The Internet and computers have come a long way since the early
advertisement
Hacktivism: The Internet As a Tool George Washington University Management of Information Security Professor Julie Ryan By: Patti Chanthaphone November 27, 2002 Introduction: The growth of the Internet and the application of computer technology have come a long way since the early 1980’s. Today’s, computers are highly interconnected and can process information at rapid speeds with very little human interaction. Societies rely heavily on computers to do research, read the news, shop, exchange ideas and information, conduct financial transactions or occasionally browse the World Wide Web. However some activists see the technology as an opportunity to exploit government policies and convey their dissatisfaction with the status quo in order to initiate social reform. Because of this influence and dependability of computers to conduct day-to-day activities, any disruption or lack of availability to operate and provide services can have many negative impacts towards the Internet community. People often refer to being online as being connected to the world. The Internet is often referred to as the “information superhighway” or “cyberspace”. Just as each person has their own uses for the Internet, some people strongly believe the Internet should be “free” for all, without any limitations, while other including many governments, fear the Internet is too “free” and should be censored. The issue regarding Internet censorship remains an active subject of debate. This paper focuses on what motivates hacktivists organizations and the goals they seek to achieve by engaging in cyber-civil disobedience. The Internet has become for the hacktivist what the sit-ins and protest marches were to the activists of the 1960s. Hacktivists feel it is a both a necessary and powerful tool in assisting them in expressing their First Amendment Right to free speech. Hacktivists use the Internet as a tool to express their discontents about government policies and to illustrate their personal beliefs and objectives about social issues. The days of protesting in the street, in front of government buildings is now coupled with on-line protest and virtual demonstrations. People holding up signs and yelling slogans are almost extinct. Now, activists are relying on computers and the Internet to yell for them. The digital voice is louder and more influential because of its ability to reach a large range of audiences all over the world instantaneously. About thirty years ago, demonstrators required some from of organization and gathering of large numbers of people. They spent many sleepless hours preparing for one demonstration. Now, the “netherworld of cyberspace offers an unrestricted, unregulated and certainly unorganized refuge as an alternative to conventional assembly…cyberspace provides the ideal mechanism for cyber-civil disobedience, the protest of choice for the Information Age.”1 Multiple demonstrations can occur all at once, with the click on one button. Disgruntled citizens have realized that the percentage of the population that uses the Internet is rapidly increasing. By taking their demonstrations and protests to the Internet their actions are difficult to ignore. There is an abundance of free information and tools available online for people that want to learn how to hack. Hacktivist require very little skill sets and can launch successful attacks with limited computer and Internet knowledge. There are underground 1 Winn Schwartau. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. 2 IRC or chat rooms hackers can visit to exchange new hacking techniques. Hacker conventions are held all over the world on a regular basis to discuss developments in technology, its vulnerabilities and ways it can be exploited. One myth about hackers that participate in hacktivism is that they are mainly made up of rebellious pimple faced teenagers with nothing better to do with their time. The truth is they consist of educated, knowledgeable and successful people with a mission to change social and political order. Who Hacktivist Are: There is a wide range of activists groups; they consist of environmentalists, antiabortionists, socialists, and opponents of globalization seek to challenge government policies, actions or the lack of actions. These groups use the Internet as a tool to influence political, social or personal change. Hacktivist consist of hackers, crackers, phreakers who want to call attention to an issue that conflict with their own beliefs, and with the aid of the Internet hacktivists are finding it easy to successfully complete their mission.2 A hacktivist can be anyone, a neighbor, co-worker, friend, parent or even a business executive. It is hard to pin point exactly who hacktivists are and what their next target will be, unless advertised. An Internet-related term known as a “swarm” refers to a “global body of people with a similar beliefs that use the Internet as a tool to share information, mobilize support and coordinate direct action online”.3 Although, the actions of one hacktivist using an automated tool is enough to cause havoc for any network or security administrator, a coordinated attack by multiple hacktivists make it harder for network administrators to recover from the attack. Well known hacktivists groups such as Cult of the Dead Cow, Electronic Disobedience Theatre (EDT) and Electrohippies are active participators in hacktivism. They continuously recruit and encourage people to become hacktivists, to aid them in their mission. Without hiding their organization’s purpose and mainly their identity, individuals involved in these groups feel their actions are legal. These organizations are composed mainly of political and government protesters. “By interacting with Internet users who are likeminded, the individual no longer is an isolated voice but a part of a network.”4 The thrill of knowing they can penetrate a government system gives them the satisfaction in thinking that they have some form of control and power over government policies. But what these groups are unaware of is the fact that their actions may lead to bigger and more serious problems for government entities in the future. Outside organizations or terrorist organizations may use hacktivist actions to their benefit. For instance by diverging the government’s attention to the hactivists activity, the terrorist may see an avenue of opportunity to attack when the government is distracted. There are many more hacktivist organizations that exist and new ones are continuously emerging. New coalitions can be built on-line that allow people in rich and poor countries to unite in 2 Dequendre Neeley, Hacktivism or Vandalism?; Security Management; February 2000 v44 i2 p30. Giles Trendle, Cyberspace: A 21st Century Diwan, Middle East; London; September 2002. 