[ISN] `Hacktivists' of All Persuasions Take Their Struggle to the Web

From: mea culpa (jerichot_private)
Date: Sat Oct 31 1998 - 14:27:46 PST


[Moderator: I apologize for the duplicate topic, but this article covers a
 wider range of hacks and seems to cover the topic more thoroughly.]

October 31, 1998
`Hacktivists' of All Persuasions Take Their Struggle to the Web
By AMY HARMON

Until they declared "Netwar" against the Mexican government, Ricardo
Dominguez and Stefan Wray earned their activist credentials the
old-fashioned way, attending rallies in support of the Zapatista rebels,
handing out pamphlets, shouting political slogans. 

Now, the two New Yorkers organize "virtual sit-ins" and recruit computer
programmers to attack the World Wide Web sites of any person or company
they deem responsible for oppression. Their new rallying cry: "The
revolution will be digitized." 

Wray, 37, and Dominguez, 39, are co-founders of the Electronic Disturbance
Theater. It is one of several groups around the world that are beginning
to experiment with computer hacking, so far largely nuisance attacks and
the equivalent of electronic graffiti, as a means to a political end. 

"We see this as a form of electronic civil disobedience," Wray told a
group of about 75 people who had gathered in New York's East Village for
an "anti-Columbus Day" event in October. "We are transferring the
social-movement tactics of trespass and blockade to the Internet." 

The notion is a departure for both radical activists and hackers, whose
distinct, subversive subcultures have rarely intersected until recently.
In some ways, the two psychologies are polar opposites. 

Hackers, while reliably anti-authoritarian, tend to limit their critique
of the military-industrial complex to its imperfect computer security
apparatus. Enamored of their image as the cowboys of the electronic
frontier, most at least pay lip service to the hacker mantra, "information
wants to be free." 

But whatever capacity they might have to disrupt the social order has so
far been largely restricted to pointless vandalism and pinching the
occasional credit card number. 

Political activists, on the other hand, preoccupied as they are with the
power structure, have typically paid little heed to the information
infrastructure on which it rests. Motivated by the desire for social
change, they generally see building communities of support and cooperation
as essential. 

But the rapid growth of the Internet has transformed what was once a
hacker playground into, among other things, a far-reaching political
platform. What's more, the tricks invented by hackers have become easier
for activists to learn and adopt because they are now widely published on
how-to Web sites. 

As a result, radical groups are discovering what hackers have always
known: Traditional social institutions are more vulnerable in cyberspace
than they are in the physical world. Likewise, some members of the
famously sophomoric hacker underground are finding motivation in causes
other than ego gratification. 

In recent months, groups as diverse as the Animal Liberation Front, a
militant animal-rights group;  Radio4All, which supports pirate
broadcasting, and international teams of teen-agers with cyber pseudonyms
like Milworm and causes like anti-imperialism have increasingly begun
pumping political protest through the Internet's security holes. 

On Oct., 27, a day after China's human rights agency announced its new Web
site, the official view of that nation's human rights record was replaced
with an electronic trespasser's manifesto: "China's people have no rights
at all, never mind human rights. How can the United States trade millions
and millions of dollars with them and give them most-favored trade status
when they know what is happening?" 

Earlier in October, computer intruders scrawled "Save Kashmir" over the
opening screen of a Web site that the Indian government set up last summer
to provide information about the region, whose ownership is disputed by
Pakistan and several separatist groups. The hacked site included
photographs of Kashmiris allegedly killed by Indian forces, overlaid with
the words "massacre" and "extra-judicial execution." 

In June, after the Indian government conducted nuclear tests, college
students in Britain and the Netherlands claimed credit for placing the
image of a mushroom cloud on the Web site of India's major nuclear weapons
research center. 

In September, Portuguese hackers modified the sites of 40 Indonesian
servers to display the slogan "Free East Timor" in large black letters,
and they added hypertext links to Web sites describing Indonesian human
rights abuses in the former Portuguese colony. 

No slouches in packaging and self-promotion, the burgeoning computer
underground has adopted a catchy term for the trend: they call it
"hacktivism." 

"Hacktivism is a way to be heard by millions," a group of three Mexican
hackers known as X-Ploit wrote in an e-mail message to a reporter. "We
want to speak out about what we and many, many people disagree with in
this treasonous and corrupt government. If we protest both on line and off
line, we'll have better chances to see a change." 

The tactic is not limited to one end of the political spectrum. A group of
Serbian computer hackers this month claimed responsibility for crashing a
Web site promoting the ethnic Albanian cause in the Serbian province of
Kosovo. The Serbian newspaper Blic quoted one of the hackers as saying,
"We shall continue to remove ethnic Albanian lies from the Internet." 

Wednesday, the group, called Black Hand, after a clandestine Serbian
military organization at the turn of the century, attacked the site of the
Croatian state-owned newspaper Vjesnik. Croatian hackers counterattacked
the next day, inserting messages like "Read Vjesnick and not Serbian
books" on the Web site of the Serbian National Library, Vjesnik reported
Friday. 

