Hacktivism: Social Justice by Data Leaks and Defacements

Hacktivism: Social Justice by Data Leaks and Defacements

Around the end of February, a hacktivist that calls himself JaXpArO and My Little Anonymous Revival Project breached the far-right social media platform named Gab. They managed to gain seventy gigabytes of data from the backend databases. The data contained user profiles, private posts, chat messages, and more – a lot of this data was written by white supremacists, QAnon supporters, conspiracy theorists, neo-nazis, and some of which were part of the Capital Hill riot on January 6th.

The data that they gained was leaked to the transparency collective Distributed Denial of Secrets (DDoSecrets) – which now makes it available to researchers and journalists based on request.

The data which is being hosted now compared to a few years ago – also in the last year alone now – has skyrocketed greatly. Even then the records set in 2020 have already been beaten in the first few months of 2021.

The leak from Gab is just one of many recent incidents that have happened. At the beginning of January, DDoSecrets released a collection of more than a million videos downloaded by hacktivists from the right-wring social network Parler. Some of them were recorded during the Capital Hill riot.

Many of these acts tend to be politically motivated – but they also can show ways that the technology can be used against people. In March, hacktivists managed to breach the camera upstart Verkada – exposing footage from over one-hundred thousand companies ranging from Telsa, CloudFlare, schools, jails, hospitals, and police stations. The Swiss Hacker, Tillie Kottmann, who was associated with the hack, told Bloomberg why they did it:

Lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.

This level of anarchism can have major risks. They were just recently indicted by a Grand Jury in the United States for computer intrusion and identity and data theft activities spanning from 2019 to now. Acting US Attorney Gorman said in the indictment:

Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.

For people who have been paying attention to this phenomenon – this giant mixed bag of nuts, better known of mixed motives – won't come as a surprise to many. A lot of the goals and values of the hacktivist community trace their roots back to the early days of the phenomenon.

The Beginning of Hacktivism

Let's now go back into time a little to the early days of hacktivism.

One of the first examples which I can give you dates back to 1989, This was when protesters in Australia hacked NASA and the US Department of Energy. They deployed a computer worm called “Worms Against Nuclear Killers (WANK)” to stand up against the launch of a shuttle that carried radioactive plutonium.

The next event comes in 1996, where someone posted pornographic images on the website of the Department of Justice and changed its name to “Department of Injustice.” It was a protest against the Communications Decency Act, the Congress's attempt to regulate pornographic material on the Internet, later it was ruled unconstitutional.

The hacktivism term was coined somewhere around the same time. Even though the origin is widely disputed by many people. If I remember my history of when I first saw it, probably appeared for the first time in an article written by Jason Sack about the experimental 1994 movie Fresh Kill. Yet the origin of the term is mostly associated with the Cult of the Dead Cow –one of its members, Omega, used it in an email to the group in 1996.

During the Kosovo War, hacktivism gained a lot of public attention. Dr. Dorothy E. Denning in her paper, The Rise of Hacktivism, wrote the following:

Activists from around the world launched denial of service (DoS) attacks and defaced or hijacked websites to protest the war and the countries engaged in it.

The late 1990s also marked the beginning of groups such as the Electronic Disturbance Theater – which joined people interested in radical politics, software, and art, and the Internet Black Tigers – which sent 800 emails a day for two weeks to Sri Lankan embassies in a technique they named “suicide e-mail bombings.”

Anonymous, WikiLeaks and Phineas Fisher

In the 2000s, which most people will remember the most, we gained the birth of Anonymous and Wikileaks. Two major names in the story of hacktivism.

Anonymous merged into the scene in 2003 thanks to the imageboard named 4Chan. A lot of their hacks are still felt today – reverberating in many corners of society. I see this as a group of citizens that took matters into their own hands and it may have been a catalyst for social justice movements.

Anonymous is known for launching attacks against corporations, governments, and different organizations. The Church of Scientology is most likely the most notable victim of Anonymous – but you can't forget about government agencies in the United States or Israel. They have declared war on ISIS, taken down players in the child pornography networks, annoyed companies such as PayPal, Visa, and Mastercard. They also have shown support for the Black Lives Matter protests.

A lot of the anonymous members are now bearing the famous Guys Fawkes Mask – which a lot of this started as pranks that evolved into hacking and doing it for the lulz.As time progressed, they soon start to see themselves as a group that wants to change the status quo – using terms such as Freedom Fighters and Robin Hoods to not just influence the technology scene but to include popular culture.

