Hacktivism: An overview plus high-profile groups and examples
September 8, 2021
Gone are the days when activists only resorted to hitting the pavement and sitting in unauthorized places to draw attention to causes. The internet has changed advocacy, and hacktivism represents a new development.
Hacktivism is a combination of hacking and activism. It means misusing a computer or the internet, primarily by way of hacking into unauthorized networks, to expose a believed injustice.
It’s important to note that protests and activism are a protected activity, while hacking is illegal.
The motivations of these digital vigilantes vary widely, as do their hacktivism attack types. Here’s a look into the concept of hacktivism, the groups who’ve made headlines, and their attacks that shaped the movement and the world.
Hacktivism explained: Definition and FAQs
Hacktivism is the misuse of a computer or the internet, primarily by way of hacking into unauthorized networks, to expose a believed injustice. For a hacktivism definition, it’s a portmanteau of the words hacking and activism. And that’s the premise of hacktivism: carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online activism, digital activism, or cyberactivism.
People who carried out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but rather to draw attention to a cause that’s important to the hacktivist group.
Hacktivism is much like activism in our physical world, whereby people cause disruption to bring about change. One difference is that the disruption is entirely online and conducted anonymously.
Who do hacktivists target?
Hacktivists targets include government agencies, multinational corporations, and powerful individuals. Hacktivists may target any group or individual they consider unjust or in the way of a particular cause.
What motivates hacktivists?
Hacktivists generally believe they’re acting altruistically for the public good. Similar to activism in our physical world, online activists seek to bring public attention to a cause that’s important to them in hopes they’ll invoke change.
This often means exposing and correcting perceived injustices. The nature of the perceived injustices might be political, social, or religious.
- Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
- Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
- Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.
What are hacktivism attacks?
Despite any altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mostly conducted anonymously.
Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as a form of antagonism, such as the way we might see graffiti on billboards.
Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today.
Types of hacktivism
Hacktivism comes in many forms, each with its own way to support a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are 10 known types of hacktivism.
- Anonymous blogging is when a hacktivist blogs under an anonymous name, oftentimes to protect a whistleblower who is exposing an injustice. It could be considered a form of free speech.
- RECAP is software that provides free access to documents on the U.S.’s Public Access to Court Electronic Records (PACER) — RECAP is PACER spelled backward — to push a freedom-of-information agenda.
- Website defacement is when hacktivists change the visual appearance of a website, oftentimes to push messaging that underscores a cause important to the hacktivist group.
- Website redirects change the address of a website so that visitors are redirected to a site that supports a hacktivist’s agenda.
- Website mirroring is a workaround for censored websites whereby hacktivists copy a censored website and post it on a site with a modified URL for all to see. It promotes freedom of information.
- Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS) prevent targets from accessing their computers and sometimes crash websites by installing traffic-inundating malware on them.
- Virtual sit-ins are sort of a manual DoS or DDoS attack in that they’re executed by individual users, not software, who repeatedly load web pages to overwhelm a site to the degree that the site crashes.
- Leaks are usually the result of an inside source or person sharing classified intelligence with hacktivists, who then share the intel publicly in hopes of causing incrimination, embarrassment, or change.
- Doxing is similar to a data leak in that hacktivists gather intelligence and expose it publicly in hopes of causing incrimination, embarrassment, or change.
- Geo-bombing exposes the Google Earth location where YouTube videos are taken. It’s been used to reveal the location of political prisoners and detained human rights activists.
6 notable hacktivist groups
Most hacktivist groups want to stay anonymous. Some are widely recognized and adopted an acronym as their name. Here are six known and notorious hacktivist groups.
1. Cult of the Dead Cow
Also known as cDc Communications, Cult of the Dead Cow is credited with coining the term hacktivism in 1996. That was in an email correspondence long after the group was founded in 1984 with a focus on hacking in the name of promoting human rights and freedom of information, particularly in China.
It eventually spun off two other hacktivist groups, Ninja Strike Force and Hacktivismo, both of which some regarded as being moral models for hacktivism.
Hacktivismo fixated on anti-censorship so much that it swore off committing DoS attacks, which it considered a form of anti-censorship. The group went on to publish a “Hacktivismo Declaration” in 1999 as a code of conduct for other online activists.
When people think of hacktivism, many think of Anonymous. This international hacktivist group grew out of the online message board 4chan in 2003 and continues to make headlines. Its aim is to keep the internet transparent, and it favors more brazen hacktivism attack types to do it.
Anonymous has used DDoS attacks and doxing to disable government sites, steal sensitive info, vandalize commercial websites, and target high-profile political figures — all without leaving their computer chairs. One exception: the Million Mask March, an annual protest that started in 2013 as a physical display of the changes Anonymous represents.
Founded by Julian Assange, WikiLeaks is essentially a whistle-blowing organization. As the name indicates, its preferred hacktivism attack type is leaks, and it has been a hosting domain of leaked documents since its launch in 2006.
In other words, it’s a publisher of leaked information. It has also been known to commit DDoS attacks. This occurred toward companies including Amazon, PayPal, Visa, and Mastercard when they followed U.S. government encouragement to halt services so WikiLeaks supporters couldn’t donate to WikiLeaks.
Formed in 2011 by former members of Anonymous, LulzSec is also known as Lulz Security. The Anonymous spin-off group has targeted high-profile entities — including the FBI, the CIA, and Sony Corp. — often to draw attention to weakened security systems and poor privacy protections.
