Re: risks/ethics of paricipating in actions, and can we make them available to the masses?
From
rhiann3n wyrcat <rhiannen@gw.total-web.net>
Date
Tue, 28 Mar 2000 07:54:10 -0500
[: hacktivism :]
Ben Earnhart wrote:
>
> Much of the folowing might seem naive to those
> true hackers on this list, that some subcultures
> might just assume anonymity through rlogins at
> multiple IPs, but I think the issues below might
> be relevant:
>
<SNIP>
Each of the listed ideas (a - f) for connections
to the net are easily traceable - the analogy that
strikes me (at 6am before coffee) is that all are
just forms of shouting from different places
within your own house. And as mentioned, IP
packets are assuredly *Traceable*. If someone is
serious about tracing the trail back, the
information contained in the IP packet itself
offers the information needed to follow the trail
back to the physical MAC address of the
originating machine (the "street address" of what
machine first sent the packet i.e. the console
you're sitting at when you connect using any of
the listed ideas.)
I'll not get into the shadows of sabotage or
subversion, but will try to stick to the viewpoint
of open, un-masked activism as the ethical ground
fought from.
The options for making the IP trace back to
somewhere else besides your own house require
certain levels of technical skill - some higher
than others. The use of such skills to hide or
misdirect where the packets originate very quickly
takes you from solid ground to an ethical
quagmire.
Spoofed packets (those claiming to be, say, from a
house in another city) involve actually
manipulating the data/address/signature/whatever
of the packets from your machine and is almost a
dedicated art to those knowledgable and skilled in
creating them. But someone skilled enough to
Write a spoofed packet should also be skilled
enough to Read one as well - and quite a few
security consultants rank among those skilled
enough to write spoofed packets... Besides,
spoofed packets coming across can alert a good
sysadmin to something fishy and it's a short line
of tweaking to deny most spoofed packets. Other
drawbacks? Time consuming to learn well enough to
be effective - i.e. well enough to be close to
impossible to trace (notice the "close to".)
Activist Ethics for hiding behind spoofed packets?
0
Directly "borrowing" ("hacking") a poorly or even
un-protected wingate may allow you to use someone
else's machine to create the packets. Easier than
writing a good spoof, but knowingly using someone
else's machine in this way? ("But they was asking
for it by leaving themselves unprotected!" As the
retirement home, with their own little 4 computer
Window's LAN for letting the residents keep up
with their grandkids, gets visited by the local
friendly TLAs.) Less than 0 on the Activist
Ethic's scale.
Many of the latest distributed denial of service
attacks utilize a form of piggy-backing through
many "victim" machines (hence the "distributed"
part of the name.) The "victim" part gives a good
idea as to the method. Poorly protected machines
are "rooted" (access gained and control taken),
given a set of commands to activate, then wait for
the "go" signal before executing to become part of
the denial attack. A favored machine would be
sitting on bandwidth, but even slower dialups are
not immune to being "borrowed" this way.
Here I'll fall back on my analogy of "script
kiddie" tools = guns. If you're not willing to
stand up bare-faced with a loaded gun for the
cause in question, you may want to give some long
hard thought to using available scripts for
launching cyber attacks. This is a deeply
personal question no less severe just because it
seems "safer" to be sitting in your own home at a
keyboard.
There are many other ways of making a message be
heard. Well designed email campaigns, websites
stating the facts of the issues, and numerous
other ideas mentioned within this list are all
ways of getting the mesage across - and never
forget the power of face to face conversations
with co-workers and associates. Education and
information are viable choices that may well beg
to be given broad chance before picking up arms.
Just my $0.02 - I *really* should stop for coffee
before writing here....
rhiann3n
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]