Return-Path: <sentto-279987-1675-999260913-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 31 Aug 2001 05:29:08 -0700 (PDT) Received: (qmail 29717 invoked by uid 510); 31 Aug 2001 12:28:54 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 31 Aug 2001 12:28:54 -0000 X-eGroups-Return: sentto-279987-1675-999260913-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by hp.egroups.com with NNFMP; 31 Aug 2001 12:28:33 -0000 X-Sender: ellisd@cs.ucsb.edu X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 31 Aug 2001 12:28:32 -0000 Received: (qmail 2710 invoked from network); 31 Aug 2001 12:28:12 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 31 Aug 2001 12:28:12 -0000 Received: from unknown (HELO n28.groups.yahoo.com) (10.1.2.136) by mta1 with SMTP; 31 Aug 2001 12:28:12 -0000 X-eGroups-Return: ellisd@cs.ucsb.edu Received: from [10.1.2.133] by f19.egroups.com with NNFMP; 31 Aug 2001 12:28:11 -0000 To: iwar@yahoogroups.com Message-ID: <9mnvsr+u353@eGroups.com> User-Agent: eGroups-EW/0.82 X-Mailer: eGroups Message Poster X-Originating-IP: 128.29.4.2 From: ellisd@cs.ucsb.edu Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 31 Aug 2001 12:28:10 -0000 Reply-To: iwar@yahoogroups.com Subject: [iwar] Article: Cyberwarriors: Activists and Terrorists Turn To Cyberspace Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Harvard International Review, Summer 2001 Cyberwarriors: Activists And Terrorists Turn To Cyberspace ABSTRACT: Cyberspace is increasingly used as a digital battleground for rebels, freedom fighters, terrorists, and others who employ hacking tools to protest and participate in broader conflicts. Whereas "hacktivism" is real and widespread, "cyberterrorism" exists only in theory. Terrorist groups are using the internet, but they still prefer bombs to bytes as a means of inciting terror. Cyberspace is now much more than a place for electronic commerce and communication. It has become a digital battleground for hacker warriors. BODY: As Palestinian rioters clashed with Israeli forces in the fall of 2000, Arab and Israeli hackers took to cyberspace to participate in the action. According to the Middle East Intelligence Bulletin, the cyberwar began in October, shortly after the Lebanese Shiite Hezbollah movement abducted three Israeli soldiers. Pro-Israeli hackers responded by crippling the guerrilla movements website, which had been displaying videos of Palestinians killed in recent clashes and which had called on Palestinians to kill as many Israelis as possible. Pro-Palestinian hackers retaliated, shutting down the main Israeli government website and the Israeli Foreign Ministry website. From there the cyberwar escalated. An Israeli hacker planted the Star of David and some Hebrew text on one of Hezbollah's mirror sites, while proPalestinian hackers attacked additional Israeli sites, including those of the Bank of Israel and the Tel Aviv Stock Exchange. Hackers from as far away as North and South America joined the fray, sabotaging over 100 websites and disrupting Internet service in the Middle East and elsewhere. The Israeli-Palestinian cyberwar illustrates a growing trend. Cyberspace is increasingly used as a digital battleground for rebels, freedom fighters, terrorists, and others who employ hacking tools to protest and participate in broader conflicts. The term "hacktivism," a fusion of hacking with activism, is often used to describe this activity. A related term, "cyberterrorism," refers to activity of a terrorist nature. However, whereas hacktivism is real and widespread, cyberterrorism exists only in theory. Terrorist groups are using the Internet, but they still prefer bombs to bytes as a means of inciting terror. Hacktivists see cyberspace as a means for nonstate actors to enter arenas of conflict, and to do so across international borders. They believe that nation-states are not the only actors with the authority to engage in war and aggression. And unlike nation-states, hacker warriors are not constrained by the "law of war" or the Charter of the United Nations. They often initiate the use of aggression and needlessly attack civilian systems. Hacktivism is a relatively recent phenomenon. One early incident took place in October 1989, when antinuclear hackers released a computer worm into the US National Aeronautics and Space Administration SPAN network. The worm carried the message, "Worms Against Nuclear Killers.... Your System Has Been Officically [sic] WANKed.... You talk of times of peace for all, and then prepare for war." At the time of the attack, anti-nuclear protesters were trying (unsuccessfully) to stop the launch of the shuttle that carried the plutonium-fueled Galileo probe on its initial leg to Jupiter. The source of the attack was never identified, but some evidence suggested that it might have come from hackers in Australia. In recent