The term hacktivism is used to describe the hacking of a website or social networking page to cause disruption or make a point on politically, socially or ethically motivated grounds.
A hacktivist (hacking activist) is someone who combines strong beliefs with technical know-how to attack a website or company against who he or she is protesting, or holds opposing views. This may take the form of a denial of service (DoS) or distributed denial of service (DDoS) attack to disrupt traffic to one or more websites, or a highly visible, controversial message on the website’s home page.
High-traffic, influential websites and social networking feeds of large corporates or government departments tend to be affected most by hacktivism, but no organisation is immune. ‘Anonymous’ is the highest profile international group of hacktivists in recent years.
- Disruption of service of your website.
- Loss of revenue, reputation or both.
- Aspects of your organisation – or individuals working in it – which are not widely known, being revealed in a negative context.
Protect your website
If you are hosting your own website rather than using a third party hosting company, ensure that the hardware and software is secure:
- Use strong, protected passwords throughout the system. Do not leave any password set to its default value.
- Make sure the server is protected by an effective firewall and internet security software.
- Monitor log files carefully to spot any attempts at intrusion.
- Use the latest version of any ecommerce software. Old versions may have flaws that hackers can exploit.
- Never store customers’ private information and credit card details on a public ecommerce server.
- Protect your SSL details and keep them secret.
- If you consider that your website may be vulnerable to a DoS or DDoS attack, locate and consult a DDoS protection specialist who has the relevant knowledge and tools to protect your business
- Consider using a professional penetration testing firm to test the defences on your ecommerce server.
If you use a third-party hosting company:
- Review its security and availability policy and arrangements.
- Check that the service level agreement is adequate for your needs.
- Consider using a professional penetration testing firm to test the defences on your hosting company’s server.