e-Activists in an e-World

e-Activists in an e-World

by Bradford Willke


The purpose of the document is to discuss a class of electronic threat actors, the e-Activist.  The e-Activist is not someone who has simply put down the picket sign, left the radio waves, and marched into a Radio Shack to buy a computer.  More appropriately, an e-Activist is augmenting the way in which he or she carries their message of oppression or advocacy through digital means in an attempt to promote instant access to the information and produce effects that reach a global audience.  This document depicts the nature of the e-Activist, the movement toward e-Activism, e-Activists vs Hacktivists, e-Activist groups and resources, and the numerous avenues an e-Activist uses to employ their attacks.

e-Activists Defined

Activists have long since been persons who believe in "a doctrine or practice that emphasizes direct vigorous action especially in support of or opposition to one side of a controversial issue (Webster, 2000)."  For centuries, they have taken up causes advocating human rights, animal rights, privacy, environmental, social equality, political, and countless other, issues.

More recently and under the candle of threat actors in the Internet world, activists are "[p]eople who believe in a cause to the point where they take action in order to forward their ends" (Cohen, 1999).  Now, e-Activists who hold strong opinions and convictions about an issue use their intellectual abilities to harness the power of electrons in support of their cause against an individual or group.  They employ new strategies and tactics that use electronic means to further their cause, gain support, coordinate activities, and propagate their side of the story.

A Movement Toward e-Activism

Traditionally, activists found physical ways of lobbying against their opposition through passive and active means, including boycotts and protests, literature and propaganda, picketing and marches, sit-ins and demonstrations, and sometimes violent confrontations.  Because of the amount of effort and energy needed to coordinate these activities, activists have found traditional means not as effective as cyber means for communicating their cause.  One factor driving the movement toward e-Activism is that the Internet has increased the cost-to-benefit ratio to the activist's benefit, well beyond what the activist could have traditionally done.  Secondly, the Internet has increased the chances of a higher and faster return-on-investment (ROI) to the point where, at most times, the only investment by the e-Activist is time.  For example, an e-Activist wanting to minimize costs could approach a zero capital expenditure if they used a publicly accessible computer for free at a local library not only research information and produce documents but ultimately distribute their propaganda.  In these situations, all one needs to factor in the expense are the costs associated with research and development time.

Dorothy Denning, in her paper Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy states that the Internet "can benefit individuals and small groups with few resources as well as organizations and coalitions that are large or well-funded."  She continues by relating how the Internet and the e-World has opened opportunities for activists to reach global audiences, raise funds, form associations with like groups across geographical boundaries, disseminate petitions and propaganda, coordinate events at an international level, and educate the public and media.  She also points out that one of the most significant effects of the Internet has been its ability to allow those in "politically repressive states to evade government [censoring] and [monitoring] (Denning, 1999)."

But the benefits of technology and the Internet are not limited to e-Activists alone, who generally support non disruptive activities, but also to Hacktivists.  Hacktivism, which is really a "marriage of hacking and activism", pertains to radical individuals and groups who use hacking techniques to disrupt operations but do not cause serious harm such as "loss of life or severe economic damage (Denning, 1999)."  Efforts to cause loss of life and failure of economies or national infrastructures are generally attributed to cyberterrorists under the guise of information warfare; a topic which is beyond the scope of this paper.

One reason Hacktivists use the Internet as a primary medium for their attacks is that they have "[discovered] what hackers have always known: Traditional social institutions are more vulnerable in cyberspace than they are in the physical world (Harmon, 1998)."  This becomes self-evident when we consider that actions by numerous people can be coordinated via the Internet in an "anytime, anywhere" manner, regardless of their distributed and dislocated circumstances.  Again the cost-to-benefit ratio increases because the ability of a limited number of people through the use of computer attack is as devastating as thousands of physical activists in protest.  And while not the most authoritative of sources, Oxblood Ruffin, a member of the Cult of the Dead Cow, provides the Hacktivist viewpoint in his statement that "[if] you have 10 people at a protest, they don't do much of anything...If you have 10 people on line, they could cripple a network (Harmon, 1998)."

e-Activists vs Hacktivists

Beyond the apparent differences between e-Activists and Hacktivists in their effort to be disruptive, both groups primarily exhibit different methods of attack using the Internet.  E-Activists use the Web as sources of information, publication, dialogue, coordination, and lobbying.  On the other hand, Hacktivists use the Web to host virtual sit-ins and blockades, introduce e-mail bombs, launch Web hacks and computer break-ins, and spread computer viruses and worms (Denning, 1999).

