Over Christmas a busy, secretive group were at work, with their own views on who had been naughty and nice. However it was not Santa's elves, but the amorphous "Anonymous" collective making the decisions. This group of hackers released a vast trove of email addresses, passwords and credit card information belonging to subscribers of the US intelligence company Stratfor – and the hangover has carried on into the new year, with the release of MoD and Nato officials' details.

Stratfor, an authority on strategic and tactical intelligence issues, is considered by some to be a "shadow CIA", and provides intelligence analysis and both private and public briefings on all manner of issues. The release by Anonymous kicked off discussion about how such a breach was possible at a high-profile company specialising in all things security, as well as why it had attracted the attention of Anonymous.

Many of the thousands of email addresses and personal details belonged to people in sensitive posts within the defence and intelligence communities. Although the publication of email addresses (hardly state secrets) is not a threat in itself, their disclosure can only be extremely embarrassing for a company selling itself as an expert on security, while the release of passwords adds to the alarm.

But it is a mistake to talk of Anonymous's motives as if it were a cohesive whole. The group is a loose collection of people with different aims, involving themselves in different "operations" as they see fit. It is leaderless, it doesn't have a manifesto, it doesn't have a particular direction, nor does it go in only one direction at any one time. Given that membership of Anonymous is based entirely on self-identification, it seems that the only real way of assessing the group as a whole is on the basis of the kinds of actions it carries out. It is essentially a banner under which hacktivists and tech-savvy individuals with a political or social agenda can rally.

So why attack Stratfor? Well, as Anonymous put it, "to wreak unholy havok [sic] upon the systems and personal email accounts of these rich and powerful oppressors. Kill, kitties, kill and burn them down … peacefully. XD XD." Yet, despite the mischievous way it expresses itself, a significant portion of Anonymous's focus is political. It's not just about lulz or showing off any more. The point of these actions is to draw attention to how companies such as Stratfor, or organisations such as Nato are, in its view, "holders of power in a world that has long been governed in accordance with the dictate that might makes right".

The various Anonymous communication channels, and supporters, would point to what they see as moves in the US to restrict liberty, from the Bradley Manning case to the so-called Stop Online Piracy Act, which will give unprecedented web censorship powers; from the treatment of Occupy protesters to the National Defence Authorisation Act opening up indefinite detention without trial. You don't need to be a hacker to think that the US is more deserving of a restraining order than a special relationship.

On this side of the Atlantic a recent government report on what it insists on calling "cyber" security, names hacktivism explicitly as a threat to national security. Yet nowhere is it made clear in the objectives of that report what the Ministry of Defence or Home Office are actually supposed to do about it. The omission may be sinister or merely incompetent. But as the Nato and MoD leaks highlight the porous nature of our online defences, taxpayers are entitled to ask what we are getting for the £650m the national cyber security programme costs. Or maybe not – after all, the lion's share of the spending is going to GCHQ and is secret. For now.

I have pointed out before that if people feel that the usual democratic routes are pointless they will find means of direct action and protest. Many balk at Anonymous's apparent disregard for the potential human collateral in their methods – but there is no denying that its mix of satire and activism is a powerful combination.

As I am writing this, Stratfor's website reads: "Stratfor Global Intelligence. As you may know, an unauthorised party illegally obtained and disclosed personally identifiable information … of some of our subscribers." It looks laughably unintelligent. In one fell swoop it exposes an uncomfortable truth that cyber-security experts would have us pay through the nose to ignore: as long as western governments fail to live up to their ideals and ours, there will always remain those who are equally determined and able to expose their secrets and embarrass those in power. The lulz just got serious.