Edited/Distributed by HURINet - The Human Rights Information Network --------------------------------------------------------------------- ## date : 27.10.98 --------------------------------------------------------------------- E-Guerrillas in the mist One by one, the world's most prominent Web sites are falling to the cyber bullets of Internet hackers. Unlike in the past, the new breed of electronic intruder has a political agenda. Bob Paquin The Ottawa Citizen On Oct. 12 the Website of Mexican president Ernesto Zedillo was attacked and compromised. The date of the event was significant. Oct. 12 happens to be Columbus Day in America -- an almost irresistible call to action for the members of the New York-based Electronic Disturbance Theatre. The Zedillo hack was not the work of bored teens. It was a political act, an occasion for Internet activists -- or "hacktivists" -- to "demonstrate continued resistance to centuries of colonization, genocide, and racism in the western hemisphere and throughout the world," according to the Theatre. Nor was the Oct. 12 attack an isolated incident. In August, the Mexican group X-Ploit hacked the country's finance ministry Website, replacing it with the face of revolutionary hero Emiliano Zapata, in sympathy with the Zapatista rebellion in the Chiapas region in southern Mexico. And if Mexico is a popular target of hacktivism, it is by no means the only target. In June, the group MilwOrm, whose logo features the slogan "Putting the power back in the hands of the people," hacked India's Bhabba Atomic Research Centre to protest India's recent nuclear tests. Later, in July, MilwOrm and the group Ashtray Lumberjacks, acting together, orchestrated a unprecedented mass hack of more than 300 sites around the world, replacing Web pages with an anti-nuclear statement -- complete with angry red mushroom cloud -- directed towards all of the nuclear powers. On Aug. 1st, the Portuguese group Kaotik Team hacked 45 Indonesian government Websites, altering Web pages to include messages calling for full autonomy for East Timor. Mailbombs were delivered and several other Indonesian government sites were hacked on Aug. 12th by hackers from China and Taiwan, to protest the fact that Chinese-Indonesians were targeted for torture, rape and looting during the anti-Suharto riots in May. On September 13th, the New York Times had its Website replaced with a long screed calling for the release of jailed hacker Kevin Mitnick, and aiming a few barbs at Times reporter John Markoff, whose coverage of the Mitnick case raised a fair amount of controversy both in the hacker and media communities. On Oct. 13th, political activists took over an Indian government Website and posted messages and photos calling attention to alleged government-sponsored repression and human rights violations in the contested northern Indian state of Kashmir. Indeed, as the year 2000 approaches, incidents of cyber-activism are becoming commonplace. And no wonder. Never in the long and storied history of political and social activism have dissidents had at their disposal a tool as far-reaching and potentially effective as the Internet. "The technology is changing the equations of power, challenging the conventional channels of communication, distributing and disseminating influence in the broadest possible fashion, to the point of democratizing the channels and getting rid of the gatekeeper," said Canadian foreign affairs minister Lloyd Axworthy at an NGO conference last month in Montreal. "The technology has a mind-boggling potential to break through barriers and overcome political obstacles to educate, inform and be an agent of political change," he added. "The mouse is mightier than the missile." And while Mr. Axworthy noted that the Internet provides opportunities for the communication of dissent and opposition under repressive regimes, he stated categorically that the medium should not be a law-free zone. And yet, as far as hackivists are concerned, the Internet is not only law-free, but a vast, high-profile canvas for political graffiti. According to a recent report from the California based think-tank the Rand Corporation, entitled "In Athena's Camp: Preparing for Conflict in the Information Age," authors John Arquilla and David Ronfeldt define infowar, or cyberwar, as "conducting military operations according to information-related principles." "It means disrupting or destroying information and communications systems. It means trying to know everything about an adversary while keeping the adversary from knowing much about oneself. It means turning the 'balance of information and knowledge' in one's favour, especially if the balance of forces is not. It means using knowledge so that less capital and labour may have to be expended." Research in Canada into this aspect of the intersection between communications, political action, and the internet is thickly peopled by representatives from the