Hacktivists: What They Are

Whether or not hacktivism is a good thing depends on who you are

what is hacktivism

“Hacktivism” is a unique blend of the words “hacking” and “activism” which has surfaced as people use the internet to demonstrate for political or social causes.Those people are sometimes called "SJW" or social justice warriors

For most of human history, people have actively demonstrated in one way or another against –or for – something that they feel passionately about. That could include picketing outside of City Hall offices, writing letters to the editor of a local paper to protest an upcoming policy, or organizing a sit-in at a university. All of these protests have something in common: they are geographically localized, with most, if not all, of the people involved in the protest coming from that local area in person.

Enter the internet. Because it can connect people from all over the world regardless of geographical location, demonstrating for or against a cause becomes decidedly different. 

Hacktivism and activism are related; however, hacktivism is different in that it’s done mostly digitally. Hacktivists (people involved in these efforts) usually aren’t after financial gains; instead, they are looking to make a statement of some kind. The primary purpose behind hacktivism is hacking for a cause; instead of civil disobedience, it is digital disruption using the internet as a crucial foundational tool to carry their message all over the world.

Hacktivists use resources found online, both legal and those that would considered illegal, in their pursuit of the messages that are important to them; mostly around political and human rights issues.

Why Has Hacktivism Become So Popular?

journal article from Georgetown on the rise of hacktivism said this in September 2015 about why hacktivism has become so popular:

“Hacktivism, including state-sponsored or conducted hacktivism, is likely to become an increasingly common method for voicing dissent and taking direct action against adversaries. It offers an easy and inexpensive means to make a statement and inflict harm without seriously risking prosecution under criminal law or a response under international law. Hacking gives non-state actors an attractive alternative to street protests and state actors an appealing substitute for armed attacks. It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.”

Hacktivists can gather under the banner of causes around the world without the need to travel anywhere, which is both empowering to the individual and group for actions and digital disruption efforts.

Because access to the Web is relatively low-cost, hacktivists can find and utilize tools that are free and easy to learn in order to carry out their operations. In addition, because all these efforts are primarily online, there is relatively low risk to people involved physically as well as legally since most of these hacktivism campaigns are not pursued by law enforcement agencies unless they pose some kind of physical or financial harm.

What Are Common Targets for Hacktivists? 

Because the resources that hacktivists use are all online, anything and anyone can conceivably become a target. While the goal of hacktivism is ostensibly to bring more awareness to a particular issue, many hacktivist campaigns go further than that, causing at the very least distraction and irritation, with many actions ending in service disruption, loss of reputation, or data compromises.

“The weapon is much more accessible, the technology is more sophisticated,” said Chenxi Wang, a vice president in charge of security at Forrester Research. “Everything is online your life, my life which makes it much more lethal.” – Hacktivism: Where Next for Hackers with a Cause

The world is online, thus the targets of hacktivism are legion. Hacktivists have targeted foreign governments, large corporations, and prominent political leaders. They’ve also gone after local governmental entities, including police departments and hospitals. Many times hacktivists are most successful when going after these smaller sized organizations simply because they are not prepared security-wise to defend themselves against sophisticated digital protests.

Is Hacktivism Good or Bad?

The simplest answer is it can be seen as good or bad, depending on what side you might be landing on.

For example, there have been several instances of hacktivists working together to promote avenues for free speech, especially in countries with authoritarian policies that restrict access to information. Most people would see this as an example of good hacktivism.

Many people might confuse hacktivism with cyberterrorism. The two are similar in that they are both carried out mostly online, but that’s where the similarities end. Cyberterrorism aims to cause severe harm (such as bodily casualties and/or financial damages). Hacktivism aims to raise awareness around a particular issue.

Most hacktivism would be considered illegal under a number of domestic and international statutes, however, since the damages incurred in most hacktivist activities are considered relatively minor, few of these cases actually are carried through to prosecution. In addition, because of the global nature of hacktivism and the anonymous face of most of the people involved, it’s difficult to track down who is actually responsible.

