Hacktivism’s reemergence explained: Data drops and defacements for social justice

A record amount of leaked data to expose far-right groups signals a more focused and serious approach to hacking for a cause. To understand the risk, CISOs should pay attention to the news.

CSO: Have you met these hackers? [slide 07]
TheDigitalArtist / Daniel Veilleneuve / Petmal / Getty Images

At the end of February, a hacktivist who calls themself “JaXpArO and My Little Anonymous Revival Project” breached far-right social media platform Gab, pulling out 70 gigabytes of data from the backend databases.The attacker obtained user profiles, private posts, and chat messages written by users that include white supremacists, supporters of the QAnon movement, neo-Nazis, and conspiracy theorists, some of whom were associated with the Capitol Hill riot on January 6.

This data was leaked to transparency collective Distributed Denial of Secrets (DDoSecrets), which now makes it available to journalists and researchers upon request.

In the past few months, the volume of data made public by hacktivists skyrocketed, because companies are hosting a lot more data compared to several years ago. “2020 set a record for the most information leaked to the public in a single year, one that was quickly smashed by the first months of 2021," wrote DDoSecrets co-founder Emma Best.

GabLeak is just one of the many recent incidents. At the beginning of January, DDoSecrets released a collection of more than a million videos downloaded by a hacktivist from the right-wing social network Parler. Some of those were recorded during the Capitol Hill riot.

Many such acts tend to be politically motivated, but a few also expose ways in which technology can be used against people. In March, hacktivists breached security-camera startup Verkada, exposing footage from more than 150,000 organizations, including Tesla, Cloudflare, schools, jails, hospitals, and police stations. Swiss hacker Tillie Kottmann, who was associated with the hack, told Bloomberg why they did it: “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism—and it’s also just too much fun not to do it.”

This “hint of anarchism” can pose huge risks. Kottmann has recently been indicted by a grand jury in the United States for “computer intrusion and identity and data theft activities spanning 2019 to the present.” Acting US Attorney Tessa M. Gorman said in Kottmann's indictment: "Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”

For researchers who have been paying attention to the phenomenon, this mixed bag of motives won’t come as a surprise. Many of the goals and values of the hactivist community can be traced back to the early days of the phenomenon. 

The beginnings of hacktivism

One of the first examples of hacktivism dates back to 1989, when anti-nuclear protesters in Australia hacked NASA and the US Department of Energy. They deployed a computer worm called “Worms Against Nuclear Killers (WANK)” in an effort to stand up against the launch of a shuttle that carried radioactive plutonium.

Then in 1996, someone posted pornographic images on the website of the Department of Justice and changed its name to “Department of Injustice.” It was a protest against the Communications Decency Act, the Congress's attempt to regulate pornographic material on the Internet, later ruled unconstitutional.

The term hacktivism was coined around the same time, although its origin is disputed. It probably appeared for the first time in an article written by Jason Sack about the experimental 1994 movie Fresh Kill. Yet its origin is often associated with the Cult of the Dead Cow—one of its members, Omega, used it in an email to the group in 1996.

Hacktivism gained wider public attention in the late 1990s during the Kosovo war, when “activists from around the world launched DoS attacks and defaced or hijacked websites to protest the war and the countries engaged in it,” wrote Dr. Dorothy E. Denning in her paper, The Rise of Hacktivism.

The late 1990s also marked the beginning of groups such as the Electronic Disturbance Theater, which joined people interested in radical politics, software and art, and the Internet Black Tigers, which sent 800 emails a day for two weeks to Sri Lankan embassies in a technique they named “suicide e-mail bombings.”

By the turn of the century, it became clearer what hacktivism was and what its values were. In July 2001, Hacktivismo, an international group that had its roots in the Cult of the Dead Cow, issued the “Hacktivismo Declaration,” which served as a code of conduct for the movement. It declared goals such as fighting human rights abuses and protecting the freedom of speech.

The 2000s also saw the birth of Anonymous and Wikileaks, two prolific names in the history of hacktivism.

Anonymous, WikiLeaks, and Phineas Fisher

Anonymous emerged in 2003 on the imageboard 4chan, but its actions are still felt today, reverberating in many corners of our society, says Eddie Doyle, cybersecurity strategist at Check Point. “It was a group of citizens who decided to take matters into their own hands,” he says. “It might have been the catalyst for other social justice movements.”

Anonymous is known for launching attacks against governments, corporations, and organizations. The Church of Scientology was one of its notable victims, but it also targeted government agencies in the US as well as Israel and Tunisia. It has declared war on ISIS, taken down child pornography websites, and annoyed companies such as PayPal, Mastercard and Visa. More recently, it showed support for the Black Lives Matter protests.

Anonymous members, many bearing the now-famous Guy Fawkes masks, started out doing pranks and hacks for the “lulz”, but soon they saw themselves as a group aiming to change the status quo. They started to use terms such as “freedom fighters” and “Robin Hoods” to describe themselves, influencing not just the technology scene but also the popular culture.

“Netculture replaced counterculture,” wrote Günther Friesinger, Johannes Grenzfurthner, and Thomas Ballhausen in 2010 in their book Urban hacking. “Important questions have been brought up to date and re-asked, taking current positions and discourses into account. The major question still remains, namely how to create culturally based resistance under the influence of capitalistic pressure and conservative politics.”

