Headline
The Most Dangerous People on the Internet in 2022
From SBF to the GRU, these were the most disruptive forces of online chaos this year.
Russian soldiers poured into Ukraine, accompanied by a wave of cyberattacks across the country. A major cryptocurrency exchange imploded and declared bankruptcy, vaporizing billions of dollars from that digital economy. The once-biggest dark-web drug market—after being demolished by law enforcement—clawed back to the top of the online underworld after doggedly resurrecting itself.
It’s not 2014, though you could be forgiven for being confused. No, all these episodes of global chaos occurred in 2022, each one a rerun of previous events, but now with the threat they posed vastly multiplied in scale.
This year, some of the phantoms of the Trump era and the Covid-19 pandemic finally seemed to recede—only to make room for new threats and the return of ghosts of years past. The same dictators—Vladimir Putin, Xi Jinping, Kim Jong Un—who have long threatened the global order, their geographic neighbors, and their countries’ own citizens. Fresher digital threats like India’s slide into online repression, and brazen cybercriminals displaying more ruthlessness than ever. And then there were some vestiges of the Trump era that seemed to have hung on, such as one particularly loud and quixotic billionaire with a large, cultlike following, seemingly doing his best to singlehandedly corrupt social media.
Every year, WIRED assembles a list of the most dangerous people on the internet. For the first time since 2015, Donald Trump doesn’t top this list. But there’s no shortage of new sources of instability and disruption online. Here are our picks for 2022.
Sam Bankman-Fried
For its entire existence, the cryptocurrency world has been plagued with money laundering, theft, and scams, from Bitcoin-powered dark-web drug markets to billions of dollars stolen from crypto companies by rogue hackers. But one of the most dangerous players in the crypto economy, it seems, was hiding in plain sight. In the collapse of cryptocurrency exchange FTX, a poster boy for cryptocurrency’s growing legitimacy, Sam Bankman-Fried, now stands accused of more than $8 billion in fraud. The rippling fallout for the cryptocurrency economy could be far larger, and the tangled dealings and mismanagement of user funds in FTX’s meltdown have yet to be fully unraveled—even the company’s new CEO John Ray, who also handled the bankruptcy of Enron, says he’s never seen a bigger mess. Under Bankman-Fried’s hands-on leadership, FTX invested vast sums of users’ cryptocurrency in his own trading platform Alameda Research, which has also gone bankrupt. Aside from those enormous losses, Bankman-Fried represents a particularly troubling figure for the ills of the crypto economy: Unlike so many others in the crypto world, he had appeared to actually welcome tighter government controls of the industry. Now, like a hybrid of Elizabeth Holmes and Lehman Brothers, he’s come to represent the face of regulatory capture.
Elon Musk
The antics of Elon Musk, as a Willy Wonka figure with his mercuriality dialed up to 11, seemed harmless enough—or possibly even a net good for human progress—when he was focused on next-generation rockets and electric cars. But with his acquisition of Twitter, the dark side of Musk was put on display, and the fickle power of the (sometimes) world’s richest man suddenly threatened a central institution of the internet. Musk’s immediate, summary layoffs of thousands of Twitter’s staffers put at risk key functions of a service that serves as a central artery of digital conversation. Sure, he justified lifting Twitter’s ban on neo-Nazis like Andrew Anglin as well as former president Donald Trump (after the latter was removed from Twitter after using it to incite the January 6 riots and invasion of the US Capitol building) with free speech arguments. But Twitter’s new emperor has also decimated its staff of content moderators, leading to situations like a single staffer being left to police child abuse content on Twitter for all of Japan and the Asia-Pacific region. Under Musk’s watch, Twitter has also banned left-wing accounts he described as “antifa,” contradicting his stance on free speech. Just days after the acquisition, Musk briefly tweeted—then deleted—disinformation that the man who attacked US House speaker Nancy Pelosi’s husband in October was his gay lover. Later, he seemed to call for the prosecution of the White House’s chief medical advisor Anthony Fauci for his handling of the Covid-19 pandemic, without explanation. In doing so, he offered a glimpse of the conspiracy-minded politics and trolling that truly drive his actions. Twitter hasn’t collapsed under Musk, as some of its doomsayers predicted. But it may be morphing into the worst version of itself.
Xi Jinping
Xi Jinping has presided over some of China’s worst human rights abuses, including its mass internment of Uyghur Muslims in Xinjiang and the crackdown on protestors in Hong Kong. Each of those waves of repression has come with its own accompanying tightening of restrictions online, as censors scoured social media for any reference to protests and Han Chinese police in Xinjiang even demanded that Uyghurs download an app that scans their phones for banned content. This year, the protests against China’s draconian zero-Covid lockdowns have triggered a new online crackdown, one in which even “liking” a post about protests is deemed illegal and signs of misbehavior are tracked in a regulated “credit system” that can lead to users being summarily banned from online platforms. Xi has already established himself as the most powerful figure in China’s government in decades, taking an unprecedented third term as head of the Chinese Communist Party. He’s made clear that authoritarian power will extend deep into the digital lives of the world’s biggest population of internet users.
