Hacktivist attacks dropped by 95% since 2015

Hacktivist scene collapses as Anonymous hacker collective dies a slow death.
Written by Catalin Cimpanu, Contributor on

Threat intelligence analysts have long said that hacktivism was dead but new data published by IBM X-Force today confirms the complete collapse of hacktivism scene, with activity levels going down by 95% since 2015.

According to IBM, security incidents caused by hacker groups operating under hacktivism causes has been on a decline since 2015, when the company recorded a peak, with 35 publicly reported incidents.

Since then, incidents have gone down at a steady pace, with only five reported in 2017, two in 2018, and zero during the first months of the year.

Attacks from hacktivist groups have continued to happen, but the number of actual incidents (successful breaches) has gone down at a constant pace.

Researchers blame two factors for this decline -- the death of the Anonymous hacker collective and a sustained crackdown by law enforcement officials that have thinned out hacktivist ranks.

The death of Anonymous

Probably the biggest role in the collapse of hacktivist activity had the disintegration of the Anonymous hacker collective, which according to IBM, was responsible for nearly 45% of all hacktivist-attributed security breaches.

Hacktivist groups
Image: IBM X-Force

Anonymous hackers were once breaching companies and government networks for various humanitarian or social causes, but according to IBM, the group's name has now been tarnished by its involvement with politically-themed campaigns, which started around 2016, and which IBM says has turned away many of its members.

From campaigns like #OpKKK (exposing KKK members), #OpParis (exposing ISIS members), #OpISIS (exposing ISIS members/sites), #OpWhale (breaching sites of Japanese and Icelandic authorities involved in unauthorized whaling), or #OpIcarus (attacking banks and financial institutions), the group has been seen in recent years dumping data stolen from political organizations, which in some cases was proven to have been tampered with.

This has led to the rise of the term "fake Anons" to describe Anonymous members either not associated with the group, or acting on personal agendas -- seeing to promote various social or political propaganda, or profit from the Anonymous community financially.

Fake Anons have split the larger group, once acting on common beliefs, into smaller splinter cells operating on their own creeds, sometimes in a complete opposition with other Anonymous factions, causing confusion among the wider public and other members as well. With a lack of leadership and with a confusing agenda, members have slowly peeled off, disavowing the Anonymous name.

"Any attempt to decrease the number of fake Anons may have led to a decrease in the number of true Anonymous actors overall," said IBM threat analyst Camille Singleton.

Further, the involvement of nation-state groups has also tarnished the Anonymous name. These nation-state groups, often operated by elite intelligence agencies, have masqueraded as Anonymous to push political propaganda or advance public influence campaigns.

Their actions have caused many Anonymous members to distrust the group as a whole, and focus their efforts on something else other than hacktivism.

But nothing has led to the group's demise more than the inefficiency of most of its attacks. Defacing websites and launching DDoS attacks rarely gets anything done.

Neither does stealing data from websites that are completely unrelated to a specific topic. In many cases, Anonymous hackers ended up dumping personal user information into the public domain and hurting innocent people for ridiculous causes, attracting both scorn and ridicule.

This, in turn, has led to increased attention from law enforcement agencies, which cracked down on both members of the bigger Anonymous and LulzSec groups, but also the smaller ones.

Arrests, arrests, arrests

"X-Force IRIS internal tracking of related arrests revealed that law enforcement agencies in the U.S., U.K. and Turkey have arrested at least 62 hacktivists since 2011," Singleton said. "We suspect the actual number is greater than those publicly announced."

Some of the most high-profile arrests include Martin Gottesfeld, the Anonymous hacker who DDoSed Boston Children's Hospital; James Robinson, who protested police abuse in Ohio; and Deric Lostutter, an Anonymous member who exposed a rape case in Kentucky.

But many more other arrests have also taken place [1, 2, 3]. Despite this, Singleton doesn't see hacktivism going away for good.

"Acute social justice issues, greater organizational capabilities among hacktivist groups and a stronger shift to areas that lay beyond the reach of law enforcement all have the potential to dramatically change the face of hacktivism in a relatively short period of time. More likely than not, we are experiencing a lull in hacktivist activity rather than a conclusion," the IBM researcher said.

However, some would disagree with Singleton's conclusion. For many, hacktivism is dead.

The FBI's most wanted cybercriminals

Related malware and cybercrime coverage:

Editorial standards