Headline
The Most Dangerous People on the Internet in 2023
From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.
In 2023, the world has felt like it was balanced on a precipice. A United States presidential election looms, with a resurgent candidate that threatens to bring with him all the chaos of 2016 and 2020. Artificial intelligence developed so quickly that it seemed to have suddenly sprung into being, heralding vast societal promise and disruption just around the bend of its exponential curve. And the world’s richest man continued to use his power to push for a more reckless tech world, from free-for-all social media and oversold assisted-driving features to AI with a “rebellious streak.”
In the midst of that uncertainty, a new war between Israel and Hamas added more atrocities alongside the slow-burning horrors of Russia’s invasion of Ukraine. These wars have echoed across the internet in propaganda, hate speech, and cyberattacks that triggered widespread real-world effects. Chinese state-sponsored hackers, meanwhile, sowed the seeds for a future cyberwar, and ransomware gangs resurged. It was a banner year for chaos, present and impending, and all reflected in the digital mirror.
Each year, WIRED assembles a list of the most dangerous people, groups, and organizations on the internet—both those who intentionally endanger innocent people and those whose actions, regardless of their intent, destabilize the world as we know it in myriad ways. Here, in no particular order, are our picks for 2023.
Elon Musk
A year ago, it might have still been fair to regard Elon Musk as a brilliant technologist with occasional destructive, trollish tendencies. In 2023, those tendencies seemed to take over his public identity. Twitter, now renamed X thanks to Musk’s branding whims, this year invited back conspiracy theorists like Alex Jones and even amplified one account’s antisemitic statements. When advertisers complained, Musk managed in a single conversation to both apologize for that blunder and tell them, “Go fuck yourself.”
Before that, in July, Musk had said that his social media platform’s ad revenue had fallen by half—all of which calls into question whether this once-central platform for online conversation will survive Musk’s reign, and in what form.
In the midst of that meltdown, Musk’s new startup xAI released Grok, an AI chatbot Musk celebrated for having fewer guardrails than OpenAI’s ChatGPT. Musk faces calls for an SEC investigation for his comments about how monkeys died in experiments carried out by his brain implant startup Neuralink. And in mid-December, Tesla recalled nearly every model of its vehicles sold in the US to fix an Autopilot feature. The National Highway Traffic Safety Administration found that Tesla’s safety measures for assuring that drivers paying attention—which many no doubt were not, perhaps thanks in part to Musk’s own descriptions of the assisted-driving feature—were inadequate.
Five years ago, WIRED put Musk’s face on the cover with a story that described his Dr. Jekyll and Mr. Hyde personality. These days, it’s becoming clearer which side of that split personality dominates.
Cl0p
In 2023, ransomware resurged. According to cryptocurrency firm Chainalysis, it appears to be on track to be the second-worst year on record in terms of total extortion payments collected by the ransomware industry’s coercive gangs of hackers. But perhaps no group did more damage this year than the people behind the Cl0p malware.
In May, the Cl0p gang began exploiting a zero-day vulnerability in the MOVEit file transfer software and used it to carry out a shocking spree of intrusions across more than 2,000 organizations, according to ransomware-focused security firm Emsisoft. A single victim, medical firm Maximus, lost control of the data of at least 8 million people in the breach. The hackers stole data from the state government of Maine on another 1.3 million. In total, at least 62 million people were affected, and Cl0p’s hackers remain at large.
Alphv
If Cl0p were the most ruthless ransomware hackers of the year, Alphv, also known as Black Cat, were certainly in close contention. The group, which has ties to the hackers who carried out the 2021 cyberattack on the Colonial Pipeline, gained a new level of notoriety in September when it targeted MGM Resorts International, shutting down computer systems across the hotel and casino chain and ultimately doing $100 million in damage, by MGM’s estimate. More broadly, the FBI says that Alphv has compromised over a thousand organizations and extracted more than $300 million in ransoms.
In mid-December, the FBI announced that it had seized the dark-web site where Alphv publishes its victims’ stolen data. Hours later, the site reappeared, and Alphv defiantly announced it had “unseized” it and would no longer abide by a rule not to target critical infrastructure systems. The site was soon taken down again. But given that no members of the group have been arrested or even indicted in absentia, its chaos will likely continue.
Hamas
No event of 2023 has shaken geopolitics as suddenly and shockingly as Hamas’ atrocities against civilians in Southern Israel on October 7. The attacks, in which Hamas militants killed 1,200 people and took hundreds of hostages, immediately triggered a war that threatens to destabilize the region. It has also shaken the tech world, where it has raised questions about the digital technologies that have enabled Hamas, from the millions of dollars the group raised via cryptocurrency to its channels on Telegram, where it distributes propaganda and videos of its violence. When ISIS came to prominence in 2014, it forced every technology platform in the world to question whether and how it enabled extremist violence. Now, a decade later, a new round of horrific bloodletting shows how that reckoning continues.
Sandworm
Despite sanctions, indictments, and even a $10 million bounty, Russia’s team of hyper-aggressive military intelligence hackers known as Sandworm are still out there—and still active. As Russia’s invasion of Ukraine grinds toward its third brutal year, in fact, they appear to have turned their focus to that conflict.
This year, Sandworm was revealed to have carried out a third blackout cyberattack against a Ukrainian electric utility, this time in the midst of a Russian air strike hitting the same city. It later penetrated Ukrainian military communications in a more traditional espionage-focused effort to gain an advantage during Ukraine’s counteroffensive. And evidence points to Sandworm’s responsibility for a cyberattack just this month that hit the telecom Kyivstar, taking out internet and mobile communications for millions amid another series of strikes. The group, in other words, continues to earn its reputation as the Kremlin’s most dangerous hackers.
Volt Typhoon
For years, the cybersecurity community has asked itself who might be the “Sandworm of China.” This year provided perhaps the closest thing yet to an answer. The hacker group dubbed Volt Typhoon by Microsoft was revealed in May to have planted malware in power grid networks across the continental US and Guam, in some cases with an apparent eye toward controlling the flow of electricity to US military bases. More recently, The Washington Post revealed that Volt Typhoon’s targets have extended to other kinds of critical infrastructure too, from an oil and gas pipeline to a major West Coast port and a Hawaiian water utility.
While the intentions of the group and its overseers are still far from clear, cybersecurity and geopolitical analysts increasingly see it as laying the groundwork to disrupt key US systems in the event of a crisis—such as China invading Taiwan.
Donald Trump
Last year, for the first time since 2015, Donald Trump was not included on this list. Hope you enjoyed the break!
Less than 11 months out from the 2024 US presidential election, Trump leads Republican primary polls by a wide margin. He has used his rekindled relevance to launch disturbing attacks on his perceived enemies, largely from his own right-wing-dominated Truth Social platform.