THE ETHICS OF HACKTIVISM by Julie L.C. Thomas
January 12, 2001
What is Hacktivism?
"HACKTIVISM: a policy of hacking,
phreaking or creating technology to achieve a political or
social goal."1
This is the definition proffered by
one of the groups who can be said to be at the leading edge of
the fight, Cult of the Dead Cow. The members of Electronic
Disturbance Theater present themselves as the major proponents
of electronic civil disobedience and describe it thus: "The
same principals of traditional civil disobedience, like
trespass and blockage, will still be applied, but more and
more these acts will take place in electronic or digital
form."2 Professor Dorothy Dunning of Georgetown
University defines hacktivism as "…[T]he convergence of
hacking with activism, where ‘hacking’ is used here to refer
to operations that exploit computers in ways that are unusual
and often illegal, typically with the help of special software
(‘hacking tools’). Hacktivism includes electronic civil
disobedience, which brings methods of civil disobedience to
cyberspace."3
Hacktivists claim that the roots of
hacktivism can be traced to the roots of civil disobedience
itself, the classic work On Civil Disobedience by Henry
David Thoreau.4 Hacktivists claim that they are
doing no more and no less than following in the tradition of
Gandhi and Martin Luther King, Jr., by attempting to bring
about social change through non-violent means. Whereas
activists in the past trespassed and blockaded physical
positions of power, hacktivists now would seize control of the
new positions of power—cyberspace—and without all those nasty
guns, water cannons, dogs, billy clubs, tear gas, etc.
Hacktivism is often confused with
and overlaps with on-line activism and/or cyberterrorism.
Boundaries between the three areas are necessarily blurred
depending on one’s definition of concepts such as "damage",
however distinctions may be drawn in terms of some rather
sweeping generalities. On-line activism can be defined as
non-disruptive and legal; hacktivism is intended to be
disruptive, though usually not damaging, and may or may not be
illegal; cyberterrorism is intended to be not only disruptive,
but also damaging, and is probably illegal. On-line activism
is simply activist activities taking place via the Internet:
the Bluewater Network,5 for example, wages a
continual campaign against personal watercraft and snowmobiles
in national parks on-line. They advocate electronic and
written communication with relevant governmental officials on
a person-to-person basis. They distribute status reports,
alerts, calls-for-action, addresses and phone numbers via an
electronic newsletter. No one could argue that there is
anything illegal involved in these actions. On-line activism
could become hacktivism, however, if an organization were to
advocate that all their supporters should e-mail multiple
copies of a protest letter to several officials with the
intent that their electronic mailboxes would be filled with
messages. The mailserver might then crash and, therefore,
unable to receive messages from those holding differing
opinions. Cyberterrorism can be described as the use of
hacking activities to commit terrorism, i.e., "(threats
of) violent action for political purposes."6 The
technique of mail-bombing described above would turn from
hacktivism to cyberterrorism if the mailserver in question
were also providing 911 service to the surrounding community.
Crashing the server could then result in the loss of life or
property.
The Hacktivism Toolbox
Common hacktivist techniques are
computer break-ins, including website defacement as well as
worm and virus infections; and denial-of-service attacks
(DoS), including website sit-ins and e-mail bombings.
Computer Break-ins
One of the earliest documented
cases of hacktivism computer security compromise is the WANK
worm attack on the Goddard Space Flight Center. A worm is a
self-replicating program that infects computers over a
network. The goal of the WANK work was to stop the launch of
the shuttle carrying the Galileo space probe. On October 16,
1989, users at Goddard were greeted with the following banner:
W O R M S A G A I N S T N U C L E A R K I L L E R S
_______________________________________________________________
\__ ____________ _____ ________ ____ ____ __ _____/
\ \ \ /\ / / / /\ \ | \ \ | | | | / / /
\ \ \ / \ / / / /__\ \ | |\ \ | | | |/ / /
\ \ \/ /\ \/ / / ______ \ | | \ \| | | |\ \ /
\_\ /__\ /____/ /______\ \____| |__\ | |____| |_\ \_/
\___________________________________________________/
\ /
\ Your System Has Been Officically WANKed /
\_____________________________________________/
You talk of times of peace for all, and then prepare for war.
The work attack did not stop
the shuttle launch, but recovery from the attack did require a
massive expenditure of money and effort.7
More recently, several hacktivists
have launched attacks against the Chinese government to
protest government censorship of Internet content. A group
known as the Hong Kong Blondes claims to have hijacked a
Chinese communication satellite.8 This attack would
have the potential to affect the operations of Chinese
governmental and military institutions, as well as foreign
countries doing business in China. Two hackers known as Bronc
Buster and Zyklon also compromised a firewall system in China,
allowing Internet users in that country unrestricted access to
the Web for a brief period of time.9 They also
defaced several Chinese governmental websites.