Canadian Security Intelligence Service, the Communications Security Establishment, the RCMP, the Department of National Defence, various private sector security-related companies, and select academics. When asked to comment on the hacktivism phenomenon, a spokesperson from the Department of National Defence said that, while national security infrastructure was evidently not under attack, there was just cause for concern. "This is our business, and we need to protect ourselves." The world of information warfare is "a world where logic bombs, computer viruses, Trojan-horses, precision-guided munitions, stealth designs, radio-electronic combat systems, new electronics for intelligence gathering and deception, microwave weapons, space-based weapons, and robotic warfare are being discussed, developed and deployed," wrote University of Ottawa human-rights professor Gregory Walters in the Ottawa Citizen earlier this year. "I have been predicting and warning about this kind of activity for years," said computer-security expert Winn Schwartau, whose own "Infowar" Web site, is a repository of information on hacking and infowar. "Cyber-terrorism. Cyber civil disobedience. Each seems to begin 24 months or so after we publish how it's done," said Mr. Schwartau, who is also the author of the book Information Warfare: Chaos on the Electronic Superhighway. Not only are political hackers discovering how to infiltrate and disrupt "secure" networks, most feel ethically justified in doing so. Toronto-based hacker cell The Hong Kong Blondes, led by a Chinese dissident known as "Blondie" Wong, claims to have affected the usefulness of a Chinese satellite as part of their campaign to cripple Chinese military and security networks, as well as Western companies doing business in China. Mr. Wong recently formed another group of hackers -- The Yellow Pages -- based in Canada, the US, and Europe, to protest Chinese government conduct over human rights, and Western investment in the country. Mr. Wong justified his controversial approach to political reform in a July interview: "It is better to light a candle than to curse the darkness." He added, "There has been a shift in consciousness, I believe. Younger people have a great deal of talent, although they can be very awkward. But the point is, I think they are different from the generation of hackers before them. They want the recognition and attention, but they also want to do something to contribute to change things in a positive way." The earliest generations of hackers revelled in the challenge of electronically exploring the digital geography of the new landscape that was brought into being through the computer revolution. This, of course, included the odd malicious hacker, intent on using the tools of the trade for personal and often pernicious ends. However, a second generation has come to the fore. So-called hacktivists engage in cyber-activism, or what some have titled ethical hacking. "Hacktivists are savvy, subversive and are seasoned veterans of the Cola War," said Jamie Batsy, a Toronto-based network-security consultant and member of the activist Tao Collective. "Advertisers and other opinion makers are now in a position where they are up against a generation of activists that were watching television before they could walk. This generation wants their brains back and mass media is their home turf." And Mr. Batsy sees the battle between Internet activists and the political elite heating up: "Corporations and governments are at a huge disadvantage in this respect, as they have to relearn what we were born knowing." "Hacktivism has become such an effective means of activism. It was founded by a generation whose language was taught to them by advertisers, whose habitat is almost entirely electronic." Borrowing from the language and theory of Henry David Thoreau, some hacktivists see themselves as engaged in non-violent direct action and civil disobedience. "While all hackers are clearly not averse to transgressing the boundary between the legal and the illegal, not all hackers are political. But today, the politicized hacker is clearly a growing subset of the larger hacker world," said Stephan Wray, one of the founders of the New York-based Electronic Disturbance Theatre. Writing in the Earth First! Journal, Mr. Wray observes, "Today we are witness to a convergence of the computerized activist and the politicized hacker." He describes hacktivists as proponents of Electronic Civil Disobedience (ECD), borrowing the tactics of trespass and blockade from these earlier social movements and applying them to the Internet. Mr. Wray sees these activities as pushing the envelope and advocating the notion that the Internet should be an avenue for direct action, since "there are times when it becomes imperative to break a law, or set of laws, that appear unjust in comparison to what some would call a higher law." The Electronic Disturbance Theatre is