Article Thumbnail

Online Vigilantes Are Trying to Stop Right-Wing Extremists One Hack at a Time

Over the last couple of years, hacktivists have infiltrated the digital ranks of a stunning number of alt-right organizations — from the Oath Keepers to Parler and Epik

On September 13th, the hacker collective Anonymous unveiled a massive data leak from the servers of the web hosting company Epik, which was notorious for taking on neo-Nazis, extremist groups and other far-right actors that had been booted from mainstream platforms. 

Epik CEO Rob Monster had boasted that the web service had top-tier privacy, but the hack was made possible by sloppy, amateurish security measures and a wanton disregard for encrypting sensitive info. The initial leak comprised 15 million email addresses, a decade’s worth of transactions and one million invoices; additional data dumps by Anonymous on September 29th and October 4th provided further access to Epik’s servers. 

In one fell swoop, researchers, journalists and activists now had a magnifying glass to examine extremist organizing, connecting the dots between far-right sites and the people who use them. The Epik hack was, as one expert put it, the “Panama Papers of hate groups” — an unprecedented flood of data for people to pore over, with more revelations surely to come. 

Sometimes, when it rains, it pours — and so it was in early October, when another unnamed hacker gained access to a trove of emails, chat logs, usernames and other personal information on members of the Oath Keepers, a far-right extremist group that peddles anti-government conspiracies and an armed-militia aesthetic. The hacker handed over the data to the nonprofit whistleblower collective Distributed Denial of Secrets (DDoS), which works to analyze and streamline the findings for the broader public. 

Indeed, the last two years have been fruitful for “hacktivists,” who have presided over a wide array of leaks with jaw-dropping revelations. The Oath Keeper hack provided evidence that hundreds of law enforcement officers are members or otherwise looking to join the group. The Epik hack showed an ecosystem of fascist thought. The hack of right-wing social network Parler gave access to incriminating videos of rioters at the Capitol on January 6th. And the staggering BlueLeaks reveal in June 2020, comprising some 269 gigabytes of U.S. law enforcement data, supplied unfathomable insight into communications and finances at police agencies. 

“It’s not just journalists and academics — I think especially since the Epik hack, there’s been an increase in data sets being of interest to anti-fascist and anarchist researchers, for example,” says Lorax Horne, an editor with DDoS. “People are becoming more literate and adept at managing and [using] those data files, which will serve a lot of different types of research in the future.” 

Given the controversial (and outright illegal) nature of these hacks, all of this useful information exists in a strange kind of ethical purgatory — the insight wouldn’t exist without shadowy vigilantes working on the margins, after all. No wonder a 2020 document from the National Counterintelligence and Security Center highlights “hacktivists, leaktivists and public disclosure organizations” as “significant threats.” 

“Hacktivism” is a contentious term to begin with, but whatever the name, the act of breaching systems and leaking digital data for an ideological purpose has existed almost as long as computers have. It came into the public consciousness in a big way in the early 2010s, with Anonymous and other crews like Lulzsec gaining mainstream attention for hacking, among other things, the Egyptian government, Sony and the CIA

But regardless of what the target is, hacktivism (and its chaotic evil cousin, ransomware) usually operate with one of three typical aims: 1) Executing denial-of-service attacks to overwhelm and block normal web traffic; 2) defacing sites by deleting and manipulating data; or 3) stealing information from vulnerable databases. In recent years, with increased far-right organizing online, hacks have become especially enticing to those who believe that digital warfare can stem the tide of fascist thought in America. 

“The trajectory of leaks of extremist platforms probably mirrors the trajectory of leaks more broadly, given there’s more information in vulnerable online spaces. But as more extremists rely on various platforms and tech to reach, recruit and radicalize people, the more there are efforts to try to mitigate their agenda,” says Oren Segal, vice president of the Center on Extremism at the Anti-Defamation League. “Individuals are more interested in exposing [extremism], whether it’s government entities or law enforcement or what have you. Hacks are part of that battleground.”

Beyond the pull to uncover far-right extremism in America, a number of hacktivists are motivated by leftist, anarchist and anticapitalist ideals, which partly explains the spectrum of of surveillance companies (like Citizen), law enforcement agencies, political parties and banks that have frequently been targeted in the last decade. 

The question of who and why is behind the attacks, however, is a sticking point for some institutions who see ethical gray area in using the leaks, no matter how justifiable. DDoS’ Horne says the tide of public opinion is turning, in part due to the obvious value of unearthing far-right violence. Journalists in particular are more keen to work with DDoS, Horne says, as many newsrooms don’t have the resources to process and sift through raw leak data.

“There’s a variety of opinions on what to do with this kind of [leaked info]. But more people are seeing a positive in what you can get from data like this. I learned a lot when we published ransomware data from Chicago, revealing documents on the city’s investigation into police brutality that we otherwise couldn’t get from the Freedom of Information Act or other sources,” Horne says. “But a lot of the ethical questions we discuss internally have to do with redactions and what data we need to leave out to minimize harm to regular people who are in the leak through no fault of their own. It’s a back-and-forth process.” 

Such gray area remains a sticking point for Segal. He stresses that information from hacktivist leaks should be carefully analyzed, not “taken at face value” for quick headlines. “When there’s a leak, we will often look at that information because investigating extremism is what we do. But there are legitimate disagreements of what to do with leaked data. Some might suggest pulling together the right data and sharing it with the appropriate authorities, so that nobody innocent gets unintentionally doxxed. But if you’re finding law enforcement entities within extremist spaces, well, going to the authorities may not be the logical next step,” Segal says. 

Then there’s the looming question about what bad-faith actors on the far right will do to retaliate to such a high-profile string of hacks. Segal remains concerned that the backlash could lead to right-wingers using the same hacking tactics on their perceived enemies. But such is the nature of war in an online sphere that has always been riddled with shadowy corners and glaring holes — and for now, a coterie of faceless hacktivists are making a big statement about the power of transparency amid a violent chapter of American history. 

Editor’s Note: A previous version of this story incorrectly stated that the Epik hacker gave the data over to DDoS. The group acquired the dataset from 4chan, not directly from the hacker.