It was via Twitter that hacktivist group Rex Mundi announced that it had published the customer database of the Domino’s Pizza chain, after months of racketeering. It was also on this social network that, on 2 December, the group of hackers Lizard Squad claimed that they had hacked into Microsoft’s Xbox Live network. Another case in point is the #OpAreva operation, which was announced, coordinated and then launched via this same network. Like Twitter, other social networks appear to be playing a role of growing importance in the strategies and procedures of hacktivists and cybercriminals. Concealment, advertising, claims, recruitment…: the use of social networks by these two groups is wide-ranging, almost covering their entire operational process.
Although IRC channels, exploit broadcast sites and forums are still traditional communication tools, they are no longer enough in themselves to give the desired scope to the operations conducted. Social networks thus play a major role. These platforms are both relays and primary sources of information dissemination. In addition, cybercriminals and hacktivists have no hesitation in using the tools and services of the open web (clear net) in their communications and operations. Their aims are to increase the impact of their message among supporters, the media and, more generally, Internet users at large, to benefit from the virality potential of certain networks, etc. The procedures used, which were previously more opaque, are now easier to access. Many cases today are characterised by a dual presence, on the dark net and the clear net. This is advantageous for surveillance and detection in the fight against cyber threats. In terms of monitoring and analysis, it provides a new way of looking at the procedures of cybercriminals and hacktivists. The speed of dissemination and claims of cyberattacks may, in turn, facilitate detection.
What role do social networks play today in the procedures used by cybercriminals and
hacktivists? How are cybercriminals taking advantage of the huge potential offered by social networks in terms of communication relays? What contribution could active surveillance and advanced monitoring of these networks make to the fight against cyber threats?
Observing certain community platforms over a period of 6 months has allowed CEIS to identify a constant, well-distributed use of social networks throughout the cybercrime chain, from skills acquisition to operational aspects and data handling. Thanks to the ripple effect enjoyed by groups such as Anonymous, it is now an established fact that hacktivists use social networks as one of the pillars of their communication strategy.