Some would argue that hacktivism falls under the banner of free speech and should be protected accordingly; others would say that the fallout from these efforts goes against free speech into harm of both corporations and individuals.

What Are Common Types of Hacktivism?

As the Internet continues to evolve, there will be more and more resources hacktivists can take advantage of in order to pursue their causes. Some of the most common tactics used in hacktivism include the following:

Doxing: Doxing, short for “documents”, or “docs” refers to the process of finding, sharing, and publicizing personally identifying information of people on the Web on a website, forum, or other publicly accessible venue. This could include full legal names, addresses, work addresses, phone number, email addresses, financial information, and much more. Learn more about doxing. 

DDoS: Short for “Distributed Denial of Service”, this is one of the more common types of hacktivism simply because it’s so effective. A DDoS attack is the coordinated use of many computer systems in order to push a huge amount of traffic to a website or Internet-connected device, with the ultimate goal being to make that website or device go completely down. Hacktivists have used this tactic successfully to pull down banking websites, online stores, websites, etc.

Data Breaches: We’re probably all familiar at this point with the idea of identity theft. These data breaches encroach on personally identifying information and use this data to commit fraud, apply for loans and credit cards, register fake accounts, and transfer money illegally, stealing intellectual property, launch phishing attacks, and much more.

Vandalizing/Hijacking of Online Properties: This is one of the more popular hacktivism activities, cracking the code into the back end of a targeted website with the intended effect being to disrupt the website’s message in some way. This could include completely defacing the website itself, disrupting functionality so users are unable to access, and/or posting the hacktivist’s messaging.

This also applies to hacking into social media properties. Hacktivists gain access to their targets’ social media accounts and post information that supports their messaging.

Because many entities have a wide variety of online properties, the possibilities are fairly wide open for hacktivists. Social media targets include Facebook, Twitter, Pinterest, LinkedIn, and YouTube. Public-facing internet properties such as websites, corporate intranet, and email structures are also targets. Public informational services such as ISPs, emergency services, and telephone services are also at risk from hacktivists looking to make their mark.

What Are Some Examples of Hacktivism?

The rise of hacktivism will continue especially as the tools with which to carry out significant digital disruption are so easily accessed. Here are a few examples of hacktivism:

  • In 2016, hackers launched a cyberattack against the state of Michigan’s main website to draw attention to the Flint water crisis. In May, they targeted North Carolina government websites to protest a controversial state law requiring transgender people to use bathrooms that match the sex on their birth certificate. And in July, they took aim at the city of Baton Rouge’s website after the fatal police shooting of a black man. – PBS.org, Hacktivists Launch Cyberattacks Against Local State Governments
  • The personal data of over 1.3 million people in Montana was breached and exposed by hackers via the state Department of Public Health and Human Services systems.
  • Police computer systems in Ferguson, Missouri were actively attacked by hacktivists seeing the personal identity of people involved in a controversial police action.
  • Rumors of foreign involvement in U.S. presidential elections include not only foreign government involvement, but individual hacktivist organizations looking to make a definitive political statement. This includes the WikiLeaks cache of hacked Democratic National Committee (DNC) emails by anonymous hacktivists.
  • Many hacktivists operate on an individual basis to protest against what they see as injustices, but for some, banding together with an organization seems to make more sense to give them more resources. One of the most well-known hacktivist organizations is a network simply called Anonymous, a group that has claimed responsibility for several of the more infamous hacktivist exploits in recent years.

How to Guard Against Hacktivism

While there will always be vulnerabilities that savvy hackers will be able to exploit, it’s smart to take precautions. The following are suggestions that can help you stay safe against unwanted intrusions from an outside source:

  • Use a reputable virus protection and detection program
  • Monitor your public facing accounts on the Internet – this includes email, websites, social media, file transfer sites, etc.
  • Be careful that none of your personally identifying information is available online (see How to Stay Safe Online for more information)
  • Update your systems and defense programs on a regular basis in order to guard against potential threats

There’s no fail-safe way to guard against an individual or organization that is determined to carry out a hacktivist activity, but it’s prudent to prepare as much as possible in order to have a secure defensive strategy in place.