a small group of cyber activists and artists developing the theory and practice of ECD. The group has focused its electronic actions against the Mexican and U.S. governments to draw attention to the war being waged against the Zapatistas in Mexico. On Jan. 1, through the Electronic Disturbance Theatre, Sub-cyber-commandante Z, of the Intercontinental Cyberspace Liberation Army, issued a press release which stated that "bands of netwarriors around the world, members of the Intercontinental Cyberspace Liberation Army, are converging in cyberspace to instigate information warfare, netwar, against the PRI controlled Mexican government "No longer shall we sit idly at our computer screens. No longer shall we wait, hope, and stupidly think that justice will prevail on its own accord. Justice will only prevail through struggle. And we, netwarriors of the Intercontinental Cyberspace Liberation Army, are ready to launch a co-ordinated attack." Goals of this attack include the interference in and obstruction of Mexico's digital networks, the de-stabilization of Mexico's telecommunication infrastructure, and the virtual destruction of U.S. corporate presence in Mexico. The Electronic Disturbance Theatre has produced a Java script program called Floodnet, which is used to flood and block a targeted Website by repeatedly calling for a specific or non-existent Web page on that server. The program is posted on a Web site, and participants have been called on to visit that page during a designated time period. This prompts the Floodnet program to zero in on the targeted Web site for a "Denial of Service" attack, which renders it inaccessible for the duration of the attack. The group estimated that up to 10,000 people took part in a recent attack, sending 600,000 hits to each of the three targeted Web sites per minute. Over the past year the group has targeted various Mexican government Web sites, also sites of the White House, the U.S. Department of Defence, the Pentagon, and the Frankfurt Stock Exchange. The last concerted attack took place on Sept. 9, with a follow-up skirmish taking place on Oct. 12. A recent press release from the Electronic Disturbance Theatre warns that the next attack will happen on Nov. 22, and is aimed at the U.S. Department of Defence's "School of the Americas," which has trained many representatives from repressive Latin American military and intelligence forces. In June, the Mexican government retaliated with Java of their own, deflecting the attack and prompting Floodnet participants' browsers to crash. As with the Mexican government's efforts, the Pentagon retaliated during the Sept. 9 attack, with a few tricks up their digital sleeves. "Our support personnel were aware of this planned electronic civil disobedience attack and were able to take appropriate counter measures," said U.S. Defence Department spokesperson Suzan Hansen, in a report in Wired Magazine's Hotwired Web site. However, the Electronic Disturbance Theatre software designers are, meanwhile, cooking up countermeasures. While some activists have questioned the groups' methods, describing them as technologically ham-fisted and too politically correct, Mr. Wray and his cohorts' actions have received wide-spread coverage in the media. Two weeks ago, Mr. Wray made a presentation on the Electronic Disturbance Theatre's activities to Harvard Law School's Berkman Centre on Internet and Society. Mr. Wray argued that his group is "still operating within a window of opportunity that -- if not ahead of the law as strictly interpreted -- is definitely still out ahead of the prosecutorial or political range of the U.S. Department of Justice." This barely touches on the tremendous debate taking place within the hacking community itself on the ethics of hactivism, however. To some extent the debate centres on the activities of hacker vigilantes -- "white hat" wannabes -- who, a couple years ago, began quietly targeting child-porn collectors. The vigilante hackers launched a campaign to harass and expose those they were able to track down, and to disable their computers and relevant networks. Given that hackers define their activity as primarily being driven by curiosity, and not by malicious intent, most observers in the hacker community were opposed to this "go it alone" approach, which was seen to have crossed a line of principle. But, in an attempt to define this line, where civil disobedience intersects with the ethics underlining these issues, U of O's Prof. Walters asks, "If Hitler had a Web site, would one not be morally justified in attacking it?" While he disputes the terminology, and considers the terms "ethical hacker" or "hactivism" to be oxymorons, Prof. Walters argues that the debate in our society has not kept pace with technological evolution. "The problem," he said, "raises foundational questions about the role of political, legal, and moral rights and responsibilities in the information age, as