[Figure 1 - Indonesian Government Web Site Defacement]
e-Activists in an e-World
by Bradford Willke
More recently and under the candle of threat actors in the Internet world, activists are "[p]eople who believe in a cause to the point where they take action in order to forward their ends" (Cohen, 1999). Now, e-Activists who hold strong opinions and convictions about an issue use their intellectual abilities to harness the power of electrons in support of their cause against an individual or group. They employ new strategies and tactics that use electronic means to further their cause, gain support, coordinate activities, and propagate their side of the story.
Dorothy Denning, in her paper Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy states that the Internet "can benefit individuals and small groups with few resources as well as organizations and coalitions that are large or well-funded." She continues by relating how the Internet and the e-World has opened opportunities for activists to reach global audiences, raise funds, form associations with like groups across geographical boundaries, disseminate petitions and propaganda, coordinate events at an international level, and educate the public and media. She also points out that one of the most significant effects of the Internet has been its ability to allow those in "politically repressive states to evade government [censoring] and [monitoring] (Denning, 1999)."
But the benefits of technology and the Internet are not limited to e-Activists alone, who generally support non disruptive activities, but also to Hacktivists. Hacktivism, which is really a "marriage of hacking and activism", pertains to radical individuals and groups who use hacking techniques to disrupt operations but do not cause serious harm such as "loss of life or severe economic damage (Denning, 1999)." Efforts to cause loss of life and failure of economies or national infrastructures are generally attributed to cyberterrorists under the guise of information warfare; a topic which is beyond the scope of this paper.
One reason Hacktivists use the Internet as a primary medium for their
attacks is that they have "[discovered] what hackers have always known:
Traditional social institutions are more vulnerable in cyberspace than
they are in the physical world (Harmon, 1998)." This becomes self-evident
when we consider that actions by numerous people can be coordinated via
the Internet in an "anytime, anywhere" manner, regardless of their distributed
and dislocated circumstances. Again the cost-to-benefit ratio increases
because the ability of a limited number of people through the use of computer
attack is as devastating as thousands of physical activists in protest.
And while not the most authoritative of sources, Oxblood Ruffin, a member
of the Cult of the Dead Cow, provides the Hacktivist viewpoint in his statement
that "[if] you have 10 people at a protest, they don't do much of anything...If
you have 10 people on line, they could cripple a network (Harmon, 1998)."
E-Activists have found the Internet to be a virtual palace containing information they can use to corroborate and expand their causes. The Web gives these groups instant access to information about nation's domestic and foreign policies, organization's regulations and practices, and other related group's activities. They can find "names and contact information for key decision makers" inside organizations and governing bodies in an attempt to know more about the people they "ultimately hope to influence (Denning, 1999)."
E-Activists put up Web pages with text, images, audio, and video, documenting and instantly publishing their cause to a world wide audience. They host web discussions debating their issues in e-mails, newsgroups, chat rooms, and other Web forums. They use the Internet to coordinate movements and actions of their activist organizations and, more importantly, to monitor the actions and propaganda of the groups they oppose and lobby against.
E-Activists use the Web to write, promote, and disseminate their publications; a method that brings about one of the highest ROI's for these groups. In fact, they disseminate their publications even across international boundaries into countries that seek to discourage and block activist movements. One example is the VIP Reference, a Washington based e-magazine containing "articles and essays about democratic and economic evolution inside China (Denning, 1999)." Activist publishing the on-line magazine deliver the content by e-mailing random addresses inside China, "sent from different addresses every day to get past e-mail blocks" imposed by the Chinese government.
Hacktivists expand the e-Activists methods to include more malicious and disruptive motives and means. The 'hack' or 'hacking' implied in the term Hacktivist refers to "operations that exploit computers in ways that are unusual and often illegal, typically with the help of special software (Denning, 1999)."
Some methods used by Hacktivists are virtual sit-ins and mail bombs. Virtual sit-ins occurs when members of a Hacktivist group visit a specific site in an attempt to generate enough network traffic to hinder the correct delivery of the web site's content to legitimate users. Hacktivists also use e-mail bombs or "Spam" to flood e-mail boxes full of junk mail so that the targeted user cannot access their e-mail account, again disrupting normal communication between the target and other parties.
Besides these types of attack, Hacktivist also employ cracking techniques to deface Web sites and accomplish computer break-ins. The effect of this type of attack ultimately creates a denial-of-service to the Web site's users; much like what happened after the mistaken bombing of the Chinese embassy in Yugoslavia where attackers defaced several American government Web sites, replacing the original content with protest messages and pictures of the bombing victims (Kellan, 1998). Finally, Hactivists develop malicious code that they introduce through trojan horses, viruses, and worms, also intended to disrupt the normal operatons of their opponents.
