http://www.uniontrib.com/news/computing/20010828-9999_m1u28hack.html By Chris Berdik August 28, 2001 Next month, San Diego will host an annual hacker's convention called ToorCon. The keynote speaker, a computer security guru known as Simple Nomad, will discuss a new use for technology that's of growing interest within the hacker community. It's not about cyberterrorism or starting computer viruses. It's "hacktivism," a loosely defined mashing of hacking and activism that means a new willingness to use technology toward overtly political ends. It's a controversial movement, and one with very uncertain results so far. For starters, nobody can agree on what activities count as hacktivism. Is it hacktivism when an environmental activist uses a Web site and e-mail to organize a protest? Is it hacktivism when a computer-savvy "patriot" sends an e-mail "bomb" that overloads a Serbian government computer system? There are those who would answer yes to both questions, but most hacktivists prefer much narrower definitions. Hacking already has an image problem, after all, and they're eager to keep out the riffraff. Related to this wrangling over labels is a question about efficacy. Can hacktivism work as a form of social action, or is it just a lot of noise and criminal behavior? In the last few years, several politically minded groups have used a variety of hacking tools that they program themselves or download from the Internet to shut down or disrupt their opposition online. One such group, the Electronic Disturbance Theater (EDT), is best known for its support of the Zapatista insurgency in Mexico. In 1998, EDT members organized a number of "virtual sit-ins" against the Web sites of financial and government institutions, including the Pentagon, which they believed were sympathetic to the Mexican crackdown against the rebels. The group created a hacking tool called FloodNet that was downloaded by thousands of supporters. The program repeatedly asks a targeted Web page to reload, and when used simultaneously by enough protesters, it overwhelms and "floods" the site, preventing it from being accessed by others. It's what's known as a "denial of service," or DOS, attack. Ricardo Dominguez, a co-founder of the EDT, cites the non-violent civil disobedience of Henry David Thoreau and Martin Luther King Jr. as FloodNet's precursors. "Electronic civil disobedience is as American as apple pie," he says. More hip than marches The theory of electronic civil disobedience was originally developed by an activist collective known as the Critical Art Ensemble in 1994. The gist is that traditional marches and pickets can no longer counter decentralized and digitized sources of power in an age of the Internet and global free trade. "You have to look at where some of the primary trajectories of power are," explains ensemble member Steve Kurtz. "One is in information exchange." Kurtz would like to see hackers develop tools that could block a corporation's access to certain, targeted databases. But Dominguez prefers to stick with more symbolic forms of electronic protest. Dominguez says EDT has been criticized by hackers, because FloodNet is inefficient and only works if thousands of people join the protest. But it's precisely this inefficiency, along with the group's refusal to be anonymous, he argues, that gives virtual sit-ins democratic legitimacy. "Our technology," Dominguez explains, "is like a bunch of people stepping into the middle of the information superhighway." Not all the objections to FloodNet are criticisms of its inefficiency, however. "It's really no different than shouting down a speaker at a public discussion because you don't like their point of view," says Oxblood Ruffin, founder of another well-known hacktivist group, the Cult of the Dead Cow (cDc), based out of Texas and New York. Ruffin, often credited with coining the term hacktivism, believes that DOS attacks like FloodNet are a violation of free speech rights. And besides, FloodNet is a "very tepid" protest action in Ruffin's opinion, "sort of like getting pecked to death by a duck." 'Big technology' The cDc hackers design programs to break through electronic firewalls, saying their purpose is to enhance freedom of information. Their latest project, Peekabooty, is an application meant to facilitate a secret network for human rights workers operating in dangerous environments. Patrick Ball, deputy director of the Science and Human Rights Program at the American Association for the Advancement of Science, joined Ruffin in supporting Peekabooty at last month's Def Con hacker convention in Las Vegas. Ball uses databases to analyze human rights abuses. "To show that the violence isn't just random noise, you need big data," Ball says. "And to process big data you need big technology." The theme of cDc's hacktivism, freedom of information, is an issue around which hackers easily rally. The latest hacker cause celebre, for instance, is Dmitry Sklyarov, a Russian hacker arrested by the FBI last month for writing code that could decipher encrypted electronic books. Sklyarov's incarceration sparked techie protests in more than two dozen cities. Division within ranks Nevertheless, many believe the dominance of such technology-centered issues will keep hacktivism a parochial concern, practiced by and for hackers, with little impact on mainstream society. These skeptics insist that hacking is an exclusive domain of programming skill and technical curiosity where labels count. Quite a few hackers, for instance, argue that unauthorized access of a computer system is not hacking, but "cracking." And, many dismiss the idea of even mentioning those who would download ready-made hacking tools (presumably most traditional activists) in the same breath as hacktivism. Skeptics also point to an arena where would-be hacktivists have been especially active: Web site defacements, the unauthorized alteration of a site's HTML coding. In recent years, the number of defacements has skyrocketed. Attrition.org was one of many "mirror" sites where hackers posted copies of Web pages they defaced. Earlier this year, volunteers at Attrition.org were forced to abandon the project due to overwork. They were processing up to 100 defacements every day, nearly three times the total they received in 1995 and 1996 combined. Occasionally, a hacker posts an overtly political defacement to a mirror, such as a Nike Web site redone with a sweatshop motif. But boastful taunts and put-downs of site security predominate, such as the following ditty left by hackers on the U.S. Army's dental care page: "Your teeth are rotten, your