years, hacktivism has become a common occurrence worldwide. It accounts for a substantial fraction of all cyberspace attacks, which are also motivated by fun, curiosity, profit, and personal revenge. Hacktivism is likely to become even more popular as the Internet continues to grow and spread throughout the world. It is easy to carry out and offers many advantages over physical forms of protest and attack. The Attraction of Hacktivism For activists, hacktivism has several attractive features, not the least of which is global visibility. By altering the content on popular websites, hacktivists can spread their messages and names to large audiences. Even ofter the sites are restored, mirrors of the hacked pages are archived on sites such as Attrition.org, where they can be viewed by anyone at any time and from anywhere. Also, the news media are fascinated by cyberattacks and are quick to report them. Once the news stories hit the Internet, they spread quickly around the globe, drawing attention to the hackers as well as to the broader conflict. Activists are also attracted to the low costs of hacktivism. There are few expenses beyond those of a computer and an Internet connection. Hacking tools can be downloaded for free from numerous websites all over the world. It costs nothing to use them and many require little or no expertise. Moreover, hacktivism has the benefit of being unconstrained by geography and distance. Unlike street protesters, hackers do not have to be physically present to fight a digital war. In a "sit-in" on the website of the Mexican Embassy in the United Kingdom, the Electronic Disturbance Theater (EDT) gathered over 18,000 participants from 46 countries. Hacktivists could join the battle simply by visiting the EDT's website. Hacktivism is thus well-suited to "swarming," a strategy in which hackers attack a given target from many directions at once. Because the Internet is global, it is relatively easy to assemble a large group of digital warriors in a coordinated attack. The United Kingdom-based Electrohippies Collective estimated that 452,000 people participated in their sit-in on the website of the World Trade Organization (WTO). The cyberattack was conducted in conjunction with street protests during the WTO's Seattle meetings in late 1999. Another attraction of hacktivism is the ability to operate anonymously on the Internet. Cyberwarriors can participate in attacks with little risk of being identified, let alone prosecuted. Further, participating in a cyberbattle is not life-threatening or even dangerous: hacktivists cannot be gunned down in cyberspace. Many hacktivists, however, reject anonymity. They prefer that their actions be open and attributable. EDT and Electrohippies espouse this philosophy. Their events are announced in advance and the main players use their real names. Web Defacement and Hijacking Web defacement is perhaps the most common form of attack. Attrition.org, which collects mirrors and statistics of hacked websites, recorded over 5,000 defacements in the year 2000 alone, up from about 3,700 in 1999. Although the majority of these defacements may have been motivated more by thrills and bragging rights than by some higher cause, many were also casualties of a digital battle. Web hacks were common during the Kosovo conflict in 1999. The US hacking group called Team Sp10it broke into government sites and posted statements such as, "Tell your governments to stop the war." The Kosovo Hackers Group, a coalition of European and Albanian hackers, replaced at least five sites with black and red "Free Kosovo" banners. In the wake of the accidental bombing of China's Belgrade embassy by the North Atlantic Treaty Organization (NATO), angry Chinese citizens allegedly hacked several US government sites. The slogan "Down with Barbarians" was placed in Chinese on the web page of the US Embassy in Beijing, while the US Department of Interior website showed images of the three journalists killed during the bombing, and crowds protesting the attack in Beijing. The US Department of Energy's home page read: "Protest USA's Nazi action!.. We are Chinese hackers who take no cares about politics. But we can not stand by seeing our Chinese reporters been killed which you might have know [sic]... NATO led by USA must take absolute responsibility... We won't stop attacking until the war stops!" Web defacements were also popular in a cyberwar that erupted between hackers in China and Taiwan in August 1999. Chinese hackers defaced several Taiwanese and government websites with pro-China messages saying Taiwan was and always would be an inseparable part of China. "Only one China exists and only one China is needed," read a message posted on the website of Taiwan's highest watchdog agency. Taiwanese hackers retaliated and planted a red and blue Taiwanese national flag