Exactly 15 years ago today, one of the first high-profile hacks carried out for protest purposes occurred: Anti-globalization activists wormed their way into a database containing sensitive information belonging to the powerful attendees of the World Economic Forum’s annual meeting in Davos, Switzerland. The compromised data included information on Bill Gates, former Yahoo CEO Tim Koogle, and former UN Secretary General Kofi Annan, among others.
In 2001, hackers anonymously sent a compact disk containing 161 megabytes worth of data about conference goers to the Swiss newspaper Sonntagszeitung, which then published some of it on its website, including the home phone number of Amazon’s Jeff Bezos, as well as Dustin Hoffman’s email address.
The data included 80,000 pages of material, including a list of 27,000 names, some which were paired with email addresses and phone numbers, according to news reports at the time. The trove of information also included another list of 1,400 credit card numbers and names, as well as documents with information about travel schedules and hotel accommodations of the 3,200 participants of the Forum’s meeting, many of whom were surrounded by security detail 24/7.
The information was reportedly shockingly simple to obtain, “It was just lying there offering itself in a show window,” Sonntagszeitung quoted an anonymous hacker as having said. The hackers managed to access a “remnant database” used to collect information on regional WEF meetings that were held during 2000, according to a WEF spokesperson.
The WEF went to great lengths to ensure that the resort where it was hosted was protected from protesters, but neglected to secure its data
There were never any reports that the data was used maliciously, implying that it was meant to merely draw attention rather than elicit actual harm. Even back in 2001, journalists were using the term “hacktivist,” to describe those involved in the WEF hack, which would much later be applied to groups like Anonymous. The term was reportedly originally used to describe supporters of the Zapatista rebels in Mexico’s southern state of Chiapas, who sabotaged Mexican government sites beginning in 1998. They held “virtual sit-ins” also referred to as denial-of-service attacks, which are designed to overload servers.
The purpose of the attack was not merely to disclose the personal information of the conference’s attendees, but rather to bring attention to the perceived economic injustices committed by the WEF and organizations like it.
The main gripe of the anti-globalization protestors associated with the hack was this: non-governmental organizations like the World Economic Forum and the World Trade Organization (WTO), which often billed themselves as having a strong nonprofit component, really only benefit large corporations and rich countries at the expense of the environment and poor workers.
The annual meeting in Davos was thought to epitomize the elitist nature of these organizations, especially since it takes place at a swanky resort. Overall, the attack was widely viewed as an act of protest, rather than a crime.
This didn’t stop the Swiss authorities from going after both the newspaper that published the data, as well as the hackers themselves. Within a month, Swiss police nabbed a 20-year-old Swiss citizen accused of being involved in the attacks. Swiss officials also demanded for the newspaper to hand over evidence related to the attack, but it refused. The WEF accused the paper of “trafficking in stolen information,” and filed a legal complaint with Geneva prosecutors.
Despite the group’s intentions, what became the focus was not the WEF’s plans for international trade, but only the compromised personal information of the high-profile attendees.
The hack was one of the earliest examples of how secure physical borders often don’t correspond to similarly protected digital ones. Unlike with its data, the WEF went to great lengths to ensure that the resort where it was hosted was protected from protesters by using roadblocks and barbed wire fences.
The Davos attack was one of the first high profile hacks done for activism purposes, although it followed an attack in 2000 in which anti-globalization attackers redirected traffic from Nike’s website to Melbourne-based anti-globalization group s11 for around 19 hours. The site received over 250,000 hits within six hours.