A portmanteau of hack and activism, hacktivism is the exploitation of technology to influence social or political change. Protests are often against government oppression, corporations’ actions, and online censorship, and they usually take the form of disrupting websites to cripple the targeted organizations.
Some hacktivist groups also engage in attacks for fun—or “lulz.”
Hacktivism is a form of “culture jamming,” a type of protest designed to subvert mainstream media. Participants are largely pseudonymous, meaning they are usually identified only by code names.
[Keep up with the latest in security. Sign up for the ExpressVPN blog newsletter.]
Methods of hacktivism
There are various types of actions that fall under the hacktivism umbrella, including:
Mirroring is used to give access to websites that are censored by governments. With this method, the entire content of a website is copied and replicated—or “mirrored”—on a different server. While the original site may be censored, the mirrored site won’t be.
A denial of service (DoS) attack is when a website or network is deliberately overwhelmed with automated server requests leading to a shutdown of service to legitimate visitors. This is done with a single computer. A distributed denial of service (DDoS) attack floods a website with server requests from multiple sources in order to slow down or completely block external traffic. Both scenarios involve the use of malware and bots to perform said attacks. Targets for these types of attacks usually include online gamers, video game streamers, political groups, and financial institutions.
This is similar to a DDoS attack but executed by people rather than as an automated measure by malware or bots. In this scenario, activists conduct an online sit-in and flood a website en masse with the intention to slow down access to the site or shut it down entirely.
Dox—an alternative spelling to docs (short for documents)—is the compilation and release of a person’s private documents or information. The term comes from the action of “dropping docs.” Doxing is regarded as a form of privacy violation.
This refers to the vandalism of a website where content and media is replaced with messaging that reflects a hacktivist’s point of view.
WikiLeaks is perhaps the most well known hacktivist group internationally. Started in Iceland in 2006, the group’s founder, Julian Assange, is a household name. WikiLeaks specializes in the collection and dissemination of “censored or otherwise restricted official materials involving war, spying, and corruption.” Since its inception, WikiLeaks has made headlines internationally for its high-profile leaks involving world governments.
Anonymous rose to prominence for its campaigns against high-profile targets, which have included DDoS attacks, public demonstrations, and cyber protests. Anonymous members are easily recognizable thanks to their adoption of Guy Fawkes masks—inspired by the graphic novel and film V for Vendetta—as an identifying symbol. The group was born from the site 4chan, where users are assigned random numbers to post anonymously, which is why they are colloquially referred to as “Anons.” Anonymous is known for taking on large companies and groups like the Westboro Baptist Church, the Church of Scientology, PayPal, Sony, and MasterCard.
LulzSec was a short-lived black hat hacktivist group active from May to June, 2011. LulzSec was founded by members of another group known as Internet Feds and its name is a portmanteau of “lulz”—a play on the term lol—and “sec” being short for security. Its main motivation seemed to be causing as much mischief as possible, hence its name—since everything was done “for the lulz.” Its motto was “Laughing at your security since 2011!” It has claimed responsibility for several high-profile attacks, including taking the CIA website offline, hacking the network of Bethesda Game Studios, and hacking servers for Sony Pictures.
Notable examples of hacktivism
Operation Payback was a series of coordinated DDoS attacks lasting several months at the end of 2010 by hacktivists connected to Anonymous. They were retaliating against a series of DDoS attacks from pro-copyright, anti-piracy, and governmental bodies on torrenting websites. The retaliatory attacks lasted several months.
In early 2008, a video interview with Tom Cruise on Scientology was uploaded to YouTube. The Church of Scientology pressured YouTube to remove the video, citing, among other things, copyright infringement. Unsurprisingly, Anonymous didn’t take this attempt at censorship lying down, and from early 2008 to late 2009, it launched a campaign against Scientology which involved DDoS attacks, prank calls, black faxes, and Google bombing.
During the Tunisian Revolution, Anonymous launched a series of DDoS attacks against various Tunisian government websites. Following growing tensions around censorship, lack of political freedoms, high unemployment, and subpar living conditions, citizens of Tunisia initiated countrywide protests. Anonymous began supplying Tunisian netizens with literature on how to topple their government along with other tools to handle the crisis. Following the revolution, there was a noticeable relaxation of internet censorship across the country.
In 2013, Anonymous had announced that they had obtained over 15,000 membership records of the North Korean state-controlled news website Uriminzokkiri with the claim that: “First we gonna wipe your data, then we gonna wipe your badass dictatorship ‘government.’” Anonymous then proceeded to take down the Uriminzokkiri website for a short period of time.
A joint effort between Anonymous and LulzSec, this operation involved a series of attacks against various government websites dedicated to computer security and cybercrime. The goal of the operation was to protest government censorship and internet surveillance. Copyright laws, racial profiling, and the War on Drugs have also been claimed as impetuses behind the inititative. Perhaps one of the more interesting outcomes involved the theft of credit-card details from law enforcement officers, which were then used to make donations to several charitable organizations.
Does hacktivism make a difference?
Like any other form of civil disobedience, hacktivism has its pros and cons—but their methods are largely considered illegal.
Given that motivations behind hacktivism efforts can range from harmless pranks to full-scale attacks, each event should be judged on a case-by-case basis.
On one hand, hacktivism can be a great way to get important information into the hands of those who truly need it—specifically those in areas of the world with strict censorship. It also draws attention to serious causes, which have included fights for democracy around the world. Conversely, hacktivism has endangered lives in real life and has exposed personal data.
From a cybersecurity standpoint, hacktivists can wreak havoc, but some security experts say that they have highlighted the need for greater online security within companies and government organizations to resist attacks.