Hackers wear a lot of different hats. The ethical ones have their white hats on, the bad guys wear the black hats, according to the traditional tech-y lingo. Also bandied about are terms such green hat hackers (the fledgling ones new to the digital scene), blue hats (I’m fuzzy on their definition), and red hats (a little like white hats, with an edge).
Hacktivists, though, they appear to wear some sort of slurry-colored hat, so muddled are the various motivations and desires of this particular cyber-savvy group. Per a 2012 Advisen/Zurich whitepaper, “hacktivism is the technology world’s approach to political activism. Unlike conventional hacking, cyber-attacks against businesses or government agencies are not for financial gain, but rather are intended to cause embarrassment and reputational damage.”
Hacktivism represents a 21st century take on civil disobedience. Were Henry David Thoreau around now, he’d likely be holed up in Ralph Waldo Emerson’s basement disrupting government websites and posting libertarian screeds on message boards rather cooling his jets for a night in a Massachusetts jail cell and picking flowers around Walden Pond.
However, although his beliefs and goals of opposing slavery, war, and excessive government intervention were laudable, Thoreau was also a bit of an insufferable prat. It’s rather easy to “simplify, simplify” when your mom and your richer friends jump at the chance to bail you out of trouble and give you a free patch of land for your two-year camping trip. If the mouthpiece of a movement isn’t necessarily walking the walk, it offers up a dichotomy for the ages.
Hacktivists? It’s a similar moral pickle. Many of the ideals and principles that they stand for – protest of police brutality, corporate misdeeds, and oppression of civil rights, for a few examples – are noble and warrant opposition. However, their methods of peaceful protest also happen to be illegal. Hacktivism can also ultimately affect more innocent bystanders than the intended target, nor are targets always comprehensible – take, for instance, the hacking of the website of one of my favorite local bars, Backbar (or Hackbar, as it were), in the name of ISIS. As with all forms of cyber risk, attribution for most hacktivist acts is difficult and usually comes down to a group taking responsibility – – and many of those groups aren’t wholly or even a little altruistic.
Although Anonymous first came to attention in 2003, hacktivists of all allegiances gained steam following the WikiLeaks revelations, courtesy of former federal employee Edward Snowden, he of the now-notorious sticky fingers. As he blew the whistle on more and more National Security Agency (NSA) secrets, public opinion varied widely. For some, Snowden was a modern-day hero, fighting government abuses. For others, his actions were downright un-American and threatened national security. Now the Second Circuit of the United States Court of Appeals has said, why, yes, the NSA’s surveillance activities are indeed sketchy and not allowed by the PATRIOT Act, and that lends an air of authenticity to Snowden’s efforts.
Hacktivism can’t be labeled purely as good or bad. In its purest, positive form, it draws attention to a cause and creates social change. Somewhere in the middle dwell the messy, disruptive attacks that seem to serve only to entertain the perpetrators. In its worst iteration, it is merely mislabeled cyber terrorism. As ever, the key is to safeguard systems – but adding hint of social responsibility, transparency, and ethical business practices can’t hurt.