Hackers-activists push their causes using technology

[InfoSec News <isn () c4i org>]

http://www.uniontrib.com/news/computing/20010828-9999_m1u28hack.html

By Chris Berdik 
August 28, 2001 

Next month, San Diego will host an annual hacker's convention called
ToorCon.

The keynote speaker, a computer security guru known as Simple Nomad,
will discuss a new use for technology that's of growing interest
within the hacker community.

It's not about cyberterrorism or starting computer viruses.

It's "hacktivism," a loosely defined mashing of hacking and activism
that means a new willingness to use technology toward overtly
political ends. It's a controversial movement, and one with very
uncertain results so far.

For starters, nobody can agree on what activities count as hacktivism.
Is it hacktivism when an environmental activist uses a Web site and
e-mail to organize a protest?

Is it hacktivism when a computer-savvy "patriot" sends an e-mail
"bomb" that overloads a Serbian government computer system?

There are those who would answer yes to both questions, but most
hacktivists prefer much narrower definitions.

Hacking already has an image problem, after all, and they're eager to
keep out the riffraff.

Related to this wrangling over labels is a question about efficacy.
Can hacktivism work as a form of social action, or is it just a lot of
noise and criminal behavior?

In the last few years, several politically minded groups have used a
variety of hacking tools that they program themselves or download from
the Internet to shut down or disrupt their opposition online.

One such group, the Electronic Disturbance Theater (EDT), is best
known for its support of the Zapatista insurgency in Mexico.

In 1998, EDT members organized a number of "virtual sit-ins" against
the Web sites of financial and government institutions, including the
Pentagon, which they believed were sympathetic to the Mexican
crackdown against the rebels.

The group created a hacking tool called FloodNet that was downloaded
by thousands of supporters.

The program repeatedly asks a targeted Web page to reload, and when
used simultaneously by enough protesters, it overwhelms and "floods"
the site, preventing it from being accessed by others. It's what's
known as a "denial of service," or DOS, attack.

Ricardo Dominguez, a co-founder of the EDT, cites the non-violent
civil disobedience of Henry David Thoreau and Martin Luther King Jr.
as FloodNet's precursors.

"Electronic civil disobedience is as American as apple pie," he says.

More hip than marches

The theory of electronic civil disobedience was originally developed
by an activist collective known as the Critical Art Ensemble in 1994.  
The gist is that traditional marches and pickets can no longer counter
decentralized and digitized sources of power in an age of the Internet
and global free trade.

"You have to look at where some of the primary trajectories of power
are," explains ensemble member Steve Kurtz. "One is in information
exchange."

Kurtz would like to see hackers develop tools that could block a
corporation's access to certain, targeted databases.

But Dominguez prefers to stick with more symbolic forms of electronic
protest.

Dominguez says EDT has been criticized by hackers, because FloodNet is
inefficient and only works if thousands of people join the protest.

But it's precisely this inefficiency, along with the group's refusal
to be anonymous, he argues, that gives virtual sit-ins democratic
legitimacy.

"Our technology," Dominguez explains, "is like a bunch of people
stepping into the middle of the information superhighway."

Not all the objections to FloodNet are criticisms of its inefficiency,
however.

"It's really no different than shouting down a speaker at a public
discussion because you don't like their point of view," says Oxblood
Ruffin, founder of another well-known hacktivist group, the Cult of
the Dead Cow (cDc), based out of Texas and New York.

Ruffin, often credited with coining the term hacktivism, believes that
DOS attacks like FloodNet are a violation of free speech rights.

And besides, FloodNet is a "very tepid" protest action in Ruffin's
opinion, "sort of like getting pecked to death by a duck."

'Big technology' 

The cDc hackers design programs to break through electronic firewalls,
saying their purpose is to enhance freedom of information.  Their
latest project, Peekabooty, is an application meant to facilitate a
secret network for human rights workers operating in dangerous
environments.

Patrick Ball, deputy director of the Science and Human Rights Program
at the American Association for the Advancement of Science, joined
Ruffin in supporting Peekabooty at last month's Def Con hacker
convention in Las Vegas. Ball uses databases to analyze human rights
abuses.

"To show that the violence isn't just random noise, you need big
data," Ball says. "And to process big data you need big technology."

The theme of cDc's hacktivism, freedom of information, is an issue
around which hackers easily rally.

The latest hacker cause celebre, for instance, is Dmitry Sklyarov, a
Russian hacker arrested by the FBI last month for writing code that
could decipher encrypted electronic books.

Sklyarov's incarceration sparked techie protests in more than two
dozen cities.

Division within ranks 

Nevertheless, many believe the dominance of such technology-centered
issues will keep hacktivism a parochial concern, practiced by and for
hackers, with little impact on mainstream society.  These skeptics
insist that hacking is an exclusive domain of programming skill and
technical curiosity where labels count.

Quite a few hackers, for instance, argue that unauthorized access of a
computer system is not hacking, but "cracking."

And, many dismiss the idea of even mentioning those who would download
ready-made hacking tools (presumably most traditional activists) in
the same breath as hacktivism.

Skeptics also point to an arena where would-be hacktivists have been
especially active: Web site defacements, the unauthorized alteration
of a site's HTML coding.

In recent years, the number of defacements has skyrocketed.

Attrition.org was one of many "mirror" sites where hackers posted
copies of Web pages they defaced.

Earlier this year, volunteers at Attrition.org were forced to abandon
the project due to overwork. They were processing up to 100
defacements every day, nearly three times the total they received in
1995 and 1996 combined.

Occasionally, a hacker posts an overtly political defacement to a
mirror, such as a Nike Web site redone with a sweatshop motif.