This free-thinking environment allowed hacktivists to create several small teams that shared their opinions and beliefs. In May 2011, a few Anonymous members formed LulzSec, a less political group that targeted the Senate.gov website, as well as Fox Television, PBS, Sony, and Nintendo.

Another hacktivism project that started during the 2000s is whistleblowing site WikiLeaks, founded by Julian Assange, with the declared goal of fighting corruption, but an arguably controversial geopolitical path. In 2010, it released over 90,000 documents regarding the war in Afghanistan, and in 2016 it leaked more than 20,000 emails and 8,000 file attachments from the Democratic National Committee and from Hillary Clinton’s campaign manager, which led to the idea that the national committee favored Clinton over Bernie Sanders in the primaries.

Critics argue that WikiLeaks had geopolitical stakes because it never angered Russia. Also, toward the end of its active tenure, the platform was criticized for flirting with ideas and politics of the right.

Hacktivists also cared about how technology is used by those in power. Phineas Fisher, for instance, breached Gamma Group and the Hacking Team, companies that sold surveillance software to governments, corporations, and law enforcement agencies. His other targets included the union of the Catalonian police, and the Turkish conservative populist political party AKP.

“Phineas Fisher, in some ways, was an important point of continuity between the Anonymous era and today,” says Dr. Gabriella Coleman, an anthropologist at McGill University in Montreal, Canada, who studies hacktivism. “Phineas Fisher carried the torch of the hacking and the leaking when it wasn't happening very much outside some nation-state hacking and leaking.”

Many big ideas that bubbled during the Anonymous, WikiLeaks, and Phineas Fisher eras are the basis of current-day hacktivism, says Dr. Coleman. 

How hacktivism has changed

Hacktivists still take inspiration from the past, but they are more careful when taking risks, and their goals, tactics, and values have become more focused. As the past year has shown, they often raise their voices against far-right extremism and other political ideas that go against their understanding of human rights. “It doesn't entirely surprise me,” says Dr. Coleman. “Historically, there have been more left hacktivists.”

The anthropologist argues that in the past few years, in North America as well as other parts of the world, hacktivists tended to follow a “left social justice-oriented politics.” “DDoSecrets is taking hacktivism down a very, very clear anti-fascist left path,” says Dr. Coleman.

What we’re seeing today, including the hacks targeting right-wing social media platforms Gab and Parler, are a reaction to the state of the world right now, says DDoSecrets’ co-founder Emma Best.  “For hacktivists, scale and details are the only things that've really changed [since the 2010s,] outside of increased social awareness,” she tells CSO.

When it comes to tactics, Dr. Coleman says that hacktivists today still use the hack-leak combo that originated during the early 2010s, yet another technique is becoming increasingly popular: archiving publicly available data that would otherwise disappear, as the Parler incident has shown.

Meanwhile, data drops will continue to be popular, because hacktivists are interested in going viral to make their point, Jameeka Green Aaron, Auth0 CISO, says. “If the hack hasn’t gained the desired amount of attention, a data drop gives validity to the hackers' claims,” she tells CSO.

Some security researchers also believe that hacktivists might engage in more destructive attacks that could bring attention to their cause. Any organization is at risk. “We seem to see attacks against employees or executives via data theft and more attempts to run the organization out of business,” says Jon Clay, vice president of cyberthreat research  at Trend Micro. “[The theft of data and leaking] can be potentially much worse for the organization or individual whose data is leaked.”

Most security researchers fear that the recent acceleration of digitalization and the advent of IoT devices will offer more opportunities to hacktivists. “It’s a much larger attack surface,” Check Point’s Doyle says. “From the criminal standpoint, it's a beautiful opportunity for them to take advantage of this.” 

What’s next for hacktivism?

Given the state of politics around the world and the growing inequity, hacktivists might feel the need to state their opinions louder in the coming years. “Hacktivism will absolutely be a force,” Best says, adding that people who are part of the movement will continue to show “a lack of tolerance for nonsense.”

That might lead to more defacements and data drops, and perhaps attacks against critical business assets, to shut down a business’s day-to-day operations, Clay says. He also thinks that at least some incidents might be financially motivated: “We may also see more extortion attacks as hacktivists may shift to a profit model versus a cause model.”

Part of the problem is that companies and governments still don’t know how to deal with hacktivism, although we’ve been talking about it for at least 25 years. “Their understanding of hacktivism ends at the words ideologically motivated,” Best says. “It's understandable how and why that would be the case, but it's also indicative of a profound lack of self-awareness and little effort towards self-reflection.”

DdoSecrets’ co-founder fears that this lack of self-reflection, coupled with the desire to control the situation, might lead to changes that could put internet users at risk. “The government will probably try to use industry-wide security problems exposed by hacktivists and whistleblowers as an argument for universal encryption backdoors that would further undermine security,” says Best.

A better idea to tackle hacktivism, Doyle says, would be for everyone, including CSOs, to pay more attention to what is happening in the world. “CSOs have to stop being just technologists; they have to understand the geopolitical landscape of their own organization, as well as the world,” he says. “CSOs are going to have to start becoming less the technologist and more the risk advisor.”

In the years to come, we might see more waves of attacks, many of which will be politically motivated. “Hacktivism waxes and wanes,” Dr. Coleman says. “It's cyclical and hard to predict.”

Copyright © 2021 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)