Information and communication technology have been used in campaigns for social or political change (i.e., online activism). These types of campaigns have involved the signing of online petitions, hashtag campaigns, creating a campaign website, recruiting volunteers, obtaining funds from members and supporters, and organizing and planning offline protests (Denning, 2001; Maras, 2016). There are, however, individuals and groups that have considered these methods to be insufficient to drawing attention to their cause and have instead resorted to strategies that directly affect the functioning or accessibility of websites and online services as a means of political protest (i.e., hacktivists) (Maras, 2016).
While there is no universally agreed upon definition of hacktivism, it has been described as the intentional access to systems, websites, and/or data without authorization or having exceeded authorized access, and/or the intentional interference with the functioning and/or accessibility of systems, websites, and data without authorization or having exceeded authorized access, in order to effect social or political change (Maras, 2016). Views on the legitimacy of hacktivism as a form of legitimate political protest vary (Morozov, 2011; Sauter, 2014; Himma, 2005; Hampson, 2012). For example, virtual sit-ins, which are designed to mimic distributed denial of service attacks (DDoS attacks; defined and discussed in Cybercrime Module 2 on General Types of Cybercrime) but do not involve malware-infected digital devices (i.e., botnets) targeting a website, have been described by some as a form of political protest (Hampson, 2012). Virtual sit-ins (or blockades) involve collective action whereby "thousands of activists simultaneously visit a website and attempt to generate so much traffic against the site that other users cannot reach it" (Denning, 2001), by, for example, a collective of individuals simultaneously and continuously pressing the refresh bottom when accessing a website. These virtual sit-ins have been described as having authorized access to a website but accessing that website numerous times repeatedly; this repeated and frequent access occurs at a scale that prevents access to the website by other users (Goodin, 2010).
Numerous hacktivist groups exist with various social and political agendas. The cybercrimes hacktivists have committed include website defacements, website redirects, denial-of-service (DoS) attacks or distributed denial of service (DDoS) attacks, malware distribution, data theft and disclosure, and sabotage (Li, 2013; Maras, 2016). All of these tactics involve unauthorized access to targets' systems, websites and/or data. For example, in Uganda, websites of the Uganda State House and Uganda Investment Authority were defaced by hacktivists, who posted a Nazi swastika and picture of Adolf Hitler on the former and replaced some text on the webpage of the latter with an image of a scary clown (Solomon, 2017). Furthermore, when the credit card companies Visa and Mastercard and others (e.g., Amazon and PayPal) pulled their services from and/or blocked donations to WikiLeaks after the organization's release of U. diplomatic cables, Anonymous (a well-known, global hacktivist collective) launched DDoS attacks against these companies' websites ( Operation Payback ) (Halliday and Arthur, 2013; Ngak, 2013). Anonymous has targeted various private and public agencies for different reasons. For instance, Anonymous gained unauthorized access to HBGary and released the company's corporate emails (i.e., engaged in data theft and disclosure) after it was revealed that the company was investigating them and was planning to reveal the identities of certain members of Anonymous (Zetter, 2011).
Some of the actions of hacktivists have been considered as a form of "civil disobedience…[that is,] actions that constitute a nonviolent intentional breach of law" (Maras, 2016, p. 379). In 2013, Anonymous unsuccessfully petitioned the US Government to consider DDoS a legal form of political protest and a form of protected speech under the First Amendment to the United States Constitution (Li, 2013). Despite their efforts to legalize hacktivism, hacktivists have been prosecuted for their actions. Cases in point are members of Anonymous who have been convicted and imprisoned for their cybercrimes (Laville, 2012; Sauter, 2014; Beyer, 2014). However, these prosecutions by no means constitute the norm (Denning, 2015).