sys(tem) is weak, we owned your gums, and cleaned your teeth." "Of the 15,000 mirrors we have here that represent some 45,000 defaced sites, I would imagine not even 10 represent true hacktivism," says an Attrition staff member who uses the screen name Jericho. The consensus, even among hacktivism's supporters, seems to be that defacements are not only ineffective protests, they can be downright counterproductive. "I'm not thrilled with (site defacements)," says Kurtz of the Critical Art Ensemble. "They're just pranks that aren't going to go anywhere, so why bother? Especially if you're going to do something illegal, all you've done is put more cops on the street and put more people under surveillance -- for nothing." The maturation of hacking On the first Friday of every month, hackers who belong to a group called San Diego 2600 meet at a University City pizzeria. At a recent gathering, their opinions on hacktivism were mixed. "It's an idea that's generally looked down upon," said one member of the group who, like others, said he did not want his name used. Real hacking is about overcoming technical obstacles, he said. It's not about breaking into systems or tagging Web sites with self-righteous graffiti. Another hacker said he supports hacktivism such as DeCSS (software developed by a Norwegian teen-ager to unscramble DVDs) that subverts legislative attempts "to stomp on people's First Amendment rights." Yet another group member offered an explanation for the current emergence of hacktivism. "Before the technology became mainstream," he said, "hackers were either students or in the technology field. They looked at the world innocently and considered (hacking) pure research, with no consequences for the outside." Hacktivism, he continued, developed as the hacking community was simultaneously maturing, growing more diverse, and was increasingly pressured by law enforcement. Hackers "began to realize that they were capable of affecting the outside world and that the outside world was capable of affecting them," he said. In some sense, hackers have always been world changers. They confronted the flawed substructures of networks and software that everyone else simply used without asking too many questions. In the process, they were chronically misunderstood and largely feared by society at large. And yet there's little denying that hackers sometimes cultivated their outsider status, one reason why it's significant that many now seem willing to engage the problems of the larger, less-programmable world. "We need to learn what this new landscape is about," reads a blurb about the Simple Nomad's upcoming speech posted on ToorCon's Web site ( http://www.toorcon.com ). "The time for action is now. There is plenty to do for everyone, and it involves what we do best -- hacking." No taking sides Law enforcement views hacktivism warily. Erin Kenneally is a vice president of the San Diego High Technology Crime Investigation Association, a coalition of law enforcement and private security. She says that unauthorized access to any computer system is a crime, no matter what the motivation. "For consistency of enforcing laws, we should go after these people," she says. "Once you get into a situation where law enforcement is taking sides -- asking, is this for a good cause? -- well, you just can't do that." Kenneally, a forensic analyst at the San Diego Supercomputer Center, and other law enforcement and computer security personnel have been facing a sharp rise in computer crimes, even as off-line crime has declined. Speaking before Congress last year, former FBI Director Louis Freeh called cybercrime "one of the fastest evolving areas of criminal behavior and a significant threat to our national and economic security." According to the "2001 Computer Crime and Security Survey" conducted by the Computer Security Institute and the FBI, the economic damage from these breaches reached nearly $378 million a year. And political hacking could cause more than economic harm. An extreme form of it would be cyberterrorism -- attempts to cripple critical electronic infrastructure within the United States -- a serious, if so far theoretical, threat according to the National Infrastructure Protection Center. "The nature of the Internet is that you can't always control it," says Kenneally. "Things can run amok a lot easier in the virtual world." Assistant U.S. Attorney Joe Sullivan is a member of the Computer Hacking and Intellectual Property unit in San Jose. He says that in the 18 months his group has been in existence, they have yet to prosecute a hacker who claimed political motives for his actions. Yet, Randy Boleli, an FBI agent in San Diego who specializes in high-tech crime, says he has encountered hacktivism, and expects to see more of it as the Internet's role continues to expand. Boleli admits that the limited resources of law enforcement give priority to crimes that inflict significant monetary damage on their victims, although he won't rule out investigating cases with purely political motives. As for the idea of electronic civil disobedience, Tom Perrine, a security specialist at the San Diego Supercomputer Center, isn't impressed. "Many see hacktivism as a way to protest without risk," he says. "This is versus people who are out in the streets putting their ideals and their bodies on the line. I know who I respect more." In any case, traditional activists aren't flocking to the hacktivist banner just yet. Martin Eder, executive director of an online network of San Diego activists ( http://www.activistsandiego.org ), says that while technology is very useful for organizing, hacking's strong libertarian streak makes it a bad fit for effective social action. "We've got a thousand subscribers, all kinds of folks," Eder says. "We work in a collective atmosphere, and the loners who might be into that stuff would be less likely to be connected with us." Nevertheless, Ball, of the Science and Human Rights Project, says freedom of information is at the core of almost every social issue, making hacking and activism a perfect match. "I think of hacking and hacktivism as finding knowledge," he says. "And that search is related to all these other areas where people are trying to keep that knowledge from you." Stanton McCandlish of San Francisco's Electronic Frontier Foundation agrees. He insists that the division between computer and "real world" issues is largely an illusion. "The Internet isn't some different world," he explains. "It's us." Chris Berdik is an intern with the Union-Tribune. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 12:25:20 PDT