4 Giles Trendle, Cyberspace: 21st Century Diwan, Middle East; London; September 2002 p 14-15. 3 3 order to bring about social change.5 These organizations need to realize that they are a threat to the Internet community as a whole and their actions will not be ignored and tolerated. Defining Hacktivism: Hacktivism is a fairly new term that describes a method of cyber protesting. Security expert, Dorothy Denning states,” hacktivism is the convergence of hacking with activism, where hacking is referred to the action or operations that exploit computers in ways that are unusual and often illegal, typically with the help of special software or hacking tools”.6 It is basically breaking into a computer or network without authorization (unauthorized access). Once activists take protesting to the Internet they are known as hacktivists and their actions are known as hacktivism. This type of protesting is known as “cyber-protesting” or “cyber-civil disobedience.” They are attacking the networks, websites and computer systems of their opponents. Activists have chosen to participate in hacktivism to display propaganda because it is cheap, available to diverse audiences, easily distributed and has the ability to bypass many national laws.7 Newly developed software such as; Peekabooty, Six/Four and Triangle Boy imitate the peer-to-peer file sharing architecture used in Napster but allows parties to transfer encrypted files coupled with other forms of advanced technology.8 Such software, created by hacktivists organizations is used, “…to grant unrestricted access to users in China, Iran and other countries whose governments use filtering or censoring software to control their Internet connection.”9 There are different hacking techniques in use by hacktivists to convey their discontents. The most common ones are, “virtual sit-ins and blockades; automated e-mail bombs; web hacks and website defacement and sending computer viruses or worms”.10 These various techniques will be discussed and examined later in the paper. Depending on what the hacktivist wants to accomplish, any one of the above techniques can be used or all can be used at once. If the attack is successful, the damages on the target/victim computers are detrimental and expensive to repair. Electronic civil disobedience is appealing for extreme activist groups because of 5 Ashraf Patel, Between Street Battles and Cyberspace: Activism for the 21 st Century; LINK Centre, available at http://link.wits.ac.za/ners/v3_8.html accessed on 6 Dorothy E. Denning, Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy; Internet and International Systems: Information Technology and American Foreign Policy Decision making Workshop; available at (http://www.nautilus.org/infopolicy/workshop/papers/demming_html) accessed on 6 October 2002. 7 Kathy Crilley, Information Warfare: New Battlefields Terrorists, propaganda and the Internet; Aslib Proceedings; London; July/August 2001. 8 Mitch Wagner, Hacktivists Against Censorship, Washington Post, 13 October 2002, pH07, electronic copy available at http://www.washingtonpost.com/wp-dyn/articles/A15124-2002Oct11.html accessed on 14 October 2002. 9 Ibid 10 Kathy Crilley, Information Warfare: New Battlefields Terrorists, propaganda and the Internet; Aslib Proceedings; London; July/August 2001. 4 the publicity the media gives it. There is very little a hacktivists has accomplished if their actions are left unrecognized. After the attack on the Untied States on September 11, 2001 the media and government entities are more responsive to hacking cases because acts of hacktivism and acts of cyber terrorisms are becoming blurred. Not only is the media finding it difficult to find the line between hacktivism and cyber terrorism, it is also becoming harder for law enforcement to distinguish between the two. Hacktivists were not always militant. In the past, they use to hosts their own sites, post their own content and wait around for people with the same interest to visit their website. But the wait is over, now they are taking a more proactive approach by forcing the people who have different beliefs and opinions to listen. Hacktivism is prevalent in many countries around the world. There have been instances where acts of hacktivism have caused severe economic loss for many businesses and organizations. Hacktivist have the Internet to thank when it comes to providing the necessary tools and information that assist them in their mission. Hacktivism even occurs in countries that try desperately to censor the Internet. With the aid of outside organizations and various hacking tools and software, hacktivist have found ways to work around Internet censorship. Common Techniques used by Hacktivist: Virtual sit-ins and virtual roadblocks are methods used in cyberspace. Unlike physical sit-ins or roadblocks used in traditional protests, in cyberspace such tactics can be very disruptive. In cyberspace there is often only one “road,” the entities web site, that can be attacked, creating a single, critical point at which an organization is vulnerable to attack. The objective of this method is to block access to websites or services intended for legitimate parties. The goal is get an organized group of hacktivist to point their web browsers to target sites at the same time in order to max out the circuit or bandwidth. “To facilitate the strikes, the organizers set up special websites with automated software…participants had to visit one of the Flood Net sites and their computers would automatically download the software that would access the site every few seconds…in addition the software allowed the hacktivist to leave a personal statement on the target server.”11 The idea is to make it painless for hacktivist to participate. E-mail bombs are used by hacktivist to flood the opponent’s e-mail box or mail server. Again, with automated software tools, this attack can be facilitated very easily. The objective is to “jam” the opponents mail so severely that they will not be able to send or receive mail. This attack can be very harmful for businesses or government officials