Hacktivism is a new type of activism. Here’s an overview of the concept and activism groups like Anonymous, to name at least one that has made headlines through their attacks.

Gone are the days when activists only resorted to hitting the pavement and sitting in unauthorized places to draw attention to causes. The internet has changed advocacy, and hacktivism represents a new development.

Hacktivism is a combination of hacking and activism. It means misusing a computer or the internet, primarily by hacking into unauthorized networks, to expose a believed injustice.  

It’s important to note that protests and activism are protected activities, while hacking is illegal. 

The motivations of these digital vigilantes vary widely, as do their hacktivism attack types. Here’s a look into the concept of hacktivism, the groups who’ve made headlines, and their attacks that shaped the movement and the world.

Hacktivism explained: Definition and FAQs.

Hacktivism is the misuse of a computer or the internet, primarily by hacking into unauthorized networks, to expose a believed injustice. For a hacktivism definition, it’s a portmanteau of the words hacking and activism. And that’s the premise of hacktivism: carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online, digital, or cyber activism.

People who carry out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but to draw attention to a cause important to the hacktivist group. 

Hacktivism is much like activism in our physical world, whereby people disrupt to bring about change. One difference is that the disruption is entirely online and conducted anonymously.

Who do hacktivists target?

Hacktivists’ targets include government agencies, multinational corporations, and influential individuals. Hacktivists may target any group or individual they consider unjust or in the way of a particular cause.

What motivates hacktivists?

Hacktivists generally believe they’re acting altruistically for the public good. Like activism in our physical world, online activists seek to bring public attention to an important cause in hopes they’ll invoke change. 

This often means exposing and correcting perceived injustices. The nature of the perceived injustices might be political, social, or religious. 

  • Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
  • Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
  • Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.

What are hacktivism attacks?

Despite altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mainly conducted anonymously.

Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as antagonism, such as how we might see graffiti on billboards.

Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today. 

Types of hacktivism

10 hacktivism attack types

Hacktivism comes in many forms, each with its way of supporting a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are ten known types of hacktivism.       

  • Anonymous blogging is when a hacktivist blogs under an unknown name, often to protect a whistleblower from exposing an injustice. It could be considered a form of free speech.       
  • RECAP is software that provides free access to documents on the U.S.’s Public Access to Court Electronic Records (PACER) — RECAP is PACER spelled backward — to push a freedom-of-information agenda.       
  • Website defacement is when hacktivists change the visual appearance of a website, often to push messaging that underscores a cause important to the hacktivist group.       
  • Website redirects change the address of a website so that visitors are redirected to a site that supports a hacktivist’s agenda.       
  • Website mirroring is a workaround for censored websites whereby hacktivists copy a censored website and post it on a site with a modified URL for all to see. It promotes freedom of information.       
  • Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS) prevent targets from accessing their computers and sometimes crash websites by installing traffic-inundating malware.       
  • Virtual sit-ins are manual DoS or DDoS attacks in that they’re executed by individual users, not software, who repeatedly load web pages to overwhelm a site to the degree that the site crashes.       
  • Leaks are usually the result of an inside source or person sharing classified intelligence with hacktivists, who then share the intel publicly in hopes of causing incrimination, embarrassment, or change.       
  • Doxing is similar to a data leak in that hacktivists gather and expose intelligence publicly in hopes of causing incrimination, embarrassment, or change.       
  • Geo-bombing exposes the Google Earth location where YouTube videos are taken. It’s been used to reveal the location of political prisoners and detained human rights activists. 

6 notable hacktivist groups

Notorious hacktivist groups

Most hacktivist groups want to stay anonymous. Some are widely recognized and adopted an acronym as their name. Here are six known and notorious hacktivist groups.

1. Cult of the Dead Cow

Also known as cDc Communications, Cult of the Dead Cow is credited with coining hacktivism in 1996. That was in an email correspondence long after the group was founded in 1984 with a focus on hacking to promote human rights and freedom of information, particularly in China.

It eventually spun off two other hacktivist groups, Ninja Strike Force and Hacktivismo, which some regarded as moral models for hacktivism.

Hacktivismo fixated on anti-censorship so much that it swore off committing DoS attacks, which it considered a form of anti-censorship. The group published a “Hacktivismo Declaration” in 1999 as a code of conduct for other online activists.

2. Anonymous

When people think of hacktivism, many think of Anonymous. This international hacktivist group grew out of the online message board 4chan in 2003 and continues to make headlines. It aims to keep the internet transparent and favors more brazen hacktivism attack types to do it.

Anonymous has used DDoS attacks and doxing to disable government sites, steal sensitive info, vandalize commercial websites, and target high-profile political figures without leaving their computer chairs. One exception: the Million Mask March, an annual protest that started in 2013 as a physical display of the changes Anonymous represents.

3. WikiLeaks

Founded by Julian Assange, WikiLeaks is essentially a whistle-blowing organization. As the name indicates, its preferred hacktivism attack type is leaks, and it has been a hosting domain of leaked documents since its launch in 2006. 

In other words, it’s a publisher of leaked information. It has also been known to commit DDoS attacks. This occurred toward companies including Amazon, PayPal, Visa, and Mastercard when they followed U.S. government encouragement to halt services so WikiLeaks supporters couldn’t donate to WikiLeaks.

4. LulzSec

Formed in 2011 by former members of Anonymous, LulzSec is also known as Lulz Security. The Anonymous spin-off group has often targeted high-profile entities — including the FBI, the CIA, and Sony Corp. — to draw attention to weakened security systems and poor privacy protections.

