Sensationalised and publicised by the Anonymous movement, Edward Snowden and the Arab Spring, hacktivism once seemed to have a very bright future indeed. But since 2015, hacktivist attacks have plummeted by 95%... could this be the death of hacktivism?
“We are Legion. We do not forgive. We do not forget. Expect us”. In 2007, the world discovered the Anonymous movement, a group of hacktivists whose rallying cry and famous Guy Fawkes’ masks quickly became memes. A flash of notoriety acquired through some spectacularly newsworthy action sowed the idea of David’s army fighting the all-powerful Goliaths on Earth, including the Church of Scientology in 2008, PayPal, Visa, MasterCard and Sony in 2010, Facebook in 2011, even the US city of Steubenville in 2012…
However, ten years on, the group has all but disappeared, and with it a certain idea of what hacktivism actually is. Hacktivist attacks have plummeted 95% since 2015, according to data published by IBM. So, what really happened?
At the root of hacktivism is the Internet
At their peak, at the turn of the 2010s, Anonymous were just about everywhere you looked, fuelling the myth. “Who could these people be? A neighbour? A young girl? A secretary? A caretaker? A student? A Buddhist? Whoever they were, one thing was certain - their organisation, which first emerged as a network of trolls, metamorphosed into a hotbed of resistance online”, explains Gabriella Coleman, an anthropologist at the University of New York who studied the movement at length in her book, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous.
In her opinion, Anonymous is “a protest movement born online but not limited to the online world, deploying their own action without coordination, converging on other protest movements. Anonymous is a banner anyone can claim, provided they use Anonymous’ attributes and take action on their behalf”. But a movement that wasn’t born by chance, emphasises Fabrice Epelboin, French specialist in hacktivism. “Anonymous was born out of the possibilities offered by a social environment unique to the Internet, in this case, 4chan. The conditions specific to 4chan (no archives, no history, no identity) gave way to these movements”.
Are hacktivists left-winged?
Telecomix, Lulzec, AntiSec… all very active in the early 2010s, these movements tried to become anti-establishment spaces to defend freedom of expression. They generally came from the left of the political spectrum. But it was only a question of timing, notes Fabrice Epelboin. “Hacktivism began with crypto-anarchists because they were ahead on technological skills and because they had developed a political vision of technology long before anyone else. But this doesn’t mean hacktivist methodologies are specific to crypto-anarchy, nor to the left in general”.
Let’s not forget the original meaning of the term hacker, which was defined as someone who wants to understand technology to master and/or disrupt it. “When we think of hacktivism, we tend to associate it with political activism. But in the early days of hacktivism, the main grievances centred around freedom of access to the Internet and information. Big companies were targeted just as much as parties, without political distinction”, explains Marco Genovese, Stormshield Product Manager.
To go from there to saying hacktivism was merely the tool of good people against the powerful is one step nobody here would take. “Does hacktivism work for the common good or justice? I don’t know. Above all, hacktivism seeks to demonstrate that another way is possible”, adds Marco Genovese. With this ability to play with constraints and end up where nobody expects. “Take the Greenpeace activists who unfurled a flag on the Eiffel Tower in France. The challenge wasn’t so much about climbing up there, but rather circumventing the police surveillance to do so. It’s the same with hacktivism”, explains Marco Genovese. “Beyond any claims or demands, there’s an element of it being a challenge. It’s this idea that you’re going to hack a system, not because it’s complicated, but because it's supposed to be off-limits”.
And when strikes against pension reforms began in France, what could be more symbolic than an attack taking one of the biggest employers’ unions in the country offline?
Target : https://t.co/W0Gb8YMttq
Attack : #DDoS
Status : #Offline #Greve17Decembre #ReformeRetraite #GiletsJaunes pic.twitter.com/tB4ZjD7lAa
— geejay (@th4t5me) December 17, 2019
Are we heading towards an economy of vulnerability?
It’s a challenge that titillates many hackers out there. Some have become masters in the art of sniffing out weaknesses and breaking through them, paving the way for an entire economy of vulnerability, where brokers and bug bounty hunters can monetise their skills, where we find many shades of grey between white and black hats.
Far from the ideal of certain hacker groups, like Chaos Computer Club who, with their ‘Hackerspace Global Grid’ project, wanted to build their own free and open Internet network. Or even those hackers who stepped out of the shadows to join NGOs, such as Telecomix who created #JHack with Reporters Sans Frontières, or the cyber-activists who relayed a Greenpeace action against Shell in 2013.
Most recently of all, hacker Phineas Fisher appeared to take inspiration from this economy of vulnerability by further exploiting it - he offered $100,000 to “hackers who carry out politically motivated hacks against companies that could lead to the disclosure of documents in the public interest” concerning banks and oil companies.
The hacker known as Phineas Fisher published a manifesto on Friday offering to pay hackers up to $100,000 to carry out politically motivated hacks against companies that lead to the disclosure of documents in the public interest. https://t.co/24EAUtVOay
— Kim Zetter (@KimZetter) November 17, 2019
Or towards hacktivism of hate?
That early hacktivism now seems a distant memory. On the one hand, the attacks were somewhat normalised, even industrialised by malware sold as a kit on the darknet, thus losing their wonder. “The first ransomware introduced a new approach to hacking. Lots of MaaS (Malware as a Service) platforms made attacks easier and more accessible. For many hacktivists, a campaign only makes sense if it’s original. People lose interest if it becomes part of a new normal”, analyses Marco Genovese.
Hacktivism isn’t dead, it’s constantly evolving.Fabrice Epelboin, French specialist in hacktivism
On the other hand, a new form of hacktivism has slipped under the radar, one more closely linked to the media and its alternatives. “In France, when Jean-Marie Le Pen was excluded from mainstream media, a certain section of the French population took refuge online. Three years on, Dieudonné was excluded and, again, a certain group of people took refuge in the online world. Then there were those who voted no in the referendum... Today, all these various parts of French public opinion can be found on the Internet”, explains Fabrice Epelboin. “They’ve developed the skills and discussions that simply don’t appear in the mainstream media. Hacktivism isn’t dead, it’s constantly evolving”. What’s clear is that hacktivism is no longer the preserve of hackers alone, it’s become a tool in the hands of various powers. As a result, two forms of hacktivism are particularly active today: media hacktivism – from the likes of Cambridge Analytica, the former American Vice-President of which Steve Bannon never hid his intention to interfere with European elections to install hard-right candidates in power – and terrorist hacktivism – such as ISIS, a large part of whose activities (recruitment, networking, communications and propaganda) take place online. A change of scale and unprecedented dialogue.
Tomorrow’s hacktivism will centre around states and citizens
“The most impressive softpower action online was clearly how Cambridge Analytica led to the election of Donald Trump”, explains Fabrice Epelboin. Behind this organisation we find Steve Bannon, but also Peter Thiel, Trump’s digital advisor, who is also the founder of PayPal and Palantir, a surveillance software used by several of the world’s intelligence agencies. Not to mention billionaire Robert Mercer, who funded Trump’s campaign and is one of the founding fathers of artificial intelligence. “These are IT geniuses getting into politics, and that’s crucial for understanding what’s really taking place”, insists Fabrice Epelboin. “Hacktivism isn’t dead, but it’s being recovered by the powerful, and we aren’t necessarily noticing”.
This is where we arrive at a new challenge, data. “It’s ironic that most hacktivists began their careers out of a desire to guarantee free access to online information”, notes Marco Genovese. “Today, the problem has been reversed, given data is so easily accessible. Even our personal data is now exposed online” and exploited by these new hacktivists.
Is something about to come along and wake this historic hacktivism from its slumber?