http://www.wired.com/news/politics/0,1283,43137,00.html
By Jeffrey Benner
2:00 a.m. Apr. 20, 2001 PDT
A coalition of cyber-protesters plan to flood 28 websites associated
with this weekend's free trade negotiations at the Summit of the
Americas with page requests and e-mail messages.
If enough people participate, the action could amount to a
denial-of-service attack.
Led by a group called "electrohippies collective," the "hacktivist"
actions will mirror the summit's schedule, beginning Friday evening
and running through Sunday in Quebec City. Leaders from 34 nations are
meeting there to discuss the establishment of a single free trade zone
from Canada to Chile.
The electrohippies' target list includes official summit websites,
Canadian government sites, corporate sponsors of the meeting
(including the Canadian divisions of Cisco and Sun Microsystems) and
the sites of organizations involved in the massive security force
surrounding the conference.
The protesters are objecting to what they call the undemocratic way
the free trade negotiations are being conducted. They feel
corporations are allowed to participate in the talks, but not ordinary
citizens.
According to summit spokesman Oussamah Tamim, the meeting's organizers
take the same view toward online protests as those on the street -- as
long as it is peaceful and doesn't hinder access to the conference,
there's no problem. But interfering with the conference is
unacceptable.
"We accept the expression of ideas," Tamim said. "We only object to
violence. A violent cyber-attack is any attempt to block public access
to the summit website."
If the protest goes according to plan, systems administrators at the
targeted sites will have their hands full this weekend.
Organizers hope thousands of cyber-protesters will download a simple
"virtual sit-in tool" from the electrohippies site onto their PC, then
use it to flood target sites with repeated page requests.
Using this distributed attack technique, the electrohippies crippled
the World Trade Organization website during the Seattle free trade
summit in 1999.
The Royal Canadian Mounted Police -- whose website also is on the
target list -- is in charge of security for the conference. According
to a spokesman, the mounties aren't aware of any specific plans for
cyber-protest. But they do have a special team of agents in charge of
computer security assigned to the summit.
According to the electrohippies' press release, the organizations on
the target list have all been notified, and offered the opportunity to
post a response to the action on the electrohippies website. No such
responses have been posted thus far.
Reached via e-mail, electrohippie spokesman Paul Mobbs wrote that the
protest would have two components -- a cyber sit-in and a
letter-writing campaign. He denied that it was intended to shut down
the targeted sites, but referred back to a document on "client-side
denial of service" in order to explain the tactics that would be used.
"The sit-in is not designed to close servers," Mobbs wrote, "but to
significantly increase the figures in their usage logs. We're then
challenging the server operators to give a public statement on how big
an increase there was in usage.
"The second action is a 'letter-writing tool.' People can select
arguments, which are then written up as a letter, and can then be
e-mailed or snail mailed/faxed to the person concerned."
The coalition objects to the exclusive atmosphere surrounding the
negotiations to establish a 34-nation free trade zone from Canada to
Chile.
They point to the 10-foot fence that has been erected around downtown
Quebec City to keep street protesters away from delegates, and to
summit officials' refusal to make public the draft text of the
proposed free trade agreement.
"Let data-bodies join in non-violent direct action online in
solidarity with the real bodies on the streets," reads a statement
posted on www.hacktivist.com, a partner in the cyber-protest
coalition.
The electrohippies have taken pains to gain recognition as a
legitimate political organization. Their protest "tool" even comes
with an "ethical public license" -- user guidelines they hope will
inure them from trouble with the law.
The license attempts to restrict use of the tools for "legitimate"
protests conducted openly, with targets given notice and explanation
in advance, as the electrohippies have done for this particular
action."
In part, the license may be an attempt to avoid prosecution under
recent changes made to the law in England, where the electrohippie
coalition is primarily based. By issuing these guidelines, they hope
to distance themselves from the more rogue, cracker elements.
The group's attention to ethics has convinced some that they deserve
recognition as political activists rather than vandals or, even worse,
terrorists.
Dorothy E. Denning, a computer crime and security expert at Georgetown
University, thought the group deserved to be regarded as a political,
rather than a criminal, organization.
"They operate openly and publicly," Denning said. "They also try to
operate by a democratic principle, meaning lots of people have to
protest to make it effective."
She was impressed when the group cancelled a cyber-protest over
genetic engineering that had failed to get majority support in an
online vote.
In an effort to disassociate themselves from the "server-side"
denial-of-service attacks that took down Yahoo and eBay last year, the
electrohippies call their technique a "client-side" denial-of-service
attack.
The difference, according to an electrohippie essay called Occasional
Paper No. 1, is that client-side actions require thousands of
individuals (clients) using their PCs to participate in order to be
effective, while it only takes one person to launch a server-side
attack. This is the "democratic principle" that impresses Denning.
Both types are "distributed" attacks, meaning they flood a target with
page requests originating from a lot of different places at once. This
makes the attack more difficult to repel, and the culprits tougher to
pinpoint.
But the server-side variety achieves distribution by planting
"zombies" in unsuspecting computers that come to life when it's time
to attack. In contrast, the electrohippies use real people pointing
their home computers at the target on purpose.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Sun Apr 22 15:44 CDT 2001