well as classical problems surrounding civil disobedience, law and morality." The debate continues to evolve. John Vranesevich, founder of the Antionline Web site, which tracks hacking news and events, reported earlier this year that "out of the thousands of e-mails that we've gotten about Milw0rm (the Indian Web site anti-nuclear hack), about 97.3 per cent of them think that Milw0rm are heroes of sorts, with less than three per cent thinking of them as criminals." One letter writer did add, "bottom line to me is that the hackers have no moral right to break into someone else's system. … India and Pakistan have no inherent moral right to put humanity at risk and to further damn our environment. Conflicting moralities do not justify vigilante action." Asked if his activities fall under the general rubric of Infowar, Electronic Disturbance Theatre's Mr. Wray answered with a wary affirmative. "But the entire notion of information warfare needs to be approached cautiously. Always remember who it is that is creating the language, rhetoric, discourse, definitions, etc. of infowar. Before entertaining the ideas, it is necessary to identify in whose interests these ideas are being promulgated." Mr. Wray added: "Remember, the military always needs a scapegoat and an enemy. With the end of the Cold War, emerges the drug war and information warfare." Mr. Wray would like to see his group's political hacking redefine the Infowar doctrine espoused by governments and within the media. He told the Harvard presentation, "what we might call an example of 'hacktivism,' information warfare theorists -- like those at RAND, the U.S. National Defence University, or for that matter, within the U.S. Defence Information Systems Agency -- might define pejoratively as a subcategory of cyber-terrorism. "We need to seriously question and abandon some of the language that the state uses to demonize genuine political protest and expression." Most of the hacktivism examples cited above were perpetrated by individuals or disparate groups around the world, each with differing motivations, but with the common aim of conveying a message through direct cyber-action. However, people are networking, and recent media coverage of the proliferation of these activities has led to plans for more co-ordinated action. The Electronic Disturbance Theatre suggests that their high profile has made them a magnet for information on online activists, and that they have been contacted by groups in Australia, Asia, Latin America, and Europe that are already involved in direct actions of their own and are eager to contribute to greater initiatives. The group's actions will escalate with their latest project, "Swarm," which Mr. Wray describes as "an array of Floodnet-like devices, arising, acting, and dispersing simultaneously against an array of cyberspacial political targets. "If the electronic pulses generated by our Floodnet actions are represented by a small mountain stream, the electronic pulses generated by a swarm of convergent ECD actions are a raging torrent." Plans are under way for hacktivism-related conferences in the next year. These conferences include a conference next March in Amsterdam to discuss the possibility of developing a political hacker code of ethics. York University professor Reg Whitaker argues that, while much of the hacking that gets reported by the media is fairly inane, it does indicate potentially more dangerous directions. "My own view is that hackers are, in their own, generally pretty harmless, if infantile and annoying. However, if their skills can be detached from individualist anarchist aims and harnessed by larger groups, whether states, corporations or terrorist organizations, they may be transformed into serious menaces." Hacktivism is in its infancy and, given the ubiquity and democratic nature of the Internet, we will see the movement's growing pains and increasing maturity. As it grows in influence, more people and organizations will become involved. "As of this moment there are groups of highly sophisticated hackers that are willing to help whatever cause suits them. It's not a matter of 'if,' it's 'when,'" stated Toronto activist Jamie Batsy. How governments and society evolve to address this assault has not been sufficiently addressed. Says Mr. Batsy: "I think it has brought an enticingly literal definition to the term 'level playing field.' We just have to wait and see who gets levelled." The High Tech Report is a weekly feature of the Ottawa Citizen. Web posted Monday 26 October 1998 ---------------------------------- Send mail for the 'huridocs-tech' list to 'firstname.lastname@example.org'. Mail administrative request to 'email@example.com'. For additional assistance, send mail to: 'firstname.lastname@example.org'. Archives of previous messages posted to the list can be found at: http://www.human-rights.net/huridocs-tech.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]