Hacktivism, Leaktivism and the Future

The future will be written, as it always is, by those who are willing to engage.

In many ways, 2020 and 2021 have been unprecedented in terms of hacktivism and leaktivism. In 2020, they were singled out by the United States' counterintelligence strategy as "significant threats" alongside ISIS, Al-Qaida, Iran, Russia and China. 2020 set a record for the most information leaked to the public in a single year, one that was quickly smashed by the first months of 2021 with the Parler hack. In yet another unprecedented move, this data was used in the second impeachment of then-President Trump.

Yet despite all the unprecedented recent events, 2020 and 2021 also feel very familiar to some of us. The mood has been similar to that of Anonymous' highs in 2010, 2011 and 2012. Instead of groups like LulzSec, we have people like Keyser Soze and groups like APT-69420. Documents and source code spilled onto the internet, to the horror of governments and corporations. And inevitably, the raids began and indictments began to be returned. 

Arguably the first to fall was Tillie Kottmann, the face of APT-69420, in March 2021 when fae (Tillie is non-binary and uses the neo-pronouns fae/faer) was raided in Switzerland and then indicted in a case that the FBI had been building a case since September. Faer server was seized, and the Department of Justice began publicly talking about an alleged international conspiracy. For faer part, Tillie has always acknowledged faer work.

While members of Anonymous from the days of LulzSec/AntiSec and Op. Payback worked to keep their flashbacks (metaphorical and literal) under control, the media faced a significant decision about what role to cast Tillie in. A few weeks earlier, fae had blown the whistle on vulnerabilities fae found in surveillance systems that extended to over 150,000 cameras and gave access to root shells in places like Cloudflare. Rather than exploit this for personal gain, Tillie blew the whistle and contacted the press about the glaring vulnerabilities, and the horrifying behavior the surveillance systems revealed inside of jails and mental hospitals.

As a show of gratitute, the U.S. government had the Swiss police move up a raid of Tillie's apartment by a week. The indictment singled out Tillie's contact with journalists as overt acts in faer "criminal conspiracy", as well as faer sale of hacking themed shirts on TeePublic. There's no doubt that Tillie's a whistleblower, but we quickly saw parts of the press begin to debate how fae could possibly be a whistleblower or a hero while the U.S. government alleges fae're a criminal.

 As if Marcus Hutchins hadn't already answered that question for us.

While just a few weeks earlier, people were hailing a new age of hacktivism and predicting that it would continue to be a force in the coming years, people suddenly had questions about it. What did the raid and indictment change? The Chilling Effect was almost instantaneous, an undoubtedly intentional effect created by the U.S. government. 

In reality, the government's actions have likely done little to effect the ecosystem. APT-69420 was excellent at catching the public's eye, but it's far from the only recent hacktivists we've seen (names like JaXpArO & My Little Anonymous Revival Project come to mind). And thanks to ransomware groups, hacktivists aren't the only non-insider sources available to fuel journalists.

But it's only the history of hacktivism and leaktivism that journalists will write: their future is up to you.

One doesn't need to hack into systems to be a hacktivist. Some of the most meaningful hacktivism being done today fuels data journalism by helping journalists parse and cross-reference existing datasets that are otherwise too dense or inaccessible. Programmers, cryptographers and hacktivists are designing tools like Cwtch and contributing to projects that enhance or leverage Tor.

The leaktivist ecosystem can become even more diverse and engage the public far more. Simply by reading, sharing and discussing the leaks, you're a part of the ecosystem. When you support the platforms that don't ban leaktivists, you support the leaktivists. Seeding and mirroring data enriches the data ecosystem in one of the simplest and purest ways possible. Supporting media outlets that engage with leaked and hacked data not only encourages but enables them to do so, while supporting the ones that don't gives them no reason to change. Petitioning lawmakers helps protect both sources and publishers, and ensures the impact of their work.

And the impact can be real. Even as my fingers flit over the keyboard, legislation in Maine is pending that would defund their fusion center in response to a whistleblower, BlueLeaks, and the tireless reporting of independent journalists in Maine. Truth has an impact, regardless of the respectability politics some people choose to engage in when it comes to the alleged sources.

Ten years ago, WikiLeaks fought censorship by making it easy to mirror their site and leaks. Today, while Distributed Denial of Secrets (DDoSecrets) faces the scrutiny of the U.S. government and continues to fight our server seizure, we're fighting censorship by making not just our data, but our model easy to mirror. Groups like DDoSecrets can be dismantled if governments are truly determined to oppress and suppress, but we're as easily replicated as the Anonymous model or the APT-69420 model. The world can no longer be rid of hacktivists or leaktivists, not as long as people are willing.

It's a brave new world, and indictments like Tillie's show just how scared the government is, and just how many corporations consider embarassment a greater threat than insecurity.