[ISN] Hackers-activists push their causes using technology

From: InfoSec News (isnat_private)
Date: Wed Aug 29 2001 - 05:28:10 PDT

  • Next message: InfoSec News: "[ISN] Vigilance called for on computer viruses"

    http://www.uniontrib.com/news/computing/20010828-9999_m1u28hack.html
    
    By Chris Berdik 
    August 28, 2001 
    
    Next month, San Diego will host an annual hacker's convention called
    ToorCon.
    
    The keynote speaker, a computer security guru known as Simple Nomad,
    will discuss a new use for technology that's of growing interest
    within the hacker community.
    
    It's not about cyberterrorism or starting computer viruses.
    
    It's "hacktivism," a loosely defined mashing of hacking and activism
    that means a new willingness to use technology toward overtly
    political ends. It's a controversial movement, and one with very
    uncertain results so far.
    
    For starters, nobody can agree on what activities count as hacktivism.
    Is it hacktivism when an environmental activist uses a Web site and
    e-mail to organize a protest?
    
    Is it hacktivism when a computer-savvy "patriot" sends an e-mail
    "bomb" that overloads a Serbian government computer system?
    
    There are those who would answer yes to both questions, but most
    hacktivists prefer much narrower definitions.
    
    Hacking already has an image problem, after all, and they're eager to
    keep out the riffraff.
    
    Related to this wrangling over labels is a question about efficacy.
    Can hacktivism work as a form of social action, or is it just a lot of
    noise and criminal behavior?
    
    In the last few years, several politically minded groups have used a
    variety of hacking tools that they program themselves or download from
    the Internet to shut down or disrupt their opposition online.
    
    One such group, the Electronic Disturbance Theater (EDT), is best
    known for its support of the Zapatista insurgency in Mexico.
    
    In 1998, EDT members organized a number of "virtual sit-ins" against
    the Web sites of financial and government institutions, including the
    Pentagon, which they believed were sympathetic to the Mexican
    crackdown against the rebels.
    
    The group created a hacking tool called FloodNet that was downloaded
    by thousands of supporters.
    
    The program repeatedly asks a targeted Web page to reload, and when
    used simultaneously by enough protesters, it overwhelms and "floods"
    the site, preventing it from being accessed by others. It's what's
    known as a "denial of service," or DOS, attack.
    
    Ricardo Dominguez, a co-founder of the EDT, cites the non-violent
    civil disobedience of Henry David Thoreau and Martin Luther King Jr.
    as FloodNet's precursors.
    
    "Electronic civil disobedience is as American as apple pie," he says.
    
    More hip than marches
    
    The theory of electronic civil disobedience was originally developed
    by an activist collective known as the Critical Art Ensemble in 1994.  
    The gist is that traditional marches and pickets can no longer counter
    decentralized and digitized sources of power in an age of the Internet
    and global free trade.
    
    "You have to look at where some of the primary trajectories of power
    are," explains ensemble member Steve Kurtz. "One is in information
    exchange."
    
    Kurtz would like to see hackers develop tools that could block a
    corporation's access to certain, targeted databases.
    
    But Dominguez prefers to stick with more symbolic forms of electronic
    protest.
    
    Dominguez says EDT has been criticized by hackers, because FloodNet is
    inefficient and only works if thousands of people join the protest.
    
    But it's precisely this inefficiency, along with the group's refusal
    to be anonymous, he argues, that gives virtual sit-ins democratic
    legitimacy.
    
    "Our technology," Dominguez explains, "is like a bunch of people
    stepping into the middle of the information superhighway."
    
    Not all the objections to FloodNet are criticisms of its inefficiency,
    however.
    
    "It's really no different than shouting down a speaker at a public
    discussion because you don't like their point of view," says Oxblood
    Ruffin, founder of another well-known hacktivist group, the Cult of
    the Dead Cow (cDc), based out of Texas and New York.
    
    Ruffin, often credited with coining the term hacktivism, believes that
    DOS attacks like FloodNet are a violation of free speech rights.
    
    And besides, FloodNet is a "very tepid" protest action in Ruffin's
    opinion, "sort of like getting pecked to death by a duck."
    
