What is hacktivism?

From Julian Assange to Anonymous, the Clinton email leaks to the Arab Spring, nowadays hacktivism has become infamous.  At its core, the term is a fusion of hacking and activism. In practice, it conveys connotations of ethics, politics, and social activism. Some hacktivists have strong political motivations, while others fight for freedom of speech, human rights, or transparency through whistleblowing.

Some groups embrace the label openly, announcing themselves as hacktivists on the about page of the businesses they create. Others operate in the shadows, launching anti-capitalist cyberattacks or cyberterrorism against corporations they accuse of harming society.

Other hacktivists shy away from cybercrime, favoring softer forms of digital resistance, such as anonymous blogging or information freedom campaigns. These individuals are closer to traditional activists, but consider themselves part of a hacktivist group by association.

In this guide, we’ll explore the origins of hacktivism, the types of cyberattacks used, and the difference between ethical hacking and criminal hacktivism—including doxxing, website defacement, DDoS attacks, data breaches, information leaks, and cases of digital civil disobedience.

History and origins of Hacktivism

Ready to learn more about hacktivism? Where better to start than with its origins?

Cult of the Dead Cow

Hacktivism traces its roots back to the mid-1980s, when the Cult of the Dead Cow was founded. The group of like-minded individuals included musicians and bulletin board system operators from across the US and Canada. It published hacker ezines, and by the 1990s had launched HoHoCon—the first hacker convention of its kind. In 1994, the group declared war on Scientology. While the campaign didn’t amount to much, it is widely accepted as the first hacktivist operation. More broadly, the group helped seed the concept of hacktivism and promoted the idea of sharing music online through the MP3 format.

Chaos Computer Club (CCC)

While not strictly a hacktivist group, Germany’s Chaos Computer Club (CCC) is one of the most influential voices supporting hacker culture and hacktivism. Founded in 1981, the CCC has long advocated for transparency in government, freedom of information, and the right to free communication.

The group is known for criticizing legislation that threatens privacy and digital rights. It also organizes the annual Chaos Communication Congress (which is Europe’s largest hacker convention) and produces magazines and radio programs focused on technology, security, and digital activism.

Anonymous

By the noughties, hacktivists had become a bit more naughty. Hacktivism shifted from a primarily social and idealistic movement to something more active and confrontational. Anonymous grew out of 4chan, an imageboard where users posted anonymously without registration or usernames.

The hacking collective became notorious for adopting the Guy Fawkes mask, popularized by the movie V for Vendetta. It is well known to the public for its slogan:

The first Anonymous conviction came in 2009, when 19-year-old American Dmitriy Guzner pled guilty to a DDoS attack against the Church of Scientology. Since then, authorities have arrested dozens of hackers for involvement in Anonymous operations and prosecuted them in the US, UK, Australia, the Netherlands, Spain, and Turkey.

Although Anonymous often claims to fight for social justice and freedom of speech—and won praise for supporting movements like the Arab Spring and Occupy Wall Street—its message is not always clear. Critics argue that it is difficult to pin down the intent of thousands of loosely connected members, many of whom clash internally and frequently contradict one another.

The group is widely seen as a loose network of individuals working under the Anonymous banner, with no central leadership and no single set of goals

Project Chanology

Project Chanology is widely considered the first active hacktivist operation, and its target choice can be traced to the influence of the Cult of the Dead Cow. The campaign began in 2008 after the Church of Scientology attempted to scrub a leaked Tom Cruise interview from the internet. Anonymous members saw this as blatant censorship and rallied their hacktivist troops to fight back.

The operation targeted Scientology with coordinated digital attacks, including the first major hacktivist-led DDoS campaign. It quickly expanded offline, with Anonymous supporters staging street protests outside Scientology centers, their faces hidden behind Guy Fawkes masks.

Project Chanology transformed Anonymous from a prank-driven subculture into a political hacktivist collective. It also brought the first conviction of an Anonymous member: 19-year-old Dmitriy Guzner, who was sentenced to 366 days in a US federal prison for his role in the DDoS attacks.

