Street activism meets online hacktivism in Catalonia

The recent push for independence in Catalonia has highlighted the part that cyber hacktivism can play in promoting and supporting popular street activism and protest.

The long-awaited referendum for Catalonia’s secession was held on 1 October 2017, despite being deemed illegal by both the Spanish government and the country’s Constitutional Court. However, even before the vote took place, thousands of demonstrators – both pro- and anti-independence – had taken to the streets in Barcelona and in other cities in the region. The authorities confiscated millions of ballot papers and arrested a number of political leaders involved in the pro-independence movement.

With thousands of activists on the streets or staging sit-ins, hacktivists launched their own form of protest with cyber attacks targeting a wide variety of government and commercial websites, attacks that continue some two months later.

Like the street demonstrations, the cyber attacks allied to the situation in Catalonia began before the referendum was held, and hacktivists from both sides of the political spectrum – both pro-and anti-independence for Catalonia – were initially active.

In September, for example, one hacker claimed to have hacked and leaked data from the Catalonian websites Gràcia per la independència and the research group SosteniPrA; he also published a message denigrating the actions of pro-independence activists.

However, it was after the referendum had taken place and following the reports of police brutality during the street demonstrations that the rate of attacks really picked up, and from 1 October onwards these focused solely on supporting the pro-independence movement.

The launch of #OpCatalunya quickly attracted the support of several hacker groups. As is often seen, well-publicised operations such as this usually involve human rights, perceptions of government over-reach or police brutality, all issues typically embraced by hacktivists.

In the case of #OpCatalunya, Spanish government and administrative websites were a popular target. For example, members of one group hacked and defaced the Community of Madrid website and took Spain’s Department of National Security offline. They later claimed to have hacked and leaked data from the Castilla-La Mancha Water Agency, before broadening their range to focus on media websites and even the Spanish Royal Family

Another group of hacktivists took responsibility for DDoS attacks against the Spanish Ministry of Defence website, while members of yet another said they had hacked and leaked data from the Spanish Policía Nacional.

The Greek branch of @Anonymous, @AnonymousGreece, targeted two commercial websites, while their counterparts from Albania, @AnonymousAlbania, launched DDoS attacks against Spanish government departments, before moving on to attack Real Madrid FC, all as part of #OpCatalunya.

@PeruvianHackers, meanwhile, claimed to have hacked and defaced the Asociación Pro Guardia Civil website "in support of the people of Catalonia".

A new operation called #OpSaveCatalonia was also launched, with hacktivists campaigning specifically against police brutality after the Civil Guard’s heavy-handed response to the referendum on 1 October.

Individual hacktivists were also at work: one hacked and leaked data from Museos de Andalucía and the University of Malaga, and another said he had exploited the Heartbleed vulnerability against the website for Metro Málaga; he also claimed to have leaked data from the University of Cadiz, and the Federación Canaria de Municipios.

Further DDoS attacks against various Spanish government websites illustrated yet another example of hacktivists joining with their counterparts to support an operation aligned with their overall beliefs: one prominent hacker had previously been involved in targeting Israeli websites, while another was very active in #OpMyanmar, which was launched in response to the Rohingya muslim crisis.

In mid-November, to coincide with the General Strike that was called in Catalonia, members of @Anonymous posted another message to place the spotlight back on #OpCatalunya. Entitled "And yet, another call for help from Catalonia OpCatalunya", it detailed how the Catalan president and four ministers were in exile in Belgium awaiting possible extradition proceedings, while other Catalan ministers had been imprisoned and charged with crimes such as rebellion, sedition and embezzlement, leaving them facing up to 30 years in prison. Denouncing the government as ‘fascist’, the hacktivists called for cyber attacks against “big companies ruling in Spain” to show “solidarity with people”.

Further attacks – again exclusively targeting Spanish websites – continued. They included members of one group hacking and stealing data from the website for San Javier, as well as threatening to attack the Spanish National Police website.

In the first week of December, there has been a decrease in the number of attacks allied to #OpCatalunya. However, a new regional election is due to be held in Catalonia on Thursday, 21 December 2017, with all 135 parliamentary seats available. Given the current highly charged political situation in the region, we expect a new series of cyber attacks to accompany the street demonstrations that are very likely to take place as voters go to the polls. We will therefore continue to monitor the situation closely. Companies operating in the region are also advised to exercise caution and ensure that their cyber security measures are fully implemented and up-to-date.

To find out how Cyjax can help protect your organisation from cyber threats, visit our website:

Scroll to Top