When We Cheer for the Hackers: The Psychology of Hacktivism and the Morality We Build Around It
“One man’s terrorist is another man’s freedom fighter.”
— Gerald Seymour, British author
The Cheer That Should Have Been a Question
There’s a particular kind of satisfaction that ripples through a crowd when a powerful entity is brought down. We see this in movies and news cycles, not to mention the comment sections of social media posts. This satisfaction is often almost primal. Like a collective exhale when an institution, that has failed, gets a taste of its own medicine.
This was evident when news broke that hackers had seized control of the City of Ekurhuleni’s billing system and manipulated municipal debt records. When what some residents and businesses owned was reduced, and in some instances cleared. The crowd’s reaction was palpable. The shared sigh of relief was loud and public. Although South Africans were divided, a significant portion of the conversation was applause, not outrage. Some people even wished silently that they were among those who received relief. Some called it justice, and the hackers…heroes.
Before deciding whether this response was right or wrong, we should consider why it occurred. The psychological conditions that cause a population to cheer on a hacker are not random but are the result of something else. Understanding this may be more useful than simply labelling the reaction as naïve.
However, the applause missed an important aspect of the story. The forensic report compiled by OMA Chartered Accountants in July 2025 made it clear that this was no act of digital charity. The syndicate manipulated and deleted municipal debt records for a fee of around R40,000 per transaction. This was paid for by the very residents and businesses whose balances were cleared. Those who “benefited” were the clients of an organised criminal enterprise. Across the 1,660 affected accounts, the municipality lost an estimated R2 billion in revenue.
This R2 billion did not simply disappear into thin air. It disappeared into the form of unrepairable roads, unrepaired electricity, and services that were barely functioning in a city whose own officials have since described as being in a digital state of emergency.
Another case sharpens the picture further. In 2015, a group calling themselves The Impact Team hacked Ashley Madison, a dating website built explicitly for facilitating extramarital affairs. Their demand was simple: shut the site down, or they would release user data. When the site refused, they did exactly that. On the surface, they looked like moral crusaders that exposed infidelity and, notably, the site’s own fraudulent practices around fake female profiles. By that measure, they had something Ekurhuleni’s syndicate never did: an ideological motive. The consequences however were not contained to the guilty. Personal data of millions of users was released publicly, including people in countries where being outed could mean violence, job loss, or worse. Several people whose data was exposed died by suicide. The Impact Team may have had a cause, but they didn’t have any mechanism for controlling who their justice landed on. Nor took any accountability for the damage it caused.
So, if we look back at the Ekurhuleni story, the question it raises is not whether the hackers were heroes or hacktivists. Rather why were we so ready to see them that way? And what does this readiness reveal about how we process injustice in the digital age?
What Hacktivism Actually Is
The word itself is a portmanteau of ‘hacking’ and ‘activism’, and it has a specific meaning relevant to this conversation. Hacktivism is the use of hacking techniques to further a political or social cause. The defining feature is not the motivation but method itself. Hacktivists are not primarily motivated by money, competitive advantage, or personal gain. They are after something they believe to be larger than themselves.
The most well-known example of organised hacktivism is the mask-wearing, decentralised collective Anonymous, which has operated as a kind of digital conscience since the mid-2000s. Between 2008 and 2012, Anonymous ran a series of high-profile campaigns that had genuine consequences: These include Operation Tunisia, in which the group disrupted eight Tunisian government websites using coordinated denial-of-service attacks as part of the broader Arab Spring movement, and Operation Payback, which targeted organisations that cut ties with WikiLeaks under government pressure. They have also taken various actions against child exploitation networks on the dark web. In one such action, hacktivists infiltrated a site called Lolita City, published thousands of usernames, demanded that the authorities take action, and knocked the site offline.
Then there is WikiLeaks, which in 2010 released hundreds of thousands of classified United States government documents and redefined what it meant to hold power accountable in the digital era. In 2016, there was the Panama Papers leak, when an anonymous source handed 11.5 million documents from the Panamanian law firm Mossack Fonseca to a German newspaper. These documents exposed how some of the world’s wealthiest individuals were using offshore banking structures to evade tax.
The whistleblower (known as John Doe to this day) stated plainly: “I understood enough about their contents to realise the scale of the injustices they described.” Several heads of state were implicated. The Icelandic Prime Minister resigned within days.
These cases have one thing in common: The individuals involved were not seeking personal profit, accepted legal risk, and directed their actions at targets they considered morally accountable. The impacts were real, documented and, in several cases, historically significant (whatever we think about the methods).
This differs from parking outside a licensing department in Bedfordview, connecting to unprotected municipal Wi-Fi and running a debt clearance service for paying clients, charging R40,000 per transaction.
The Psychology Behind the Action
To understand hacktivism and why people support it, it is important to understand how human beings reconcile actions that contradict their values.
