hand holding binary stream between two folders

Gerald Bernard/Shutterstock magicoven/Shutterstock Jacob Lund/Shutterstock (Licensed) Remix by Jason Reed

Why hacktivism came roaring back in 2021

Hacks are back.


Mikael Thalen


Posted on Dec 16, 2021   Updated on Dec 16, 2021, 4:31 pm CST

Nearly a decade after the collective Anonymous unleashed a barrage of hacktivism across the internet, the digital realm is once again experiencing a significant uptick in hacking and online civil disobedience.

Politically-motivated hacking underwent a major resurgence in 2021, with governments, corporations, and prominent right-wing groups finding themselves squarely in the crosshairs.

The country, in an increasingly divided state due to partisan politicians and the coronavirus pandemic, reached a tipping point on Jan. 6 as supporters of former President Donald Trump stormed the Capitol.

The attack made abundantly clear the very real threat of pervasive conspiracy theories, which in many ways had become the norm among conservative circles.

And in the wake of years of building frustration over big tech and its platforms’ lack of inaction on bad actors roaming free, hackers found the only way to start affecting real change was to take matters into their own hands. In 2021, hacktivism came back.

In the wake of the riot, a hacker known as “donk_enby” quietly began archiving public posts made on Parler, a social media platform popular among Trump supporters where users openly boasted about their participation in the failed insurrection.

Although the aim initially was to scrape posts made only on Jan. 6, donk_enby quickly expanded her mission to secure all of the site’s public data. The decision was made just before the platform would go offline after Amazon pulled hosting services.

Amazon argued that Parler hadn’t done enough to clamp down on calls for violence. Parler claimed in return that it had repeatedly warned the FBI about “specific threats of violence being planned on the Capitol.”

In a statement to Gizmodo, donk_enby said she was able to obtain a staggering 56.7 terabytes of information. The data was said to include 99.9 percent of posts made on Parler as well as video files containing GPS coordinates. The metadata would ultimately reveal which Parler users had uploaded footage while trespassing inside the Capitol, allowing Congress and the FBI greater insight into the day’s events.

Vasileios Karagiannopoulos, Reader in Cybercrime and Cybersecurity at the University of Portsmouth, believes the polarization caused by the Trump presidency and the coronavirus pandemic created a perfect storm for a hacktivism revival.

“In my view, hacktivist trends go through peaks and troughs and we are bound to see similar surges when political tensions run high,” Karagiannopoulos said. “We see that the U.S. at the moment is going through a very intense political division and this is probably reflected in hacktivists’ efforts too.”

With Parler temporarily out of commission, the site’s exiled users would quickly find a new home on Gab. The platform, run by Christian fundamentalist and virulent antisemite Andrew Torba, would reportedly experience an 800 percent increase in traffic and double its user base as a result. 

But Gab would soon fall victim to the same security woes as Parler.

In February, the journalist collective Distributed Denial of Secrets (DDoSecrets), often heralded as the new WikiLeaks, announced that it had been provided with 70 gigabytes of data from Gab.

Obtained by a hacker who identified themselves as “JaXpArO and My Little Anonymous Revival Project,” the data included, according to WIRED, “not only all of Gab’s public posts and profiles—with the exception of any photos or videos uploaded to the site—but also private group and private individual account posts and messages, as well as user passwords and group passwords.”

Given the sensitive nature of the data, DDoSecrets opted not to make the information publicly available and instead granted access to select journalists, researchers, and social scientists. The massive breach once again stirred fear and unease among right-wing users, many of whom were forced to abandon Gab just as they had Parler.

Social media platforms weren’t the only targets. As noted by journalist and DDoSecrets co-founder Emma Best, hacktivism had already been making waves overseas but failed to garner the same attention in the U.S. as it did once far-right groups became the focus.

“I think the increase in hacktivism went well beyond the far-right, but that more than anything is what caught the public’s attention and imagination,” Best said.

But it wasn’t just politically motivated. It was ideological as well, as big tech entered the crosshairs of anti-surveillance hackers. 

In March, a group of hackers known as “Advanced Persistent Threat 69420” announced that they had gained access to the live feeds of roughly 150,000 surveillance cameras being run by the Silicon Valley startup Verkada Inc. The videos showed the inside of everything from hospitals and police departments to prisons and schools.

One of the hackers who claimed credit for the breach, Tillie Kottman, told Bloomberg at the time that the hack exposed “just how broadly we’re being surveilled.” Kottman’s apartment in Switzerland would be raided by police just days later. Less than a week after that, a grand jury in Washington state would indict Kottman for conspiracy, wire fraud, and aggravated identity theft over other alleged hacking incidents.

The indictment, according to a press release from the U.S. Department of Justice (DOJ), accused Kottman and co-conspirators of having hacked “dozens of companies and government entities” since 2019. Kottman remains in Switzerland and is confident that they will not be extradited to the U.S.

Speaking with the Daily Dot, Kottman weighed in on the state of hacktivism in 2021.

​​”I’m very glad to see how big hacktivism has become again and that activists in general are starting to appreciate it as a serious angle in a lot of the currently ongoing fight,” they said. “And while there is still definitely a lot of ‘lulz’ happening, as they should be, I appreciate the increased focus on talking politics directly.”

The focus on the far-right would only intensify as the year stretched on. With social media platforms such as Parler and Gab still recovering, hacktivists would go on to take aim at the very company that had hosted those sites to begin with.

Hackers claiming affiliation with Anonymous announced in September that they had thoroughly pilfered Epik, a hosting provider known for providing refuge to some of the internet’s most notorious websites.

Dubbed “Operation EPIK FAIL,” the hacktivist campaign would expose the company’s internal secrets in a series of increasingly damning leaks. The true owners of countless extremist websites that had long eluded researchers and journalists were no longer hidden. Websites that had been issued subpoenas by the FBI were brought to light. Even attempts by prominent far-right figure Ali Alexander to scrub his name from websites promoting election fraud conspiracy theories in the wake of Jan. 6 were exposed.

Ultimately, the hack affected more than 15 million people in total. Many everyday individuals who had merely trusted Epik’s claims of robust security would have their names, physical addresses, passwords, and credit card numbers exposed as well. 

“It appears that right-wing extremism is on the rise globally,” Karagiannopoulos added. “And it seems only natural that hacktivists would try to tackle these issues using their own tools and tactics.”

The militia group known as the Oath Keepers, which had begun using Epik’s services after Jan. 6, would also have their data leaked to DDoSecrets later that month. Although the hacker behind the breach did not reveal their identity or how they accessed the data, it is suspected that the Epik breach may have facilitated the hack.

The Oath Keepers, already under scrutiny for their involvement in the Capitol riot, had everything from their emails and internal chats to membership and donor lists exposed. Emails belonging to military personnel and government employees were riddled throughout the militia’s membership list.

The Texas GOP, another customer of Epik, would also be swept up in the hack. Tens of thousands of names, emails, phone numbers, and physical addresses, belonging primarily to Texas residents who had used the party’s website, were leaked online.

The incidents were just a handful of the prominent hacks to take place throughout 2021. Despite many believing that this year represented a peak in the world of hacktivism, Best, the DDoSecrets co-founder, argues that 2021 was merely part of an upwards trend.

“This year doesn’t feel like an isolated event or the crest,” Best said. “It feels like a growing wave of hacktivism.”

Share this article
*First Published: Dec 16, 2021, 7:00 am CST