Monday, January 21, 2013
In her article by Christie Thompson on Propublica.org, "Hacktivism: Civil Disobedience or Cyber Crime?," the author talks about the classic question of civil disobedience, and in today's world - three types of internet attacks by political activists, document publication, "Distributed Denial of Service (DDoS) and Doxing:
"When Reddit co-founder and internet freedom activist Aaron Swartz committed suicide last Friday, he was facing up to 13 felony counts, 50 years in prison, and millions of dollars in fines. His alleged crime? Pulling millions of academic articles from the digital archive JSTOR.
Prosecutors allege that Swartz downloaded the articles because he intended to distribute them for free online, though Swartz was arrested before any articles were made public. He had often spoken publicly about the importance of making academic research freely available.
Other online activists have increasingly turned to computer networks and other technology as a means of political protest, deploying a range of tactics — from temporarily shutting down servers to disclosing personal and corporate information.
Most of these acts, including Swartz’s downloads, are criminalized under the federalComputer Fraud and Abuse Act (CFAA), an act was designed to prosecute hackers. But as Swartz’s and other “hacktivist” cases demonstrate, you don’t necessarily have to be a hacker to be viewed as one under federal law. Are activists like Swartz committing civil disobedience, or online crimes? We break down a few strategies of “hacktivism” to see what is considered criminal under the CFAA.
Accessing and downloading documents from private servers or behind paywalls with the intent of making them publicly available.
Swartz gained access to JSTOR through MIT’s network and downloaded millions of files, in violation of JSTOR’s terms of service (though JSTOR declined to prosecute the case). Swartz had not released any of the downloaded files at the time his legal troubles began.
The most famous case of publishing private documents online may be the ongoing trial ofBradley Manning. While working as an intelligence analyst in Iraq, Manning passed thousands of classified intelligence reports and diplomatic cables to Wikileaks, to be posted on their website.
“I want people to see the truth… regardless of who they are… because without information, you cannot make informed decisions as a public,” Manning wrote in an online chat with ex-hacker Adrian Lamo, who eventually turned Manning in to the Department of Defense.
Both Swartz and Manning were charged under a section of the CFAA that covers anyone who “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer…”
Distributed Denial of Service
A Distributed Denial of Service, or DDoS attack, floods a web site’s server with traffic from a network of sometimes thousands of individual computers, making it incapable of serving legitimate traffic.
In 2010, the group Anonymous attempted to overload websites for PayPal, Visa and Mastercard after the companies refused to process donations to Wikileaks. Anonymous posted their “Low Orbit Ion Canon” software online, allowing roughly 6,000 people who downloaded the program to pummel the sites with traffic.
A DDoS attack can be charged as a crime under the CFAA, as it “causes damage” and can violate a web site’s terms of service. The owner of the site could also file a civil suit citing the CFAA, if they can prove a temporary server overload resulted in monetary losses.
Sixteen alleged members of Anonymous were arrested for their role in the PayPal DDoS, and could face more than 10 years in prison and $250,000 in fines. They were charged with conspiracy and “intentional damage to a protected computer” under the CFAA and the case is ongoing.
Some web activists have pressed for DDoS to be legalized as a form of protest, claiming that disrupting web traffic by occupying a server is the same as clogging streets when staging a sit-in. A petitionstarted on the White House’s “We the People” site a few days before Swartz’s death has garnered more than 5,000 signatures.
“Distributed denial-of-service (DDoS) is not any form of hacking in any way,” the petition reads. “It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any ‘occupy’ protest.”
Doxing involves finding and publishing a target’s personal or corporate information.
In 2011, Anonymous and hacker group Lulzsec breached the Stratfor Global Intelligence Service database and published the passwords, addresses and credit card information of the firm’s high-profile clients. The group claimed they planned to use the credit cards to donate $1 million to charity.
Anonymous also recently doxed members of the Westboro Baptist Church after several tweeted their plans to picket funerals for Sandy Hook victims. Hackers were able to access Church members’ twitter accounts and publish their personal information, including phone numbers, emails and hotel reservation details.
Jeremy Hammond could face life in prison for allegedly leading the Stratfor hack and a separate attack on the Arizona Department of Safety website. Former Anonymous spokesman Barrett Brown was also indicted for computer fraud in the Stratfor dox, not for hacking into the system, but for linking to the hacked information in a chat room.
The charges for doxing depend on how the information was accessed, and the nature of published information. Simply publishing publicly available information, such as phone numbers found in a Google search, would probably not be charged..."
When not blowing up innocents at abortion centers, Conservative sheeplets are fond of the terror that doxing provides by providing the phone numbers and addresses of people they don't approve of - like abortion providers.
A fourth method of internet attack, "Website Defacement," was usually thought of more as a prank than a political statement, and as Wikipedia explains, "Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists." (For those of a technical bent, this page --> (http://www.hackingloops.com/2011/07/6-ways-to-hack-or-deface-websites.html) purports to explain "6 Ways To Hack Or Deface Websites Online.")
And finally, we can look at the latest attempts at cyberhacking/civil disobedience by the famous "Anonymous," as cnet.com reports in their story, "Anonymous launches attack on Mexico's Defense Department," "...announcing its support of the Zapatista National Liberation Army, the hacking collective hits the government's defense Web site with a DDoS shutdown."
Again from Wikipedia, "('Anonymous')...is a loosely associated hacktivist group. It (is estimated to have) originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. It is also generally considered to be a blanket term for members of certain Internet subcultures, a way to refer to the actions of people in an environment where their actual identities are not known. It strongly opposes Internet censorship and surveillance, and has hacked various government websites. It has also targeted major security corporations. It also opposes Scientology, government corruption and homophobia. Its members can be distinguished in public by the wearing of stylised Guy Fawkes masks."
Civil disobedience of hactivism, political action by groups and individuals outside the institutionalized political arena have an outlet for activism, and they are deadly tools in the hands of the inexperienced or the more vicious of activists, as we can see from right-wing actions over the world.
But online activism is a formidable tool to combat Conservatism and will play an interesting - and humorous - role in the years to come as we seek to criminalize the "vast right-wing conspiracy" known as "Conservatism."
"Any girl can be glamorous. All you have to do is stand still and look stupid."
Hedy Lamarr (Austrian-American actress and mathematician. 1913 – 2000)