E-Activists have found the Internet to be a virtual palace containing information they can use to corroborate and expand their causes.  The Web gives these groups instant access to information about nation's domestic and foreign policies, organization's regulations and practices, and other related group's activities.  They can find "names and contact information for key decision makers" inside organizations and governing bodies in an attempt to know more about the people they "ultimately hope to influence (Denning, 1999)."

E-Activists put up Web pages with text, images, audio, and video, documenting and instantly publishing their cause to a world wide audience.  They host web discussions debating their issues in e-mails, newsgroups, chat rooms, and other Web forums.  They use the Internet to coordinate movements and actions of their activist organizations and, more importantly, to monitor the actions and propaganda of the groups they oppose and lobby against.

E-Activists use the Web to write, promote, and disseminate their publications; a method that brings about one of the highest ROI's for these groups.  In fact, they disseminate their publications even across international boundaries into countries that seek to discourage and block activist movements.  One example is the VIP Reference, a Washington based e-magazine containing "articles and essays about democratic and economic evolution inside China (Denning, 1999)."  Activist publishing the on-line magazine deliver the content by e-mailing random addresses inside China, "sent from different addresses every day to get past e-mail blocks" imposed by the Chinese government.

Hacktivists expand the e-Activists methods to include more malicious and disruptive motives and means.  The 'hack' or 'hacking' implied in the term Hacktivist refers to "operations that exploit computers in ways that are unusual and often illegal, typically with the help of special software (Denning, 1999)."

Some methods used by Hacktivists are virtual sit-ins and mail bombs.  Virtual sit-ins occurs when members of a Hacktivist group visit a specific site in an attempt to generate enough network traffic to hinder the correct delivery of the web site's content to legitimate users.  Hacktivists also use e-mail bombs or "Spam" to flood e-mail boxes full of junk mail so that the targeted user cannot access their e-mail account, again disrupting normal communication between the target and other parties.

Besides these types of attack, Hacktivist also employ cracking techniques to deface Web sites and accomplish computer break-ins.  The effect of this type of attack ultimately creates a denial-of-service to the Web site's users; much like what happened after the mistaken bombing of the Chinese embassy in Yugoslavia where attackers defaced several American government Web sites, replacing the original content with protest messages and pictures of the bombing victims (Kellan, 1998).  Finally, Hactivists develop malicious code that they introduce through trojan horses, viruses, and worms, also intended to disrupt the normal operatons of their opponents.

e-Activists Groups and Resources

Activist, and Hacktivist, groups are common on the Internet.  The following information is provided as examples of: activist groups hosted on the Web, activist resources available on the Web, and activist publications on the Web.

Additionally, several cross-purpose groups have been listed.  Cross-purpose meaning that these groups wear different hats, in the spectrum between e-Activism and Hacktivism, at times when being passive activists or malicious Hacktivists suits their cause.  For example, the Cult of the Dead Cow (CDC) is primarily a group of crackers, people who "maliciously break into information systems and intentionally cause harm in doing so (Cohen, 1999)" but have employed activist-like techniques.  In December of 1999, following an IRC conference held by the Legion of the Underground (LoU) calling for the "[declaration] of cyberwar on the information infrastructures of China and Iraq (Denning, 1999)", the CDC denounced the LoU, stating that "declaring a war against a country is the most irresponsible thing a hacker group could do (Denning, 1999)."

Activist Groups on the Web

Americans for Computer Privacy (ACP)
Americans for the Environment
Center for Democracy and Technology (CDT)
Central Committee for Conscientious Objectors (CCCO)
Computer Professionals for Social Responsibility
Cyber-Rights  & Cyber Liberties
Electronic Frontier Foundation (EFF)
Electronic Privacy Information Center (EPIC)
Global Internet Liberty Campaign (GILC)
International Campaign to Ban Landmines (ICBL)
Internet Privacy Coalition
Libertarian Party
Online Privacy Alliance
Prison Activist Resource Center

Activist Resources on the Web

Electronic Activist
Social Action and Leadership School for Activists
Take Action

Activist Publication on the Web

Student Activist.com

Cross-Purpose Groups on the Web

Association of Libertarian Feminists (ALF)
Cult of the Dead Cows
Electronic Disturbance Theater (EDT)
Hong Kong Blondes
Legion of the Underground

Attacks by e-Activists and Hacktivists

While E-activists usually employ passive means, they sometimes expand their methods to include the use of Hacktivist methods, causing serious problems to computing resources, including: software programs, web sites, networks, and communications.  Both groups are known to attack on every electronic front, from web site defacement to web site spoofing to e-mail spoofing to Denial of Service attacks to modifications of software code in products.

