization and the destruction of a religious organization;

- anarchic – the goals may have an anarchist agenda of destroying the civil or military infrastructure of any state as a whole.

Hacktivists usually target large organizations, government agencies, and public figures whose actions contradict the ideology of hacktivists. For example, an attack may be directed against an organization that, according to hacktivists, violates human rights or freedom of information dissemination. Experts who attack organizations in order to draw public attention to vulnerabilities can also be considered hacktivists.

Let's look at the methods that hacktivists use to achieve their goals. They use the same methods as ordinary cybercriminals. The most common of them are:

- DDoS attacks - attacks carried out from multiple devices at the same time to make a particular resource inaccessible to users;

- Deface — changing the content of the attacked site. As a rule, the hacked sites publish proclamations promoting the ideas of the attacking group;

-              Doxing is the collection of confidential information about a person or organization in order to further publish it in the information space;

- SQL injection - seizing information from databases by exploiting vulnerabilities in data–driven applications to spread malicious code in the Database management Language (SQL);

- Phishing attack, the purpose of which is to fraudulently obtain confidential user information (passwords, bank card data, etc.).

Now let's move on to the qualification of the above actions.

A DoS attack is an attack on a computer system in order to bring it to failure by creating conditions where users are unable to access the requested electronic resources, or this access becomes difficult for them ^[6]. "DoS" - "Denial of Service" – means "denial of service".

The DDoS attack "Distributed Denial of Service" means "distributed denial of service" and is carried out against servers with well-built protection, which requires a larger number of devices involved in the attack.

The result of a DDoS attack may be: denial of service of a part of user requests; a significant slowdown in the response time to requests to the attacked server; cover for unauthorized activity on the attacked web resource.

It should be borne in mind that blocking access to servers responsible for the operation of Internet resources and databases can lead to serious consequences or create a threat of their occurrence. Slowing down or completely blocking access to systems responsible for the operation of airports or the movement of trains on railways, monitoring systems of nuclear power plants, etc. can lead to man-made disasters and lead to loss of life and major material damage.

DDoS attacks are classified according to the general norms on crimes in the field of computer information: Article 272 of the Criminal Code of the Russian Federation "Unlawful access to computer information" and Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs". The maximum penalty for committing such acts is up to seven years in prison.

Doxing. The first case of doxing can be considered the creation by Neil Horsley of a website called the Nuremberg Files. The personal data of about 200 people who performed artificial termination of pregnancy were posted on this resource. The Planned Parenthood medical organization filed a lawsuit to ban the dissemination of this information and block the site. In 2002, the lawsuit was upheld by the U.S. 9th Circuit Court of Appeals ^[6].

It should be noted that in the case of a hacking attack using doxing, the information obtained is not used for the purpose of enrichment or blackmail, but to make public belonging to certain power and social groups. In the vast majority of cases, systematized information is made public, which, accompanied by some accusations, causes serious harm ^[6].

Doxing can be qualified under Article 137 of the Criminal Code of the Russian Federation. "Violation of privacy" The maximum sanction for this composition is imprisonment for up to two years.

SQL injection allows an attacker to use a piece of malicious code in the structured Query language (SQL) to manipulate a database and gain access to potentially valuable information. Attacks based on such vulnerabilities are among the most common and dangerous: they can target any web application or website that interacts with an SQL database (and the vast majority of databases are implemented in SQL).

SQL injection can lead to the following consequences: disclosure of confidential data; compromise of data integrity; violation of user privacy; illegal obtaining of administrative access to the system; illegal obtaining of general access rights to the system.

SQL injection is a crime qualified under Article 272 of the Criminal Code of the Russian Federation "Illegal access to computer information". Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs", Article 285.1 of the Criminal Code of the Russian Federation "Violation of the rules of operation of an information system or the Internet" and Article 159.6 of the Criminal Code of the Russian Federation "Fraud in the field of computer information" are also applicable in this case.

Phishing (from English phishing, comes from fishing – fishing, fishing) is one of the most common methods of committing fraud in cyberspace, which is used to steal passwords and confidential information by misleading the client ^[7].

According to the method of exposure, phishing can be classified into two types:

Fake site – uses the same interface as the original site, similar domains are selected, which misleads users. One character can be changed in the address, for example, the English lowercase L and the uppercase I. https://www.uralsib.ru / and https://www.uraIsib.ru / different domains, although not visually different;

A malicious file is usually an archive, when opened, the gadget or device becomes infected with a virus that spies on the victim, collects data and sends it to the attackers' devices.

Phishing is inherently a fraud in the digital environment, it is possible to use the resolution of the Plenum of the Supreme Court of the Russian Federation No. 51 of December 27, 2007 to qualify this type of action. "On Judicial practice in cases of fraud, embezzlement and embezzlement" clarifies that in cases where these acts involve the unlawful introduction into someone else's information system or other unlawful access to legally protected computer information of credit institutions or the creation of deliberately malicious programs for electronic computers, making changes to existing programs, using or distributing malicious computer programs, the deed is subject to qualification under Article 159 of the Criminal Code of the Russian Federation, as well as, depending on the circumstances of the case, under Articles 272 or 273 of the Criminal Code of the Russian Federation.

Thus, it is possible to identify a group of crimes in which the object of criminal actions is computer information, these include DDoS attacks, SQL injection and Phishing. Based on the division by object and subject of the crime, the subject of this group of crimes is computer information itself, which follows from the essence of illegal acts established in Articles 272, 273 of the Criminal Code of the Russian Federation.

Let's consider the issue of countering hacktivism. Universal digitalization is gradually erasing borders and creating a common digital space, which leads to certain difficulties in developing measures to counter hacktivism. Hacktivist groups are formed not on a national basis, but on an ideological principle, therefore, attacks can be carried out simultaneously from IP addresses with different jurisdictions.

It should be noted that since the beginning of the special military operation in Ukraine, contacts in the law enforcement sphere have been practically frozen. Increased polarization at the international level hinders effective cooperation, and cyberspace is increasingly being used for political and ideological purposes ^[8].

Cybercrime also has a pronounced cross-border nature, so measures to counter hacktivism will also have a similar character. Counteraction measures can be divided into organizational and technical ones.

Organizational measures include:

1. Development of international cooperation of law enforcement agencies in the process of prevention, detection, suppression, disclosure and investigation of crimes committed using IT technologies;

2.            Creation of international institutions responsible for the unification of legislation in the field of countering crimes committed using IT technologies;

3.            Improvement of legislation regulating legal relations in the IT environment;

4.            Training of highly qualified IT specialists for law enforcement agencies;

5.            Improving the computer literacy of the population and officials.

Technical measures include:

1.            Strengthening the requirements for the development of systems in order to prevent the leakage of private information into open access;

2.            Improving systems for protecting data transmission channels and databases from unauthorized access;

3.            Improving the technical equipment of public authorities and law enforcement agencies;

4. Development of national software products, including operating systems;

5.            Increasing the "survivability" of life support information systems and communication channels;

6. Duplication of critical information systems.

Conclusion. Summing up, we can say that the methods practiced by hacktivists in conducting cyber attacks are described and have their qualifications in the criminal legislation of the Russian Federation. However, it should be borne in mind that attacks are often carried out from the territory of other countries and the groups themselves are transnational. Therefore, in order to successfully counter these destructive phenomena, it is necessary to develop international law enforcement cooperation and unify responsibility for such acts. Countering hacktivism requires a comprehensive approach that includes legal, technical and social components.

You can simply select and copy link from below text field.