Anti-globalist protesters turn to hacking

[InfoSec News <isn () C4I ORG>]

http://news.ninemsn.com.au/sci_tech/story_8356.asp

Fri 9 Feb 2001

The technicians at the World Trade Organisation got a bit suspicious
when "journalists" in an online press conference went by screen names
like "NO-TO-WTO".

Still, WTO Director-General Mike Moore gamely answered all questions
thrown at him - until he was knocked off-line by anti-globalisation
protesters with excellent computer skills.

This week, similarly motivated "hacktivists" grabbed headlines,
announcing they'd collected credit card and other personal data on
some 1,400 business and political leaders by breaking into the
database of last month's World Economic Forum.

Increasingly, social activists have turned to hacking to make their
point, breaking into computer systems and wreaking havoc on
organisations they oppose.

The Internet has turned out to be a remarkable tool for non-violent
protest on a scale activists could only dream of before.

The term "hacktivist" was first applied to supporters of the Zapatista
rebels in Mexico's southern state of Chiapas, who have sabotaged
Mexican government Web sites since 1998 and held "virtual sit-ins"
designed to overload servers.

More recently, the tactic has been used in Serbia, Pakistan and India
- and by both Palestinians and Israelis in the Middle East.

In one case, Palestinian sympathisers broke into a web site operated
by a pro-Israel lobbying group in the United States, stealing credit
card information and e-mail addresses.

The theft of private data is a relatively new tactic, however, that
goes beyond defacing web sites and electronic bombardment of servers.

Anti-globalist protesters contend the WTO's trade treaties benefit big
corporations and rich countries at the expense of the environment and
workers.

They consider the World Economic Forum, which holds its high-profile
annual meetings in the Swiss resort of Davos, to epitomise the elitist
dealmaking they oppose.

Protesters who showed up in person were largely stymied by a heavy
police presence at last month's Davos meeting. Online, however, they
effectively surmounted physical barriers.

The net "is another frontier for people to engage in these types of
activities", said Joel Scambray, a security analyst at Foundstone Inc.

The attacks against forum organisers showed just how far hacktivists
could reach: They obtained the travel itineraries, including flight
numbers, of politicians from around the world, and published them on
the web.

"This poses operational security problems, (and) goes beyond what
we've seen before," said Kent Anderson, vice-president of computer
security with the London-based Control Risks Group.

Almost every major corporation and organisation has been hit at one
time or another by hacking, with McDonald's, Starbucks and the WTO
favourite targets of hacktivists.

During the WTO's last major meeting, in Seattle in December 1999, the
organisation faced attempts to shut down its system.

"There were millions of bits of spam thrown at us, but we had a good
defence which bounced these right back, said WTO spokesman Keith
Rockwell, using the term for junk e-mail.

People are still being misled by a copycat web site that uses the
WTO's old name - GATT - and looks nearly identical to the real WTO
site.

"It is really quite clever and quite funny. But it is less funny when
people believe it, as has been the case, and go to a lot of trouble
and then are deceived," said Rockwell.

The newly malicious nature of some of the hacktivism troubles some,
however.

The editor of the Toronto-based online magazine The Hacktivist, who
goes by the pseudonym metac0m, said the "theft of personal info,
credit cards and the like bothers me, for it discredits the legitimacy
of hacktivism as a form of protest and civil disobedience".

"I would rather that those who engage in the cracking of databases
access the documents being crafted completely out of public view and
scrutiny,"' he said in an e-mail interview.

Metac0m credits more effective hacktivists with the downfall of the
Organisation for Economic Cooperation and Development's Multilateral
Agreement on Investment in 1998.

"When activists ... posted it on the Internet it was a huge victory
because the public saw what was in that agreement, realised it was not
in their interest, that they had no input into it, and hence they
rejected it."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".