Albert Bandura, a psychologist at Stanford University whose work on social cognitive theory has shaped our understanding of human behaviour for several decades, developed what he called the theory of moral disengagement. The premise is that people do not simply override their moral standards when they behave in ways that violate them. Instead, they use psychological mechanisms to restructure their perception of the behaviour so that it no longer registers as a violation. In his foundational work from 1986, Bandura described moral disengagement as a process that enables individuals to engage in behaviours contrary to their own moral standards. This done without experiencing the guilt or self-censure that would otherwise follow.
The mechanisms he identified will be familiar to anyone who has ever justified something they knew was questionable:
- Moral justification involves reframing harmful behaviour as serving a greater good.
- Displacement of responsibility involves attributing the action to an authority or circumstance.
- Diffusion of responsibility spreads culpability across a group, meaning no individual feels fully accountable.
- Dehumanisation of the target reduces the perceived harm caused.
- Advantageous comparison measures the action not against an absolute ethical standard, but against something perceived as worse.
Hacktivists (both genuine and self-styled) deploy nearly all of these strategies simultaneously. The target is powerful and corrupt, providing moral justification. The system itself created the conditions (displacement of responsibility). We acted as a collective: no single person bears the weight (diffusion of responsibility). At least we are not doing what they are doing (an advantageous comparison).
Research published in 2017 by Bodford and Kwan found that the decision-making of hacktivists is primarily driven by expected payoffs rather than a subjective assessment of risk. Hacktivists are individuals who have performed a moral calculation and reached a conclusion about the expected outcome. This could be exposure, disruption, or accountability that outweighs the cost of the act itself. This calculation may be incorrect, but it IS a calculation and not an absence of reasoning.
A more troubling finding is what happens to the observers. When people cheer on a hacker, they are making a similar moral judgement, albeit indirectly. The conditions that make a population susceptible to this kind of collective moral reframing are consistently the result of institutional failure.
What the Cheer Is Actually Telling Us
The public response to the Ekurhuleni situation (the applause, the memes, and the comments of relief that someone has finally done something) is not primarily a statement about hackers. It’s a statement about trust, or rather its absence.
People feel that the systems designed to protect them have not only failed, but have also extracted resources from them through rising tariffs, failing infrastructure, power cuts, and public funds that vanish without consequence. Something shifts in the psychological relationship between citizens and institutions. The institution’s moral authority erodes. And when that happens, people become more willing to celebrate an attack on the institution.
Social psychology research on procedural justice (also known as the study of how people evaluate the fairness of processes, independent of their outcomes) consistently finds that perceived unfairness in how institutions operate predicts reduced cooperation, increased norm violation, and lower moral condemnation of those who break the rules. When people believe the system is rigged, they stop applying the same standards to the cheaters.
In Ekurhuleni, a criminal syndicate exploited this dynamic. They operated in an environment where the gap between what the municipality owed its residents and what it delivered had grown so wide that any attack on the institution was perceived as a failure of service provision. Public applause was a legitimate response to a real issue. However, it was directed at the wrong target, as these individuals acted solely in their own interests.
The Genuine Moral Grey Zone
The ethics of real hacktivism are not straightforward either. Even the most celebrated cases present a complicated moral picture.
WikiLeaks built its entire identity around transparency and accountability. However, as researchers at Monash University have observed, the transparency it demanded of governments did not apply to itself. It operated through anonymous drop boxes and disclosed little about its own decision-making processes. The accountability it sought from others was something from which it was structurally insulated. As an analysis by Oxford University Press put it, hacktivism is sometimes claimed to serve interests that transcend those of states, but this claim is implausible when hacktivism is not accountable to anyone.
Anonymous presents a different kind of problem. As it is a decentralised group rather than a structured organisation, its moral coherence depends entirely on the faction acting at any given moment. The same brand that targeted child exploitation networks has also launched attacks that have caused genuine collateral harm to uninvolved parties and shut down services used by ordinary people. In some cases, it has acted on ideological grounds that are unpopular. Anyone can wear the label ‘Anonymous’.
Legal and political philosophers have been seriously wrestling with the question whether hacktivism constitutes civil disobedience in the classical sense. Traditional civil disobedience (as theorised by figures such as Henry David Thoreau and John Rawls) involves an expectation of publicity and acceptance of legal consequences. The individual involved makes themselves visible, takes responsibility for their actions, and accepts punishment as part of their moral statement. However, hacktivism, with its structural reliance on anonymity, sidesteps this requirement almost entirely.
Researchers studying this intersection have argued that forms of cyber-activism that are more closely linked to public displays of protest and legally accountable disclosure are morally superior and better align with human rights principles than anonymous digital action.
This does not mean that the causes are wrong. Rather, it suggests that the methods carry a moral weight that cannot simply be dismissed by highlighting a corrupt target.
