A hacker is not necessarily a criminal in a black hoodie, sitting in the dark in front of his computer extorting money from people. A hacktivist is also not necessarily a teenager looking to do good. Both are terms that resonate more and more in this digital stage and it is important to know how to distinguish them.
Difference between hacker and hacktivist
“The main difference is motivation,” says Miguel Ángel Mendoza, security researcher at ESET LATAM. According to him, the term hacker is often associated with a cybercriminal, but this is not the case. “By hacker we mean a person specialized in cybersecurity topics and who helps improve it,” he adds.
The cybersecurity glossary of the National Institute of Cybersecurity (INCIBE) defines a hacker as “a person with great knowledge in handling information technologies, who investigates a computer system to report security flaws in computer systems.”
So, a hacker can be anything from a cyber criminal to a person who does ethical hacking . The way in which they use this knowledge depends on each person, but basically they only have specialization and knowledge of the technologies.
On the other hand, a hacktivist “is very likely to also be a hacker, with technical and advanced knowledge, but his main motivation is related to ideological issues. They seek to affect third parties from the perspective of ideas”, mentions Mendoza.
According to Check Point Research, a company specializing in cybersecurity, there are five key characteristics of these people or groups:
- They have a consistent political ideology
- There is a hierarchy of leadership
- Have a formal hiring process
- There are tools that groups provide to their members
- Maintains strong public relations actions
These are six groups of cybercriminals and hacktivists that have marked the last decade:
Surely the name of Julian Assange, the founder of Wikileaks, sounds familiar to you. It became famous in 2010, when WikiLeaks published hundreds of thousands of secret documents from the United States that revealed the abuse that this country committed in the wars in Iraq and Afghanistan.
Assange registered WikiLeaks in 1999 but did not begin actively using it until 2006, when he transformed the website into a safe place for tips and the dissemination of secret documents.
The first publication, in December 2006, was about the decision (never verified) made by a Somali rebel leader to execute government officials. In 2007, Assange announced the official launch of the site.
Assange is currently in a maximum security prison in London, with an active fight not to be extradited to the United States.
The motto of this collective is: “Knowledge is free. We are anonymous. We are legion. We do not forgive. We do not forget”.
On one occasion, “We are not a group of hackers. We are average ‘Internet Citizens’ and our motivation stems from the collective weariness against minor and major injustices that we experience every day”.
Anonymous is considered one of the first and most important hacktivist groups to date. You probably remember them from wearing the Guy Fawkes mask from the movie “V for Vendetta”.
They have no leader or face and among their most emblematic attacks are having hacked pages such as those of the American Association of the Music Industry and the American Motion Picture Association.
They have also gone against governments such as Tunisia, Egypt, the United States and Colombia, revealing sensitive information.
This is not a hacktivist group, but cybercriminals who stood out for extorting Big Tech’s. “Our only goal is money, our reasons are not political,” Lapsus$ mentioned in his Telegram account. Hence the money symbol in the name.
It is argued that Lapsus$ has been, so far, the most threatening group for cybersecurity so far in 2022 and its victims include the Brazilian health system, Huawei, Apple, EA Games, Nvidia, Ubisoft and even Microsoft.
Their method of attack is phishing and so far the identity of these cybercriminals is unknown, although it is known that some have been arrested in London.
Lulz Security, also known as LulzSec was a hacktivist group from the past decade. His motto was “ Laughing at your security since 2011! ”, (laughing at your security since 2011).
They violated the security systems of Sony, Public Broadcast Service (PBS) in protest of the WikiLeaks documentary and even the CIA and NASA – although these were hacks to their Twitter accounts –.
The group disbanded the same year because six members of this group had only joined for a period of 50 days, in addition to the members’ personal information being published on the internet.
In 2015, users in Asia, the United States, Australia, and the United Kingdom experienced a 40-minute Facebook service disruption. This attack was attributed to Lizard Squad, or the “Lizard Squad”.
This was a collective of 25 hackers known for attacking, mainly, the video game industry. However, he also attacked companies like Sony, Microsoft, and regimes like North Korea between 2012 and 2014.
His last attack was a DDoS (denial of service) on December 23, 2016 to Steam servers, preventing users from taking advantage of Christmas offers on the platform.
On December 23, 2016 Lizard Squad attacked the Steam servers through a DDoS attack, also confirmed on Twitter and Facebook, preventing Christmas sales on the platform.
This is the group of hacktivists that leaked emails and documents from the Secretary of National Defense (SEDENA) in Mexico. They define themselves as a group against “American imperialism” and criticize the United States with its military and political interventions.
The military forces have been one of their main targets, because they are considered instruments of colonialism and, in addition to Mexico, they also attacked the dependencies of Chile, Peru, El Salvador and Colombia.
To date, it is not known who they are and the attack on SEDENA is considered one of the biggest cyber attacks the country has ever had.