Data leaks and breaches by so-called ‘ethical hackers’ – often assisted by poor security practices – have exposed inner workings of groups and the nature of the movement as a whole
Last modified on Mon 29 Nov 2021 17.38 GMT
Throughout 2021, websites associated with far-right extremist groups and extremist-friendly platforms and hosts have suffered from data leaks and breaches that have exposed the inner workings of far-right groups, and the nature of the movement as a whole.
The data has been exfiltrated in breaches engineered by so-called “ethical hackers” – often assisted by poor security practices from website administrators – and by activists who have penetrated websites in search of data and information.
Experts and activists say that attacks on their online infrastructure is likely to continue to disrupt and hamper far-right groups and individuals and makes unmasking their activities far more likely – often resulting in law enforcement attention or loss of employment.
Numerous far-right groups have suffered catastrophic data breaches this year, in perhaps a reflection of a lack of technical expertise among such activists. Jim Salter, a systems administrator and tech journalist, said: “Extremists, and extremist-friendly entities, have a noticeable shortage of even-tempered, thoughtful people doing even-tempered, thoughtful work at securing sites and managing personnel.”
There are many examples.
In the wake of the 6 January attacks, the Guardian reported on the leak from American Patriots III% website, which allowed the entire membership of the organization to be identified.
In that case, poor website configuration had allowed savvy researchers to view and republish the information on the open web.
In July, another organization affiliated with the Three Percenters, which monitoring organizations classify as an anti-government group or a component of the militia movement, had internal chats leaked which reportedly exhibited a “thirst for violence”.
Then, in September, it emerged that the website of the anti-government group the Oath Keepers was comprehensively breached, with membership lists, emails and what appeared to be the entire content of their server suddenly put on public display.
The data exfiltrated from that site was widely reported on, coming at a time when members of the organization were facing charges or on trial for their role in the attack on the US Capitol on 6 January.
The Guardian reported that the breach showed that the group had enjoyed a surge in membership after the events of that day.
Another neo-Confederate group with extremist connections, the Sons of Confederate Veterans, had its entire membership list exposed this year, after a self-described “hacktivist” provided the data to the Guardian.
Although there were many such breaches and leaks this year, 2021 could be seen as the year in which a wave of anti-fascist cyber-activism crested.
In recent years, extremist groups including Patriot Front and The Base have had internal communications revealed by infiltrators.
Independent news organization Unicorn Riot has published dozens of chats from far-right groups leaked from Discord, a chat application created for gamers that came to be a platform favoured by extremists, including for the planning of the Unite the Right rally in Charlottesville in 2017.
The hacking is even more significant as recently mainstream social media and chat platforms like Facebook, YouTube and Twitter have – with varying degrees of enthusiasm – moved to exclude extremists from their platforms.
Events like Unite the Right and the Capitol attack brought pressure to bear on platforms including Discord, which banned hundreds of extremist servers during 2021.
The intermittent crackdowns have led some extremists to flock to so-called “alt-tech” platforms, which reproduce some of the functions of big tech sites while advertising themselves to the far right with “free speech” policies. But these platforms, too, have come under attack by hacktivists in 2021.
In the days leading up to the Capitol riot, Parler, a Twitter-like site that had advertised itself as an online home for the Trumpist right, leaked account details, videos, posts and other materials.
After the riot, Parler data was used to identify participants in the rally and others who had entered the Capitol building.
Then, in March, Gab, a platform that had long played host to extremists who had been banned from other platforms, was also hacked.
Gab had achieved notoriety for, among other things, being the venue where Robert Bowers announced his intention to attack the Tree of Life synagogue in October 2018.
At the time of the breach, the Guardian reported that the data revealed the email addresses and other personal details of thousands of users, including Gab’s investors and verified accounts.
It also showed direct messages between Gab CEO Andrew Torba and a QAnon influencer, Richard Cornero Jr, who came to prominence under the alias Neon Revolt.
The hack was attributed to Gab’s introduction of security vulnerabilities into their own platform in their adaptation of an open source social media application for their own use.
Then, in September, the domain name registrar and web hosting provider Epik had the entire contents of its home server repeatedly breached.
Epik had offered services of last resort to groups like neo-Nazi podcasters, The Right Stuff; sites like QAnon hub and the extremist playground 8chan; and even, for a time, Gab itself.
CEO Rob Monster built up his business by promising an anything goes platform for such groups. The Guardian’s inspection of the data reveals that Monster – who has worked as a broker of domain names – had also speculatively snapped up dozens of domains that invoked the code words and preoccupations of the QAnon movement.
Megan Squire, senior fellow in data analytics at the Southern Poverty Law Center, agreed with Salter’s assessment of the level of technical talent on the far right when it comes to security online. She said: “A lot of the people who are actually qualified to do this work are not going to be willing to work with these people.”
While “the hacktivist ethos is alive and well on the left”, Salter added, extremist-friendly hosts like Epik are unable to hire the personnel who might help them create a defensive capacity. She described Epik’s data design as poor. “I haven’t seen anything that bad in my entire career,” she said.
Salter said that any talented technologists on the far right “tend to be clustered heavily around more offensive roles attacking others rather than defending – and far more importantly, day to day managing – their own infrastructure”.
Given this deficit, and the surge of hacktivism on the left, breaches like those seen in the last year seem set to continue, she added.