and an anti-Communist slogan, "Reconquer, Reconquer, Reconquer the Mainland," on a Chinese high-tech Internet site. The cyberwar followed an angry exchange between China and Taiwan in response to then-- Taiwanese President Lee Teng-hui's statement that China must deal with Taiwan on a "state-to-state" basis. Many of the attacks during the Israeli-Palestinian cyberwar were web defacements. The hacking group GForce Pakistan, which joined the proPalestinian forces, posted heartwrenching images of badly mutilated children on numerous Israeli websites. The Borah Torah site also contained the message, "Jews, Israelis, you have crossed your limits, is that what Torah teaches? To kill small innocent children in that manner? You Jews must die!" along with a warning of additional attacks. Hacktivists have also hijacked websites by tampering with the Domain Name Service so that the site's domain name resolves to the IP address of some other site. When users point their browsers to the target site, they are redirected to the alternative site. In what might have been one of the largest mass website takeovers, the antinuclear MilwOrm hackers joined with the Ashtray Lumberjacks hackers in an attack that affected more than 300 websites in July 1998. According to reports, the hackers broke into the British Internet service provider (ISP) EasySpace, which hosted the sites. They altered the ISP's database so that users attempting to access the sites were redirected to a MilwOrm site, where they were greeted by a message protesting the nuclear arms race. The message concluded with "Use your power to keep the world in a state of PEACE and put a stop to this nuclear bullshit." Web Sit-ins Web sit-ins are another popular form of attack. Thousands of Internet users simultaneously visit a target website and attempt to generate sufficient traffic to disrupt normal service. A group calling itself Strano Network conducted what was probably the first such demonstration as a protest against the French government's policies on nuclear and social issues. On December 21, 1995, they launched a one-hour Net'Strike attack against the websites operated by various government agencies. At the appointed hour, participants from all over the world pointed their browsers to the government websites. According to reports, at least some of the sites were effectively knocked out for the period. In 1998, EDT took the concept a step further and automated the attacks. They organized a series of sit-ins, first against Mexican President Ernesto Zedillo's website and later against US President Bill Clinton's White House website, the Pentagon, the US Army School of the Americas, the Frankfurt Stock Exchange, and the Mexican Stock Exchange. The purpose was to demonstrate solidarity with the Mexican Zapatistas. According to EDT's Brett Stalbaum, the Pentagon was chosen because "we believe that the US military trained the soldiers carrying out the human-rights abuses." For a similar reason, the US Army School of the Americas was selected. The Frankfurt Stock Exchange was targeted, Stalbaum said, "Because it represented capitalism's role in globalization utilizing the techniques of genocide and ethnic cleansing, which is at the root of the Chiapas' problems. The people of Chiapas should play a key role in determining their own fate, instead of having it pushed on them through their forced relocation.. which is currently financed by Western capital." To facilitate the strikes, the organizers set up special websites with automated software. All that was required of would-be participants was to visit one of the FloodNet sites. When they did, their browser would download the software (a Java Applet), which would access the target site every few seconds. In addition, the software let protesters leave a personal statement on the targeted server's error log. For example, if they pointed their browsers to a nonexistent file such as "human rights" on the target server, the server would log the message, "human_rights not found on this server." When the Pentagon's server sensed the attack from the FloodNet servers, it launched a counteroffensive against the users' browsers, redirecting them to a page with an Applet program called "HostileApplet." Once there, the new applet was downloaded to their browsers, where it endlessly tied up their machines trying to reload a document until the machines were rebooted. The Frankfurt Stock Exchange reported that they were aware of the protest but believed it had not affected their services. Overall, EDT considered the attacks a success. "Our interest is to help the people of Chiapas to keep receiving the international recognition that they need to keep them alive," said Stalbaum. Since the time of the strikes, FloodNet and similar software have been used in numerous sit-ins sponsored by EDT, the Electrohippies, and