Hacktivists use hacking to further their activist goals, attacking companies they feel deserve punishment, exposure, and service disruption. Hacktivism is on the rise again. We look at what is driving this resurgence.
What Is Hacktivism?
The term hacktivist was first coined by a member of the Cult of the Dead Cow, a hacking group that used to meet in an abandoned slaughterhouse in Lubbock, Texas. It is a portmanteau word joining hacking and activist.
Hacktivists see themselves as social justice warriors carrying out attacks against targets that are, as far as they are concerned, deserving of service disruption and downtime. They will target organizations that they wish to bring public attention to, or highlight a cause they support. Their methods are the digital equivalent of physical activism events such as lobbying, workplace disruption, picket lines, and sit-ins.
If you’ve only ever heard of one hacktivist group, it’s a safe bet that group is Anonymous. It grew out of the 4chan image-posting website. Anonymous have attacked such organizations as Al-Qaida, ISIS, the KKK, the Church of Scientology, the anti-Islamic group Reclaim Australia, the UK’s Sun newspaper, and the Westboro Baptist Church.
Typically, Anonymous will use a Distributed Denial-of-Service (DDoS) attack to render the victim’s website inoperable, or they will deface web pages with their own political messages, or they may leak private information online, an attack known as doxxing.
Anonymous has spawned other hacking groups such as LulzSec. Lulzsec wanted to do something more akin to cybervandalism, which didn’t fit with Anonymous’s credo. If Anonymous was the digital equivalent of a student sit-in in the library, LulzSec wanted to pile up the books and burn them.
Their idea of fun was wreaking havoc indiscriminately, a practice that saw four key members arrested in 2012 and imprisoned in 2013. They admitted hacking into the websites of the CIA, the UK’s Serious Organised Crime Agency, News International, Sony, Nintendo, and 20th Century Fox amongst others.
The bottom line is all hacktivism is illegal, whether it is fuelled by idealism or kids looking for laughs. Perhaps because the perpetrators realized that it wasn’t an anonymous crime and that they could be traced and arrested, there was a gradual decline in hacktivism incidents. 2020 and 2021 have seen a resurgence of hacktivist activity, across a broad spread of targets.
Hacktivism and Leaktivism
WikiLeaks, the website that says it “specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying, and corruption” created a model for others to copy. Infamous for making public all manner of confidential and sensitive documents, WikiLeaks demonstrated the power of exposure and transparency as a weapon that could be used against the organizations the documents belong to.
Exfiltrating private data and making it publicly accessible is a classic doxxing cybercrime. But instead of the data dumps being hosted at disparate locations around the web and Dark Web, WikiLeaks provided a central repository for stolen documents, emails, and data.
The other two common hacktivist attack types are Distributed Denial-of-Service attacks (DDoS), and defacing websites. A DDoS attack floods a website with so much bogus internet traffic that the webserver cannot cope. The website is effectively taken off the air.
It’s the doxxing attack that is suddenly popular. In fact, the extracting and leaking of sensitive information and files has become so common that there’s a brand new name for this type of hacktivism: leaktivism.
Not to be confused with a DDOS attack, Distributed Denial of Secrets is a 501(c)(3) non-profit “devoted to enabling the free transmission of data in the public interest.” They don’t describe themselves as hacktivists, but list hacktivists as one of the sources of the documents they publish.
They have published such data collections as the BlueLeaks release. It’s a massive collection of almost 270 gigabytes of data spanning over 25 years, and containing information from more than 200 U.S. law enforcement agencies. Anonymous has claimed responsibility for obtaining the data.
Two hackers, “cApTaIn JaXpArO” and My Little Anonymous Revival Project, have claimed responsibility for the hacks and data dumps against the far-right social media platform, Gab. The 70 gigabytes of data contains public posts, private posts, user profiles, hashed passwords for users, direct messages, and plain text passwords for groups. Distributed Denial of Secrets is hosting this data too.
In Jan. 2020 the Parler alt-right social platform was hacked and 32 terabytes of data stolen. it contained a million videos and images, some of them recorded during the Jan. 6, 2021, Washington D.C. coup. Distributed Denial of Secrets makes it available to journalists upon request.
What is the Motive?
Emma Best, one of the founders of Distributed Denial of Secrets, wrote that “2020 set a record for the “most information leaked to the public in a single year, one that was quickly smashed by the first months of 2021 with the Parler hack.”
The rise of leaktivism is driven by a number of different factors. Not least is the fact that more information is being created and stored digitally than ever before. If the public exposure of that data is going to be damaging to the target in a way that furthers the cause of the hacktivists, they will use the victims’ own data against them. It’s an attractive option to the hacktivists, and even more so when websites exist that will host the data, make it publicly accessible, and protect the identities of their sources.
Given the nature of these recent high-profile cases, it’s clear that the motivation behind these incidents was political. In fact, some of the data from the Parler hack was used in the second impeachment of former President Trump. But the target isn’t always a specific group or platform. Sometimes it is a wider phenomenon that is being targeted.
In March 2021, the security camera firm Verkada was hacked. Feeds from schools, hospitals, prisons, and companies such as Tesla and CloudFlare were accessed, along with video recordings made from approximately 150,000 surveillance cameras. The hackers behind the attack call themselves APT-69420 although they are not a genuine advanced persistent threat (APT) group.
The purpose was purportedly to draw attention to the level of surveillance we all live with. One of the hackers is on record describing why they did it. It carries more than a hint of the counterculture credo from the 1960s when being anti-establishment is justification enough: “…lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism—and it’s also just too much fun not to do it.”
Some of the fun probably went out of it when they were indicted for conspiracy, wire fraud, and aggravated identity theft. Acting U.S. Attorney Tessa M. Gorman said “Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”
Justifying a hacktivist or leaktivist incident by calling it ideologically motivated is no defense in law.
It’s Still a Crime
Hacktivism and leaktivism are crimes, regardless of the motive.
It’s similar to unauthorized penetration testers. They probe a company’s cyberdefences, find vulnerabilities, and ask for a reward. On one level they’re doing the company a favor by identifying the vulnerabilities before cybercriminals do.
But what they are doing is illegal. You cannot probe a network without permission. And you cannot access a computer that doesn’t belong to you and exfiltrate documents and data.
Claiming your hacktivism is in the public interest—even if it is—doesn’t change the law.