Gamergate and the new horde of digital saboteurs
Gamergate revealed just how quickly online mobs are able to harness hacker tools to intimidate, harass, and humiliate.
Jacob Turcotte/Staff
Chicago
Whether the crux of Gamergate is ethics in video game journalism or misogyny among gamers continues to spark heated debate online. But there's no denying the pressing security risk that befalls anyone daring to loudly question the motives of its backers.
In addition to the vile language and sexism that characterized this three-month-plus online slugfest, it has also led to criminal hacks, online threats of violence, and digital smear campaigns. In one prominent case, an independent video game company’s website was hacked, with sensitive financial data spread across the Web. Even more troubling, three women in the game industry fled their homes after critics revealed their addresses along with warnings of violence.
It’s a new kind of digital nightmare, where anyone with an axe to grind and a big enough online megaphone can mobilize thousands of people, mostly anonymous, to use an arsenal of digital weapons to wage war on opponents.
In the case of Gamergate, the threats have typically been aimed at women in gaming and the people who support them. Their tactics have included “doxing” victims, which refers to the act of gathering a trove of private information and spreading it around the Web. And the favorite venue for the aggressors’ to organize are places such as 4chan and Reddit, less so on YouTube, Tumblr, and Twitter. They have no online preference when it comes to where they spread their vitriol.
These digital frontal assaults have “become expected in [any] online tussle,” says Jamie Bartlett, director of the Centre for the Analysis of Social Media at the think tank Demos in London. "It's almost like, the standard set of itinerary that everyone uses.”
One person will find the home address, he says, and another will then try to “one-up them” by finding more sensitive information. “The herd mentality kicks in and the victim becomes nothing but an object of strange competitive urges.”
The gaming community is especially susceptible to security breaches, says Matt Comyns, the global co-head of cybersecurity at Russell Reynolds Associates, a corporate recruitment and consulting firm. Gamers can be an “overly zealous group of people that are technically sophisticated and can do a lot of damage.”
The 'doxing' crowd
Gamergate came about more than three months ago after a computer programmer named Eron Gjoni posted a 3,000 word screed, complete with details of private conversations, that chronicled the break-up of his relationship with Zoe Quinn, a then-relatively obscure independent game developer and feminist.
Even though she wasn’t popular in the mainstream, Ms. Quinn was well known in the video game community for the amount of critics her game about depression called Depression Quest drew. She'd been the subject of collective digital punishment before, in late 2013 and again earlier this year when Quinn’s game landed a spot on Steam, a popular online marketplace.
Many of her critics theorized that she must have cheated or manipulated her way onto the site at the time. The Mr. Gjoni post included an allegation that Quinn had a relationship with a gaming journalist, adding to their suspicions. Many of her critics took his claims as evidence of corruption in gaming journalism. So they coalesced around the #gamergate hashtag on social media, claiming they were out to expose a gaming conspiracy.
But the collective actions of the whipped-up online horde suggests otherwise. Gamergate supporters competed with one another to see how much sensitive or damaging information they could collect and reveal about Quinn. This kind of “doxing” is a favorite tactic among the hacktivist collective Anonymous. Her Tumblr, Dropbox, and Skype accounts were hacked, her phone number, home address, and other personal information were published on message boards, social media sites, even in comment sections of Reddit links and in news articles. Her family members’ details were also shared.
Many sites deleted the vulgar comments, including Quinn’s personal details (such comments are typically a violation of standard terms of use policies). But that was interpreted by the Gamergage ringleaders as censorship. When the online harassment didn't stop, Quinn left her home and is now unwilling to answer questions regarding the hacks and threats, citing a pending FBI investigation.
The Wu counteroffensive
One female independent game developer targeted by Gamergate supporters launched a counteroffensive to expose her doxers. Brianna Wu says she raised an $11,000 bounty for personal information about doxers so “we could get police to get them prosecuted." What's more, says Ms. Wu, "the only thing that stops people from doing this is consequences.”
Wu had been threatened with rape and murder, had her social media accounts and company website targeted by hackers, and also fled her home for a period when the online threats escalated. Once the bounty became known, Wu says, “all the rape and death threats instantly stopped.”
But even though Wu was able to ward off attackers by threatening their anonymity, the environment has become so toxic in some corners of the gaming community that some developers have quit the business.
After game developer Phil Fish publicly defended Quinn, he too became a victim of hacks and online attacks. After his company’s site was hacked and its financial information made public online, Fish said he was selling the company.
Others have left, too. In September, Markus Persson, creator of the hit game Minecraft, left his company citing the “hate” and “negative comments” that befell his digital life. Writer Jenn Frank ended her career writing about video games following a bout of harassment, which included doxing the wrong “Jenn Frank” in a different state, after she wrote an Op-Ed about Quinn.
Security experts point to Gamergate as a prime example for why everyone on the Web should be vigilant about protecting e-mail accounts, personal websites, and sensitive data. Maybe two-factor identification may have prevented some of the hacks, say experts.
Wu admits she did not have two-factor authentication on her personal and company Apple accounts before it was targeted in a concerted hack attempt (the perpetrators weren’t successful). She since added the extra layer of security. In fact, Wu hired a specialist to audit her company’s security, including every employee, “from top to bottom.”
The ease with which aggressors can find and distribute sensitive information to intimidate opponents is a fact of life on the Web, and an enduring legacy of Gamergate. Gamergate isn't the first instance of this kind of online sabotage, but by far the largest to date. When home addresses are shared alongside warnings of personal harm, virtual threats quickly become very real.
While Google will remove a person’s personal financial details from results, it generally does not yank down home address or phone numbers. It will, however, try to hide images deemed offensive either by removing them from search results or placing them behind the Safe Search filter. Several nude photos of Quinn were also circulated at the same time as her other information. Those photos still show up in searches.
When reached for comment on their policies, a Google spokesperson directed a reporter to its removal policy page and wrote: “Google Search generally reflects what’s on the Web, and we offer free advice and resources on how to get content removed from the web. We also offer more general advice on how to manage your reputation online.”