Guerrilla attacks on Web sites may seem more of a headline-grabbing ploy
than true information warfare.  But security experts said the recent spate
of digital vandalism underscores the risk to companies and governments
that increasingly rely on the Internet for commerce and communication. 

"What this demonstrates is the capacity of groups with political causes to
hack into systems," said Michael Vatis, chief of the National Information
Protection Center, a new federal agency formed to protect the nation's
crucial infrastructure. "I wouldn't characterize vandalizing Web sites as
cyber-terrorism, but the only responsible assumption we can make is
there's more going on that we don't know about." 

Established by Attorney General Janet Reno this year, the center is in
part a response to the perception that "political forces which could not
take on the United States in conventional military terms stand a better
chance on an electronic battlefield," said Vatis. 

The potency of the sling-shot approach is not lost on would-be
hacktivists, either. "If you have 10 people at a protest, they don't do
much of anything," said a Toronto-based computer jockey who calls himself
Oxblood Ruffian. "If you have 10 people on line, they could cripple a
network." 

Oxblood is a member of Cult of the Dead Cow, a hacker group that recently
reserved the Web address www.hacktivism.org as an Internet distribution
hub for tools to assist others in subversive digital activism.  He said
the group was planning to attack the Internet operations of U.S. companies
doing business with China. 

But the effectiveness of such actions is unclear, prompting a debate over
how best to implement the hacktivist brand of political protest. 

Under U.S. law, terrorism is defined as an act of violence for the purpose
of intimidating or coercing a government or a civilian population. And
breaking into a computer system and altering data are felonies. 

For that reason, the members of the Electronic Disturbance Theater
emphasize that the software they use to attack Web sites disrupts Internet
traffic but does not destroy data. In the tradition of civil disobedience
protests, they encourage mass participation and use their real names. 

The group was forged in an online discussion among several American
supporters of the Zapatistas, the first armed revolutionaries known to
have solicited public sympathy for their struggle by publishing their
communiques over the Internet. 

On Nov. 22, the group says, it plans to attack the Web site of the School
for the Americas, a U.S. Army training center for foreign military
personnel, some of whom have been accused of human rights abuses. 

Recent targets have included the sites of Mexican President Ernesto
Zedillo and of the U.S. Defense Department. 

When online activists heed the call to "commence flooding!" they visit the
group's Web site and click on an icon that launches a program called
FloodNet. The software points their Web browser to the target of the
attack, where it requests the same page over and over again at a rate of
about 10 times per minute. 

This tactic is a variation of what is known in Internet security-speak as
a "denial of service attack." An unusually large volume of requests will
overwhelm the computer that is serving up the target's Web pages. This can
cause legitimate visitors to see error messages instead of the pages they
are seeking, and it can even crash the server computer. 

"This isn't cyber-terrorism," insisted Carmin Karasic, a Quincy, Mass.,
software engineer who designed the FloodNet program. "It's more like
conceptual art." 

The U.S. Defense Department does not agree. Alerted to a planned FloodNet
attack on its public site on Mexican Independence Day, the agency
responded by diverting the requests to a nonexistent Internet address, a
spokesman said. 

"If it wasn't illegal it was certainly immoral -- there are other
constructive methods of electronic protest,"  the spokesman said. 

The victims of such attacks are not the only ones to criticize the digital
desperados. In their quest for support from a public already suspicious of
hackers and anxious about online safety, some political activists deride
such methods as counterproductive. 

And hackers faithful to the ethic of electronic exploration for its own
sake deride Web site intrusions as the work of "script kiddies," an
epithet for people who break into systems by using schemes developed by
others rather than by searching out new security holes of their own.
Script kiddies have been responsible for a recent surge in attacks
throughout the Internet -- of which politically motivated hacks are a
small fraction. 

But in e-mail and telephone interviews, several hackers promoting a
political agenda -- all of whom refused to give their real names --
insisted that their motives were pure. 

"We have hundreds of servers we could hack, and we don't," said Secretos,
a Portuguese hacker in his early 20's whose group, the Kaotik Team, has
taken up the cause of East Timor independence. "By contrary, we even help
them to fix their bugs. The main objective of our hacking pages is to
transmit the message. It is not, 'We are groovy, we have power."'

John Vranesevitch, editor of Antionline, an Internet publication that
tracks hacker activities, said the apparent political awakening among
hackers reflects a generation's coming of age. 

"We're starting to see right now the first generation of people who have
grown up on the Internet," said Vranesevitch, who at 19 counts himself
among that group.  "These hackers are entering the ages where people are
most politically active. This is their outlet." 

And some are trying to make that outlet more accessible.  A 26-year-old
University of Toronto dropout calling himself Perl Bailey, after a
computer language popular among Web developers, said he had earned a
living as a software developer and had dabbled in not entirely legal
computer exploration for several years. Now, he is writing a tool to arm
computer novices with basic hacktivist techniques. 

"After you reach a certain point, it feels like you are dressed up with
nowhere to go," he said. "I want to make people doing questionable
business dealings with countries that have no respect for human rights
worry that someone who doesn't have a grade school education can sit down
and go click-click and create havoc. To me that to me is very powerful." 


-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]



This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:45 PDT