[ISN] Hackers Take Aim at GOP

From: InfoSec News (isn@private)
Date: Wed Aug 18 2004 - 03:55:19 PDT


http://www.wired.com/news/politics/0,1283,64602,00.html

By Noah Shachtman
Aug. 17, 2004

Online protests targeting GOP websites could turn out to be more than
symbolic during this month's Republican National Convention, possibly
blocking a critical communications tool for the party.

In the past, activists have been able to shut down the website of,
say, the World Economic Forum for a few hours. But the impact of such
a takedown was nebulous at best: It's hard to argue the organization
really suffered from a few-hour lag in posting its press releases
online.

In this year's presidential race, however, campaign websites have
moved beyond the margins. During John Kerry's acceptance speech in
Boston last month, for example, his website was visited by 50,000
people an hour, according to comScore Networks, the online
traffic-measuring firm. That's a droplet compared to the millions
who'll watch the convention on TV. But taking down a campaign website
would nevertheless remove a critical tool for reaching the public --
and likely generate a slew of stories in the mainstream media about
the crash.

So it's no surprise that hardened electronic activists are planning to
jam up the servers of GeorgeWBush.com, GOP.com and related websites,
once the Republican National Convention gets underway Aug. 29.

"We want to bombard (the Republican sites) with so much traffic that
nobody can get in," said CrimethInc, a member of the so-called Black
Hat Hackers Bloc [1]. It's one of several groups planning to
distribute software tools to reload Republican sites over and over
again. These FloodNet programs are similar to hackers' distributed
denial-of-service attacks, which overwhelm a server with thousands and
thousands of simultaneous requests for information.

But some activists are condemning the planned attacks, saying they
violate the principles of free speech that protesters rely on for
their demonstrations.

"If you feel that you must shut up someone through intimidation or
false accusations or any other method -- you are not relying on the
superiority of the truth," The Pull, co-founder of the online
political action group Hacktivismo, wrote in an e-mail. "People can
not condemn censorship and then embrace it."

The point of the electronic demonstrations isn't to take down a site,
according to Ricardo Dominguez, co-founder of the Electronic
Disturbance Theater, or EDT, which is releasing a FloodNet program of
its own. Unlike hackers' denial-of-service attacks, which often hijack
computers against their users' will, EDT's JavaScript-based software
depends on how many people use the program. "It's a way to let people
around the world gather and let their presence be felt," Dominguez
said.

Not that he would mind if a Republican server just happened to crash
along the way. In 2002, at the EDT's direction, 43,000 people flooded
the site of the World Economic Forum during its meeting in New York.  
The organization's website went offline for several hours following
the demonstration.

The Black Hat Hackers Bloc is hoping to cause a whole lot more trouble
when the Republicans start to gather in New York. The groups will be
targeting not only GOP computers, but "e-mail, faxes and phones, too,"  
CrimethInc said, as well as unspecified "financial disruption."

Officials from the Republican Party and from Computer Horizons, the
Mountain Lakes, New Jersey, firm responsible for network services at
the GOP convention, did not respond to requests to comment for this
article.

It's unclear exactly how effective these online actions will be. In an
interview, CrimethInc boasted that his associates defaced the website
for Drug Abuse Resistance Education, or DARE, with a
pro-pot-legalization screed, and promised similar strikes against
Republican sites. In the past, veteran online activists have called
these tactics the "kind of stupidity that gives hacking a bad name."

The attacks during the Republican convention may be just the
beginning, however. At the Hackers on Planet Earth gathering in New
York City, one speaker promised attendees, "You will learn how to
infiltrate organizations like the RNC, how to look for and find
security holes, and how mischief and mayhem is achieved."

[1] http://phil.ist-backup.de/rncelectronic/



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 07:28:01 PDT