Hacktivism: a social cause or a cybercrime?

What is hacktivism?

Hacktivism involves the use of hacking or related techniques to promote a political and social agenda. Common hacktivist causes include human rights, the freedom of information, and issues around free speech.

These hackers will usually attack governments and corporations, with the goal often being to raise public awareness of an issue, or simply to disrupt the target’s activities. Hacktivist tactics include leaking private information, launching DDoS attacks, and defacing websites with political messages.

Hacktivists will claim that they’re working for the greater good, but in the eyes of the law that’s not always a convincing defence. Hacktivism itself sometimes lies on the border of cybercrime, as recent events in Switzerland have shown.

What happened in Switzerland?

The case of Till Kottmann shows that being a hacktivist is still a risky business. This 21-year-old Swiss hacker was recently indicted for conspiracy, wire fraud, and aggravated identity theft. They allegedly accessed files from Nissan Motor Co, Intel Corp, and Verkada, a security-camera provider. The hacker also shared some of this data online.

Apparently, Kottmann discovered a Verkada admin’s username and password in an unencrypted subdomain. The hacktivist claims that the hack was an easy job and just involved logging into a web UI with a high-privileged user account.

Kottmann explained that the leaked footage obtained from the security-camera provider illustrates the scope and danger of mass surveillance. They claim to have acted as a hacktivist, rather than a cybercriminal. However, authorities insist that such leaks increase the vulnerabilities of corporations and consumers.

Hacktivism and the law

Hacktivists have always had a very strained relationship with the law. Very often legal institutions ignore the hacktivists’ ideological agenda and see their activities as simply criminal acts. This is especially evident in cases where attacks have been made against the state.

One of the most popular pro-hacktivist arguments claims that digital protest movements should be treated as similar to physical ones. According to academics at George Washington University, hacktivism could be protected in the US by the First Amendment, which covers freedom of speech, freedom of the press, the right to assembly, and the right to petition government.

They also argue that current cyber laws are not effective in dealing with these forms of protest. Countering the argument that heavy legal penalties are a necessary deterrent, the researchers also pointed out that most forms of hacktivism can be prevented if governments and corporations implement proper security practices.

The Computer Fraud and Abuse Act

Despite the ethical arguments in favor of hacktivism, the legal response can be unforgiving. In the US, the Computer Fraud and Abuse Act drives most hacktivism cases, allowing for both criminal and civil lawsuits.

This legislation has some particularly contentious features. According to cybersecurity researcher Doctor Molly Sauter, the more people who are impacted by a hacker’s actions the harsher their punishment. If a service with thousands of users is hacked, a prosecution can argue for unreasonably harsh sentencing, based on the number of people impacted.

The judicial system still lacks nuance when it comes to dealing with hacktivism and, even with the best intentions, hacktivism remains a high-risk activity.

Hacktivists VS. the law

Every hacktivism case is unique, and they don’t always result in a conviction. Here are just a few of the many notable examples to illustrate the varied motivations and legal outcomes involved.

The Anonymous PayPal attack

In 2011, 14 people from the hacktivist group Anonymous were arrested for a DDoS attack on the PayPal website. The attack was part of an operation that intended to expose “corporate interests controlling the internet and silencing the people’s rights to spread information.” The defendants avoided jail time.

Aaron Schwartz and the JSTOR

Famous hacktivist Aaron Schwartz was convicted after initiating hundreds of PDF download requests per minute from the JSTOR digital library. He faced what many believed to be disproportionately harsh sentences, including 35 years in prison, and tragically committed suicide. While the inciting incident is not really classed as an act of hacktivism, it’s an example of the heavy and often inappropriate legal response to transgressive hacking.

The Jeremy Hammond case

Jeremy Hammond is another notable hacker, who was imprisoned due to his political activities. Hammond hacked the website of the Protest Warrior, the pro-war right-wing group. He accessed members’ credit card numbers, which he intended to use to donate to left-wing groups. He was eventually sentenced and spent two years in jail.

The debate rages on

As these incidents show, the issue is not black-and-white, and it raises many uncomfortable questions. Is hacktivism a justifiable method of promoting social causes or just another form of cybercrime? The governments and businesses targeted will almost always say it’s a crime, but many will still claim that the ends justify the means.

As hacking becomes an ever more powerful tool for social justice movements around the world, the debate looks set to continue.