At a time when U.S. agencies and thousands of companies are fighting off major hacking campaigns originating in Russia and China, a different kind of cyber threat is re-emerging: activist hackers looking to make a political point.
Three major hacks show the power of this new wave of “hacktivism” – the exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus.
And the U.S. government’s response shows that officials regard the return of hacktivism with alarm. An indictment last week accused 21-year-old Tillie Kottmann, a Swiss hacker who took credit for the Verkada breach, of a broad conspiracy.
“Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft and fraud,” Seattle-based Acting U.S. Attorney Tessa Gorman said.
According to a U.S. counter-intelligence strategy released a year ago, “ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations,” are now viewed as “significant threats,” alongside five countries, three terrorist groups, and “transnational criminal organizations.”
Earlier waves of hacktivism, notably by the amorphous collective known as Anonymous in the early 2010s, largely faded away under law enforcement pressure. But now a new generation of youthful hackers, many angry about how the cybersecurity world operates and upset about the role of tech companies in spreading propaganda, are joining the fray.
And some former Anonymous members are returning to the field, including Aubrey Cottle, who helped revive the group’s Twitter presence last year in support of the Black Lives Matter protests.
Anonymous followers drew attention for disrupting an app that the Dallas police department was using to field complaints about protesters by flooding it with nonsense traffic. They also wrested control of Twitter hashtags promoted by police supporters.
“What’s interesting about the current wave of the Parler archive and Gab hack and leak is that the hacktivism is supporting antiracist politics or antifascism politics,” said Gabriella Coleman, an anthropologist at McGill University, Montreal, who wrote a book on Anonymous.
Gab, a social network favored by white nationalists and other right-wing extremists, has also been hurt by the hacktivist campaign and had to shut down for brief periods after breaches.
Most recently, Cottle has been focused on QAnon and hate groups.
“QAnon trying to adopt Anonymous and merge itself into Anonymous proper, that was the straw that broke the camel’s back,” said Cottle, who has held a number of web development and engineering jobs, including a stint at Ericsson.
He found email data showing that people in charge of the 8kun image board, where the persona known as Q posted, were in steady contact with major promoters of QAnon conspiracies.
The new-wave hacktivists also have a preferred place for putting materials they want to make public – Distributed Denial of Secrets, a transparency site that took up the mantle of WikiLeaks with less geopolitical bias. The site’s collective is led by Emma Best, an American known for filing prolific freedom of information requests.
Best’s two-year-old site coordinating access by researchers and media to a hoard of posts taken from Gab by unidentified hackers. In an essay this week. Best praised Kottmann and said leaks would keep coming, not just from hacktivists but insiders and the ransomware operators who publish files when companies don’t pay them off.
“Indictments like Tillie’s show just how scared the government is, and just how many corporations consider embarrassment a greater threat than insecurity.
The core allegation is that the Lucerne software developer and associates broke into a number of companies, removed computer code and published it. The indictment also said Kottmann spoke to the media about poor security practices by the victims and stood to profit, if only by selling shirts saying things like “venture anticapitalism” and “catgirl hacker.”
But it was only after Kottmann publicly took credit for breaching Verkada and posted alarming videos from inside big companies, medical facilities and a jail that Swiss authorities raided their home at the behest of the U.S. government. Kottmann uses non-binary pronouns.
“This move by the U.S. government is clearly not only an attempt to disrupt the freedom of information, but also primarily to intimidate and silence this newly emerging wave of hacktivists and leaktivists,” Kottmann said in an interview.