Website defacement has been a
weapon of choice in recent global conflicts. During the war in
Kosovo and, more recently, in the Israeli-Palestinian conflict
both sides have attacked the other’s governmental and private
websites to tell their versions of the truth. The AntiOnline
website maintains an archive of such hacked websites. Among
them are Yugoslavian sites that were altered by Dutch hackers
Meestervervalser and Xoloth1 of www.dutchthreat.org
(now-defunct) to display pro-NATO sentiments.10
Likewise, Serb hackers altered NATO websites.11 In
the Israeli-Palestinian crisis both sides traded cyber volleys
as the Hebrew University and Netanya Academy websites were
replaced with diatribes against Israel, the United States and
the Arab governments.12 Israeli hackers targeted
the Hizbollah Party webserver and the Politics Forum of
Albawaba with other methods such as denial-of-service attacks
and message bombing.13
Denial-of-Service
A web sit-in occurs when the
attackers generate a sufficient volume of traffic to a website
such that no legitimate traffic can access the site. What is
generally accepted as the first web sit-in is the 1995 attack
by a group known as the Strano Network against the French
government in response to their nuclear and social
policies.14 On December 21, 1995, the Strano
Network organized a Net-Strike attack that lasted an hour. At
the appointed time, collaborators worldwide pointed their
browsers at various governmental websites and continually
reloaded the sites. It was reported that the attackers were
successful in rendering some websites unreachable for that
period of time.
A more well-known web sit-in was
organized by the Electronic Disturbance Theater in 1998. EDT
is "a small group of cyber activists and artists engaged in
developing the theory and practice of Electronic Civil
Disobedience (ECD)."15 The developmental work done
by members of EDT provided an important milestone in the
execution of electronic civil disobedience. The web sit-in in
1998 was the first to utilize a tool called FloodNet. FloodNet
was developed by Carmen Karasic and Brett Staulbaum of EDT.
The software allows users to go to EDT’s website at click on
an icon. The icon launches FloodNet against the target
website, accessing the site approximately 10 times per minute.
The web sit-in initiated by EDT on September 9, 1998, was
directed at the Mexican presidency, the Pentagon, and the
Frankfurt Stock Exchange. The targets were chosen to support
the Mexican guerrilla group called Zapatistas, protest the
United States military, and protest a symbol of international
capitalism. EDT reports that 20,000 people accessed FloodNet
during the two days of September 9 and 10.16 EDT
released FloodNet to the general population on January 1,
1999. It is now part of the Disturbance Developer
Kit.17
While e-mailbombing has, in all
likelihood, been in existence as long as e-mail has been in
existence, the first generally recognized incident of e-mail
bombing by a terrorist organization occurred in 1998. An
offshoot of the Liberation Tigers of Tamil Eelam launched an
e-mail bomb attack against the mail servers of Sri Lankan
consulates. The message read "We are the Internet Black Tigers
and we’re doing this to disrupt your
communications."18 Servers in Seoul, Ottawa, and
Washington, D.C., were crashed.19 The attack
achieved the goal of generating a level of fear in the
victims. William Church, an authority in the study of warfare,
responded to the attack by saying that cyber warfare was
preferable to real warfare and encouraged the Tigers to
continue electronic attacks to the exclusion of attacks on
real people.20
The Ethics of Hacktivism
A well-known incident in which
hacktivists achieved their goal is the combination of
mailbombing and denial-of-service (DoS) attacks that forced
the Internet service provider Institute for Global
Communications (IGC) to remove the website for the Euskal
Herria Journal (EHJ), a Basque separatist
publication.21 After a militant branch of the
Basque separatists murdered a popular politician in northern
Spain, IGC was flooded with demands that the website be
removed. The demands escalated into calls for mailbombings and
DoS attacks. At one point a Spanish newspaper, El Pais,
supported the mailbombing activity and listed e-mail addresses
for IGC. After a sustained attack over a period of several
days, IGC reluctantly removed the EHJ site.
IGC had a second response to the
mailbombing and DOS attacks, however, that focused attention
on the ethics of the attacks. The issue at the heart of IGC’s
response was freedom of expression. IGC’s first step was to
draw attention to the fact that the attacks were taking place.
