Hacktivism’s Cold War Turns Hot

  • Themes: Technology, War

Hacktivism's definitive role in the Ukraine-Russia conflict shows that the future of war is already here and it's digital.

Credit: Vincenzo Dragani / Alamy Stock Photo

The past two years have seen a resurgence of political hacks, with the vast majority of those being focused on the Russia/Ukraine conflict. Anonymous and other hacktivists, for example, have targeted Russian government and corporate organisations in support of Ukraine. These attacks have in turn given rise to responses from pro-Russian hacker groups. The unprecedented links between activist hacking and a real-life conflict between two sovereign states have given rise to the question: what is hacktivism? Hacktivism plays a central role in a digital activism tradition that stretches back thirty years, involving non-state actors that use digital technologies either to mobilise supporters for physical or online campaigns and protests, or to directly target and manipulate computer networks. Since the internet became widespread, cyberspace has offered plenty of possibilities for this new form of protest, and we have seen a range of groups take part in hacktivism, from the Critical Art Ensemble and the Electronic Disturbance Theater in the 1990s and early 2000s, to the present.

Hacktivism can be described as the use of computer and network access and reconfiguration techniques to transgress or challenge cybercrime laws in order to confer a political message or protest a particular policy. Over time, hacktivism has also embraced sensationalist hacks and vigilante actions that blur the lines between symbolic protests, civil disobedience and more coercive direct action.

Its historic roots date to the 1990s when groups started to organise online protests following the advent of the internet. The creation and actions of Anonymous a few years later made hacktivism a global phenomenon. Recently we have seen activity in Iran, where government sites have been hacked in support of protests against the regime’s oppression of women.

The Critical Art Ensemble (CAE) was one of the first groups to explicitly articulate hacktivist tactics in the 1990s. Created by a US artist and activist collective, its members included Steve Kurtz and Ricardo Dominguez, who went on to form the Electronic Disturbance Theater (EDT). Although they organised various artistic activist interventions, their main contribution to the field was the conceptualisation of Electronic Civil Disobedience: a virtual sit-in, attempting to create a digital version of the classic sit-in street demonstrations of the 1960s. This usually takes the form of denial-of-service attacks (DoS), whereby a large number of information requests are sent to flood a government or corporate website, or server, in an attempt to overload systems and deny legitimate user requests.

The most famous EDT ‘hacktion’ was designed to support the Zapatista movement in Mexico in a campaign directed at the North American Trade Agreement (NAFTA). NAFTA’s purpose was to create a free-trade zone incorporating Mexico, Canada and the US.  The Zapatistas withdrew to the rainforest when confronted by the Mexican army, but they transferred their guerrilla warfare strategy into a virtual one: they jump-scaled a media guerrilla event to a global level by inviting civil society actors from around the world to monitor the conflict, which forced the Mexican government into negotiations. As EDT stated: ‘To demonstrate solidarity with the Zapatistas, an estimated 10,000 people from all over the world participated in the sit-in on 9 September 1998 against the sites of President Zedillo, the Pentagon and the Frankfurt stock exchange, delivering 600,000 hits per minute to each’.

EDT did not see its activities as direct action, but as artistic performances combined with non-violent civil disobedience, which would become public in an attempt to gain political legitimacy and avoid legal repercussions. Today, the group in its original form has disbanded, although Ricardo Dominguez, one of its leading figures, is a US professor teaching digital activism. He continues to organise virtual protests, including virtual sit-ins on his university website protesting budget cuts in California’s education system.

Another example is the UK-based Electrohippies, best known for organising a virtual sit-in during the Seattle World Trade Organisation meetings in 1999. That relied on client-side distributed-denial-of service attacks (DDoS), whereby each client or end computer had to choose to initiate the attack on its own, requiring many people to join the hacktion. Electrohippies also managed to acquire the URL www.gatt.org, using this GATT address to create a parody of the WTO site, which looked identical to the genuine one, but was critical of WTO policies. The Electrohippies Collective stated that ‘we have to treat cyberspace as if it were another part of society. Therefore, we must find mechanisms for lobbying and protest in cyberspace to complement those normally used in real life’.

Hacktivist groups around the world came together during the anti-globalisation protests of that period. In the mid-2000s, Kein Mensch ist Illegal [No Person is Illegal], a more traditional political group, organised a virtual sit-in against Lufthansa in protest against the airline assisting in German government deportations. This resulted in one of the first hacktivism cases to reach the courts. The Frankfurt Appellate eventually found the sit-in analogous to free expression rather than illegal coercion, and acquitted the organisers. Although this caused some optimism in hacktivist ranks, it remains a unique precedent, as most prosecutions since have resulted in guilty pleas and convictions.

This initial era was characterised by groups engaged in defacements of websites and virtual sit-ins. Such activities focused on political topics and global causes. During this phase, there were no prosecutions, and hacktivists were often more open about their identities and activities, with clear leadership structures and a well-defined membership. But these trends shifted with the advent of Anonymous, which signalled a second wave of hacktivism. Important changes to the hacktivist’s modus operandi were introduced.

Hacktivism goes Anonymous

The most intense phase of hacktivism began with the birth of Anonymous in the latter half of the 2000s. For ten years or so, the vast majority of activities that attracted public, media, and law enforcement attention were organised by various branches of this fluid collective, which originated from www.4chan.org, a message- and image-board website with a diverse user base. From its inception, Anonymous has been more an umbrella identity than a group with a predefined membership. It includes users with different ideological and tactical orientations, who often converge under common aims. The lack of identifiable representatives is one of the main organisational weaknesses of the group, since it allows anyone to use the Anonymous identity to serve their own political or criminal goals.