that rely on the use of e-mail to communicate between parties and organizations. Hacking and website defacements is more common among hacktivist who are looking to take a more proactive approach. Once hacktivists gain unauthorized access into the target web server, they rewrite code that replaces the websites content with their own content and propaganda. Hacktivist are aware that “websites can provide an inexpensive and yet pervasive medium by which to address a global public with more 11 Ibid 5 direct control over the message.”12 Often times the messages are defamatory, extreme and graphical. Hacktivists tend to use this method of attack because pictures are often worth more than a thousand words. For instance, after the attack on 9/11, may hacktivists groups quickly united with other hacktivists groups around the world to penetrate, deface and crash hundreds of web servers in the Middle East.13 Pictures of Bin Laden with pistols pointing towards his temple were very common. Actions such as the one mentioned is very common after such an incident but the war unfortunately tends to move into cyberspace rather quickly and the retaliation process by the opposing party is almost predictable in the cyber world. In the end, these types of propaganda tend to lead to cyber war between two opposing party and instead of using bombs or guns, the weapon of choice becomes a keyboard and computer. Lastly, computer virus and worms are also very popular methods used by hacktivist. Viruses and worms are very problematic for network administrators to clean up. Both are types of malicious code that can infect a computer or network by and propagating from one system to the next. This method is harmful because some viruses and worms can go undetected until triggered by some agent that causes it to react and damage the victim computer. Sometimes the only way to stop the virus or worm from spreading into other areas of the network is to take it off-line until the damages are repaired. Once again, the hacktivist is successful in taking down their intended target. Hacktivist Motivations and Expectations: Activists groups are motivated to use the Internet as a tool for engaging in cybercivil disobedience mainly because of its global visibility. It offers access to numerous amounts of information at very little cost for those groups who have limited budgets. If individuals are afraid of disclosing their identity for any reason, the Internet can mask their identity. People who live in countries where the government regulates the use of the Internet can launch successful attacks without the fear of being caught and prosecuted. In a sense, cyber-civil disobedience is safe when compared to the old traditional form of protesting. Hacktivists also take advantage of the opportunity and availability to be able to publish freely on the Internet to advance their cause. They offer free software and host numerous web sites on how to hack. Unfortunately, these sites do not offer any disclosures or warning labels that indicate what the implications and consequences of hacking are. But it is difficult to determine whether or not hacktivism would decrease even if the warning banners existed. Drawing media attention and publicity is a hacktivist’s objective. They disrupt, manipulate and destroy their opponents systems by engaging in illegal activity. In the end they think they can bring about some form of social and political change by engaging in cyber-civil disobedience. In the pasts, the actions of many hacktivist groups were considered to be more of an annoyance than a threat. But many network and security administrators are learning that it requires many hours of reprogramming and large sums 12 Giles Trendle, Cyberspace: A 21st Century Diwan, Middle East; London; September 2002. John Lasker, Hackers Use Computers Skills to Promote Politically Motivated Mischief, Mayhem; Knight Ridder Tribune Business News; Washington; 14 May 2002. 13 6 of money to bring the site back to its original form.14 In today’s Internet environment hacktivists groups are becoming as much as a threat to the Internet community as cyberterrorists because of the impact and damage they cause to the opponent systems. One major obstacle for hacktivists groups is to reach people in underdeveloped countries that have limited Internet and communication infrastructures. If technology continues to grow at the pace it currently is, this obstacle will soon be obsolete. Concerns for Law Enforcement and Government Entities: The boundaries between acts of hacktivism and acts of cyberterriom are now being considered two of the same things. “Cyber-civil disobedience is waged by remote control, over vast distances, yet the effects can be highly focused against selected targets”.15 Policing the streets and maintaining social order during protests and demonstration on the streets use to be feasible but policing the Internet is virtually impractical. Traditional methods of protests use to allow law enforcement to plan ahead, make sure they have enough man power to keep protestors in line and most importantly have the ability to arrest a protestor quickly if they got out of control. Law enforcement agencies are finding out the hard way that in the world of cyberspace the hacktivists are the ones in control. Hacktivism poses a threat on two levels: the private industry/intellectual property level and the national and government/national security level.”16 The frightening feature that law enforcement faces is the fact that the Internet has no concrete boundaries. As mentioned earlier, hacktivist can find ways to bypass local national computer laws. One person or entity does not own the Internet, it is ungoverned and impossible to police. “The laws governing material on the Internet are not as clearly defined as those governing print based material and it appears that legislation cannot keep pace with the issues of today.”17 The government has to find a balance between the fundamental right of persons constitutional right to free speech and the threat of national security. Actions such as hacking and defacing government web sites can constitute an act of cyber war. The inability to distinguish between the acts of hacktivist and the acts of cyber-terrorists the government is taking a more strict approach on computer related crimes. “Cyberspace is increasingly used as a digital battlefield for rebels, freedom fighters, terrorists and others who employ hacking tools to protest and participate in broader conflicts.” 