Hacktivists: What They Are

Whether or not hacktivism is a good thing depends on who you are

Signs that say no stop strike end protest no more

Hacktivism (or hactivism) is the unique blend of the words “hacking” and “activism,” and has surfaced as people use the internet to demonstrate for political or social causes. Those people are sometimes called social justice warriors (SJWs)

For most of human history, people have actively demonstrated in one way or another, either against or for something that they feel passionately about. That could include picketing outside City Hall offices, writing letters to the editor of a local paper to protest an upcoming policy, or organizing a sit-in at a university.

All of these protests have something in common: they're geographically localized, with most, if not all of the people involved coming from that local area in person.

Then comes the internet, where protests change. Because it can connect people from all over the world regardless of location, demonstrating for or against a cause becomes decidedly different.

Hacktivism and activism are related. However, hacktivism is different in that it’s done mostly digitally. Hacktivists (people involved in these efforts) usually aren’t after financial gains, but instead are looking to make a statement of some kind. The primary purpose behind hacktivism is hacking for a cause. Instead of civil disobedience, it's digital disruption using the internet as a crucial foundational tool to carry their message all over the world.

Hacktivists use resources found online — both legal and those that would be considered illegal — in their pursuit of the messages that are important to them; mostly around political and human rights issues.

Why Has Hacktivism Become So Popular?

A Georgetown article on the rise of hacktivism said this in 2015 about why hacktivism has become so popular:

Hacktivism, including state-sponsored or conducted hacktivism, is likely to become an increasingly common method for voicing dissent and taking direct action against adversaries. It offers an easy and inexpensive means to make a statement and inflict harm without seriously risking prosecution under criminal law or a response under international law. Hacking gives non-state actors an attractive alternative to street protests and state actors an appealing substitute for armed attacks. It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.

Hacktivists can gather under the banner of causes around the world without the need to travel anywhere, which is both empowering to the individual and group for actions and digital disruption efforts.

Because access to the web is relatively low-cost, hacktivists can find and utilize free, easy-to-learn tools in order to carry out their operations. In addition, because these efforts are primarily online, there's relatively low risk to people involved physically. There's also minimal legal risk since most of these hacktivism campaigns aren't pursued by law enforcement agencies unless they pose some kind of physical or financial harm.

What Are Common Targets for Hacktivists?

Because the resources that hacktivists use are all online, anything and anyone can conceivably become a target. While the goal of hacktivism is ostensibly to bring more awareness to a particular issue, many hacktivist campaigns go further than that, causing at the very least distraction and irritation, with many actions ending in service disruption, loss of reputation, or data compromises.

The world is online, thus the targets of hacktivism are legion. Hacktivists have targeted foreign governments, large corporations, and prominent political leaders. They’ve also gone after local governmental entities, including police departments and hospitals.

Many times hacktivists are most successful when going after these smaller sized organizations simply because they're not prepared security-wise to defend themselves against sophisticated digital protests.

Is Hacktivism Good or Bad?

The simplest answer is that it can be seen as good or bad, depending on what side you might be landing on.

For example, there have been several instances of hacktivists working together to promote avenues for free speech, especially in countries with authoritarian policies that restrict access to information. Most people would see this as an example of good hacktivism.

Many people might confuse hacktivism with cyberterrorism. The two are similar in that they're both carried out mostly online, but that’s where the similarities end. Cyberterrorism aims to cause severe harm (such as bodily casualties and/or financial damages). Hacktivism focuses on raising awareness around a particular issue.

Most hacktivism would be considered illegal under a number of domestic and international statutes. However, since the damages incurred in most hacktivist activities are considered relatively minor, few of these cases actually are carried through to prosecution. In addition, because of the global nature of hacktivism and the anonymous face of most of the people involved, it’s difficult to track down who's actually responsible.

Some would argue that hacktivism falls under the banner of free speech and should be protected accordingly; others would say that the fallout from these efforts goes against free speech into harm of both corporations and individuals.

What Are Common Types of Hacktivism?

As the internet continues to evolve, there'll be more and more resources hacktivists can take advantage of to pursue their causes. Some of the most common tactics used in hacktivism include the following:

  • Doxing: Doxing, short for “documents”, or “docs” refers to the process of finding, sharing, and publicizing personally identifying information of people on the web on a website, forum, or other publicly accessible venue. This could include full legal names, addresses, work addresses, phone number, email addresses, financial information, and much more.
  • DDoS: Short for Distributed Denial of Service, this is one of the more common types of hacktivism simply because it’s so effective. A DDoS attack is the coordinated use of many computers to push a huge amount of traffic onto a website or internet-connected device, with the ultimate goal being to make that device go completely offline. Hacktivists have used this bandwidth hack successfully to pull down banking websites, online stores, etc.
  • Data Breaches: We’re probably all familiar at this point with the idea of identity theft. These data breaches encroach on personally identifying information and use this data to commit fraud, apply for loans and credit cards, register fake accounts, and transfer money illegally, stealing intellectual property, launch phishing attacks, and much more.
  • Vandalizing/Hijacking of Online Properties: This is one of the more popular hacktivism activities, cracking the code into the back end of a targeted website with the intended effect being to disrupt the website’s message in some way. This could include completely defacing the website itself or disrupting functionality so that users are unable to access.

This last one also applies to hacking social media properties. Hacktivists gain access to their targets’ social media accounts and post information that supports their messages.

Because many entities have a wide variety of online properties, the possibilities are fairly wide open for hacktivists. Social media targets include Facebook, Twitter, Pinterest, LinkedIn, and YouTube. Public-facing internet properties such as websites, corporate intranet, and email structures are also targets. Public informational services like ISPs, emergency services, and telephone services are also at risk from hacktivists looking to make their mark.

Hacktivism Examples

The rise of hacktivism will continue, especially as the tools with which to carry out significant digital disruption are so easily accessed. Here are a few examples of hacktivism:

  • In 2016 and 2017, hackers launched a cyberattack against the state of Michigan’s website regrading the Flint water crisis, they targeted government websites belonging to the state of North Carolina in a protest about a law regarding transgender people, and continued with an attack on the city of Baton Rouge’s website following a fatal police shooting of a black man.
  • The personal data of over 1.3 million people in Montana was breached and exposed by hackers via the state Department of Public Health and Human Services systems.
  • Police computer systems in Ferguson, Missouri were attacked by hacktivists to reveal the personal identity of people involved in a controversial police action.
  • Rumors of foreign involvement in U.S. presidential elections include not only foreign government involvement, but individual hacktivist organizations looking to make a definitive political statement. This includes the WikiLeaks cache of hacked Democratic National Committee (DNC) emails by anonymous hacktivists.
  • Many hacktivists operate on an individual basis to protest against what they see as injustices, but for some, banding together with an organization seems to make more sense to give them more resources. One of the most well-known hacktivist organizations is a network simply called Anonymous, a group that has claimed responsibility for several of the more infamous hacktivist exploits in recent years.

How to Guard Against Hacktivism

While there will always be vulnerabilities that savvy hackers will be able to exploit, it’s smart to take precautions. The following are suggestions that can help you stay safe against unwanted intrusions from an outside source:

  • Use a reputable antivirus software and firewall program
  • Monitor your public-facing accounts on the internet — this includes email, websites, social media, file transfer services, etc.
  • Be careful that none of your personally identifying information is available online, and erase anything that you don't want people finding
  • Update your systems and defense programs on a regular basis to guard against potential threats

There’s no fail-safe way to guard against an individual or organization that's determined to carry out a hacktivist activity, but it’s prudent to prepare as much as possible in order to have a secure defensive strategy in place.