For many of us, 2020 has been a very dangerous year. Alongside the usual headline grabbers like wars, violent crime, and terrorism, we also faced more insidious, creeping threats: a pandemic that has claimed more than 300,000 American lives, and the lives of 1.5 million people worldwide, thanks in part to waves of viral lies dismissing Covid-19’s deathly serious effects. Hackers who have spied on, attacked, and extorted countless companies and government institutions—including even hospitals—during a global health crisis. And a US president who has sought to fundamentally undermine both the response to the Covid-19 pandemic and democracy itself with nakedly self-serving, corrosive misinformation.
In a locked-down and socially distanced year that for many of us was spent more online than off, the presence of those dangers on the internet has never felt more real. Digital threats and information warfare were, in 2020, some of the most harmful forces in our society. Every year, WIRED assembles a list of the most dangerous people on the internet. In some respects, the actions of this year’s candidates resemble those of years past, from destructive hacking to sowing disinformation. But in a year where human society seemed more fragile than ever, the consequences of those actions have never been more grave.
For the sixth year in a row, Donald Trump tops our list. As his presidential term comes to an end, he remains the world’s single most powerful source of disinformation and the internet’s most toxic cyberbully. Trump has used his massive Twitter presence to downplay fears of Covid-19 and confuse public understanding since the virus’s earliest days, at a time when an organized response might have saved thousands of lives. He went on to promote unproven and eventually discredited treatments for the disease, like the antimalarial drug hydroxychloroquine. He demanded the “liberation” of states whose governors instituted restrictions on businesses to stop the spread of Covid-19, and helped refashion the choice to wear a mask into a partisan political issue. In the wake of the death of George Floyd at the hands of Minneapolis police, he railed against the Black Lives Matter protestors in cities across the US, painting them exclusively as rioters and fanning the flames of violence with online declarations like “when the looting starts, the shooting starts.” And he spent the last months of his presidency in a shameful, deranged attempt to convince his followers that the results of an election he squarely lost to Joe Biden were rigged, an assertion that even his own administration officials have stated has no basis in reality. The damage Trump has inflicted with social media alone will resonate through history. And as he reportedly lays the groundwork for a 2024 run, that damage will continue.
For years, Facebook founder Mark Zuckerberg has watched as his social network amplified misinformation and was repeatedly exploited as a mouthpiece for government-created troll accounts. His failure to respond to those problems was widely blamed for contributing to the election of Donald Trump in 2016. Even now, when the election put the same spotlight on Facebook four years later, Zuckerberg proved unwilling to risk any fraction of his company’s growth and dominance to curb the flow of false information. While Facebook has made changes to its newsfeed algorithms and added fact-checking addenda to President Trump’s claims of a stolen election, those changes came largely after the election, when he’d already been sowing the seeds of doubt about the electoral system for months. Facebook has also been one of the greatest sources of Covid-19 disinformation and anti-vaccination myths that will haunt the world in the months to come. And as one whistleblower pointed out, it still fails to stop governments around the world from flooding the platform with propaganda posted by troll accounts. Other platforms have spread misinformation, too, including Twitter and YouTube, but the scale and global reach of Facebook set it apart. So does Zuckerberg’s attitude towards the problem: He remains defiant, maintaining that Facebook should not be an “arbiter of truth.” Until he changes that stance, his creation will remain a megaphone for lies.
For well over a year, a single group of hackers—known by the placeholder name UNC2452, but widely believed to be working on behalf of Russia’s SVR foreign intelligence agency—has breached countless government agencies and companies, all via the hijacked software updates of a single product: the IT management tool Orion, distributed by tech firm SolarWinds. Every available clue since the breaches were revealed in mid-December indicates that only a small fraction of the thousands of companies that downloaded the backdoored software were actual targets of the operation, and that the hacking of those targets was focused solely on espionage. But those targets nonetheless included federal agencies like the US State Department, the National Institute of Health, and the Department of Energy, among many others. Rarely, if ever before in history have so many high-value victims been compromised by such a singular, insidious hacking technique. The SolarWinds operation and the mysterious hackers behind it have no doubt inflicted serious damage to US national security with their data theft. They’ve also demonstrated the ability to do far more harm if they had decided—or still decide in the future—to use their supply chain hijacking techniques for more destructive purposes.
Aside from Donald Trump himself, the most dangerous purveyor of Covid-19 disinformation over the past year has perhaps been Scott Atlas, who served as an adviser on the White House’s coronavirus task force until his resignation at the end of November. Atlas, a neuroradiology expert at Stanford’s Hoover Institution, got the president’s attention by echoing his criticism of pandemic lockdown measures during appearances on Fox News. His appointment to the task force was met with a letter from dozens of Stanford’s doctors pointing to “falsehoods and misrepresentation of science” in their colleague’s public positions. Atlas has advocated for a policy of infecting more people with Covid-19 as part of a discredited theory of herd immunity, and he posted false messages that masks are ineffective at stopping the spread of the virus. He even called on Twitter for people to “rise up” against state government measures to control the virus like those in Michigan—a state where, just weeks earlier, militia members opposed to such measures had been arrested for planning to kidnap the governor. Atlas was hardly unique in making these misinformed, incendiary claims, but with the position of power he held for months, he has been uniquely dangerous.