    'Big technology' 
    
    The cDc hackers design programs to break through electronic firewalls,
    saying their purpose is to enhance freedom of information.  Their
    latest project, Peekabooty, is an application meant to facilitate a
    secret network for human rights workers operating in dangerous
    environments.
    
    Patrick Ball, deputy director of the Science and Human Rights Program
    at the American Association for the Advancement of Science, joined
    Ruffin in supporting Peekabooty at last month's Def Con hacker
    convention in Las Vegas. Ball uses databases to analyze human rights
    abuses.
    
    "To show that the violence isn't just random noise, you need big
    data," Ball says. "And to process big data you need big technology."
    
    The theme of cDc's hacktivism, freedom of information, is an issue
    around which hackers easily rally.
    
    The latest hacker cause celebre, for instance, is Dmitry Sklyarov, a
    Russian hacker arrested by the FBI last month for writing code that
    could decipher encrypted electronic books.
    
    Sklyarov's incarceration sparked techie protests in more than two
    dozen cities.
    
    Division within ranks 
    
    Nevertheless, many believe the dominance of such technology-centered
    issues will keep hacktivism a parochial concern, practiced by and for
    hackers, with little impact on mainstream society.  These skeptics
    insist that hacking is an exclusive domain of programming skill and
    technical curiosity where labels count.
    
    Quite a few hackers, for instance, argue that unauthorized access of a
    computer system is not hacking, but "cracking."
    
    And, many dismiss the idea of even mentioning those who would download
    ready-made hacking tools (presumably most traditional activists) in
    the same breath as hacktivism.
    
    Skeptics also point to an arena where would-be hacktivists have been
    especially active: Web site defacements, the unauthorized alteration
    of a site's HTML coding.
    
    In recent years, the number of defacements has skyrocketed.
    
    Attrition.org was one of many "mirror" sites where hackers posted
    copies of Web pages they defaced.
    
    Earlier this year, volunteers at Attrition.org were forced to abandon
    the project due to overwork. They were processing up to 100
    defacements every day, nearly three times the total they received in
    1995 and 1996 combined.
    
    Occasionally, a hacker posts an overtly political defacement to a
    mirror, such as a Nike Web site redone with a sweatshop motif.
    
    But boastful taunts and put-downs of site security predominate, such
    as the following ditty left by hackers on the U.S. Army's dental care
    page:
    
    "Your teeth are rotten, your sys(tem) is weak, we owned your gums, and
    cleaned your teeth."
    
    "Of the 15,000 mirrors we have here that represent some 45,000 defaced
    sites, I would imagine not even 10 represent true hacktivism," says an
    Attrition staff member who uses the screen name Jericho.
    
    The consensus, even among hacktivism's supporters, seems to be that
    defacements are not only ineffective protests, they can be downright
    counterproductive.
    
    "I'm not thrilled with (site defacements)," says Kurtz of the Critical
    Art Ensemble.
    
    "They're just pranks that aren't going to go anywhere, so why bother?
    Especially if you're going to do something illegal, all you've done is
    put more cops on the street and put more people under surveillance --
    for nothing."
    
    The maturation of hacking
    
    On the first Friday of every month, hackers who belong to a group
    called San Diego 2600 meet at a University City pizzeria. At a recent
    gathering, their opinions on hacktivism were mixed.  "It's an idea
    that's generally looked down upon," said one member of the group who,
    like others, said he did not want his name used.
    
    Real hacking is about overcoming technical obstacles, he said. It's
    not about breaking into systems or tagging Web sites with
    self-righteous graffiti.
    
    Another hacker said he supports hacktivism such as DeCSS (software
    developed by a Norwegian teen-ager to unscramble DVDs) that subverts
    legislative attempts "to stomp on people's First Amendment rights."
    
    Yet another group member offered an explanation for the current
    emergence of hacktivism.
    
    "Before the technology became mainstream," he said, "hackers were
    either students or in the technology field. They looked at the world
    innocently and considered (hacking) pure research, with no
    consequences for the outside."
    
    Hacktivism, he continued, developed as the hacking community was
    simultaneously maturing, growing more diverse, and was increasingly
    pressured by law enforcement.
    