5. DkD[||

DkD[|| is a French hacktivist whose preferred attack type is website defacing, including the U.S. Navy site, among thousands of others.

Motivated by political reasons and spreading messages against U.S. military policies, the single actor was once among the most-wanted hacktivists in France. He also was allegedly a 17-year-old teen, leading others to believe the attacks were motivated by a desire to show off technical skills versus express political viewpoints. 

6. Syrian Electronic Army

The Syrian Electronic Army emerged in 2011 to support Syrian President Bashar al-Assad. The group commits attacks it believes protect the president and Syria. Its preferred hacktivism attack type is DDoS attacks, including against U.S. agencies.

Hacktivism in the news: 8 high-profile attacks

The first-known hacktivism attack is traced to 1989, when an anti-nuclear group, The Realm, attempted to attack U.S. government networks. Hacktivism has evolved exponentially since, and hacktivism attacks are more frequent, occurring recently as the Covid-19 pandemic.

What are examples of hacktivism? For perspective, here are some of the most prominent headline-making cases of the 21st century.

DkD[|| on the U.S. Navy, 2003    

  • Motivation: Political
  • Type of attack: Website defacing 

Among DkD[||’s most high-profile hacktivist attacks was the defacement of a U.S. Navy server in 2003 with an anti-Bush message. The result? Not much. DkD[|| was arrested that same year. Their website was also defaced, with a message that the U.S. government now owned it. 

Anonymous’s Project Chanology, 2008     

  • Motivation: Social and religious   
  • Type of attack: DDoS attack 

Regarded as Anonymous’s first high-profile attack, the group performed a DDoS attack on the Church of Scientology. Why? Because the church attempted to remove a video of actor Tom Cruise affirming his affiliation with the church, and Anonymous viewed this as censorship. The DDoS attacks spurred an onslaught of prank calls and black faxes toward the church, and Anonymous rounded out its attack by doxing the church.

WikiLeaks’s exposure of the Afghan War log and Iraq War documents, 2010

  • Motivation: Political and social 
  • Type of attack: Leak 

The first of many high-profile attacks by WikiLeaks, the hacktivist group published around 75,000 pages about the U.S. War in Afghanistan, AKA the “Afghan War Diary,” in 2010. The classified documents contained intel on airstrikes that harmed civilians. The reason for the leak? The group wanted to promote the freedom of information and government transparency. And it worked to some degree, as WikiLeaks released the logs to media outlets such as The Guardian and The New York Times that ran with the story.

A few months after the Afghan War Diary leak, WikiLeaks published nearly 400,000 field reports about the Iraq War. The documents revealed that the civilian death count was much higher than initially reported. The Iraq War documents leak is among U.S. history’s most significant classified document leaks.

Anonymous’s Operation Darknet, 2011 + 2017   

  • Motivation: Social       
  • Type of attack: DDoS

In a move to oust illicit child content from the dark web, Anonymous carried out Operation Darknet in 2011. The result? Anonymous DDoSed around 40 anonymously hosted child pornography sites and then published the usernames of about 1,500 people who visited them. 

The group relaunched Operation Darknet in 2017 when it hacked servers on Freedom Hosting II — 50 percent of which were hosting child pornography, according to Anonymous. By some reports, this hack disabled 20 percent of the dark web.

LulzSec on Sony Corporation, 2011     

  • Motivation: Social      
  • Type of attack: Doxing (via SQL injection) 

In an attempt to make an example of Sony Corp.’s weak security measures, LulzSec committed a string of hacks on the company in 2011 that compromised the personal information of more than one million Sony users.

It did this through SQL injection to gather users’ confidential information like email addresses, passwords, birthdays, and home addresses and then posted that information on its website, essentially doxing Sony.

The result? For Sony users, around 100,000 saw their privacy compromised. It cost Sony at least $600,000 to recover from the disaster.

Syrian Electronic Army on the U.S. Executive Branch, 2013

  • Motivation: Political
  • Type of attack: Defacement

To tone down what they viewed as fabricated news about the Syrian government in 2013, the Syrian Electronic Army defaced Western news organizations by posting fabricated news on their websites and social media accounts

One instance involved a fake tweet from the Associated Press about President Barack Obama being injured in an explosion at the White House. This resulted in the Dow Jones dipping by about 140 points.

WikiLeaks’s leak of DNC emails, 2016       

  • Motivation: Political
  • Type of attack: Leak 

In the lead-up to the 2016 presidential election, WikiLeaks worked with a foreign intelligence agency to publish almost 20,000 emails and 8,000 email attachments from the Democratic National Committee (DNC). This included emails sent by presidential hopeful Hillary Clinton and correspondences with DNC donors that included confidential information like social security numbers that can be used to commit identity theft.

The U.S. Department of Justice has indicted at least 12 Russian hackers.

Anonymous on police brutality, 2020  

  • Motivation: Political and social      
  • Type of attack: DDoS and defacement 

Following the death of George Floyd in 2020, Anonymous sought to spotlight perceived corruption within the Minneapolis Police Department. It used a DDoS attack to do just that, disabling the department’s website. To further condemn police brutality, Anonymous crashed more police department sites nationwide and defaced other networks. 

Unless you’re a hacktivist, knowing someone can commit mass disruption in the stroke of a computer key is intimidating. No matter your stance on hacktivists, whether you view them as cybercriminals or cyber heroes, it’s wise to increase your cybersecurity and safeguard your devices from hacking. 

You never know who might be lurking.


Please enter CoinGecko Free Api Key to get this plugin works.