others. There were reports of FloodNet activity during the Israeli-Palestinian cyberwar. Pro-Israel hackers created a website called Wizel.com, which offered FloodNet software and other tools before it was shut down. Pro-Palestinian hackers put up similar sites. The Electrohippies have been criticized for denying their targets' right to speech when conducting a sit-in. Their response has been that a sit-in is acceptable if it substitutes the deficit of speech by one group with a broad debate on policy issues and if the event used to justify the sit-in provides a focus for the debate. The Electrohippies also demand broad support for their actions. An operation protesting genetically modified foods was aborted when the majority of visitors to their site did not vote for the operation. Denial-of-Service Attacks Whereas a web sit-in requires participation by tens of thousands of people to have even a slight impact, the socalled denial-of-service (DoS) and distributed denial-of-service (DDoS) tools allow lone cyberwarriors to shut down websites and e-mail servers. With a DoS attack, a hacker uses a software tool that bombards a server with network messages. The messages either crash the server or disrupt service so badly that legitimate traffic slows to a crawl. DDoS is similar except that the hacker first penetrates numerous Internet servers (called "zombies") and installs software on them to conduct the attack. The hacker then uses a tool that directs the zombies to attack the target all at once. During the Kosovo conflict, Belgrade hackers were credited with DoS attacks against NATO servers. They bombarded NATO's web server with "ping" commands, which test whether a server is running and connected to the Internet. The attacks caused line saturation of the targeted servers. Similar attacks took place during the Israeli-Palestinian cyberwar. ProPalestinian hackers used DoS tools to attack Netvision, Israel's largest ISP. While initial attacks crippled the ISP, Netvision succeeded in fending off later assaults by strengthening its security. Automated e-mail bombings represent another way of disrupting service. In what some US intelligence authorities characterize as the first known attack by terrorists against a country's computer systems, ethnic Tamil guerrillas swamped Sri Lankan embassies with thousands of e-mail messages. The messages read, "We are the Internet Black Tigers and we're doing this to disrupt your communications." An offshoot of the Liberation Tigers of Tamil Eelam, which had been fighting for an independent homeland for minority Tamils, was credited with the 1998 incident. The e-mail bombing consisted of about 800 e-mails a day for about two weeks. William Church, managing director of the Centre for Infrastructural Warfare Studies (CIWARS), observed that "the Liberation Tigers of Tamil are desperate for publicity and they got exactly what they wanted.... Considering the routinely deadly attacks committed by the Tigers, if this type of activity distracts them from bombing and killing, then CIWARS would like to encourage them, in the name of peace, to do more of this type of 'terrorist' activity." Future Prospects As the Internet continues to grow, its popularity as a digital battleground for hacker warriors is likely to increase. There will be more targets to attack and more people to attack them. Many regions of conflict in the world have only recently joined the Internet. When they have, the conflict has followed them online. It seems likely that every major conflict in the physical world will have a parallel operation in cyberspace. Further, there may be cyberspace battles with no corresponding physical operations. Cyberdefenses will improve, but they are unlikely to fend off all attacks. New vulnerabilities are continually uncovered at a faster rate than ever before. Security lags behind. Cyberwarriors, therefore, will have little difficulty finding weak systems to attack. Hacking tools will become more powerful and easier to use. Although hacktivism is certain to be a part of the picture, it is harder to predict the extent to which terrorists might engage in attacks with potentially lethal or catastrophic consequences. While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm. Conversely, terrorists who are motivated to cause violence seem to lack the capability or motivation to cause that degree of damage in cyberspace. In August 1999, the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, issued a report entitled "Cyberterror: Prospects and Implications." Their objective was to articulate the demand side of terrorism. Specifically, they assessed the prospects of terrorist organizations pursuing cyberterrorism. They concluded that the barrier to entry for anything beyond annoying hacks is quite high and that terrorists generally lack the wherewithal