18 Hacktivist no longer have to worry about police officers with guns and tear gas. They do not have to worry about other extremists who are on the opposing 14 John Lasker, Hackers Use Computer Skills to Promote Politically Motivated Mischief, Mayhem; Knight Ridder Tribune Business News; Washington, 14 May 2002. 15 Winn Schwartau. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. 16 Mark Manion and Abby Goodrum, Terrorism or Civil Disobedience, Toward a Hackitivist Ethic, Computers and Society, June 2000. 17 Kathy Crilley, Information Warfare: New Battlefields Terrorists, propaganda and the Internet; Aslib Proceedings; London; July/August 2001 18 P Stepheson, Portents of Things to Come; SC/Info Security News Magazine; v12 n3 p72-73; 1 March 2001. 7 side showing up and disturbing their demonstration. Government agencies are learning the hard way that, “the information age population doesn’t have to take to the streets to voice its discontents.”19 . If hacktivists continue to trade blows by crashing the government server of their opponents their actions could be considered an act of cyber war by the opposing government. In turn this could lead to more devastating long term affects than what the hacktivist intended. Government systems are relying more heavily on many private organizations to provide Internet services. Disruptions or attacks on private entity networks have negative impacts on the government system. According to the National Infrastructure Protection Center (NIPC), sub-entity under the Federal Bureau of Investigation, “the potential for future attacks could bring about large economic loss as well as potentially severe damage to the national infrastructure, affecting global markets as well as public safety.”20 When hacktivism start to borderline the actions of cyber-terrorists, government officials become involved for safety of the nation. The Federal Bureau of Investigation also formed an alliance group with private entities known as the, “Information Sharing and Analysis Center (ISAC) that is responsible for sharing information on vulnerabilities and cyberattack data within various industry sectors, including; the energy, banking and telecommunications industry.”21 Infrastructure related information is and can be accessed from all around the world and much of the nations most critical infrastructures such as the physical phone lines, electric grids, air traffic control and water supplies are connected and operate with the aid of computers.22 This interconnectivity has made the government very dependent on private entities to secure, monitor and maintain the integrity of their network infrastructure from attacks by hacktivist and cyber-terrorists. The idea that government and private organizations can work closely together to mitigate computer related crimes is very promising toward the future of the Internet. “Dependence implies vulnerability, and to military thinkers, vulnerability implies opportunity”.23 More now than ever, militaries all around the world now depend on computers to manage massive amounts of data for logistics, process intelligence and plan operations, design and manufacture weapons.24 To many anti-government hacktivists groups the servers and networks that hosts this information become potential targets. Since the terrorist event on September 11, 2002, new laws have been passed to combat cyber terrorism. Laws in place today such as the United States Patriot Act and the Computer Fraud and Abuse Act address the implications of hacking and what the 19 Winn Schwartau, Would Thoreau Approve?: Technology Can Be an Effective Tool for Expressing Political and Social Discontents; InformationWeek; 27 March 1995 20 Department of Defense News Letter, NIPC Says Cyber Protest Threats will Increase, Technobabble; v2 issue 6, November 2001 21 Brian Kerbs, Hacktivism’ Spike Expected Following US Retaliations, Newsbytes News Network, 13 September 2001. 22 John Lasker, Hackers Use Computer Skills to Promote Politically Motivated Mischief, Mayhem; Knight Ridder Tribune Business News; Washington, 14 May 2002. 23 24 Bruce D. Berkowitz, War logs On, Foreign Affairs; New York; May/June 2000. p 8-12. Ibid 8 consequences of hacking are. A representative from the FBI states, “the law does not give special treatment or legal immunity to hacktivism, denying service to a computer is a federal crime.”25 Computer hackers now face life imprisonment if convicted under the convicted under the United States Patriot Act. Whether or not this is going to discourage hacking and make a hacktivist think twice before acting is too early to speculate. Concerns for Security Professionals, Private and Commercial Organizations: The concerns for many security and network administers are similar to those that the government faces. Commercial entities are also becoming targets for hacktivists organizations because some hacktivists organizations are against globalization and merging markets. Others feel U.S companies and International companies should not conduct business with each other. Hacktivist have targeted entities such as, Microsoft, Nike and Ford Motor to name a few. By denying service to these corporations server, causes severe financial damage. These companies are targeted because they are large corporations that are a figure for economic growth for the United States. Other hacktivists feel these large corporations are becoming a monopoly and disagree with their business objective or agenda. Another extreme example is if a hacktivist group attacks a financial institution because they feel the bank is processing transactions for the AlQuetia. Instead of letting law enforcement investigate the matter, hacktivist take matters into their own hands. Although the hacktivist group considers their actions are good for the community as a whole, other parties that desperately depend on the bank to conduct their financial transactions are negatively impacted by the lack of availability to their funds. The NIPC have provided some recommendations to private entities on how to secure their network from hacking and hacktivist activities. They encourage companies to re-evaluate their security procedures, implement network intrusion detection software, limit the size of inbound traffic, review system logs, disable inactive accounts, change passwords regularly and keep patches updated.26 They should monitor and analyze network traffic to determine if there is a pattern of constant requests or pings coming from the same source. Web administrators should always keep back-ups and have redundancy plans. There is no such thing as a network that is 100% secure from any threat. One of the hardest reasons to detect the actions of a hacktivist is the mere fact that the traffic or requests they make to the target web server appear to be legitimate. Before the network administrators can determine what is going on, the hacktivist has already disrupted service, replace web site content or crash the server. Government entities do not recognize the acts of hacktivists as a form of civil disobedience, and the penalties for breaking into a computer can be very extreme and hacktivists need to be aware of their actions and thus must take responsibility for the damages they create. 