Right-wing extremist groups have flourished during the Trump administration, but none have combined meme-y internet culture with real-world violence quite like the so-called Boogaloo Bois. A loose-knit group of gun-toting radical libertarians, the Boogaloo Bois aim to bring about a second civil war (“the Boogaloo”) and overthrow the federal government. The movement first surfaced on 4chan’s /k/ message board, a setting perfectly suited to its strange mix of jokey memes, trademark Hawaiian shirts, and calls for armed violence against federal officials. It later flourished on Facebook, which allowed it to quietly grow even as it banned the movement’s groups and posts that explicitly called for violence. This summer saw a string of violent incidents connected to the movement. In June, two alleged Boogaloo members were charged with shooting five police officers and courthouse security guards, killing two. Members of the movement also showed up at Black Lives Matter protests, sometimes provoking the police and threatening violence in the midst of otherwise peaceful demonstrations.
Jim and Ron Watkins
As the overseers of the 8chan and 8kun messages boards, Jim and Ron Watkins have fostered a fully unmoderated platform for racism, misogyny, and anti-Semitism. They’ve also provided a medium for another growing, dangerous movement disconnected from virtually all facts: QAnon. Since 2017, followers of the reality-free QAnon conspiracy theory have insisted that a satanic cult whose tendrils stretch from Washington to Hollywood is engaged in a massive pedophilia ring, and that only Donald Trump and a mysterious Deep State whistleblower known as Q can stop it. Adherents of this bizarre fantasy have been connected to assaults, terroristic threats, and harassment campaigns. Its cultish web of misguided beliefs grows year after year, fueled in part by public supporters like Marjorie Taylor Greene, who was elected to Congress in November. The origin of the QAnon conspiracy and the identity of Q remain a mystery, but multiple media investigations have theorized the Q persona may have been created by Jim Watkins himself, the owner of the 8chan message board where Q posted messages, or his son Ron Watkins, the Trump-sycophant administrator of 8kun, the 8chan successor that has also hosted Q’s communications. Those theories remain unconfirmed, and both men deny that they’re Q. At the very least, they’ve created fertile ground for that false prophet to seed a movement of deluded followers.
Before SolarWinds came to light, 2020 was arguably a year when the disruptive effects of cybercriminal hacking overtook state-sponsored cyberattacks. The global epidemic of ransomware caused billions of dollars in collective damage to companies and governments. No single group represents that wanton destruction as much as the operators of the TrickBot botnet. The botnet, which at its peak included more than a million computers, has been used to plant ransomware like Conti and Ryuk inside of countless networks, including medical research facilities and hospitals. It was also rented out to North Korea’s theft-focused Lazarus hackers.
In October, security researchers spotted a new element of TrickBot that seemed designed to hack computers’ deep-seated UEFI firmware—a technique that could make their malware far harder to detect or eradicate—and would represent the first known case of cybercriminals, rather than state-sponsored cyberspies, hacking UEFI. That same month, a tech industry alliance of security companies and Microsoft took legal action to force internet service providers to take down TrickBot’s US-based command-and-control servers. US Cyber Command launched a separate operation that hacked the botnet and cut off the majority of its enslaved machines from their operators. Given this group’s adaptability and aggression, however, expect TrickBot to return with a vengeance in 2021.
Hacking groups within Russia’s GRU military intelligence agency like Fancy Bear and Sandworm didn’t cause the sort of mayhem this year that they did in the last decade—or the electoral sabotage that the security community feared as November approached. But they didn’t exactly sit 2020 out, either: Microsoft warned in September that Fancy Bear had attempted to hack hundreds of targets, many of which were tied to the upcoming election, including political campaigns and consultancies. In November, UK and US intelligence jointly warned that the GRU hackers had also laid the groundwork to sabotage the 2020 Summer Olympics in Tokyo, before the games were ultimately delayed due to Covid-19. That cybersabotage was seemingly intended as another act of revenge for Russia being banned from the Olympics for its athletes’ coordinated use of performance-enhancing drugs. Given that the GRU hackers known as Sandworm carried out a cyberattack that crippled the IT backend of the 2018 Winter Olympics in Pyeongchang in exactly that sort of retaliatory action, a repeat performance was to be expected. And with the Tokyo Olympics now scheduled for the summer of 2021, be prepared for the GRU’s hackers to try yet again.
The GRU and SVR weren’t the only Russian hackers breaching US critical infrastructure and threatening electoral systems over the last year. So, too, was a group known as Berserk Bear, widely believed to work in the service of Russia’s FSB. In October, the Cybersecurity and Infrastructure Security Agency warned that Berserk Bear had carried out a broad hacking campaign targeting state, local, territorial, and tribal government agencies, as well as victims in the aviation sector. Exactly what that hacking spree was intended to accomplish remains far from clear. In fact, Berserk Bear has breached sensitive American targets for years, including a series of power grid compromises in 2017 that gave them hands-on-the-controls access to some US electric utilities. Unlike the GRU, the group has never pulled the trigger; it’s never actually used its access to carry out disruptive actions. But its continued efforts to hold US critical infrastructure at risk makes it one of the world’s most dangerous hacking teams.
Iran’s IRGC Hackers
Despite the security community’s fears that Russia would repeat its 2016 election interference this year, it was Iran who got caught attempting an actual influence operation designed to sow chaos in the early days of November. After gaining access to US voter registration data, hackers working for Iran’s Islamic Revolutionary Guard Corps sent a blast of emails to Florida voters, impersonating the alt-right Proud Boys group and threatening anyone who didn’t vote for Trump, according to the Office of the Director of National Intelligence. The intimidation campaign seemed less designed to sway the election for Trump than to create confusion and further political division. By almost any measure, it failed: US intelligence unmasked the campaign almost immediately. Nonetheless, it demonstrates the growing desire of Iran’s IRGC to reach across the world and inject chaos.
More From WIRED’s Year in Review