    Hackers "began to realize that they were capable of affecting the
    outside world and that the outside world was capable of affecting
    them," he said.
    
    In some sense, hackers have always been world changers. They
    confronted the flawed substructures of networks and software that
    everyone else simply used without asking too many questions.
    
    In the process, they were chronically misunderstood and largely feared
    by society at large.
    
    And yet there's little denying that hackers sometimes cultivated their
    outsider status, one reason why it's significant that many now seem
    willing to engage the problems of the larger, less-programmable world.
    
    "We need to learn what this new landscape is about," reads a blurb
    about the Simple Nomad's upcoming speech posted on ToorCon's Web site
    ( http://www.toorcon.com ).
    
    "The time for action is now. There is plenty to do for everyone, and
    it involves what we do best -- hacking."
    
    No taking sides 
    Law enforcement views hacktivism warily. 
    
    Erin Kenneally is a vice president of the San Diego High Technology
    Crime Investigation Association, a coalition of law enforcement and
    private security. She says that unauthorized access to any computer
    system is a crime, no matter what the motivation.
    
    "For consistency of enforcing laws, we should go after these people,"
    she says.
    
    "Once you get into a situation where law enforcement is taking sides
    -- asking, is this for a good cause? -- well, you just can't do that."
    
    Kenneally, a forensic analyst at the San Diego Supercomputer Center,
    and other law enforcement and computer security personnel have been
    facing a sharp rise in computer crimes, even as off-line crime has
    declined.
    
    Speaking before Congress last year, former FBI Director Louis Freeh
    called cybercrime "one of the fastest evolving areas of criminal
    behavior and a significant threat to our national and economic
    security."
    
    According to the "2001 Computer Crime and Security Survey" conducted
    by the Computer Security Institute and the FBI, the economic damage
    from these breaches reached nearly $378 million a year.
    
    And political hacking could cause more than economic harm. An extreme
    form of it would be cyberterrorism -- attempts to cripple critical
    electronic infrastructure within the United States -- a serious, if so
    far theoretical, threat according to the National Infrastructure
    Protection Center.
    
    "The nature of the Internet is that you can't always control it," says
    Kenneally. "Things can run amok a lot easier in the virtual world."
    
    Assistant U.S. Attorney Joe Sullivan is a member of the Computer
    Hacking and Intellectual Property unit in San Jose. He says that in
    the 18 months his group has been in existence, they have yet to
    prosecute a hacker who claimed political motives for his actions.
    
    Yet, Randy Boleli, an FBI agent in San Diego who specializes in
    high-tech crime, says he has encountered hacktivism, and expects to
    see more of it as the Internet's role continues to expand.
    
    Boleli admits that the limited resources of law enforcement give
    priority to crimes that inflict significant monetary damage on their
    victims, although he won't rule out investigating cases with purely
    political motives.
    
    As for the idea of electronic civil disobedience, Tom Perrine, a
    security specialist at the San Diego Supercomputer Center, isn't
    impressed.
    
    "Many see hacktivism as a way to protest without risk," he says. "This
    is versus people who are out in the streets putting their ideals and
    their bodies on the line. I know who I respect more."
    
    In any case, traditional activists aren't flocking to the hacktivist
    banner just yet.
    
    Martin Eder, executive director of an online network of San Diego
    activists ( http://www.activistsandiego.org ), says that while
    technology is very useful for organizing, hacking's strong libertarian
    streak makes it a bad fit for effective social action.
    
    "We've got a thousand subscribers, all kinds of folks," Eder says. "We
    work in a collective atmosphere, and the loners who might be into that
    stuff would be less likely to be connected with us."
    
    Nevertheless, Ball, of the Science and Human Rights Project, says
    freedom of information is at the core of almost every social issue,
    making hacking and activism a perfect match.
    
    "I think of hacking and hacktivism as finding knowledge," he says.
    "And that search is related to all these other areas where people are
    trying to keep that knowledge from you."
    
    Stanton McCandlish of San Francisco's Electronic Frontier Foundation
    agrees. He insists that the division between computer and "real world"
    issues is largely an illusion.
    
    "The Internet isn't some different world," he explains. "It's us."
    
    
    Chris Berdik is an intern with the Union-Tribune.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 12:25:20 PDT