This type of environment created a free-thinking environment that created several small teams that shared their ideas and believes with each other. Around May 2011, several anonymous members formed a group called LulzSec. This group was not very political, but they targeted websites such as Fox Television, PBS, Sony, Nintendo, and the Senate.gov website.

One of the biggest hacktivism projects that came out during the 2000s was the whistleblowing website Wikileaks. The project was founded by Julian Assange – he has the goal of fighting corruption with an arguably controversial geopolitical path. In 2010, Wikileaks leaked over ninety-thousand documents regarding the War in Afghanistan. In 2016 they leaked twenty thousand emails and roughly eight thousand attachments from the Democratic National Committee and Hilary Clinton's Campaign Manager. This lead to the idea that the Democratic National Committee highly favored Clinton over Sanders in the Democratic primary.

Several critics have argued that Wikileaks has geopolitical stakes because they have never really ever angered Russia. Also, toward the end of its active tenure, the platform was criticized for flirting with ideas and politics of the right.

A lot of hacktivists care for how technology is used by the people in power. Phineas Fisher, for instance, breached Gamma Group and the Hacking Team, companies that sold surveillance software to governments, corporations, and law enforcement agencies.

Hacktivism is Changing

Many hacktivists take inspiration from the past – yet they are more careful about taking risks, which has caused their goals, tactics, and values to fight for to become more focused. Just this past year has shown that a lot of them raise their voices against far-right extremists and other agendas that go against core human rights.

I am willing to argue that a lot of hacktivists follow a social left justice-oriented politics in the United States and perhaps around the world. What I am seeing right now the most is the reaction to the state of the world is. For hacktivism, the scale and details are only a small part that has changed since the 2010s – also outside the social awareness.

They are still using the hack -> leak combination which happened in the 2010s – another technique that is becoming popular is to archive publicly available data that would usually just disappear and be lost to time such as what could have happened to Parler.

Meanwhile, data leaks will continue to be popular, because hacktivists are interested in going viral to make their point clear to the world. If the hack hasn’t gained the desired amount of attention, a data leak should give a lot of validity to the hackers' claims.

I strongly believe that hacktivists in the future might engage in more destructive attacks that could bring attention to their cause. Everyone and anyone is at risk for this. We seem to see attacks against employees or executives via data theft and more attempts to run the organization out of business. The theft of data and leaking can be potentially much worse for the organization or individual whose data is leaked.

I am truly fearing that the recent acceleration of digitalization and the advent of people using more and more internet of things (IoT) devices will offer more opportunities to hacktivists – this is due to lack of security with the device. It tends to be a way larger attack surface for them to use. From a hacker standpoint, it's an amazing opportunity for them to take advantage of.

What's Next for Hacktivism?

With the given state of politics around the world and in the United States in 2021. Hacktivists might feel the need to state their opinions about the growing inequality. They feel as if they need to state their opinions louder and louder in the coming years. People who are part of the movement will continue to show a lack of tolerance for nonsense.

This could also lead to more defacements and data leaks, and perhaps attacks against critical business infrastructures – to shut down a business’s day-to-day operations. I'm also thinking that at least some incidents could be financially motivated – meaning we may also see more extortion attacks as hacktivists may shift to a profit model versus a cause model.

One major issue could be that companies and governments still really don’t know how to deal with hacktivism at all. People have been talking about it for around twenty-five years now. Companies and enterprises have an understanding of hacktivism and it ends at the words ideologically motivated. I think everyone can understand how and why that would be the case, but it's also indicative of a profound lack of self-awareness and little self-reflection.

The Co-Founder of DDOSecrets fears that this lack of self-reflection, coupled with the desire to control the situation, might lead to changes that could seriously put internet users at high risk.

The government will probably try to use industry-wide security problems exposed by hacktivists and whistleblowers as an argument for universal encryption backdoors that would further undermine security.

A better idea to tackle hacktivism would be for everyone to pay more attention to what is happening in and around the world. We have to stop just focusing on the technology; we need to gain an understanding of the geopolitical landscape of their own company – this also includes the world. People need to become more risk management-sided thinking while being deep into technology.

In the years to come, we might see more waves of attacks, many of which will be politically motivated.