The following sections discuss some specific instances of attacks as well as techniques used by the e-Activist and Hacktivist.  Because of the crossover in purposes that even create less distinction between e-Activists and Hacktivist, the examples denote actions by e-Activists even though they may fall under the guise of Hacktivist.

Web Site Defacement

A majority of focused attacks are against the web sites of the e-Activist's opposition; be it a nation, governmental agency, private company, or private individual.  Most e-activist focus on web site content as a major target for their campaigns to promote not only their "truth" but to cause miscommunication.  For example, on February 10, 1997, Portuguese e-Activists launched an attack on the web page of the Indonesian government, as shown in Figure 1 below, in protest to the country's political oppression against East Timor (http://www.2600.com/east_timor/tox3/).  As is common in these defacements, the e-Activists promotes their vantage point with propaganda targeted at discrediting the nation for it's foreign or domestic policies.

[Figure 1 - Indonesian Government Web Site Defacement]
Other e-Activists use Web site defacement to tackle ecological or environmental issues.  For example, in November 1996 the Kriegsman Fur and Outerwear company Web site was attacked by an anti-fur activist, as shown in Figure 2 below.  The attacker changed the main Web page's content and left Kriegsman's visitors with messages like "Learn how to live an animal friendly life" and that " this done in the name of animal rights." The activist even made a statement on behalf of the Kriegsman's web administrators by writing, "I tried to do this as carefully as I could, in order not to cause any problems for the site administrator(s) (Wang, 1997)".
[Figure 2 - Kriegsman Fur & Outerwear Web Site Defacement]
Web Site Spoofing

Another class of attack along the lines of web site defacement is 'web site spoofing'.  Here e-Activists does not alter the web site of their adversary, but instead create a legitimate web site so similar in name to the target that people mistakenly visit the web site not realizing it is not "official".  And there are good reasons to use this course of action as they do not usually cross legal boundaries and violate laws because the actual site or business is not directly attacked.

Carolyn Meinel is one such advocate of this type of indirect attack, namely because "if someone's cause is good and their commentary [trenchant], messing up Web sites is a pitiful way to get across a message (Meinel, 1997)."  In her 'Guide to (mostly) Harmless Hacking', Meinel sites that web face defacements are often too short lived to generate the type of advocacy an e-activist would want to promote against an issue.  She further states that "If you believe in freedom enough to respect the integrity of other people's Web sites, and are serious about making a political statement on the Web, the legal and effective way is to get a domain name that is so similar to the site you oppose that lots of people will go there by accident (Meinel, 1997)."  Two such examples, 'clinton96.org' and 'dole96.org' were around during the 1996 presidential elections, where activists set up parody web pages making light of the candidates (Meinel, 1997).

E-mail Spoofing

E-mail spoofing is when someone composes an e-mail message that looks like it came from a specific person but actually came from another, in our case an e-Activist.  This type of masquerade can involve a broad spectrum of complexity from the very easy but noticeable to the very complex and technically challenging.  One of the easier ways is to send an e-mail message from your own system but modify the mail headers to make the appearance that the mail you sent to organization X was from person Y, and not you.  Another easy way is to use an Internet mail provider, such as HotMail, and setup an account under the identity of person Y.  Therefore, all mail going to organization X would be traceable back to an actual account, perceived to be owned by person Y.

E-mail spoofing can also be done through more sophisticated attacks, namely against the actual e-mail account of the owner.  In these cases, an e-activist might employ a network sniffer on the network segment close to the person Y's e-mail reader, attempting to capture the cleartext password of Y's e-mail account.  Then through social engineering or technical means (using tools such as 'nslookup'), the attacker could find out the configuration information of person Y's mail server and attempt to login to the actual e-mail account of person Y.  Not only does this attack allow the e-activist to masquerade as person Y in e-mails but also allows that attacker to view person Y's e-mail and use their own content against them.

So how does this further the e-Activists cause?  E-activists could use this type of spoofing to many ends -- attempts at disrupting Internet service, introducing misleading communication within the target organization, soliciting services on behalf of the attacked, and violating laws through personal attacks such as libel.  For instance, an e-Activist may spoof an e-mail message to a target's Internet Service Provider (ISP) claiming that the target wants to cancel existing service contracts or reduce bandwidth resources.  An e-activist could also pose as an individual sending SPAM or mail-bombs or malicious code; thereby terminating their opposition's e-mail account or causing legal action against the individual, or individual's organization.  The e-activist could further spoof the identity of an individual in a leadership position, sending e-mail that is assumed to be from a senior executive to the organization relating new policies, mission, or simply any information that disrupts the communication of the organization.  Meaning that messages stating new directives such as "Sexual harassment is now tolerable" would seemingly come from a legitimate management and have the effect of disrupting the organization.