But boastful taunts and put-downs of site security predominate, such
as the following ditty left by hackers on the U.S. Army's dental care
page:

"Your teeth are rotten, your sys(tem) is weak, we owned your gums, and
cleaned your teeth."

"Of the 15,000 mirrors we have here that represent some 45,000 defaced
sites, I would imagine not even 10 represent true hacktivism," says an
Attrition staff member who uses the screen name Jericho.

The consensus, even among hacktivism's supporters, seems to be that
defacements are not only ineffective protests, they can be downright
counterproductive.

"I'm not thrilled with (site defacements)," says Kurtz of the Critical
Art Ensemble.

"They're just pranks that aren't going to go anywhere, so why bother?
Especially if you're going to do something illegal, all you've done is
put more cops on the street and put more people under surveillance --
for nothing."

The maturation of hacking

On the first Friday of every month, hackers who belong to a group
called San Diego 2600 meet at a University City pizzeria. At a recent
gathering, their opinions on hacktivism were mixed.  "It's an idea
that's generally looked down upon," said one member of the group who,
like others, said he did not want his name used.

Real hacking is about overcoming technical obstacles, he said. It's
not about breaking into systems or tagging Web sites with
self-righteous graffiti.

Another hacker said he supports hacktivism such as DeCSS (software
developed by a Norwegian teen-ager to unscramble DVDs) that subverts
legislative attempts "to stomp on people's First Amendment rights."

Yet another group member offered an explanation for the current
emergence of hacktivism.

"Before the technology became mainstream," he said, "hackers were
either students or in the technology field. They looked at the world
innocently and considered (hacking) pure research, with no
consequences for the outside."

Hacktivism, he continued, developed as the hacking community was
simultaneously maturing, growing more diverse, and was increasingly
pressured by law enforcement.

Hackers "began to realize that they were capable of affecting the
outside world and that the outside world was capable of affecting
them," he said.

In some sense, hackers have always been world changers. They
confronted the flawed substructures of networks and software that
everyone else simply used without asking too many questions.

In the process, they were chronically misunderstood and largely feared
by society at large.

And yet there's little denying that hackers sometimes cultivated their
outsider status, one reason why it's significant that many now seem
willing to engage the problems of the larger, less-programmable world.

"We need to learn what this new landscape is about," reads a blurb
about the Simple Nomad's upcoming speech posted on ToorCon's Web site
( http://www.toorcon.com ).

"The time for action is now. There is plenty to do for everyone, and
it involves what we do best -- hacking."

No taking sides 
Law enforcement views hacktivism warily. 

Erin Kenneally is a vice president of the San Diego High Technology
Crime Investigation Association, a coalition of law enforcement and
private security. She says that unauthorized access to any computer
system is a crime, no matter what the motivation.

"For consistency of enforcing laws, we should go after these people,"
she says.

"Once you get into a situation where law enforcement is taking sides
-- asking, is this for a good cause? -- well, you just can't do that."

Kenneally, a forensic analyst at the San Diego Supercomputer Center,
and other law enforcement and computer security personnel have been
facing a sharp rise in computer crimes, even as off-line crime has
declined.

Speaking before Congress last year, former FBI Director Louis Freeh
called cybercrime "one of the fastest evolving areas of criminal
behavior and a significant threat to our national and economic
security."

According to the "2001 Computer Crime and Security Survey" conducted
by the Computer Security Institute and the FBI, the economic damage
from these breaches reached nearly $378 million a year.

And political hacking could cause more than economic harm. An extreme
form of it would be cyberterrorism -- attempts to cripple critical
electronic infrastructure within the United States -- a serious, if so
far theoretical, threat according to the National Infrastructure
Protection Center.

"The nature of the Internet is that you can't always control it," says
Kenneally. "Things can run amok a lot easier in the virtual world."

Assistant U.S. Attorney Joe Sullivan is a member of the Computer
Hacking and Intellectual Property unit in San Jose. He says that in
the 18 months his group has been in existence, they have yet to
prosecute a hacker who claimed political motives for his actions.

Yet, Randy Boleli, an FBI agent in San Diego who specializes in
high-tech crime, says he has encountered hacktivism, and expects to
see more of it as the Internet's role continues to expand.

Boleli admits that the limited resources of law enforcement give
priority to crimes that inflict significant monetary damage on their
victims, although he won't rule out investigating cases with purely
political motives.

As for the idea of electronic civil disobedience, Tom Perrine, a
security specialist at the San Diego Supercomputer Center, isn't
impressed.

"Many see hacktivism as a way to protest without risk," he says. "This
is versus people who are out in the streets putting their ideals and
their bodies on the line. I know who I respect more."

In any case, traditional activists aren't flocking to the hacktivist
banner just yet.

Martin Eder, executive director of an online network of San Diego
activists ( http://www.activistsandiego.org ), says that while
technology is very useful for organizing, hacking's strong libertarian
streak makes it a bad fit for effective social action.

"We've got a thousand subscribers, all kinds of folks," Eder says. "We
work in a collective atmosphere, and the loners who might be into that
stuff would be less likely to be connected with us."

Nevertheless, Ball, of the Science and Human Rights Project, says
freedom of information is at the core of almost every social issue,
making hacking and activism a perfect match.

"I think of hacking and hacktivism as finding knowledge," he says.
"And that search is related to all these other areas where people are
trying to keep that knowledge from you."

Stanton McCandlish of San Francisco's Electronic Frontier Foundation
agrees. He insists that the division between computer and "real world"
issues is largely an illusion.

"The Internet isn't some different world," he explains. "It's us."


Chris Berdik is an intern with the Union-Tribune.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.