This new hacktivism tactic makes every organization with a web presence a potential target for a DDoS attack
Hacktivism is on the rise as a motivation behind numerous DDoS attacks. For whatever reason, groups like Anonymous, Lizard Squad, Syrian Electronic Army, Chaos Computer Club and others believe they can intimidate corporations, government agencies, and other institutions by knocking these entities' websites offline for a period of time.
One of the latest victims of a hacktivist attack is the Japanese carmaker Nissan. The company's global and Japanese websites were bombarded with traffic on January 13—right in the middle of the Detroit Auto Show, where Nissan was unveiling new products. Nissan itself took the sites offline to prevent further risks from the attacks. DDoS attacks are often used as a diversionary tactic while the attacker inserts malware onto the network or steals data from the victim company.
There's no indication that anything happened to the Nissan websites beyond excessive traffic. In fact, Anonymous, the hacktivist group behind this attack, said, “As a note for Nissan, we are not out to harm your customer data or system data.”
So what was the purpose of the attack? According to Anonymous, “They [Nissan] are a big corporation in Japan, and we have targeted big corporations to spread awareness about the killing [of dolphins] in the cove in Taiji because the Japanese news is censoring it.”
The attack was punishment for Japan's killing of whales and dolphins, even though Nissan says it is not directly involved in the killing and has no specific views on the hunting activities.
If Anonymous is simply going for awareness, it has achieved its goal after news of this attack appeared on news outlets as well as this blog.
This attack displays a different kind of tactic as far as hacktivism is concerned. Typically the attackers target organizations that are directly involved in some sort of controversial activity. For example, as I pointed out previously, attackers claiming to represent the interests of native Hawaiians and environmentalists took down the website of the Thirty Meter Telescope organization in protest over the construction of a facility on Hawaii's Maua Kea volcanic mountiantop. In this case, the point was made by harming only the TMT organization and not other, uninvolved entities.
The Nissan attack portends a frightening proposition for the future of DDoS attacks. If hacktivists can garner attention for their cause by taking out a prominent website – ANY website, really – then this makes every organization with a web presence a target.
Get ready, folks, your website could be next.