Posted on October 9, 2021 at 8:30 AM
The rise in hacking attacks has shown the strained relationship between tech companies and anonymous hackers. A rise in attacks on tech firms has created worry that the negative effect will move towards ordinary internet users.
This week, threat actors dumped massive data belonging to Twitch, a streaming site owned by Amazon. This data revealed the entire source code of the site, which has been developed over ten years and is integral in the company’s operations.
Before this attack, the Anonymous hacking group attacked Epik, an internet service firm, and compromised its operations. Epik fired several employees following this attack, while some details of the firm’s clients were also exposed. Other firms popular with the far-right that have been victims of these attacks include Oath Keepers and the Texas GOP.
Hacks not related to Ransomware
The threat actors linked to these attacks have stated that they are not interested in ransomware payments but are hacking these companies as a moral crusade to punish these companies for their mistakes. For instance, the hackers behind the Epik attackers stated they were punishing the company for supporting hateful websites.
In the case of Twitch, the hackers have stated that the firm is now a “disgusting cesspool.” When detailing the attack, the hackers stated that “Jeff Bezos paid $970 million for this. We’re giving it away FOR FREE.” Data belonging to this company has been posted on the open Web, and the personal details of thousands of users on the platform have been exposed. Such details include phone numbers, income and home addresses.
Twitch confirmed this breach on Tuesday, stating that its security teams were working urgently to “understand the extent of this.” Twitch further explained that the hackers had gained access to its systems using a misconfigured server and that cybersecurity officials were still assessing the effects of this hack. The firm also added that the matter had been reported to the FBI.
This hack has exposed the most valuable details of the company to the world, inclusive of the source code to its major products, details of unreleased software, and internal tools used by the firm’s developers and security experts. A portion of the leaked data was developed a month ago.
The information also revealed the payouts of the most popular users of the platform. The unconfirmed data states that Critical role, one of the popular users of the platform known for the Dungeons & Dragons game, earned a gross of $9.6 million since August 2019. Felix Lengyel, a Canadian user of the platform, dubbed xQc and plays shooting games, has a gross of $8.4 million. However, the two are yet to respond to this information.
Nevertheless, the attacks on Twitch have shed light on how some major companies downplay cybersecurity safeguards. Some experts have been surprised by this attack questioning why Twitch failed to install proper safeguards to prevent a hack or identify when data was being accessed.
A representative of Amazon Web Services has stated that the hack has not affected the operations of AWS. Some experts also noted that Twitch had joked about Facebook’s Monday outage a day before its hack was revealed.
The hacked data is being distributed online for free and using publicly available tools. The hackers are using BitTorrent to seed these files anonymously. Users who want these files end up seeding them as well. Seeding is a technique popular with piracy, as it makes files impossible to take down from online platforms.
Hacktivist Threat Actors
The creator of the Australian data-breach site, Have I Been Pawned, Troy Hunt, has stated that most of these hactivist attacks are crimes of opportunity. He referred to a popular phrase in the cybersecurity spaces that states, “The definition of hactivist is you hack someone, then make up a reason they deserve it.”
However, Hunt stated that the reasons given for some attacks could be justified and referred to the case of Epik, noting that it is a “case many of us can get behind.” He also noted that in most cases, there are extra ways one could achieve their goals and drive the intended point home without harming any of the involved parties.
The hackers behind these hacktivist groups have remained anonymous, and very little is known about them. However, they have concerned national defence systems, cybersecurity experts and pose a risk to consumer privacy.
While some hacks are designed as moral crusades, some have raised questions about whether they have just been created for clout chasing or to cause chaos. Some experts have also noted that some hacks could be closely monitored by state-sponsored attackers, cybercriminals and ransomware enterprises. Some of the leaked data could also be used by other threat actors to conduct future attacks.