Operation Payback

In 2010, Anonymous launched Operation Payback in response to a wave of anti-piracy crackdowns. The campaign began with DDoS attacks against law firms and copyright groups targeting torrent websites.

Members soon threw caution to the wind and broadened the scope of their attacks. Payback shifted to Visa, Mastercard, and PayPal after those companies cut off services to WikiLeaks for publishing US diplomatic cables.

Anonymous framed these actions as defiance, punishing financial corporations for enforcing political censorship. The attacks briefly disabled some of the world’s largest payment platforms and put hacktivism firmly in the public eye, gaining traction across global media outlets. For supporters, the campaign felt like a victory in the fight for freedom of information.

Critics, however, saw it differently. Governments, law enforcement, and even groups like the Pirate Party UK and the United States Pirate Party argued the campaign had crossed the line from activism into cybercrime, and it reignited debates about the ethics of hacktivist methods.

Escalation into Cybercrime

The popularity of Anonymous following Operation Payback served as a catalyst for hackers and script kiddies worldwide. Inspired by the publicity and sense of power that Anonymous had achieved, new groups emerged that were less motivated by freedom of access and speech, and more interested in chaos, disruption, and fame.

In 2012, LulzSec gained attention for cyberattacks against Sony Pictures, PBS, and even the US Senate website. Unlike Anonymous, which often tried to frame its efforts in political or ethical terms, LulzSec leaned into showmanship—carrying out data breaches and leaks simply “for the lulz.”

Other groups, such as AntiSec, GoatSec, the Syrian Electronic Army (SEA), Lapsus$, and more recently, SiegedSec, followed in those footsteps. They used loosely defined political posturing to excuse opportunistic DDoS attacks, data dumps, and even extortion attempts – further blurring the line between hacktivism and cybercrime.

Although many people still view these groups as part of the resistance to censorship, corporate power, and perceived political corruption, critics argue they are little more than vandals and thieves, loosely cloaking their actions in political slogans.

Worse still, these groups helped set the stage for the next evolution in hacking: the rise of fully fledged criminal operations, including a surge in state-sponsored advanced persistent threat (APT) groups.

These government-backed hackers borrowed hacktivist tactics but applied them with darker intent: espionage, financial theft, and cyberwarfare, often veiled as hacktivism against the West.

What are the most famous hacker groups?

We already covered the most famous hacktivist groups, like Anonymous, LulzSec, AntiSec, and SiegedSec. Below, we will take a look at the most well-known criminal hacking groups that try to conceal their activities as hacktivism. These cybercrime gangs borrow the aesthetics of hacktivism to disguise their true motives.

These criminal hacking groups’ primary focus is financial gain, often through blackmail, data ransom, or large-scale fraud. The goal is to extort large sums of money, usually in harder-to-trace cryptocurrencies like Bitcoin. Some of these gangs operate with government backing, which means their actions are used for espionage, to fund wars, and as weapons in cyberwarfare.

Lazarus Group (APT38)

The Lazarus Group first appeared in 2009, operating out of North Korea. It has regularly attempted to conceal its true motives and identity by mimicking hacktivist-style tactics and posing as anti-West protestors.

For example, it previously used the name “Guardians of Peace” to conceal its true identity and appear to be a hacktivist group. In reality, Lazarus is backed by the North Korean government, and its actions are driven entirely by the state’s financial and political goals.

Lazarus has carried out high-profile attacks against Sony Pictures (2014), the Bangladesh Bank (2016), and later unleashed the global WannaCry ransomware outbreak (2017).

It is estimated that the group has stolen over $2 billion USD through cyberheists, ransomware, and cryptocurrency theft. This makes it one of the most profitable hacking groups in history. Lazarus remains highly active, frequently targeting banks, crypto exchanges, and defense contractors.

Moses Staff

This is an Iranian IRGC-linked hacker group that combines hacktivism-like social media presence with ransomware and espionage activities. Largely seen as a criminal gang, it attempts to veil its true criminal activities behind a veil of anti-Western rhetoric. Among its hacktivist-like tactics, it has used website defacement.