and human capital needed to mount a meaningful operation. Cyberterrorism, they argued, was a thing of the future, although it might be pursued as an ancillary tool. The Monterey team defined three levels of cyberterror capability. The first level is simple-unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command and control, or learning capability. The second is advanced-structured: the capability to conduct more sophisticated attacks against multiple systems or networks, and possibly to modify or create basic hacking tools. The organization possesses elementary target analysis, command and control, and learning capabilities. The third is complex-coordinated: the capability to coordinate attacks capable of causing mass disruption against integrated, heterogeneous defenses (including cryptography). The organization has the ability to create sophisticated hacking tools. They possess a highly capable target analysis, command and control, and organizational learning capability. The Monterey team estimated that it would take a group starting from scratch two to four years to reach the advanced-structured level and six to ten years to reach the complex-coordinated level, although some groups may get there in just a few years or turn to outsourcing or sponsorship to extend their capabilities more rapidly. The study examined five types of terrorist groups: religious, New Age, ethno-nationalist separatist, revolutionary, and far-right extremist. The authors determined that only the religious groups are likely to seek the most damaging capability level, as it is consistent with their indiscriminate application of violence. New Age or single-issue terrorists, such as the Animal Liberation Front, pose the most immediate threat. However, such groups are likely to accept disruption as a substitute for destruction. Both the revolutionary and ethno-nationalist separatists are likely to seek an advanced-structured capability. The far-right extremists are likely to settle for a simple-unstructured capability, as cyberterror offers neither the intimacy nor the cathartic effects that are central to the psychology of far-right terror. The study also determined that hacker groups are psychologically and organizationally illsuited to cyberterrorism, and that it would be against their interests to cause mass disruption of the information infrastructure. For a terrorist, digital battles have other drawbacks. Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons. Unless people are injured, there is also less drama and emotional appeal. Further, terrorists may be less inclined to try new methods unless they see their old ones as inadequate, particularly when the new methods require considerable knowledge and skill to use effectively. Terrorists generally stick with tried and true methods. Novelty and sophistication of attack may be much less important than the assurance that a mission will be operationally successful. Indeed, the risk of operational failure could be a deterrent to terrorists. For now, the truck bomb poses a much greater threat than the logic bomb. The next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal. They might see greater potential for cyberterrorism than do the terrorists of today, and their level of knowledge and skill relating to backing will be greater. Hackers and insiders might be recruited by terrorists or become self-recruiting cyberterrorists, the Timothy McVeighs of cyberspace. Some might be moved to action by cyberpolicy issues, making cyberspace an attractive venue for carrying out an attack. Cyberterrorism could also become more attractive as the real and virtual worlds become more closely coupled, with a greater number of physical devices attached to the Internet. Some of these may be remotely controlled. Unless these systems are carefully secured, conducting an operation that physically harms someone may be as easy as penetrating a website is today. Although cyberterrorism is likely to be at least a few years into the future, hacktivism is here today and likely to stay. Cyberspace is now much more than a place for electronic commerce and communication. It has become a digital battleground for hacker warriors. SIDEBAR: Whereas hacktivism is real and widespread, cyberterrorism exists only in theory.Terrorist groups are using the Internet, but they still prefer bombs to bytes as a means of inciting terror. It seems likely that every major conflict in the physical world will have a parallel operation in cyberspace. Further, there may be cyberspace battles with no corresponding physical operations. (back to home) ------------------------ Yahoo! Groups Sponsor ---------------------~--> Speak up and rate leading IT and computer Web sites Get a $10 AMAZON.COM Gift Certificate http://us.click.yahoo.com/IjDtZD/Gd6CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT