What Really Motivated the Breaches of Twitch and Epik?

The Washington Post explores recent breaches at Twitch and Epik — and asks whether they really signal an upsurge in “hacktivism”: The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies’ sins. In celebratory notes released alongside their data dumps, the Epik hackers said they were sick of the company serving hateful websites, while the Twitch hackers used a hashtag criticizing company efforts to confront harassment and said the site had become a “disgusting cesspool….” Allan Liska, a senior intelligence analyst with the cybersecurity firm Recorded Future, said the growing accessibility and sophistication of hacking tools and the ease with which social media can draw attention to a major hack has contributed to a dramatic upsurge in attacks by “hacktivists…”

[The attacks] also showcase how weak the world’s cybersecurity defenses remain despite an eruption of concern after this year’s major ransomware attacks, including the crippling cyberattack on Colonial Pipeline that brought panic to fuel markets on the East Coast… Troy Hunt, a security consultant in Australia who created the data-breach notification site Have I Been Pwned, said many such hacks are actually crimes of opportunity, with a loftier mission applied later. He recalled a popular information security joke: “The definition of hacktivist is you hack someone, then make up a reason they deserve it.”

“Very often the politically motivated reasons we see are convenient excuses,” Hunt said.