TThroughout 2021, websites linked to right-wing extremist groups and extremist-friendly platforms and hosts suffered data breaches and breaches that have revealed the inner workings of right-wing extremist groups and the nature of the movement as a whole.
The data has been filtered out in breaches developed by so-called “ethical hackers” – often aided by poor security practices by website administrators – and by activists intruding on websites in search of data and information.
Experts and activists say attacks on their online infrastructure are likely to continue to disrupt and inhibit right-wing extremist groups and individuals and make disclosure of their activities far more likely – often resulting in police attention or loss of employment.
Several right-wing extremist groups have suffered catastrophic data breaches this year, perhaps a reflection of a lack of technical expertise among such activists. Jim Salter, a systems administrator and technology journalist, said: “Extremists and extremist-friendly entities have a noticeable lack of balanced, thoughtful people who carry out balanced, thoughtful work securing sites and managing staff.”
There are many examples.
In the wake of the January 6 attacks, the Guardian reported on the leak from the American Patriots III% website, which made it possible to identify the entire organization’s membership.
In that case, poor site configuration would have allowed savvy researchers to view and republish the information on the open web.
In July, another organization affiliated with Three Percenters, which surveillance organizations classify as an anti-government group or part of the militia movement, leaked internal chats that allegedly showed a “thirst for violence”.
Then, in September, it emerged that the website of the anti-government group Oath Keepers was extensively broken, with membership lists, emails and what appeared to be the entire contents of their server suddenly being publicly displayed.
The data filtered out of this site was widely reported, and came at a time when members of the organization were facing charges or in court for their role in the January 6 attack on the US Capitol.
The Guardian reported that the breach showed that the group had enjoyed an increase in membership numbers after the events of that day.
Another neo-Confederate group of extremist links, the Sons of Confederate Veterans, had its entire membership revealed this year after a self-proclaimed “hacktivist” provided the data to the Guardian.
Although there were many such breaches and leaks this year, 2021 could be seen as the year when a wave of anti-fascist cyber-activism came.
In recent years, extremist groups, including Patriot Front and The Base, have had internal communications revealed by infiltrators.
The independent news organization Unicorn Riot has published dozens of chats from right-wing extremist groups leaked from Discord, a chat application created for players who came to be a platform preferred by extremists, including for the planning of the Unite the Right meeting in Charlottesville in 2017.
Hacking is even more significant as mainstream social media and chat platforms such as Facebook, YouTube and Twitter have recently – with varying degrees of enthusiasm – moved to exclude extremists from their platforms.
Events such as the Unite the Right and the Capitol attack brought pressure on platforms, including Discord, which banned hundreds of extremist servers during 2021.
The intermittent repression has caused some extremists to flock to so-called “alt-tech” platforms, which reproduce some of the features of major technological sites while advertising themselves to the far right with “freedom of speech” policies. But even these platforms have been attacked by hacktivists in 2021.
In the days leading up to the Capitol riot, Parler leaked a Twitter-like site that had advertised itself as an online home for the Trump right wing, account information, videos, posts and other material.
After the riot, Parler data was used to identify participants in the convention and others who had entered the Capitol building.
Then, in March, Gab, a platform that had long hosted extremists banned from other platforms, was also hacked.
Gab had gained fame for, among other things, being the meeting place where Robert Bowers announced his intention to attack the Tree of Life synagogue in October 2018.
At the time of the breach, The Guardian reported that the data revealed email addresses and other personal information of thousands of users, including Gab’s investors and verified accounts.
It also showed direct messages between Gab CEO, Andrew Torba, and a QAnon influencer, Richard Cornero Jr., who came to prominence under the alias Neon Revolt.
The hack was attributed to Gab’s introduction of security vulnerabilities on their own platform in their adaptation of an open source social media application for their own use.
So in September, the domain name registrar and web hosting provider, Epik, got the entire contents of its home server repeatedly broken.
Epik had offered services as a last resort to groups such as neo-Nazi podcasters, The Right Stuff; sites like QAnon hub and extremist playground, 8chan; and even, for a time, Gab himself.
CEO Rob Monster built his business by promising an all-around platform for such groups. The Guardian’s inspection of the data reveals that Monster – who has worked as a domain name broker – had also speculatively intercepted dozens of domains that invoked the passwords and concerns of the QAnon movement.
Megan Squire, senior fellow in data analysis at the Southern Poverty Law Center, agreed with Salter’s assessment of the level of technical talent on the far right when it comes to security online. She said: “Many of the people who are actually qualified to do this work will not be willing to work with these people.”
While “the hacktivist ethos is alive and well on the left,” Salteradded, extremist-friendly hosts like Epik are unable to hire the staff who can help them create a defensive capacity. She described Epik’s computer design as bad. “I have not seen anything so bad in my entire career,” she said.
Salter said all talented right-wing technologists “tend to be grouped much around more offensive roles attacking others rather than defending – and far more importantly, day-to-day management – their own infrastructure.”
Given this deficit and the wave of hacktivism on the left, it looks like fractures like those seen in the last year will continue, she added.