Hacktivism on the rise in wake of national protests
We heard a lot about hacktivism in the 2010s, mainly thanks to the group Anonymous, which infamously went after the Church of Scientology, websites that disallowed donations to WikiLeaks and the CIA.
Anonymous sort of went dark for a few years around 2017. But now, with protests continuing across the country, the group is back, taking down the website of the Minneapolis Police Department and acting as a megaphone for on-the-ground protesters.
I spoke with M.R. Sauter. They are an assistant professor in the College of Information Studies at the University of Maryland and author of “The Coming Swarm: DDoS Actions, Hacktivism, and Civil Disobedience on the Internet.” I asked them why Anonymous reemerged now. The following is an edited transcript of our conversation.
M.R. Sauter: For a while, there were no activating events. But the murder of George Floyd and the widespread public protests against police violence and white supremacy have been an activating event for millions of people. And Anonymous is very similar. They’re just another group of individuals who are being activated by actions and events that are happening outside of themselves.
Molly Wood: How effective really is Anonymous? What can they really do?
Sauter: So, this is the question of what effective activism is. What does “effective” mean? Anonymous has always been very good at creating highly mediated and highly, like, media-friendly events. And by media friendly, I mean that they’re big, they’re flashy, they’re sort of easy to cover as an event. And they have a very salient point of action. The downing of a website — that is a salient point of coverage. You can cover that as a news event. It’s hard to cover, like, white supremacy and systemic racism and violence as a story. But it’s easy to say the website of the Minneapolis Police Department was brought down yesterday by a group action by an activist group, and here’s the statement they put out for why they did it.
Wood: Can you describe for us some of the tactics that activists use to either disrupt or take down a target?
Sauter: Oh, there are so many. So DDoS or distributed denial of service, is when a lot of computers target one server at once. Servers can only handle so much traffic and can only handle so many requests. If they get too many, they will crash and produce a 404 or a 403 error. And when you are looking for that website, you will receive a “This connection timed out and we couldn’t find what you were looking for” [message], or your thing will just spin forever and ever and ever. There is actual hacking, offensive hacking, where you were actually sort of, quote unquote, breaking into a website and interacting with the code in a way that it was maybe not intended by the person who originated that code. There’s also other things like Google jacking where you, through repeated requests, manipulate the Google search results of a given phrase to lead to website suggestions, or automated suggestions that are funny or humorous or illuminating or ironic.
Wood: I guess I should ask you about the legality because technically, many of these actions are considered illegal and there have been real attempts at prosecution of specifically Anonymous members, right?
Sauter: Yes. So, when you are a street activist, and you’re participating in say, an unpermitted march, it’s known by your community that this is technically an illegal activity. Unpermitted marches are technically illegal, and [you know] that you will probably get arrested. But, it’s less understood that these types of hacktivist actions are classified as illegal under something called the Computer Fraud and Abuse Act, which is currently one of the only, and certainly the oldest piece of anti-hacking legislation in the U.S. And you can actually be subject to quite severe criminal and civil penalties for violating the CFAA, partially because it is a fraud statute. And the penalties get multiplied based on, quote unquote, how many people were affected, which is often read as this corporation has X million number of clients. Maybe all of them tried to access this website while it was down. And it was so damaging, it cost us X million dollars to fix it. People often plead out under these circumstances and they will take a lesser sentence or a lesser fine. As a result, we actually haven’t had a test case for activist actions prosecuted under the CFAA yet, simply because the threatened fines and threatened jail time are usually so egregious that people aren’t willing to take the risk.
Related links: More insight from Molly Wood
The updated version of Google jacking, it should be noted here, is basically what K-pop fans are doing by flooding racist hashtags on Twitter with videos of the band BTS.
We’ve got a little more reading about Anonymous and hacktivism over at marketplace.org.
And I can never talk about hacktivism and the charges that can be leveraged against people for digital intrusion without talking about Aaron Swartz, one of the creators of RSS, the invisible technology that lets you subscribe to and receive this podcast.
He was federally charged back in 2011 after he hacked a database of subscription-only scientific and literary journals to make them freely available.
And although the publisher dropped the charges and eventually made most of the journals freely available, the federal government continued to push for a conviction.
And, at 26, Aaron Swartz died by suicide.
There were attempts to reform the Computer Fraud and Abuse Act in the years after, but they stalled in Congress.
As it happens, there is a case pending in the Supreme Court right now that would clarify and potentially modernize the Computer Fraud and Abuse Act. There’s basically a judicial split over what the law says. One side believes it’s only a violation if you literally hack into a system, using, say, a stolen password or some other technological means. The other set of case law says violating terms of service, maybe even using a work computer for personal reasons, are also a violation of the law — an interpretation so broad that it would probably even apply to the K-pop fan action.
The CFAA was written in 1986 and pretty much hasn’t been updated since.
The future of this podcast starts with you.
Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.
As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.
Support “Marketplace Tech” in any amount today and become a partner in our mission.