GhostWriter (UNC1151)

This illegal hacking collective is believed to be based in Belarus or Russia. The hackers try to disguise their cyber-espionage as hacktivist campaigns, especially during geopolitical flashpoints. For example, they were active during the 2020 Belarusian presidential election and in disputes involving Poland and the Baltic states, where they promoted anti-NATO narratives.

Andariel and Moonstone Sleet

These North Korean hacking gangs have both used fake hacktivist brands to hide the criminal and state-sponsored objectives behind their ransomware and extortion attacks.

How does Hacktivism work?

In its purest form, hacktivism works by creating publicity for a cause or ideal. It is often described as “digital civil disobedience” rather than outright cybercrime.

Hackers use “soft” cyber attacks and methods such as DDoS attacks, website defacement, anonymous blogging, website mirroring, culture jamming, media hacking, and reality hacking to put a spotlight on the organizations, corporations, or government activities they disagree with.

Hardcore hacktivists, however, do sometimes spill over into cybercrime when they believe the objective is worth it. This may involve doxing, data leaks, information leaks, or even full-scale data breaches, framed as acts of whistleblowing to prove that an individual, government, or corporation is corrupt or attempting to conceal harmful objectives.

What are the philosophy and ethics of Hacktivism?

Hacktivist activities are meant to fuel conversation and grassroots debate on issues such as internet censorship, human rights, freedom of speech, information freedom, the right to private communication, and broader social change.

How do people join hacktivist groups?

It’s actually much easier than you think. Organisers recruit on public platforms: social media, encrypted chat apps, even multiplayer games, and invite volunteers to pitch in. This means anyone who agrees with the cause can take part.

Campaign leaders give active users ready-made tools, scripts, or step-by-step instructions, which lowers the bar for doing more serious activities like DDoS attacks or sharing leaked files.

Organizers encourage participants to believe in collective anonymity by using handles and privacy tools like Tor, but this creates a false sense of security. In reality, law enforcement and security teams monitor channels, track patterns, and prosecute individuals. This increases the legal risks, especially for inexperienced “script kiddies.”

What are the primary goals of hacktivism?

This depends on the group and the operation they are engaged in. However, the main goals tend to be:

• Freedom of speech
• Human rights
• Opposition to censorship
• Anti-corruption
• Anti-war

Is Edward Snowden a hacktivist?

In many ways, yes, Edward Snowden can be considered a hacktivist. Although he didn’t hack into the NSA from the outside, Snowden was working on the inside when he stole and leaked classified information. He did this to uphold personal beliefs that align closely with the core values of genuine hacktivist groups – transparency, accountability, and the public’s right to know.

The Snowden revelations (NSA files) revealed the vast scale of surveillance carried out by the US and its allies (including the UK and other members of the FIVE EYES), sparking a global conversation about privacy and government overreach.

Supporters argue this was a public service, but officials still deemed his actions illegal. They cited his breach of non-disclosure agreements and the perceived threat to national security. For this reason, Snowden has lived in exile in Russia. Observers believe he will remain there for life to avoid trial in the United States, where prosecutors accuse him of treason and espionage.

Famous Hacktivism cases and examples

Want to know more about famous cases of hacktivism? Below, we have included the most important ones.

• Anonymous vs Scientology (2008): Anonymous launched Project Chanology, hitting the Church of Scientology with DDoS attacks, prank calls, and street protests after it tried to censor a leaked Tom Cruise video. The campaign propelled Anonymous into the limelight and helped define hacktivism as a tool of political protest.
• Arab Spring Support (2010–2012): During the Arab Spring uprisings, Anonymous supported protesters by attacking government websites in Tunisia, Egypt, and other countries. They also aided protesters in gaining access to privacy tools for bypassing censorship and sharing information online (including VPNs). This demonstrated how hacktivism can actively support movements fighting for democracy and human rights.
• Operation Darknet (2011 – 2017): Anonymous targeted around 40 child pornography sites on the dark web. The campaign helped expose users and led to the shutdown of multiple illegal platforms. It remains one of the best examples of hacktivism being used for social justice. As well as to support law enforcement via digital means.
• Aaron Swartz JSTOR Hack (2013): Aaron Swartz was a computer programmer, writer, and activist. He became well known for spreading JSTOR files to make academic journals freely available. His hacktivism rapidly became a symbol in the fight against paywalls. His tragic death brought global attention to digital activism and the ideals of freedom of access.