DkD[|| is a French hacktivist whose preferred attack type is website defacing, including the U.S. Navy site, among thousands of others.
Motivated by political reasons and spreading messages against U.S. military policies, the single actor was once among the most-wanted hacktivists in France. He also was allegedly a 17-year-old teen, which has led others to believe the attacks were motivated by a desire to show off technical skills versus to express true political viewpoints.
6. Syrian Electronic Army
The Syrian Electronic Army emerged in 2011 as a supporter of Syrian President Bashar al-Assad. The group commits attacks it believes protect the president and Syria. Its preferred hacktivism attack type is DDoS attacks, including against U.S. agencies.
Hacktivism in the news: 8 high-profile attacks
The first-known hacktivism attack is traced to 1989, when an anti-nuclear group, The Realm, attempted to attack U.S. government networks. Hacktivism has evolved exponentially since, and hacktivism attacks are more frequent, occurring as recently as the Covid-19 pandemic.
What are examples of hacktivism? For perspective, here are some of the largest, headline-making cases of the 21st century.
DkD[|| on the U.S. Navy, 2003
- Motivation: Political
- Type of attack: Website defacing
Among DkD[||’s most high-profile hacktivist attacks was the defacement of a U.S. Navy server in 2003 with an anti-Bush message. The result? Not much, actually. DkD[|| was arrested that same year. Their personal website was defaced, as well, with a message that the U.S. government now owned it.
Anonymous’s Project Chanology, 2008
- Motivation: Social and religious
- Type of attack: DDoS attack
Regarded as Anonymous’s first high-profile attack, the group performed a DDoS attack on the Church of Scientology. Why? Because the church attempted to remove a video of actor Tom Cruise affirming his affiliation with the church and Anonymous viewed this as censorship. The DDoS attacks spurred an onslaught of prank calls and black faxes toward the church, and Anonymous rounded out its own attack by doxing the church.
WikiLeaks’s exposure of the Afghan War log and Iraq War documents, 2010
- Motivation: Political and social
- Type of attack: Leak
The first of many high-profile attacks by WikiLeaks, the hacktivist group published around 75,000 pages about the U.S. War in Afghanistan, AKA the “Afghan War Diary,” in 2010. The classified documents contained intel on airstrikes that harmed civilians. The reason for the leak? The group wanted to promote the freedom of information and government transparency. And it worked to some degree, as WikiLeaks released the logs to media outlets such as The Guardian and The New York Times that ran with the story.
A few months after the Afghan War Diary leak, WikiLeaks published nearly 400,000 field reports pertaining to the Iraq War. The documents brought to light that the civilian death count was much higher than initially reported. The Iraq War documents leak is among the largest classified document leaks in U.S. history.
Anonymous’s Operation Darknet, 2011 + 2017
- Motivation: Social
- Type of attack: DDoS
In a move to oust illicit child content from the dark web, Anonymous carried out Operation Darknet in 2011. The result? Anonymous DDoSed around 40 anonymously hosted child pornography sites and then published the usernames of about 1,500 people who visited them.
The group relaunched Operation Darknet in 2017 when it hacked servers on Freedom Hosting II — 50 percent of which were hosting child pornography, according to Anonymous. By some reports, this hack disabled 20 percent of the dark web.
LulzSec on Sony Corporation, 2011
- Motivation: Social
- Type of attack: Doxing (via SQL injection)
In an attempt to make an example of Sony Corp.’s weak security measures, LulzSec committed a string of hacks on the company in 2011 that compromised the personal information of more than one million Sony users.
It did this by way of SQL injection to gather users’ confidential information like email addresses, passwords, birthdays, and home addresses and then posted that information on its website, essentially doxing Sony.
The result? For Sony users, around 100,000 saw their privacy compromised. For Sony itself, it cost at least $600,000 to recover from the disaster.
Syrian Electronic Army on the U.S. Executive Branch, 2013
- Motivation: Political
- Type of attack: Defacement
To tone down what they viewed as fabricated news about the Syrian government in 2013, the Syrian Electronic Army defaced Western news organizations by posting fabricated news on their websites and social media accounts.
One instance involved a fake tweet from the Associated Press about President Barack Obama being injured in an explosion at the White House. This resulted in the Dow Jones dipping by about 140 points.
WikiLeaks’s leak of DNC emails, 2016
- Motivation: Political
- Type of attack: Leak
In the lead-up to the 2016 presidential election, WikiLeaks worked in association with a foreign intelligence agency to publish almost 20,000 emails and 8,000 email attachments from the Democratic National Committee (DNC). This included emails sent by presidential hopeful Hillary Clinton, as well as correspondences with DNC donors that included confidential information like social security numbers that can be used to commit identity theft.
At least 12 Russian hackers have been indicted by the U.S. Department of Justice.
Anonymous on police brutality, 2020
- Motivation: Political and social
- Type of attack: DDoS and defacement
Following the death of George Floyd in 2020, Anonymous sought to put the spotlight on perceived corruption within the Minneapolis Police Department. It used a DDoS attack to do just that, disabling the department’s website. To further condemn police brutality, Anonymous crashed more police department sites around the country and defaced other networks.
Unless you’re a hacktivist, it’s intimidating knowing someone can commit mass disruption in the stroke of a computer key. No matter your stance on hacktivists, whether you view them as cybercriminals or cyber heroes, it’s smart to increase your cybersecurity and safeguard your devices from hackings.
You never know who might be lurking.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.