Narendra Modi
Under Modi and his party, the BJP, India has become increasingly China-like in its repression of protests both physical and digital. In just the past few years, the Indian government temporarily shut down the internet in the embattled region of Kashmir, banned a large collection of China-based apps including TikTok, and just weeks ago delegated oversight of content moderation decisions on social media to a three-person group—a move widely seen as the latest step in the government’s attempts to tighten its grip on those platforms. In perhaps the most appalling case of digital repression, security researchers this year revealed that hackers who fabricated evidence on the computers of activists in the region near the city of Pune had ties to the very same Pune police who arrested those activists. One of the activists targeted in that frame job died in detention. Eleven other defendants in the case remain in jail. Modi’s India has proven that even a so-called democracy offers no guarantees of a remotely free internet.
GRU
Russia’s GRU military intelligence agency has, for years, been home to some of the most aggressive and dangerous hackers in the world. The GRU groups known as Sandworm and APT28 have, in just the past seven years, triggered two blackouts in Ukraine, launched the hack-and-leak operation designed to sway the US 2016 election, released the NotPetya malware that spread worldwide and caused at least $10 billion in damage, and tried to destroy the backend of the 2018 Olympics. In 2022, thanks to Russia’s unprovoked and brutal war in Ukraine, the GRU’s focus zeroed in again on the country that has long been Russia’s favorite hacking victim. In 2022, it launched countless cyberattacks designed to destroy data on Ukrainian government and corporate networks, often in tandem with physical attacks carried out by the invasion forces. One GRU malware attack went so far as to disable communications to 5,000 wind turbines across Germany in a case of collateral damage reminiscent of NotPetya. The GRU’s Sandworm hackers also attempted a third blackout attack in Ukraine, which—according to Ukraine’s government at least—defenders managed to foil this time. A+ for continued wanton, reckless aggression. B- for execution.
DeSnake
When the dark-web market for drugs and hacked data known as AlphaBay was shut down in 2017 and its creator Alexandre Cazes was found dead in a Thai jail cell, it seemed the story of AlphaBay was over. Then, in the summer of last year, fully four years after that massive bust, AlphaBay relaunched under the command of its cofounder and Cazes’ top lieutenant, known only as DeSnake. In the year-plus since then, DeSnake has dragged AlphaBay back to the top of the dark web’s competing scrum of criminal markets. To his credit, he’s set more rules for what can be sold on his black market than Cazes ever did, banning the sale of fentanyl and ransomware tools, for instance. But AlphaBay remains a bustling criminal bazaar for hard drugs and stolen data, and it may be harder to shut down than ever. DeSnake has implemented security upgrades to the site, such as allowing only the harder-to-trace cryptocurrency Monero instead of Bitcoin. And he also claims to be located in the former Soviet Union—potentially putting him far farther beyond the reach of law enforcement than his unlucky predecessor.
Lazarus
In 2022, North Korea continued to distinguish itself as the world’s top perpetrator of state-sponsored cybercrime: Its government hackers continued to steal hundreds of millions of dollars worth of loot, largely in the form of cryptocurrency, from targets around the globe. That spree of burglaries actually seems to be escalating. According to the blockchain analysis firm Chainalysis, North Korean thieves took in $840 million in the first five months of 2022 alone, more than the previous two years combined. Some $600 million of that came from just one heist. All of it goes toward funding one of the worst regimes in the world, with hundreds of thousands of political prisoners in concentration camps and a tendency to fire missiles over its neighbors’ heads.
Conti
The scourge of ransomware continued to plague the world in 2022, and no group illustrated that threat better than Conti. In the first months of the year, the group hit dozens of corporate and government targets. Most catastrophically, it launched a wave of crippling cyberattacks across Costa Rica, shutting down 27 government bodies and medical services there and leading to a national state of emergency. After Russia’s invasion of Ukraine, Conti declared its full support for that war—a decision that led to one of its disgruntled members leaking a vast trove of the group’s internal communications online. Conti has subsequently shut down, but likely only in name. Its hackers may have rebranded and splintered, but the chaos that is their business model will no doubt persist.
Lapsus$
The only thing more dangerous than a group of ruthless ransomware hackers is a group of ruthless ransomware hackers who are also teenagers. In December of 2021, Lapsus$ made its entrance onto the hacking scene with a cyberattack on the Brazilian Ministry of Health in the midst of its Covid-19 response. It’s since carried out a spree of splashy, often nihilistic breaches of major tech firms including Uber, Okta, Rockstar Games, Nvidia, Microsoft, Samsung, and Vodafone. Last spring, British law enforcement arrested seven people suspected of being members of the group, all ages 16 to 21. Those arrests included Lapsus$’s alleged 16-year-old “mastermind.” But inexplicably, those suspects were released without charges, and the group’s “hacker joyride” rolls on.
APT41
For years, China’s hackers focused on by-the-book espionage. But more recently, one group, known as APT41, has proven itself to be the closest thing China has to North Korean state-sponsored cybercriminals. That group, which the US Department of Justice tied in an indictment to the Ministry of State Security contractor known as Chengdu 404, has for years moonlighted as a for-profit cybercriminal outfit. Just this month, the group was linked to the theft of $20 million in Covid-19 relief funds, an unprecedented robbery of US government money by a Chinese state-sponsored hacking outfit. Meanwhile, APT41 was also responsible for dozens of espionage-focused intrusions across the world this year, according to analysts at PricewaterhouseCoopers, which calls the group the most prolific cyberspying operation in the world. Despite the Justice Department charging seven of the group’s members in 2020, they remain at large, and their unique blend of espionage and outright theft continues unabated.