The Clinton email leaks

The Hillary Clinton email leaks rank among the most famous cyberattacks tied to hacktivism. In 2016, a hacker calling himself Guccifer 2.0 claimed he had breached Clinton’s private email server. But the truth was far more complex—the hacktivist angle was false.

Russian state-sponsored groups Cozy Bear (APT29) and Fancy Bear (APT28) actually carried out the attack. These hackers infiltrated the DNC and Clinton campaign networks and stole thousands of emails and documents.

Soon after, WikiLeaks published nearly 20,000 DNC emails, timed to disrupt the Democratic National Convention. Around the same time, cybersecurity firm CrowdStrike publicly attributed the breach to Russian intelligence.

By July 2016, analysts confirmed that Russian military intelligence (GRU) had fabricated the persona “Guccifer 2.0.” They created the fake hacktivist identity to mask state-sponsored espionage and present the operation as a political hack.

This reminds us that hacktivist ideologies can be hijacked to sow confusion, mislead attribution, and draw media attention to leaks.

Common Techniques Used in Hacktivism

Don’t understand the jargon around hacktivist tactics? Below, we quickly explain the attack vectors so you can see how each method achieves results.

• Data breach: Unauthorized access to a network or database that exposes private or sensitive information.
• Data leaks / Information leaks: Deliberate or accidental release of documents or files to the public, often to embarrass or expose wrongdoing.
• Culture jamming: Subverting mainstream media messages or ads to make a political point or ridicule a brand.
• Media hacking: Manipulating news channels, feeds, or media assets to alter a story or redirect attention.
• Reality hacking: Staging events or interventions that blur art, protest, and digital activism to shock or provoke.
• Social media: Using platforms (Twitter, Facebook, Instagram, etc) to spread stolen material, coordinate operations, and amplify the reach of campaigns.
• Website mirroring: Copying and republishing censored or removed content on alternative sites to keep it available.
• Social engineering: Manipulating people (phishing, pretexting) to gain access, credentials, or insider information.
• DDoS attacks: Overwhelming a website or service with traffic to take it offline temporarily.
• Doxing: Publishing someone’s private information (addresses, phone numbers, emails) to shame or intimidate.
• Website defacement: Replacing a site’s content with jokes, political messages, or abusive content.

Legal and ethical issues surrounding hacktivism

Hacktivism is often compared to civil disobedience, but tactics like DDoS attacks or data breaches are treated as cybercrime. Involvement can lead to serious consequences, including arrest and prosecution.

Many young people join hacktivist circles on social media, driven by ideology.  Unfortunately, these youngsters may not give enough thought to the legal implications. The notoriety of groups like Anonymous inspires youngsters to experiment with hacking as a form of activism. The same is true of popular TV shows like Mr. Robot.

Unfortunately, what begins as youthful idealism can quickly escalate into full-blown cybercrime. With easy access to online tutorials and hacking tools, script kiddies may graduate into full-blown cybercrime – often to line their own pockets. This decision often leads to convictions.

For example, several teenagers joined groups like LulzSec and Lapsus$ and faced prosecution for major breaches. Courts handed them lifelong criminal records, which now make it harder to find work.

Beyond the legal risks, hacktivism also raises ethical concerns. Hackers may think taking down a website or service feels fun or harmless, but they rarely consider the fallout. Their attacks disrupt ordinary users, small businesses, or even fellow activists who depend on the same platforms.

Future trends in hacktivism

Wondering where hacktivism is going? According to the latest stats, hacktivism is very much alive and kicking. In fact, in 2024, there was more hacktivism than ever before. This suggests that hacktivism is likely to grow and even become more dangerous.

Recent conflicts (notably Ukraine and Palestine) have driven more people to join online campaigns. In addition, organisers are now recruiting a wider scope of volunteers to run simple DDoS attacks via public platforms and apps like Telegram.

At the same time, better-trained hackers are stealing data, defacing sites, and even attacking critical systems – doing real, lasting damage rather than merely causing a disruption.

Hacktivism FAQs