Denial of Service Attacks

Denial of Service (DOS) attacks have become common place for attackers against targets of opportunity, such as was seen in the February 2000 attacks against E-Bay and Amazon.  E-Activist have also picked up on the ease at which these attacks are deployed and how they disrupt services to both the organization involved and its constituents.  As mentioned above, web site defacements are one type of attack method that e-activist use to further their cause.  At the same time, though, web site defacements not only help to promote the e-Activist's cause but deny legitimate network traffic and content viewing to a nation's, business's, or individual's web site users.

For example, the legitimate web site for the United States Department of Justice (DOJ) presents various contents to its users through links to press releases, employment opportunities, DOJ organizations and partners, and publications and reports.  On August 17, 1996, attackers broke into and modified the DOJ web site to protest the passing of the Communication Decency Act, because the Act was "another government attempt to impose more regulations on a reluctant and unwilling world of Internet users (Wallace, 1997)."  A portion of the modified web site content is presented in the following figure:

NOTE: This World Wide Web server is currently under destruction.

As the largest law firm in the Nation, the Department of Justice serves to punish all who don't agree with the moral standards set forth by Clinton T. We are a bureaucratic assembly of lawyers, politicians, and criminals (I repeat myself) and are privately owned by the nation of Japan. We operate by enslaving our citizens with taxation. We hate all the Mexicans that swim into our country and take our jobs. We censor our slaves and punish them severely for disobeying. We are greater than God.  Anything and anyone different must be jailed.


                                 [Figure 2 - US Department of Justice Web Site Defacement, Source: http://www.2600.com/hackedphiles/doj/]

The DOJ attack created a two-fold victory for the e-activists.  For one, their message of opposition to the perceived oppression was clearly displayed for all viewers of the DOJ web site.  Two, the legitimate users of the web site also received a denial of service to the resources they fully intended to visit.

Other Attacks

Other attacks have come from insiders who maliciously modify software programs to promote a cause and disrupt the sale of a product by damaging its reputation.  One such alteration was performed by a programmer for Panasonic Interactive who modified the software program "Secret Writer's Society".  The program, which helps children become writers by reciting their compositions back to them via computer-voice, was altered to "[spew] obscenities at very predictable times "during the reading of the child's work (McKay, 1998).  In defense of his actions, the program who came forward at a later time, claimed that "[c]hoosing to have a child constitutes a commitment to give that child the very best that you can. Letting a third-rate piece of software take over for you is wrong because it violates that contract, which is more important than any legal one (McKay, 1998). "

Conclusions and Further Work

Activists are no longer simply a physical threat of words, actions, and ideas that will be contained within a protest area or limited by traditional media.  These e-Activists and Hacktivists have the power to disrupt and damage their opposition through electronic measures; which means that they can be small in number yet carry out the same effect as if their presence were much larger.  They employ all methods of attacks from passive collection of information to publication of manifesto; and from more active attacks involving denial of service and e-mail spoofing.  And though they are a primary target for Hacktivists, activists do not limit themselves to web site defacing.

The commonality between these attackers are that they are motivated by a perception of oppression and from a contrast of ideals held by persons with whom oppose their issues.  While this remains true, and it must because their will always be activists and non-conformists, e-Activists and Hacktivists will become a powerful presence and a threat to those they consider as enemies.

Further Research Necessary on e-Activists and Hacktivists

Bibliography - American Psychological Association (APA) Format

Cohen, Fred. Threat profiles. The All.Net Security Database. May, 1999. Available: http://all.net/CID/Threat/Threat.html.
Denning, Dorothy. Activism, hacktivism, and cyberterrorism: the internet as a tool for influencing foreign policy.  1999. Georgetown University. Available:  http://www.nautilus.org/info-policy/workshop/papers/denning.html
Harmon, Amy. 'Hacktivists' of all persuasions take their struggle to the web. New York Times. October 31, 1998).
Kellan, Ann. Hackers hit government web sites after china embassy bombing. May 11, 1999. CNN.com. Available: http://www.cnn.com/TECH/computing/9905/10/hack.attack.02/index.html.
McKay, Niall.  Rigging software to swear. Wired News. October 9, 1998.  Available:  http://www.wired.com/news/culture/0,1284,15533,00.html.
Meniel, Carolyn.  Guide to (mostly) harmless hacking. 1997. Available: http://www.spaziopiu.it/elettrici/gtmhh/.
Wang, Wallace. Getting the message out: hacking a web site. Notes from the Underground.  August, 1997. Available: http://boardwatch.internet.com/mag/97/aug/bwm19.html.
WWWebster Dictionary. Merriam-Webster, Incorporated. 2000. Available: http://www.m-w.com.