What is hacktivism?

Two masked members of Anonymous demonstrating during the Occupy protest on October 15, 2011 in The Hague
(Image credit: Shutterstock)

The often offensive form of cyber activism, hacktivism, is just as curious a concept as its analogue counterpart. Doing things that skirt the line between good and bad, all for a higher cause - worthy or not - is always guaranteed to divide onlookers. But, whatever your views are on hackers, it’s worth holding your judgement until you understand what hacktivism is and how it plays into the wider cyber security industry.

Hackers who carry out cyber attacks are the ones most associated with the concept of hacking. Cyber criminals have enjoyed a rewarding threat landscape over the past few years, especially since the advent of ransomware, which continues to be a scourge on the wider tech industry. Indeed, the business model for black hats is nuanced and successful. It’s no wonder there are so many of them.

But for every bad egg, there are a dozen good ones that stay on the right side of the moral line. Ethical hackers and penetration testers are two of the most well-known types of hacking experts that use their skills for good, to keep the bad guys at bay.

Hacktivists commonly fall somewhere in between these two groups, arguably leaning more into the nefarious side of the equation. The methods hacktivists use to complete their goals are often illegal ones, but whether you think their cause is for good or bad, they believe what they’re doing is right. Hacktivists can certainly operate on both sides of the good-bad gamut - we’ve seen it in play during Russia’s invasion of Ukraine. The latter’s ‘IT Army of Ukraine conducts daily attacks against Russian targets, and Russia-aligned hacking groups do the same right back. Then, of course, who could forget Anonymous - perhaps the most famous hacktivist collective of them all?

The history of hacktivism

Hacktivism has its roots in the early days of the internet when hackers primarily congregated on Usenet and message boards. Many of these early hackers were motivated by idealism, with a general tendency towards left-wing, anti-capitalist, and anti-corporate viewpoints. This, combined with a sense of anarchic mischief and a love of messing with people and systems, spurred numerous hacks protesting various social and political issues.

Hackers deployed various forms of malware against targets to disrupt their operations, hindering progress by rendering computer systems and networks unusable. An early example was the hilariously named Worms Against Nuclear Killers malware, which was released into NASA's networks in 1989 to protest the launch of the nuclear-powered rocket carrying the Galileo probe into orbit. The attack reportedly cost the project half a million dollars in lost time and resources, according to officials.

Who are the Anonymous hacking group?

A person wearing a Guy Fawkes mask as a symbol of the Anonymous hacking collective

(Image credit: Shutterstock)

Modern hacktivism, however, has been defined mainly by the group known as Anonymous. First emerging in the early 2000s, Anonymous was originally the collective name given to groups of users from the 4chan message boards, who would frequently band together to attack targets based on little more than an idle whim. These attacks ranged from relatively harmless pranks, such as ordering numerous pizzas to someone's house, to more vicious attacks such as carrying out DDoS strikes against websites or doxxing people.

What makes Anonymous unique is that it has no formal membership, controlling body or internal structure. Anyone can participate in its operations at will, and the targets and attack vectors it picks are determined by popular consensus amongst its members and fans. In its early days, Anonymous wasn't overly focused on political or ideological issues, preferring instead to target internet personalities that its members felt needed to be taken down a peg or two.


PowerEdge - Cyber resilient infrastructure for a Zero Trust world

Combat threats with an in-depth security stance


The group's first real foray into hacktivism came in 2008 when the group began a campaign of attacks against the church of Scientology. Operation Chanology, as it was known, included a week-long DDoS against the church's website, along with physical protests outside various Scientologist properties. The adoption by protestors of the Guy Fawkes mask from cult graphic novel V for Vendetta, incidentally, is what led to its now-iconic status as a symbol of hacktivism.

Following Project Chanology, Anonymous has also been heavily involved in various campaigns to foil attacks on internet freedoms. The group mounted significant efforts to fight the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA), both of which were accused of being efforts to censor the web. In more recent years, the group has been carrying out persistent attacks against the online arms of the terrorist group ISIS, targeting websites and social media accounts used to spread propaganda.

Most recently the group formed a stand against Putin’s invasion of Ukraine and has shouted loud and proud about its efforts in cyber space so far. Most notably, the group claimed it was able to replace the disinformation broadcast to the Russian public through state-affiliated media with genuine images and messages from inside Ukraine.

Hacktivism is often controversial. While many decry the use of objectively illegal cyber attacks, no matter how noble the cause, many applaud vigilante hackers like Anonymous and others for taking the law into their own hands.

Recent cases of hacktivism

The number of large-scale, international hacking operations most commonly associated with hacktivism has declined dramatically over the last 10 years, with IBM reporting a 95% drop in the number of hacktivist attacks between 2015 and 2019. According to Recorded Future, this could be due to the fact that, while corporate defences have improved over the years, the attack vectors, tools, and techniques used by hacktivist groups have remained largely unchanged since 2010.

However, this doesn’t mean that hacktivists have given up their efforts. In fact, multiple events from earlier this year have been considered to be symptoms of a resurgence of hacktivism, one of them being the storming of the US Capitol on 6 January 2021, videos of which were taken and uploaded onto right-wing social media site Parler by the rioters themselves. One hacker, known online as donk_enby, launched a collective action to gather the evidence of the Capitol lootings so that the perpetrators could be identified and prosecuted. Weeks later, donk_enby was asked by protesters in Myanmar to use her skills and platform to help identify numerous military contractors involved in the coup. According to Reuters, this ultimately led to the military leaders having their Google accounts suspended and sanctions imposed on them.

George Floyd mural in Manchester

(Image credit: Getty Images)

The new wave of hacktivism can be traced to May 2020, specifically after the murder of George Floyd at the hands of police officer Derek Chauvin. The event reportedly prompted Anonymous to shut down the website belonging to the Minneapolis Police Department, which is where Chauvin was stationed prior to his arrest and trial. When the site was finally restored, users were asked to complete a captcha in order to ensure they were not automated bots orchestrating a DDoS attack.

Two months later, hackers managed to breach the server of a major contractor working on behalf of the Russian intelligence service. They obtained 7.5TB of sensitive data and shared it freely with other hackers and journalists. Much of this included detailed information about sensitive government IT projects commissioned by the Federal Security Service of the Russian Federation (FSB).


In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth


Of course, the most recent high-profile example of activism at play is the conflict between Russia and Ukraine. The hacktivist efforts began even before the invasion as unknown hackers targeted the Belarusian railway network in a bid to stop Russian troops from mobilising near Ukraine's borders.

What followed was genuine cyber warfare, with forces from both sides attacking telecoms infrastructure, broadcast networks, government websites, and more. The war is thought to be the first ever to be fought across both kinetic and cyber space and even saw a Ukrainian government official assemble an online 'cyber army' from the early days of the war, known most commonly as the IT Army of Ukraine.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.