25 Dequendre Neeley, Hacktivism or Vandalism?; Security Management, v44 i2 p30; February 2000. NIPC Watch and Warning Unit, Hacktivism in Connection with Protest Events of September 2002, 23 September 2002, electronic version available at http://www.nipc.gov/warnings/assessments/2002/02002.html accessed on 26 9 Conclusion: Hacktivism is becoming a very serious threat to the Internet community because of the interconnectivity of government systems and private networks. As one depends on the other to operate, disruptions in normal operations or lack of availability in services can have very serious side effects on a nation and it’s critical infrastructures. Since information is so easily available over the Internet it is almost impossible to validate its authenticity. Hacktivists organizations use the Internet to recruit more participants in order to form a union of like-minded people. With the ability to manipulate information on local and national news servers, innocent web surfers may not even realize that they are being swayed by misleading information. Hacktivists organizations stand firm by the fact that their actions are nothing more than an act of civil disobedience. Instead of taking their discontents to the street, they are taking it to the information highway. They feel their actions are not illegal, dangerous or life threatening. Some security professionals and law enforcement agencies seem to think otherwise. Manipulating or destroying data that is an essential part of a company’s financial well-being, or crashing a government server that regulate air traffic control is illegal and life-threatening. As these organizations become more aggressive in the future, there is no telling how much damage can result from their actions. Regardless of whether or not hacktivist feel their actions are legal, Unites States computer laws and some International computer crime laws identify hacking as an extreme threat to the Internet community and therefore illegal. Various government and law enforcement agencies around the world feel unauthorized access to any computer; network is the destruction of private property. Those who violate these laws will be punished. In the past, computer laws alone have not proven to discourage hacktivism. However, through education and training, those that commit these crimes will be brought to justice and used to set a standard or example. Activist who disagree with hacktivism feel their counterparts are misusing the Internet. Instead of using the Internet as a weapon, activist should use the Internet as positive communications tool. Instead of going out and causing damage to the opponent systems, they should take the time and effort to divert their attention to the importance of creating their own web site whereby they can hosts their own material. The Internet does allow people to express their First Amendment right to free speech without breaking local and international law. There are other ways of expressing political, social and personal discontents without being unethical and disregarding the laws of other countries. Human conflict is inevitable and impossible to ignore. The whole idea behind civil disobedience is to allow people to challenge government policies and actions. It is not about taking down a web site or destroying a network because “they” feel it is not worthy of being on the Internet. Hacktivism is a double standard, people that participate suggest they are expressing freedom of speech but what they have really done is take away someone else’s freedom of speech. For those that feel hacktivism is an act that is nothing more that a nuisance should not undermine their ability to cause extreme damage. 10 Annotated Bibliography 1. Baguley, Richard. “Hacktivism' Spike Expected Following US Retaliations,” [CD-ROM] Newsbytes, 13 September 2001 pNWSB01. The Federal Bureau of Investigation’s, National Infrastructure Protection Center (NIPC) is working closely with information security firms to prepare for the Anti-US hackings after the incident on September 11th. NIPC is requesting private firms to increase monitoring of any suspicious communications being transferred electronically, especially in the banking, transportation and energy industries. 2. Baguley, Richard. “SEND THE GOVERNMENT TO JAIL,” [CD-ROM] Boardwatch Magazine, December 1999 v13 i12 p120. A bill sent to Legislation in the United Kingdom stirs up controversy among the strict privacy groups in the nation. The Bill if passed, will allow the UK police to access encrypted information that they think may be linked to a crime. Penalties for not complying could lead to jail sentences, if the person did not provide the key. The Bill states that a person (s) with encrypted files needed by the police must supply them with the key needed to decrypt the message. Hacktivist argue it is an invasion of privacy, what happens if the receiver of the message was framed and did not have the key. Will the police arrest the individual if he never had a key to begin with? An outrage sprung amongst many hacktivists groups opposing such strict enforcement. 3. Denning, Dorothy. “Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy,” available from http://www.terrorism.com/documents/denning-infoterrorism.html ; accessed on 6 October 2002. Cyber protesting is a popular avenue for individuals to express a political opinion and persuade political leaders to sway one-way or the other. Regardless of the message the hacktivist is trying to relay, hacking is still considered a computer crime and must be treated that way. The people involved in this movement use their programming skills along with their knowledge of the Internet to disrupt their opponents. To some, hacktivisim is viewed as cyber terrorism. To others it is a legitimate social movement with purpose with thought out methods. 