Anonymous have often employed controversial and legally ambiguous tacticsreflecting their diverse ideologies and practices, as well as backgrounds. These have ranged from traditional virtual sit-ins and website defacements to database or website hacks and ‘doxxing’, the acquisition and release of private or confidential information, particularly relating to individual identities. This tactical diversity continues to this day.

The campaign that established Anonymous as a more overtly political collective was Operation Chanology, a campaign of online and physical actions protesting the Church of Scientology’s efforts to censor a Tom Cruise YouTube interview where he talked about his experience as a Scientologist. Although #OpChanology generated media interest, and even involved prosecutions of virtual sit-in protesters, Anonymous became the target of media and police attention more intensely during its Operation AvengeAssange in 2010. Anonymous organised virtual sit-ins against Visa, Mastercard, PayPal and Amazon to express their disapproval of the corporations’ denial of their services to Wikileaks following the first release of documents by its founder Julian Assange and his team. PayPal allegedly experienced service disruptions generating significant damage and loss of income, which led to the prosecution and conviction of fourteen protesters in the US and four in the UK.

Anonymous continued their controversial activity targeting corporations and state agencies and engaging with a variety of topics, from police brutality and paedophile rings to national revolutions, such as the Arab Spring protests, and even the fight against ISIS. Although some of those efforts drew praise from the mainstream, the prosecution of collective members combined with their lack of political accountability and some controversial campaigns – inaccurately exposing users as terrorist supporters, for example – led to a saturation point. The result was a serious decline by 2015 in both overall hacktivist activity and media interest.

Anonymous revival: hacktivism during the Ukraine conflict

The perfect storm created by the pandemic, the rise of working from home, a polarised political landscape and the Russian invasion of Ukraine revived hacktivism. With the start of war in Ukraine, hacktivist activity reached unprecedented levels, as Anonymous declared war against Russia and engaged in a wide array of hacks exposing information from Russian government agencies and corporations, and even taking control of Russian media to communicate the realities of the war to the Russian public. Ukraine’s then vice prime minister and minister of digital transformation, Mykhailo Fedorov, took to Twitter to ask for volunteers for ‘Ukraine’s IT Army’ in February 2022. This was followed by Ghostsec, allegedly an offshoot of Anonymous, joining the online battle in support of Ukraine, together with other groups including AgainstTheWest, SHDWsec, DeepNetAnon, Raidforums Admin, ContiLeaks, Secjuice, and KelvinSecurity. Russian hacking groups, which rallied in response, included Conti, the Minsk-based group ‘UNC1151,’ Zatoichi, Digital Cobra Gang, The Red Bandits, Killnet, XakNet, and Stormous Ransomware.

The most interesting dimension of this active involvement of Anonymous is that it constitutes the first time they have so openly and actively supported a particular country during a military conflict. This has caused some concern regarding the limits of hacktivism and whether such activities, and even the ‘umbrella’ name of Anonymous, could be used for alternative and less-benign political goals.To mask other states’ attacks against Russian targets, or even to allow the Russian government to claim these attacks constitute cyberwar, gave them an opportunity to escalate the physical assault against Ukraine, and online against targets beyond. In 2022, the UK and US governments expressed concerns that a cyberattack from Russia was feared due to the war-related sanctions imposed by the West. Hacktivism also sparked fears of similar retaliation against western targets. Hacktivist attacks against Russian or affiliated targets and related counter-attacks could also have unintended effects and harmful consequences, not only on Russian users, but on those operating outside Russian cyberspace. Hacktivist attacks could reinforce prior Russian efforts to create their own Russian Splinternet — following the footsteps of China’s two-decade old efforts behind its so-called Great Firewall. Such efforts have already taken place; attempts were made by the Russian government, for example, to prohibit access to Twitter.

In parallel, there has been the rise of Cyberpartisans in Belarus in the last 18 months. These are a dedicated hacktivist collective engaging in various tactics including data hacks and doxxing, while collaborating with various activist-led initiatives in the country. They seek to expose the corrupt and undemocratic practices of the Lukashenko regime. This effort demonstrates a targeted approach to hacktivism, even involving an official spokesperson. For the first time, a hacktivist collective is solely focused on national regime change and has developed legitimate ways of interacting with the media and the international community mimicking more traditional organisations. Consequently, they communicate messages, achievements and aspirations clearly and consistently. For example, during the hacktion against the Russian internet and media regulator Roskomnadzor, the Cyberpartisans claimed to have stolen internal documents about Roskomnadzor’s attempts ‘to establish total control over everyone who has spoken out against the Putin regime over the past 20 years’.

Contemporary events show us that hacktivism has become mainstream and is now an inevitable dimension of political conflicts, even those that end up in kinetic clashes between states, testing the virtual limits of symbolic, sensationalist hacks, vigilantism, cyberespionage, and even cyberwarfare. The call to arms by the Ukrainian government to hackers to join its ‘IT army’ is an explicit example of boundary-blurring between civil society protesters, vigilantes and militants, challenging the traditional idea of warfare.

Despite the risks, hacktivism globalises political issues and brings social injustices to the fore as it exposes information regarding corruption and authoritarian practices, attracting attention to legitimate causes. As new tools such as AI-enabled applications become more advanced, adding to the revolutionary developments of the metaverse and the internet of things, hacktivism is bound to become more sophisticated. This means more intense cybersecurity concerns for governments and corporations.


Vasileios Karagiannopoulos and Athina Karatzogianni