http://www.wired.com/news/politics/0,1283,43137,00.html By Jeffrey Benner 2:00 a.m. Apr. 20, 2001 PDT A coalition of cyber-protesters plan to flood 28 websites associated with this weekend's free trade negotiations at the Summit of the Americas with page requests and e-mail messages. If enough people participate, the action could amount to a denial-of-service attack. Led by a group called "electrohippies collective," the "hacktivist" actions will mirror the summit's schedule, beginning Friday evening and running through Sunday in Quebec City. Leaders from 34 nations are meeting there to discuss the establishment of a single free trade zone from Canada to Chile. The electrohippies' target list includes official summit websites, Canadian government sites, corporate sponsors of the meeting (including the Canadian divisions of Cisco and Sun Microsystems) and the sites of organizations involved in the massive security force surrounding the conference. The protesters are objecting to what they call the undemocratic way the free trade negotiations are being conducted. They feel corporations are allowed to participate in the talks, but not ordinary citizens. According to summit spokesman Oussamah Tamim, the meeting's organizers take the same view toward online protests as those on the street -- as long as it is peaceful and doesn't hinder access to the conference, there's no problem. But interfering with the conference is unacceptable. "We accept the expression of ideas," Tamim said. "We only object to violence. A violent cyber-attack is any attempt to block public access to the summit website." If the protest goes according to plan, systems administrators at the targeted sites will have their hands full this weekend. Organizers hope thousands of cyber-protesters will download a simple "virtual sit-in tool" from the electrohippies site onto their PC, then use it to flood target sites with repeated page requests. Using this distributed attack technique, the electrohippies crippled the World Trade Organization website during the Seattle free trade summit in 1999. The Royal Canadian Mounted Police -- whose website also is on the target list -- is in charge of security for the conference. According to a spokesman, the mounties aren't aware of any specific plans for cyber-protest. But they do have a special team of agents in charge of computer security assigned to the summit. According to the electrohippies' press release, the organizations on the target list have all been notified, and offered the opportunity to post a response to the action on the electrohippies website. No such responses have been posted thus far. Reached via e-mail, electrohippie spokesman Paul Mobbs wrote that the protest would have two components -- a cyber sit-in and a letter-writing campaign. He denied that it was intended to shut down the targeted sites, but referred back to a document on "client-side denial of service" in order to explain the tactics that would be used. "The sit-in is not designed to close servers," Mobbs wrote, "but to significantly increase the figures in their usage logs. We're then challenging the server operators to give a public statement on how big an increase there was in usage. "The second action is a 'letter-writing tool.' People can select arguments, which are then written up as a letter, and can then be e-mailed or snail mailed/faxed to the person concerned." The coalition objects to the exclusive atmosphere surrounding the negotiations to establish a 34-nation free trade zone from Canada to Chile. They point to the 10-foot fence that has been erected around downtown Quebec City to keep street protesters away from delegates, and to summit officials' refusal to make public the draft text of the proposed free trade agreement. "Let data-bodies join in non-violent direct action online in solidarity with the real bodies on the streets," reads a statement posted on www.hacktivist.com, a partner in the cyber-protest coalition. The electrohippies have taken pains to gain recognition as a legitimate political organization. Their protest "tool" even comes with an "ethical public license" -- user guidelines they hope will inure them from trouble with the law. The license attempts to restrict use of the tools for "legitimate" protests conducted openly, with targets given notice and explanation in advance, as the electrohippies have done for this particular action." In part, the license may be an attempt to avoid prosecution under recent changes made to the law in England, where the electrohippie coalition is primarily based. By issuing these guidelines, they hope to distance themselves from the more rogue, cracker elements. The group's attention to ethics has convinced some that they deserve recognition as political activists rather than vandals or, even worse, terrorists. Dorothy E. Denning, a computer crime and security expert at Georgetown University, thought the group deserved to be regarded as a political, rather than a criminal, organization. "They operate openly and publicly," Denning said. "They also try to operate by a democratic principle, meaning lots of people have to protest to make it effective." She was impressed when the group cancelled a cyber-protest over genetic engineering that had failed to get majority support in an online vote. In an effort to disassociate themselves from the "server-side" denial-of-service attacks that took down Yahoo and eBay last year, the electrohippies call their technique a "client-side" denial-of-service attack. The difference, according to an electrohippie essay called Occasional Paper No. 1, is that client-side actions require thousands of individuals (clients) using their PCs to participate in order to be effective, while it only takes one person to launch a server-side attack. This is the "democratic principle" that impresses Denning. Both types are "distributed" attacks, meaning they flood a target with page requests originating from a lot of different places at once. This makes the attack more difficult to repel, and the culprits tougher to pinpoint. But the server-side variety achieves distribution by planting "zombies" in unsuspecting computers that come to life when it's time to attack. In contrast, the electrohippies use real people pointing their home computers at the target on purpose. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 01:59:11 PDT