Their goal was to emphasize that if IGC could be forced to
remove content that some users found objectionable, any ISP
anywhere could face a threat from similar tactics. IGC also
published their own response on their server. After being
forced to remove the EHJ website, IGC replaced it with a site
of their own,22 protesting the attacks. IGC further
organized against what they perceived to be an attempt to
censor the content of their hosted websites. IGC received
support from numerous anti-censorship organizations including
NetAction, Computer Professionals for Social Responsibility,
the Electronic Frontier Foundation, and UK-based Cyber-Rights
and Cyber-Liberties.23 IGC also received statements
of support from their parent organization, the Association for
Progressive Communications (APC),24 as well as APC
partners globally, including those in Spain. One statement
from a Brazilian group equated the mailbombing of IGC with
"burning a bookstore to protest a book."25 Finally,
IGC ensured the continuing survival of the EHJ website by
arranging for the site to be hosted and mirrored by several
other servers worldwide.26
In the statements of support for
IGC described above, IGC’s defenders decried the mailbombing
and declared that censorship is unacceptable, regardless of
the source. Audrie Kraus, Executive Director of NetAction
stated, "The mailbombers need to know that vigilante
censorship is just as unacceptable as government
censorship."27
Instituto Brasileiro de Análises
Sociais e Econômicas (IBASE) condemned that action of the
militant Basque separatists, Euskadi Ta Askatasuna (ETA), but
also denounced the attack on IGC for interrupting the Internet
service to the other 13,000 IGC customers. "While IBASE joins
its protest with thousands of people horrified by the
brutality of tactics such as the ones adopted by ETA…it cannot
endorse any terrorist response which affected thousands of
legitimate civil society groups and communities legally
struggling for just sustainable development, social justice
and human rights."28
Computer Professionals for Social
Responsibility (CPSR) also spoke on behalf of freedom of
expression and against the burden that mailbombings and DDoS
attacks place on ISPs and their surrounding networks. "We
simply support the rights of organizations to carry on
electronic communications without deliberate disruption, and
the right to freedom of expression…We also condemn
denial-of-service attacks in general. Not only are they an
undemocratic way of trying to censor a particular speaker, but
they misuse the Internet by weighing down a Internet provider
and the networks through which the attacks pass, thus forcing
users across the Internet to pay for the attack and suffer
some of its consequences."29
The issue of free speech has also
come up in a debate between the proponents and opponents of
FloodNet. After FloodNet was released to the general
population (see above) it was rapidly installed and utilized
by many hacktivist groups. One group that has made extensive
use of FloodNet and other DoS techniques is the
electrohippies collective, the self-proclaimed
"Headquarters for Electronic Civil Disobedience
(ECD)."30 Since acquiring FloodNet the
electrohippies have launched an attack (called an
"action") in early December of 1999 protesting the World Trade
Organization. Another attack was planned in early April of
2000 protesting genetically modified crops, however this
attack was called off after a vote on their website failed to
return a simple majority in favor of the
attack.31Theelectrohippies prepared a
defense of their actions in which they compare distributed
denial-of-service (DDoS) attacks to Jesus’ attack on the
merchants in the temple: "As Jesus ransacked the temple in
Jerusalem because it had become a house of merchandise, so the
recent attacks on e-commerce web sites are a protest against
the manner of it’s [sic] recent development."32
The electrohippies describe the Internet as a
"public space" which is being exploited by the "unsustainable
consumerism" of e-commerce, and defends DoS attacks as a
potential means to restore the Internet to "the more
philanthropic basis of the ‘Nets [sic] original use."
The electrohippies
distinguish between a "server-side" DDoS attack and a
"client-side" DDoS attack. A server-side attack is the result
of a small number of anonymous people "abusing the routers of
web servers to generate huge numbers of incomplete requests."
A server-side attack, they claim is "[e]ffective, but the
manner of the action, and it's [sic] covert nature…mean that
it does not have any particular democratic legitimacy." A
client-side DDoS attack, on the hand, according to
theelectrohippies, arises from a mandate from the
masses: "Our method has built within it the guarantee of
democratic accountability. If people don’t vote with their
modems (rather…than voting with their feet) the action would
be an abject failure."
The electrohippies
acknowledge that DDoS attacks and web sit-ins violate the
First Amendment, both in terms of restricting freedom of
speech and freedom of association. They state, however, that
it is justified when "the acts or views perpetrated by the
targets of a [D]DoS action must be reprehensible to many in
society at large, and not just to a small group." A DDoS
attack launched by the electrohippies follows
the guidelines of proportionality, substitution for the
deficit of speech, openness, and accountability. A DDoS attack
is acceptable, they claim, if it does not "disrupt the
communications of an organisation on a general basis" and
focuses attention on a single issue, rather than the
organization as a whole, i.e., proportionality. The
instigators of the attack, furthermore, should provide
information on both sides of the contested issue so that
participants in the attack are well educated, i.e.,
substitution for the deficit of speech. Finally, all
participants in the attack should provide their real names,
i.e., openness and accountability.
