Culture

Power-Ranking the World's Hacker Collectives

Best not to end up on these guys' bad side.

by Dylan Love

When was the last time you made an impact on the world with your wifi connection?

When sports pundits make player “power rankings,” they are rating an individual player’s impact on the game. In the “game” of digital security, we have a variety of players — hackers, in this instance — vying to make an impact to their own ends. Each hacker has a different motive — could be to turn a profit, to right a perceived wrong, or in some cases, to subjugate a citizen’s privacy. Whatever that may be, there are people with powerful capabilities, and when they come together to form hacker collectives, the world can open up to them like a big privacy-shedding oyster.

So here we present to you a qualitative, totally subjective ranking of six of the world’s most infamous hacker groups.

6. Cicada 3301

This group is on the list by virtue of being confoundingly mysterious: No one knows exactly what it’s all about. Like some bizarre parody of Mercury Rising, the group publicly recruits members by posting difficult mathematical and cryptographic puzzles only the best and brightest can solve. The current puzzle has been plainly visible since early 2014.

And if someone does solve it? No one has a clue what’s next. Some people have suggested that Cicada 3301 is actually like a bank specializing in cryptocurrency; others say the whole thing is something as benign as an alternate reality game. No one knows — or if they do, they’re not telling.

Cicada 3301 is too compelling to be excluded from this list, but as we can’t accurately gauge its impact (which may be severe or innocuous), it comes in last.

5. Goatse Security

A “gray-hat hacker” is someone whose hacking activity is not totally evil, but not totally virtuous either. They are the Han Solos of the computer security world, and Goatse Security epitomizes this nebulous descriptor. Taking its name from a famous shock site of bygone internet times, Goatse Security’s mission is to “expose gaping holes” in security. What it does after such exposures, of course, is the question of import.

In 2010, the team of nine individuals discovered a vulnerability in Apple’s mobile Safari web browser (which runs on every iPad and iPhone in existence), and they publicly posted how others could access blocked ports through the browser — basically a way to circumvent any firewall. More notoriously, Goatse Security is responsible for a 2010 exploit of the AT&T website, where the group stole 114,000 email addresses belonging to iPad users — including email addresses of some high-profile celebrities and political figures, leading to an FBI investigation. Goatse member Andrew “weev” Auernheimer served about a year-and-a-half in prison for his involvement.

4. Chaos Computer Club

This German-speaking group of computer experts is Europe’s largest hacking collective. Its motivations are political: freedom of information, freedom of communication, and transparency in government. Despite great technological prowess, CCC is not malicious. They grab headlines with public demonstrations of security risks.

Upon stealing 134,000 German marks from a Hamburg-based bank in the 1980s, CCC returned the money the very next day (with media attention, of course). As mobile technology began proliferating in the late 1990s, the group successfully cloned a GSM card (a type of standard used in cellular communications), illustrating how the new technology and its security standards could be fooled. One of the group’s most surprising demonstrations was in keeping with its previously mentioned political motivations: In 2008, CCC published the fingerprints of the German minister of the interior to protest the use of biometric data that could identify German citizens.

Without question, CCC stands tall at the compelling intersection of politics and technology, and plays a meaningful role in the world of digital security.

3. Syrian Electronic Army

Syria’s group of political hackers came about in 2011 to go on the offensive for any entity that was spreading anti-Syrian information. The brazen group waged digital war on news outlets and other sites, usually based in the West. Syria remains “the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies,” by the count of University of Toronto researcher Helmi Noman.

Victims of the SEA often see their websites defaced or rendered inoperable. To date, this group is responsible for attacks against sites ranging from The Onion to The New York Times. The SEA’s most extreme move was when it took control of the Associated Press’ Twitter account and used it to issue a false report that the White House had been attacked and President Obama was injured. The tweet caused a $136.5 billion drop in the S&P 500 financial index.

Talk about impact.

2. Hacking Team

Where most of the entities on this list are loose associations of people collaborating in their spare time, Italy’s Hacking Team is a straight-up international business. Hacking Team generates revenue by selling offensive software to governments and law enforcement that can intercept and read email (even if that email is encrypted), remotely turn on and access webcams, and even remotely record Skype conversations.

The company has been strongly criticized for selling such software to governments that are not exactly known for prioritizing human rights. For example, its software was found to have been instrumental in targeting Ethiopian journalists based in Washington, D.C.

This company’s powerful capabilities, when combined with a straightforward moneymaking motivation, make them one to keep an eye on. Second place is a no brainer.

1. Anonymous

The no-name name you knew you’d find on this list. By far the most prolific collection of hackers in the world, Anonymous and its members are loosely associated and entirely decentralized, making their activities difficult to keep track of. Famously, the group proclaims “We are legion.” Foreboding, no?

Anonymous is known for its prominent attacks on the Church of Scientology, the city of Ferguson, Missouri, the Ku Klux Klan, ISIS, and many more. It’s perhaps the de facto name to come to mind when one thinks of hackers. Its aesthetic is one of political activism, and the entirely anonymous membership means that the group can be anywhere and everywhere.

Look under your bed before you go to sleep. Then change all your passwords. At its best, Anonymous wields more destructive power than any other group of computer users on the planet.