Why the Distinction Matters More Than Ever
Collapsing the distinction between principled digital resistance and profit-motivated crime dressed in the language of justice comes at a cost. The cost is paid by everyone who genuinely needs the former.
When we celebrate organised criminal syndicates as hacktivists, we achieve two things simultaneously:
- We romanticise the crime by draping it in a moral narrative that it has not earned.
- We delegitimise the authentic version.
In the public mind, genuine whistleblowers occupy the same conceptual category as a syndicate that charges R40,000 to clear a rates bill. This is not a neutral confusion. It makes it harder to protect and support genuine whistleblowers and easier for criminal syndicates to hide behind borrowed credibility.
From a cyberpsychology standpoint, what this moment in Ekurhuleni represents is a failure of digital moral literacy. Not stupidity nor naivety. It is a failure of the cognitive tools needed to evaluate accurately digital actors and their claims in a context where the institutional landscape has been so degraded that any act of disruption is perceived as an act of resistance.
Bad actors, including state-affiliated hacktivist groups such as Iran’s Handala Hack Team, and ideologically motivated networks operating globally, understand and exploit this environment. They know that populations exhausted by institutional failure will be less critical of anyone who appears to be fighting back. They know that the label hacktivist carries a romantic connotation. They use this to create a cover for operations that serve narrow interests entirely unrelated to the justice they claim to deliver.
The question posed by human resilience, and cyberpsychology is not whether people should be angry. Rather what we do with that anger. Does it make us more discerning about who is acting in our best interests, or does it make us more susceptible to misinformation?
The residents of Ekurhuleni were failed by their municipality. The syndicate that cleared their bills did not repair a single pothole, restore a single hour of power, or return a single rand to the public coffers. They simply extracted more efficiently from the same broken system that the residents were already living with, and with better PR.
Conclusion: Scrutiny Is Not Cynicism
There is a version of this story that ends with a simple moral “hacktivism is bad, the law is good, and you should trust the system”. This isn’t that version.
The Panama Papers were important. So were Edward Snowden’s revelations about mass surveillance. Anonymous’s actions against authoritarian governments during the Arab Spring were consequential in several cases, helping people in real danger. Digital resistance is not inherently illegitimate. The history of civil disobedience is the story of individuals who broke necessary rules at personal cost in the name of something greater than themselves.
But here is what the romanticism of digital resistance consistently obscures: hacktivism is still a crime. Every case discussed in this article involved acts that were illegal under the laws of the jurisdictions in which they occurred. Their motives don’t change that. The law has no clause for good intentions, and the consequences, as Ashley Madison’s victims learned at the most devastating cost, do not discriminate between the guilty and the innocent.
What is illegitimate is applying that moral weight indiscriminately. It is dangerous to be in a psychological state where the failure of institutions has so corroded our scrutiny that we cheer anyone who appears to be fighting without asking who they are fighting for.
Scrutiny is not the same as cynicism. Asking ‘Who benefits, and how?’ is not the same as defending a broken system. In a digital environment that is designed to exploit the gap between what we see and what is true, it is the most basic act of cognitive self-defence available to us.
The hackers who cleared Ekurhuleni’s billing records were not heroes. They were a syndicate. The difference is not just legal. It is human. Being able to tell the difference is increasingly not optional.
Taryn-Lee Potgieter – Head of Brand Growth | Psychology student at SACAP
References
OMA Chartered Accountants forensic report on the Ekurhuleni billing breach, July 2025 — via TimesLIVE
Eyewitness News: Ekurhuleni municipality takes legal action over tampered electricity accounts, March 2025
News24: Scopa hears how hackers siphoned R2bn from Ekurhuleni, May 2026
The Star: Pressure mounts for SIU probe into Ekurhuleni’s R2 billion billing scandal, May 2026
Freedom Front Plus: Ekurhuleni’s R2 billion cybercrime scandal proves total governance collapse
TechTarget: What is Hacktivism?
Group-IB: What is Hacktivism? Meaning, Examples & How to Respond, July 2025
Trend Micro: What is Hacktivism? November 2025
Wikipedia: Panama Papers
Bandura, A. (2002). Selective moral disengagement in the exercise of moral agency. Journal of Moral Education, 31(2), 101–119 — via ScienceDirect meta-analysis
Cyberpsychology, Behavior, and Social Networking: A Game Theoretical Approach to Hacktivism (hacktivist payoff research)
Monash University: Human Rights and Hacktivism: The Cases of Wikileaks and Anonymous
Oxford University Press Blog: Wikileaks, transparency, and the ethics of hacktivism, March 2016
Academia.edu: Updating Civil Disobedience — Whistleblowing, Anonymous Hacktivism, and Academic Piracy
Wikipedia: Handala Hack Team
Cyber Security Agency of Singapore: Hacktivism during Military Conflict: The Anonymous Hacker Collective (2022)
Cybersecurity lessons learned from the Ashley madison hack
Ashely Madison: ‘Suicides’ over website hack