Lone hacktivists persist, but are they making a difference?

Posted on by Dissent

Sometime around June, 2015, a hacktivist who calls himself @ElSurveillance on Twitter began defacing web sites of escort services. In July, 2015, I became aware of him and began reporting on his attacks, which usually include messages left on the sites about how the service and conduct is an affront to Islam.

To get an idea of how prolific @ElSurveillance is, his record on Zone-H.org lists 299 defacements, of which 52 are single IP-address defacements, and 247 are mass defacements.

Last month, I was surprised to read on Twitter that he was leaving for “a better place.”

It turns out, the “better place” was not what I had understood that to mean. Now he’s back announcing new attacks, including an as-yet-unnamed Australian site:

He’s also coding his own scanners:

As we’ve seen with him before, it’s not unusual for him to hit a whole bunch of sites that may be on one server:

Usually, he neither exfiltrates nor dumps any personal information. His message is generally in the defacement message he leaves. But as I learned recently, defacements aren’t his only method of attack, although other methods are not under the “ElSurveillance” identity.

So why does this site continue to cover him, you may be wondering. Well, frankly, I’m fascinated to watch someone who does not affiliate with others, but under his own nickname, has been on a consistent mission for almost two years now. He does not seek media attention, and generally doesn’t get it – probably because most people don’t care about escort service sites and most people using those sites are hopefully smart enough to use throwaway email addresses or names. And yet he persists.

ElSurveillance isn’t the only hacktivist who persists, however. I recently became aware of “[Nine]” whose Twitter account is @NyuSecurity. His profile says:

[Nine]’s avatar.
~ ~ ~  # Mas de 5000 .com.ar hacked #  |DHKC ~ ACAB|

Indeed, if you check his activity on Zone-H, you’ll find that he has 3,489 defacements, of which 287 are single-IP addresses and 3,202 are mass defacements since November of 2013. Unlike ElSurveillance, however, [Nine] has a number of issues that he lists in his defacement messages.

Also unlike ElSurveillance, [Nine] exfiltrates and dumps data:

So do these somewhat lone hacktivists make a difference?

I recently asked @ElSurveillance if he feels that his efforts have made any difference or had any impact. In DM on Twitter, he replied:

@ElSurveillance’s avatar

To be honest I haven’t checked all the sites I attacked since I started the operation, But yes, I have seen some of them who were suspended or no longer in operation, especially the ones who claimed to be serving in the Islamic Countries….  And as an individual attacker, I strongly believe it worth my time.

Somehow, it’s always the groups that get media coverage, whether they brand themselves as “Anonymous” or “Lulzsec” or some other name, but we should not lose sight of individuals who are out there, trying to change the world for issues they care about.  Whether you consider them criminals or heroes,  they are true hacktivists.

Update: Post-publication, I received a reply to my email inquiry to @NyuSecurity as to whether he felt he was making a difference. His response:

La diferencia principalmente trato de hacerla para conmigo, practicar, mejorar y asi. Puedo decir que muchas empresas y organismos del Estado cuentan con mas seguridad luego de que yo expusiera una brecha. Tambien puedo decir que muchos han escuchado mi mensaje y han recapacitado en cuanto ha aquello que iba mal.

So he, too, feels like he is making some difference and that his targets are hearing his message and not just increasing their site’s security, although even that could be considered having an impact.

Category: Breach IncidentsHack

4 thoughts on “Lone hacktivists persist, but are they making a difference?

  1. I am no psychologist, but it sounds like attacking certain “escort sites” is this person’s way of getting rid a culture that some may feel is less than proper…I will stop speculating now because I don’t really know why.

    I do fascinating to hear of line hacktivists defacing sites for undisclosed reasons. It makes me wonder why these and why do they want to act in this way? (Especially with not seeking media attention.)

    Keep reporting and following this…

      1. I re looked at this Twitter account..I was thinking of visiting another hacker’s account that I was following. My bad…Too many hackers have all of these cryptic names.. Sometimes hard to keep up…:)

    2. When I first started the operation, I mainly used to target most of the sites

      The answer for “Seeking media attention”
      Many of hacker out there nowadays are seeking the media’s attention for different reasons but mainly to make some money
      either by asking their supporters to
      1) Donate money
      2) Sell their products such as botnet, Hacking tools, Databases, T-shirt or some other crack products and so on
      3) Or these who call themselves hackers but actually they are harmless anyway due the less knowledge and skills they have
      * So the more attention they get, The more chances their products will get noticed by people

      I’m not looking for any of the listed above
      I don’t need any support from the fans/followers
      I don’t need money as I have a full time job
      I don’t need to be in a group to claim the entire credits
      I don’t need tools as I develop and code my own tools

      I strongly believe that I have what it takes to keep my campaigns running continuously and effectively and I don’t need to hide behind some kids such as anonymous or like the groups who most of them got arrested anyway

      If you need any more details, You know where to find me
      “I do respond on the questions”
      Have a good one
      ElSurveillance

Comments are closed.