Terrorism driven by political or religious ideology is often studied in the context of physical attacks, in which property is damaged or victims are injured or killed. But extremists also operate in the cyber world, launching virtual assaults on businesses, government entities and individuals—leading to real-world economic and emotional consequences.
Far-left cyberterrorism has increased as the number of physical attacks by far-left groups has gone down, a new study has found, and the perpetrators of these cyberattacks tend to choose methods that enable them to do financial and reputational harm while also getting their message across, the authors say.
“These kinds of ideologically motivated attacks are devised to have an emotional and economic impact on groups that go against their beliefs, lead author and Michigan State University criminal justice professor Thomas Holt said in a news release. “If you visit a company’s website expecting to see one thing and this group has instead hacked the website and posted customers’ personal information, that’s a huge issue for both the company and the consumers.”
The three main groups associated with the 26 cyberattacks the research team looked at were the Animal Liberation Front, the Earth Liberation Front, and the hacker group Anonymous. The researchers stated that while some research has been done on the use of the internet for recruiting purposes by far-right and Islamist terrorist groups, this was one of the first studies to look at cyberattacks by far-left extremists.
The attacks examined occurred between 2000 and 2015 by perpetrators in the United States, United Kingdom and Canada, with details about the attacks pulled from media reports, accounts from watchdog groups, web posts by far-left groups taking credit for the attacks, social media posts, and other content sources.
Data breaches were the common type of attack, accounting for over 60 percent of the far-left cyberattacks, although some of these attacks involved multiple methods—for example, data breaches could be followed by doxing, in which personal information is shared publicly, potentially leading to the victim being harassed, or fearing for their safety. Doxing was involved in just over a quarter of the attacks, but more common was web page defacement (about 38 percent), in which the content of a page is removed and replaced with the attackers own message. In some cases defacement was used in conjunction with data breaches, and the hijacked web page was used to publish the stolen information.
The fourth method examined was distributed denial of service (DDoS) attacks, in which an overwhelming amount of requests are sent from multiple sources to a web server with the intention of slowing a web page or service down to the point it is inaccessible. This method was the least common (23 percent), possibly because it offered less opportunity for the perpetrators to take credit and spread their ideological message, the authors noted.
Of the groups involved in these attacks, the Animal Liberation Front (ALF) and Anonymous were the most active—Anonymous, a hacker collective with no established ideology, but which the authors say has been known to target corporations and law enforcement, was involved in 20 attacks, while 17 were attributed to animal rights-focused ALF, and 2 were attributed to the environment-focused Earth Liberation Front (ELF). Unlike physical attacks, which are each typically orchestrated by a single group, several of the cyberattacks studied involved more than one of these groups working together. The study also included a handful of attacks (4) involving other groups or individuals with similar far-left motives.
Large businesses were the most common target of these attacks (35.5 percent), followed by medium-sized businesses (19.4 percent). Large businesses faced data breaches more than any other type of attack, but defacements against small, medium and large businesses were also documented—with examples including messages like “you have no right to buy the flesh, skin or fur of another creature” on the site of a fur and leather company, and “millions of animals are slaughtered for fur and leather coats. I did this in order to wake up the blind consumers of today,” on the page of another fur company.
Government entities and educational institutions were also targeted. The researchers found that the government was a target in a higher proportion of cyberattacks (16.2 percent) than the physical attacks (2.7 percent) documented by the Extremist Crime Database (ECDB) during the same time period. Only one case—involving defacement—was found to be committed against an educational institution, though the authors note that universities have been targeted by organizations like the ALF before due to research involving animal subjects.
The paper also noted a case where an individual was the target of doxing after buying a license to hunt an endangered black rhino, and highlighted another case in which a 15-year-old hacker conducted a DDoS attack against SeaWorld, taking down their website and resulting in an estimated $500,000 of lost revenue. The authors point out that the latter case was the only one of the 26 in which a perpetrator is known to have been arrested, showing how the anonymity of the online world makes cyberterrorism more difficult to prosecute than physical terrorism.