Other hacktivists, however, are of
the opinion it is never acceptable to violate another’s First
Amendment rights, regardless of motive. Oxblood Ruffin, a
member of Cult of the Dead Cow, offered a rebuttal to
theelectrohippies’ paper on client-side DDoS attacks.
In it he states that "Denial of Service attacks are a
violation of the First Amendment, and of the freedoms of
expression and assembly. No rationale, even in the service of
the highest ideals, makes them anything other than what they
are—illegal, unethical, and uncivil. One does not make a
better point in a public forum by shouting down one’s
opponent. Say something more intelligent or observe your
opponents’ technology and leverage your assets against them in
creative and legal ways."33 He further takes issue
with the electrohippies assertion that the
number of people participating in an attack establishes its
legitimacy. He compares a server-side attack versus a
client-side attack in terms of the difference between "blowing
something up and being pecked to death by a
duck."34
The issues at the heart of
hacktivism appear to be the same issues that are at the heart
of activism and civil disobedience in the physical world. If a
building is blockaded by protestors, is it civil disobedience
or infringement on freedom of assembly? Is a book burning
activism or censorship? And, finally, when are causes more
important than rights? An added dimension in cyberspace,
however, is the character of the protestors, and the relative
values of skill versus participation. Some hacktivists claim
that the ease, relative safety, and non-violent nature of
virtual sit-ins and mailbombings encourage the apathetic,
fearful, and technologically non-savvy masses to raise their
voices in protest. Tools such as FloodNet allow everyone with
a computer to participate in the processes governing our world
and make their opinions heard. On the other side are those who
support the rights of freedom of expression and assembly on
the Internet. They call virtual sit-in participants cowards,
claiming that it takes neither commitment nor courage to hit
"reload" on a browser. Often present in such claims is the
one-upsmanship that is the lifeblood of the hacker community.
This mandates that if one were a "real" hacker activist one
would use one’s own formidable hacking skills to right the
wrongs of this world. Hacktivism, then, as with any social and
political change, comes down the age-old question of whether
the end justifies the means.
References
1Cult of the Dead Cow on
the now-defunct website URL: http://www.hacktivism.org as
reported in "Underground View" Underground View is a quarterly
column written by the Research, Outreach Strategy and
Engineering (ROSE) Group of ICSA Inc. URL: http://www.infosecuritymag.com/feb99/underground.htm.
(January 3, 2001)
2 Wray, Stephan. "The
Electronic Disturbance Theater and Electronic Civil
Disobedience." June 17, 1998. URL: http://www.thing.net/~rdom/ecd/EDTECD.html.
(January 3, 2001).
3 Denning, Dorothy E.
"Activism, Hacktivism, and Cyberterrorism: The Internet as a
Tool for Influencing Foreign Policy." February 4, 2000. URL:
http://www.nautilus.org/info-policy/workshop/papers/denning.html
(January 3, 2001).
4 Wray, Stephan. "On
Electronic Civil Disobedience." March, 1998. URL: http://www.thing.net/~rdom/ecd/oecd.html.
(January 12, 2001.)
5 URL: http://www.bluewaternetwork.org/
6 URL: http://dictionary.cambridge.org/define.asp?key=terrorism*1%2B0.
(January 4, 2001).
7 Dreyfus, Suelette.
Underground, Mandarin, Australia, 1997.
8 Paquin, Bob.
"E-Guerrillas in the Mist." The Ottawa Citizen June 16, 1999.
URL: http://www.infowar.com/hacker/99/hack_061799a_j.shtml.
(January 8, 2001).
9 Farley, Maggie.
"‘Great Firewall’ breached." Los Angeles Times, 1999. URL: http://www.vinsight.org/1999news/0105.htm.
(January 9, 2001).
10 URL: http://www.AntiOnline.com/archives/pages/www.carbo.co.yu/;
URL: http://www.AntiOnline.com/archives/pages/www.italsrem.co.yu/;
and URL: http://www.AntiOnline.com/archives/pages/www.pentagon.co.yu/.
(January 12, 2001).
11 Brewin, Bob. "Kosovo
Ushered in Cyberwar." Federal Computer Week, September 27,
1999. URL: http://www.fcw.com/pubs/fcw/1999/0927/fcw-newscyberwar-09-27-99.html.
(January 12, 2001).