11 4. Denning, Dorthy. “Cyberwarriors,” [CD-ROM] Harvard International Review, Summer 2001 v23 i2 p70 Hacktivism occurs all over the world. As the world becomes more interconnected and access to the information highway becomes more available, people are finding computers as a source for expressing political and social movements. Those opposing certain issues the government is doing, hacks into government systems hoping to disrupt operations. Other who disagree with certain social issues, deface the opponents website. Activists have chosen to take their actions to the Internet because of its global visibility. Hacktivists state, their actions are not life threatening and less harmful than the old method of protesting. Security experts left to clean up the mess seem to think otherwise. 5. Foley, John. “HACKTIVISM -- The Road To Web-Site Security,” [CD-ROM] InformationWeek, 13 November 2000 p8. Electronic social Disobedience is on the rise. Information security is becoming top priority for many companies and government agencies. The amount of downtime and the cost of fighting cyber attack are on the rise. When companies such as Microsoft and Lucent Technology and along with other top technology companies become victims of cyber attacks, information security must be top priority for any business and agency that want to protect their network infrastructure and the information it is intended to protect. 6. Gold, Steve. “Chinese Hacktivist Threat Continues To Build – Vigilinx,” [CD-ROM] Newsbytes, 30 April 2001 pNWSB01120010. Hacktivists lash out after an accidental collision between the Chinese fighter jet and the United States spy plane. Pro-American hackers retaliate by hacking over 100 Chinese website. But reports indicate that the Chinese are also hacking into web site maintained by individuals in the United States. U.S. website operators say that this may be a cyber war in the making. 7. Harmon, Amy. “Hacktivists' of all persuasions take their struggle to the Web,” [CD-ROM] The New York Times, Oct 31, 1998 v148 pA1(L) col 5. A group known as the Electronic Disturbance Theater seeks to express their political agenda the new traditional way, over the Internet. They believe their actions are not illegal because they do not break into systems to destroy data. They think their intentions are pure, without masking their identity. They think their methods of cyber protest will bring political and societal change. They strongly believe in the free flow of information and governments should not regulate the use the World Wide Web. By using the Internet as a tool for reaching 12 a wide range of audiences, they think it is more influential than protesting the old conventional way. 8. Hasnain, Ghulam. “School for Hackers: The Love Bug’s Manila Birthplace is Just One of Many Third World Virus Breeding Grounds,” [CD-ROM] Time, 22 May 2000 v155 i21 p59. People who hack have their own reasons and motivations. There is no real clearcut answer to why people do it. Those who disagree with Internet censorship lash out on government systems, deface government websites to make a statement. As people in third world countries see technology growing in other nations, they too want exposure to such inventions. Unfortunately, the free flow of information is not so “free” in many nations that make the Internet so expensive their own citizens cannot afford to use it or the any information entering or leaving the country is filtered and monitored. Amazingly, however, some of the most renowned hackers are borne in such countries. 9. Ives, Jim. “Know the Code,” Technobabble, The DCIS Cyber Crime Newsletter. Volume 2, Issue 6. November 2001. [Newsletter on-line]; available from http://dodig.osd.mil/dcis/newsletters/100111.pdf ; accessed on 6 October 2002. Prosecutors are having a very difficult time prosecuting computer related crimes because of inadequate laws. 18 USC 1362-Communication Lines, Stations, or Systems is a statute that deals with hacking into the U.S. Department of Defense systems and other critical government systems or communication lines. Regardless of the intent of the hacker, those charged under this statute can receive 3 to 10 years in prison and receive fines ranging from $1000 to $10, 000. Originally, the statute was intended to protect systems utilized by military and civil defense agencies. 10. Krebs, Brian . “FBI Warns Of Increased Hacktivism, Cyber Protests,” [CDROM] Newsbytes, 16 October 2001 pNWSB0128901F. After the September 11th attack on America, a growing trend in cyber attacks is expected to rise from pro-Afghanistan groups. Similar to hackings performed by the Chinese when the two planes crashed. Hacktivist that are discontent about how the U.S government is handling International issues will take their protest to the Internet. The Federal Bureau of Investigation warns the United States must take extra steps to protect the nations most critical infrastructures that are likely targets by the pro-Afghanistan hacktivists groups. 13 11. Komiega, Kevin. “Political hacking: Crime or Activism,” 2000. available from http://searchsecurity.techtarget.com/orginalContent/0,,sid14_gci506135,000.html Internet ; accessed on 20 October 2002. A decade ago, the world was not as electronically connected as it is today. Households with personal computers were low and so were the number of people with the skills needed to operate it. Ten years later, one cannot enter a home where a computer does not exist. With the emergence of the Internet and its popularity for personal and business use it has opened up more ways to share information. It also opens the gate for people who exploit it to express their opinions about certain issues. In virtual form, computers are becoming more involved with social disobedience. Hacktivists who call themselves, “Electrohippies” use computers and the Internet network to stage hacktivism. Their main purpose is to disrupt it’s opponent’s electronic communication. 12. Lasker, John. “Hackers Use Computer Skills to Promote Politically Motivated Mischief, Mayhem,” Knight Ridder Tribune Business News; Washington, 14 May 2002. 