Additionally, several cross-purpose groups have been listed. Cross-purpose meaning that these groups wear different hats, in the spectrum between e-Activism and Hacktivism, at times when being passive activists or malicious Hacktivists suits their cause. For example, the Cult of the Dead Cow (CDC) is primarily a group of crackers, people who "maliciously break into information systems and intentionally cause harm in doing so (Cohen, 1999)" but have employed activist-like techniques. In December of 1999, following an IRC conference held by the Legion of the Underground (LoU) calling for the "[declaration] of cyberwar on the information infrastructures of China and Iraq (Denning, 1999)", the CDC denounced the LoU, stating that "declaring a war against a country is the most irresponsible thing a hacker group could do (Denning, 1999)."
Activist Groups on the Web
Americans for Computer Privacy (ACP)
Americans for the Environment
Center for Democracy and Technology (CDT)
Central Committee for Conscientious Objectors
(CCCO)
Computer Professionals for Social Responsibility
Cyber-Rights & Cyber Liberties
Electronic Frontier Foundation (EFF)
Electronic Privacy Information Center (EPIC)
Global Internet Liberty Campaign (GILC)
International Campaign to Ban Landmines (ICBL)
Internet Privacy Coalition
Libertarian Party
Online Privacy Alliance
Prison Activist Resource Center
Activist Resources on the Web
Electronic Activist
Grassroots.com
NetAction
Protest.Net
Social Action and Leadership School for
Activists
Take Action
Activist Publication on the Web
Mobilization
Student Activist.com
WebActive
WomensWord
Cross-Purpose Groups on the Web
Association of Libertarian Feminists (ALF)
Cult of the Dead Cows
Electronic Disturbance Theater (EDT)
Hong Kong Blondes
Legion of the Underground
The following sections discuss some specific instances of attacks as well as techniques used by the e-Activist and Hacktivist. Because of the crossover in purposes that even create less distinction between e-Activists and Hacktivist, the examples denote actions by e-Activists even though they may fall under the guise of Hacktivist.
Web Site Defacement
A majority of focused attacks are against the web sites of the e-Activist's
opposition; be it a nation, governmental agency, private company, or private
individual. Most e-activist focus on web site content as a major
target for their campaigns to promote not only their "truth" but to cause
miscommunication. For example, on February 10, 1997, Portuguese e-Activists
launched an attack on the web page of the Indonesian government, as shown
in Figure 1 below, in protest to the country's political oppression against
East Timor (http://www.2600.com/east_timor/tox3/). As is common in
these defacements, the e-Activists promotes their vantage point with propaganda
targeted at discrediting the nation for it's foreign or domestic policies.
Other e-Activists use Web site defacement to tackle ecological or environmental issues. For example, in November 1996 the Kriegsman Fur and Outerwear company Web site was attacked by an anti-fur activist, as shown in Figure 2 below. The attacker changed the main Web page's content and left Kriegsman's visitors with messages like "Learn how to live an animal friendly life" and that " this done in the name of animal rights." The activist even made a statement on behalf of the Kriegsman's web administrators by writing, "I tried to do this as carefully as I could, in order not to cause any problems for the site administrator(s) (Wang, 1997)".[Figure 1 - Indonesian Government Web Site Defacement]
Web Site Spoofing
[Figure 2 - Kriegsman Fur & Outerwear Web Site Defacement]
Another class of attack along the lines of web site defacement is 'web site spoofing'. Here e-Activists does not alter the web site of their adversary, but instead create a legitimate web site so similar in name to the target that people mistakenly visit the web site not realizing it is not "official". And there are good reasons to use this course of action as they do not usually cross legal boundaries and violate laws because the actual site or business is not directly attacked.
Carolyn Meinel is one such advocate of this type of indirect attack, namely because "if someone's cause is good and their commentary [trenchant], messing up Web sites is a pitiful way to get across a message (Meinel, 1997)." In her 'Guide to (mostly) Harmless Hacking', Meinel sites that web face defacements are often too short lived to generate the type of advocacy an e-activist would want to promote against an issue. She further states that "If you believe in freedom enough to respect the integrity of other people's Web sites, and are serious about making a political statement on the Web, the legal and effective way is to get a domain name that is so similar to the site you oppose that lots of people will go there by accident (Meinel, 1997)." Two such examples, 'clinton96.org' and 'dole96.org' were around during the 1996 presidential elections, where activists set up parody web pages making light of the candidates (Meinel, 1997).
E-mail Spoofing
E-mail spoofing is when someone composes an e-mail message that looks like it came from a specific person but actually came from another, in our case an e-Activist. This type of masquerade can involve a broad spectrum of complexity from the very easy but noticeable to the very complex and technically challenging. One of the easier ways is to send an e-mail message from your own system but modify the mail headers to make the appearance that the mail you sent to organization X was from person Y, and not you. Another easy way is to use an Internet mail provider, such as HotMail, and setup an account under the identity of person Y. Therefore, all mail going to organization X would be traceable back to an actual account, perceived to be owned by person Y.
E-mail spoofing can also be done through more sophisticated attacks, namely against the actual e-mail account of the owner. In these cases, an e-activist might employ a network sniffer on the network segment close to the person Y's e-mail reader, attempting to capture the cleartext password of Y's e-mail account. Then through social engineering or technical means (using tools such as 'nslookup'), the attacker could find out the configuration information of person Y's mail server and attempt to login to the actual e-mail account of person Y. Not only does this attack allow the e-activist to masquerade as person Y in e-mails but also allows that attacker to view person Y's e-mail and use their own content against them.
So how does this further the e-Activists cause? E-activists could use this type of spoofing to many ends -- attempts at disrupting Internet service, introducing misleading communication within the target organization, soliciting services on behalf of the attacked, and violating laws through personal attacks such as libel. For instance, an e-Activist may spoof an e-mail message to a target's Internet Service Provider (ISP) claiming that the target wants to cancel existing service contracts or reduce bandwidth resources. An e-activist could also pose as an individual sending SPAM or mail-bombs or malicious code; thereby terminating their opposition's e-mail account or causing legal action against the individual, or individual's organization. The e-activist could further spoof the identity of an individual in a leadership position, sending e-mail that is assumed to be from a senior executive to the organization relating new policies, mission, or simply any information that disrupts the communication of the organization. Meaning that messages stating new directives such as "Sexual harassment is now tolerable" would seemingly come from a legitimate management and have the effect of disrupting the organization.
Denial of Service Attacks
Denial of Service (DOS) attacks have become common place for attackers against targets of opportunity, such as was seen in the February 2000 attacks against E-Bay and Amazon. E-Activist have also picked up on the ease at which these attacks are deployed and how they disrupt services to both the organization involved and its constituents. As mentioned above, web site defacements are one type of attack method that e-activist use to further their cause. At the same time, though, web site defacements not only help to promote the e-Activist's cause but deny legitimate network traffic and content viewing to a nation's, business's, or individual's web site users.
For example, the legitimate web site for the United States Department of Justice (DOJ) presents various contents to its users through links to press releases, employment opportunities, DOJ organizations and partners, and publications and reports. On August 17, 1996, attackers broke into and modified the DOJ web site to protest the passing of the Communication Decency Act, because the Act was "another government attempt to impose more regulations on a reluctant and unwilling world of Internet users (Wallace, 1997)." A portion of the modified web site content is presented in the following figure:
[Figure 2 - US Department of Justice Web Site Defacement, Source: http://www.2600.com/hackedphiles/doj/]NOTE: This World Wide Web server is currently under destruction.As the largest law firm in the Nation, the Department of Justice serves to punish all who don't agree with the moral standards set forth by Clinton T. We are a bureaucratic assembly of lawyers, politicians, and criminals (I repeat myself) and are privately owned by the nation of Japan. We operate by enslaving our citizens with taxation. We hate all the Mexicans that swim into our country and take our jobs. We censor our slaves and punish them severely for disobeying. We are greater than God. Anything and anyone different must be jailed.
BIG BROTHER IS WATCHING YOU! WE ARE BIG BROTHER! HAIL YOUR NEW MASTER!
The DOJ attack created a two-fold victory for the e-activists. For one, their message of opposition to the perceived oppression was clearly displayed for all viewers of the DOJ web site. Two, the legitimate users of the web site also received a denial of service to the resources they fully intended to visit.
Other Attacks
Other attacks have come from insiders who maliciously modify software programs to promote a cause and disrupt the sale of a product by damaging its reputation. One such alteration was performed by a programmer for Panasonic Interactive who modified the software program "Secret Writer's Society". The program, which helps children become writers by reciting their compositions back to them via computer-voice, was altered to "[spew] obscenities at very predictable times "during the reading of the child's work (McKay, 1998). In defense of his actions, the program who came forward at a later time, claimed that "[c]hoosing to have a child constitutes a commitment to give that child the very best that you can. Letting a third-rate piece of software take over for you is wrong because it violates that contract, which is more important than any legal one (McKay, 1998). "
The commonality between these attackers are that they are motivated by a perception of oppression and from a contrast of ideals held by persons with whom oppose their issues. While this remains true, and it must because their will always be activists and non-conformists, e-Activists and Hacktivists will become a powerful presence and a threat to those they consider as enemies.
Further Research Necessary on e-Activists and Hacktivists