12 Salem, Fadi; Jarrah,
Fawaz. "Israeli Palestinian Clashes Spur Hacking Attacks."
Dabbagh Information Technology, October 18, 2000. URL: http://www.dit.net/itnews/newsoct2000/63.html.
(January 12, 2001).
13 ibid.
14 Denning, Dorothy E.
"Activism, Hacktivism, and Cyberterrorism: The Internet as a
Tool for Influencing Foreign Policy." URL: http://www.nautilus.org/info-policy/workshop/papers/denning.html,
(January 3, 2001), citing information provided to the author
from Bruce Sterling; Winn Schwartau, Information
Warfare, 2nd ed., Thunder’s Mouth Press, 1996, p. 407.
15 Reference 2.
16 Wray, Stephan.
"Electronic Civil Disobedience and the World Wide Web of
Hacktivism: A Mapping of Extraparliamentarian Direct Action
Net Politics." November, 1998. URL: http://www.nyu.edu/projects/wray/wwwhack.html.
(January 3, 2001).
17 Available at URL: http://www.fakeshop.com/product_98/flood.html.
18 "E-Mail Attack on Sri
Lanka Computers," Computer Security Alert, No. 183, Computer
Security Institute, June 1998, p. 8.
19 Wolf, Jim. "First
‘Terrorist’ Cyber-Attack Reported by U.S." Reuters, May 5,
1998.
20 Denning, Dorothy E.
"Activism, Hacktivism, and Cyberterrorism: The Internet as a
Tool for Influencing Foreign Policy." URL: http://www.nautilus.org/info-policy/workshop/papers/denning.html,
(January 3, 2001), citing CIWARS Intelligence Report, May 10,
1998.
21 Mason, Maureen. "IGC
Fights Digital Censorship: Basque Website Attacked by Internet
Mailbombers." 1997. URL: http://members.freespeech.org/ehj/html/igcehj.html.
(January 9, 2001).
22 URL: http://www.igc.org/ehj.
(January 9, 2001).
23 "Statements of
Support for IGC." Institute for Global Communications, 1997.
URL: http://www.igc.org/ehj.
(January 10, 2001).
24 Afonso, Carlos. "APC
Statement on Mail Bombing as a Method of Political Protest."
July 7, 1997. URL: http://www.apc.org/english/press/archive/apc_p013.htm
(January 9, 2001).
25 "IBASE condemns
cyberterrorism against IGC." Instituto Brasileiro de Análises
Sociais e Econômicas, July 22, 1997. URL: http://www.igc.org/ehj.
(January 10, 2001).
26 URL: http://members.freespeech.org/ehj;
URL: http://www.contrast.org/mirrors/ehj/;
URL: http://osis.ucsd.edu/~ehj
to name a few
27 Kraus, Audrie.
"Statement from NetAction (San Francisco, California)." July
18, 1997. URL: http://www.igc.org/ehj.
(January 10, 2001).
28 Reference 20.
29 "Statement from
Computer Professionals for Social Responsibility (CPSR)."
Computer Professionals for Social Responsibility, July 29,
1997. URL: http://www.igc.org/ehj.
(January 10, 2001).
30 URL: http://www.gn.apc.org/pmhp/ehippies/index.html.
(January 4, 2001).
31 "I-Defense and the
Internet 'Thought Police': Misrepresenting the Facts to Create
Media Panic." the electrohippies collective, April 6,
2000. URL: http://www.gn.apc.org/pmhp/ehippies/archive/communiques/communique-2000-04-h.html.
(January 8, 2000.)
32 DJNZ (an alias) and
the action tool development group of the electrohippies
collective. "Client-side Distributed Denial-of-Service:
Valid campaign tactic or terrorist act?" February, 2000. http://www.sans.org/rr/hackers/20http://www.gn.apc.org/pmhp/ehippies/archive/papers/occasional-01-ddos-h.html.
(January 4, 2001).
33 Oxblood Ruffin (an
alias). "Hacktivismo." July 7, 2000. URL: http://www.cultdeadcow.com/hacktivismo.html.
(January 5, 2001).
34 ibid.
See also: Dadok, Eva. "Hacktivism –
A Free Form of Expression or a Digital Vandalism?" December 1,
2000. URL: http://www.sans.org/infosecFAQ/hackers/hacktivism.htm.
(January 11, 2001).
I would like to thank Professor
Dorothy Denning of Georgetown University for reveiwing this
paper and offering useful suggestions.