13. Manion, Mark and Abby Goodrum. “Terrorism or Civil Disobedience: Toward a Hacktivist Ethic,” Computers and Society, June 2000. The potential power that hacktivism has is very frightening and cannot be ignored. This form of electronic civil disobedience is considered unethical. It is one thing to protest and speak out about discontents in relation to government polices and actions but to destroy personal property by hacking is unethical. Civil disobedience should be focused on non-violent acts in order to promote social change, hacking on the other hand is an act of violence that could lead to severe financial loss for the target / victim. Hacktivism is currently in its’ infancy and expected to increase in the near future. It is fair to say that the freedom of speech should be extended into the digital world and thus it has, but abusing the privilege will demand the government to take a more stringent stance and punish those that are out to destroy government and personal property. 14. McKay, Niall. “The Golden Age of Hacktivism,” available from http://www.wired.com/news/politics/0,1283,15129,00.html ; Internet ; accessed on 16 October 2002. As hacking tools become more easily accessible to hacktivists over the Internet, security experts are becoming more concerned about how far someone will go to express their political and social interest. A group known as, Cult of the Dead Cow launched a hacktivist resource site, known as hacktivist.org whereby hacktivists can have access to numerous hacking tools and instructions on how to 14 launch a successful cyber protest. Hacktivist do not believe that their actions are to considered cyber warfare; instead they believe it should be coined as expressing an interest on behalf of those who are oppressed by the government and cannot do it for themselves. 15. Neeley, Dequendre. “Hacktivism or Vandalism?” Security Management, February 2000 v44 i2 p30. There are many hacktivist groups, some support each other while others are parties of the opposite side. Hacktivist say, their actions are nonviolent and a right to free speech. Security professionals say, it is a crime and should not be tolerated. Today, it is hard to tell a hacktivist who is fighting for a political cause to a bored script kiddy sitting at home defacing websites for fun. More seriously, it is even harder to distinguish between an hacktivist and a cyber terrorist. The Federal Bureau of Investigation says, they do not treat hacktivism any differently than it would any computer crime, it is breaking into a computer system without authorization. Launching a coordinated sit-in is a method of a denial of service attack that disrupts legitimate communication, which could potentially crash the server. 16. Patel, Ashraf. “Between Street Battles and Cyberspace: Activism for the 21st Century,” available from http://link.wits.ac.za/nes/v3_8.html ; Internet ; accessed on 19 October 2002. Conventional methods of social disobedience are portrayed every year during the WTO meeting, and IMF-World Bank meetings. Different groups with different purpose gather yearly to protest issues ranging from Anti-Globalization to DebtRelief. While the street protests and picketing draw concerns from law enforcement, more and more protests are occurring electronically. The emergence of the World Wide Web and its’ use of information sharing have paved a new way for protesters to disrupt their opponents. During the WTO meetings, over 137,000 requests were sent to the WTO public website, brining the website down to a crawl. The website published information regarding the meetings, intended for the attendees of the meeting. Another method used by the protesters was to repeatedly send emails to WTP personnel with large attachments, which can cause bottleneck in the email system. 17. Samuel, Alexandra. “Decoding Hacktivism: Purpose, Method, and Identity in a New Social Movement,” available from http://www.ltas.fzk.de/esociety/preprints/egovernance/samuel.pdf ; accessed on 6 October 2002. Social movements have changed throughout the years, especially with the emergence of the Internet and powerful PCs. Methods of social movements such as picket lines and sit-ins still occur today, however, a new movement called 15 hacktivism uses different methods to communicate the movement’s purpose. Methods such as DOS attacks, flood nets and site takeovers are becoming more common in the news pages. 18. Schwartau, Winn. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. Thunder’s Mouth Press, New York, NY. 2000 pp 69-211. Standing in the middle of the street or in front of an abortion clinic with picket signs is becoming a thing of the past. With the Internet being the information highway, people can reach millions of people all over the world with little to no effort. It no longer takes hundreds of people to “block” off the streets because of protesting. Protesting that occur over the Internet only require at the most 1 person and the “block” could be more devastating. Cyber-civil disobedience offers protest over the Internet with no boundaries and no limits. Hackers are becoming more knowledgeable as tools and “how to” sites are readily available. Hacktivists and hackers are no longer made up of teenage kids, today; they are sophisticated people on a mission to make a statement. 19. Schwartau, Winn. “Would Thoreau Approve?” available from http://www.informationweek.com/520/20uwfw.htm# ; Internet ; accessed on 15 October 2002. Decades ago, civil disobedience meant that a group of people gathered together to express their views against subjects such as war and government policy. They protested by gathering groups of people with similar beliefs and marching in the streets, picketing, and or staging a sit-in. The bigger the cause, the bigger the crowd, often times out numbering the number of law enforcement tasked to contain them. Today, protests are still waged, but now on different grounds with different tactics. Cyber civil disobedience is the use of computer technology and the Internet to stage protest. Through the vast network for telecommunication networks, the protesters with right skills can wage their protest in a virtual state to anywhere in the world where these networks reach. 20. Thomas, Julie L.C. “What is Hacktivism,” Sans Institute, 12 January 2001; available from http://rr.sans.org/hackers/hacktivism2.php ; accessed on 16 October 2002. Modern times calls for modern methods of social disobedience. The days of picket signs and sit-ins have not yet passed, however, people involved with the hacktivism movement are creating virtual counterparts of the traditional methods. Instead of using picket signs, various groups are taking over web servers and publishing their views on the opponent’s web pages. Groups like the “Electrohippies” create virtual sit-ins by staging DDOS attacks against their 16 opponent’s web server, causing the website to become inaccessible for legitimate visitors. 21. Verton, Dan. “White House Cyber defense Strategy Due Out on Wednesday,” Computerworld, September 16, 2002; available from http://www.computerworld.com/securitytopics/security/story/0,10801,74296,00.ht ml ; accessed on 19 October 2002. With the increase of cyber-attacks and the growing threat of war with Iraq, the US Government is outlining a strategy to combat the possible cyber-attacks against nation’s infrastructure. To name a few, the cyber-attack strategy will concentrate on how to secure information and operations of the energy, telecommunications, transportation, and utility industries. It also outlines plans for public companies, private companies and the government for setting security standards for current and emerging technology. 22. Wagner, Mitch, “Hacktivists Against Censorship,” The Washington Post, Sunday, October 13, 2002; Page H07; available from http://www.washingtonpost.com/wp-dyn/articles/A15124-2002Oct11.html ; accessed 13 October 2002. The government in countries such as China and Iran will face harder challenges to censor Internet usage by their citizens. Individuals against Internet censorship are developing new tools that use peer-to-peer technology to bypass Internet censorship. When complete, software such as Peekabooty, Six/Four and Triangle Boy will allow users to use peer to peer technology and encryption to secretly retrieve content that would have been stopped by the government’s filtering software. 23. Wang, Wallace. “Hacktivism: guerillas, rebels strike the net” [CD-ROM] Boardwatch Magazine, Jan 1999 v13 i1 p98(2). Before the hacking and web defacements and denial of service attacks entered the minds of the hacktivists community, they use to post their own web sites quietly waiting for people to find the website on their own. Now, the wait is over. Hacktivists have taken a more aggressive approach, they no longer post their messages or statements on their own sites, instead they hack into the opposing parities website and post their statements there, where they know the persons or parties they oppose will know exactly how they feel. 24. Wray, Stefan. “Electronic Civil Disobedience,” available from http://cristine.org/borders/Wray_Essay.html; Internet; accessed on 16 October 2002. 17 Social Disobedience has been around for generations, however, it was not till recently that the methods of disobedience started to mutate in electronic form. Similar to the Civil Rights movement in the 50s, Anti-Vietnam War movement in the 60s, to the feminist activism in the 70s, electronic civil disobedience follows a similar principle, which is to protest against what they believe are wrong actions or policies set by their opponents. Electronic Civil Disobedience breaks boundaries that were hard for the early generation to perform. For example, with the right skills, a group or a person can set a “digital sit-in” from the opposite site of the world by jamming up network traffic to a specific website, or taking over a website to post information that is used to disrupt the opponents operations. 25. “Hactivism In Connection With Protest Events of September 2002,” available from http://www.nipc.gov/warnings/assessments/2002/02-002.htm ;Internet; accessed on 10 October 2002. Various groups ranging from Anti-Globalization, Debt-Relief or Human Rights activists protest IMF and the World Bank meetings every year. To this date, these groups have used the traditional methods of protest, which are Sit-Ins, Picketing, and group marches. Neither IMF nor the World Bank has been attacked virtually during these meetings. By virtually, meaning ‘Hactivism’ where the protesters use computer networks and it’s vulnerabilities to infiltrate the opponent’s information infrastructure. IMF and World Bank are encourage to take precautions during these times by monitoring network access, abnormal email traffic, and excessive website requests. 26. “Steal This Modem,” available from http://journalism.fas.nyu.edu/opensource/readme/index.php?art_id=122&page=4 ;Internet ; accessed on 16 October 2002. There is a fine line between electronic social disobedience and cyber-terrorism. This fine line may be blurred for some that may cross it. Experts agree that the deciding factors between the two are the results of the actions performed. Cyberterrorism intends to destructive where as hacktivism intends to be disruptive. 27. “The Cyber terrorism Threat: All Too Real,” Technobabble, The DCIS Cyber Crime Newsletter. Volume 2, Issue 6. November 2001. [Newsletter on-line]; available from http://dodig.osd.mil/dcis/newsletters/100111.pdf ; accessed on 6 October 2002. As more and more government systems get hacked the United States Government is becoming more concerned. Issues such as the economical impact, system and network damage and possible leaks of confidential data are main concerns for the government. Virginia’s Governor, James Gilmore states the events of September 11 was a rude awakening and the US government needs to be prepared for attacks 18 against government and civilian systems. Cyber threats and cyberterrorism needs to be addressed not only at a local level but also at a national level. Securing the national information infrastructure from hackers and other types of cyber attacks needs to be a priority for the government since many critical organizations depend on computers to operate. 28. “NIPC Says Cyber Protest Threats will Increase,” Technobabble, The DCIS Cyber Crime Newsletter. Volume 2, Issue 6. November 2001. [Newsletter on-line]; available from http://dodig.osd.mil/dcis/newsletters/100111.pdf ; accessed on 6 October 2002. An organization established under the Federal Bureau of Investigations, The National Infrastructure Protection Center (NIPC) states that cyber protesting will become more desirable for people who want to reach a wide range of audiences at rapid speeds with little to no extra costs. Cyber protestors are also known as hacktivists who engage in hacking computer systems in order to express their opinion about certain political and social issues. With the aid of computers, these individuals never have to leave the house and their true identities are masked. According to the NIPC, targeted systems include; government, educational, commercial and cultural institutions. 19
