advisory from

Date Fri, 4 Aug 2000 14:02:13 -0400

[: hacktivism :]

hey all - this advisory was posted to the site 5 days
ago...(thats the national infrastructure protection centre - some adjunct
to the fbi i believe....) thought some folks might be interested - if you
look at the bottom it says this release was co-ordinated by the FBI
Domestic Terrorism unit....



Hacktivist activities may occur in connection with certain national and
international events scheduled between July and September 2000 (more
details below). Hacktivism refers to the merging of political activism and
computer hacking. The use of hacktivism has been noted in protest
activities since the Electronic Disturbance Theater (EDT) launched a
series of so-called network direct actions (especially web page
defacements and denial-of service attacks) against web sites of the
Mexican government in 1998. Since then, the larger protest community has
shown skills in computer-based support capabilities for protest events in
general, and network direct actions in particular, both of which have been
increasing steadily.

Upcoming events are as follows: the Republican National Convention,
Philadelphia, July 31 - August 4, 2000; the Democratic National
Convention, Los Angeles, August 14-August 17, 2000; the World Economic
Forum, Melbourne, Australia, September 11-13, 2000; 2000 Summer Olympics,
Sydney, Australia, September 15-October 1, 2000; IMF & World Bank 55th
Annual Summit Prague, Czech Republic, September 26-28, 2000.


To date, the only indication of planned hacktivist activities is a report
that hackers are targeting computers in Australia and the United States
during the Olympic Games. In addition, interfering with banking and
finance infrastructures has been identified as possible in conjunction
with protest activities against the IMF & World Bank 55th Annual Summit.
This limited indication (thus far) of computer network protest activities
may be the result of growing concern among activists for their own
operational security. However, emerging trends suggest that the use of
computer network ("cyber") protest activities in connection with upcoming
events should not be discounted. Traditional physical protest activity
during the events will likely be accompanied by various types of cyber
disturbance. Protests could include denial-of-service attacks, web page
disruptions and defacements, and so-called virtual sit-ins (i.e.,
barraging a targeted web server with multiple, simultaneous requests,
using specialized software designed for the purpose of overloading the
server). Cyber protests could also target corporate, financial and U. S.
government web sites and computer networks, particularly those related to
banking, finance, or economics. Beyond this rather focused cyber and
parallel physical protest activity, we do not expect problems which would
disable large segments of U. S. infrastructures.

The use of computers and network direct actions by the protest and
activist community have been increasing. Recent indications include
protest activity targeted at the World Trade Organization, which included
some actions by hactivists (NO2WTO and N30) in Seattle in November and
December 1999. Some postings by members of protest groups have discussed
the role of hacktivism and ways to employ denial of service. Additionally,
there appears to be increasing ties of hacktivism to the wider community
of computer enthusiasts and hackers. An example of heightened security
awareness in the hacktivist community is the opening of the following site
in February 2000: []. The main focus of the site is
computer security and activism with an emphasis on how to "stay safe in an
ever-monitored world."


Republican National Convention, Philadelphia, Pennsylvania, July 31-August
4, 2000: A group identified as the Philadelphia Direct Action Group (PDAG)
is planning a series of activities against the perceived "wrongs" of the
US electoral system. The R2K Network is the umbrella organization aiming
to unite the activities of various organizations demonstrating during the
Republican National Convention. There does not appear to be a single,
shared goal among the protesters. Currently, there are no indications of
network direct actions, as part of the so-called Unity 2000 or J30 events
being planned by the protesters.

Independent media coverage has been set up to provide alternative coverage
of the convention. One objective of this effort is to move the focus away
from the convention floor. A second objective is to expose the actions of
multinational and other corporate entities attempting to influence
convention policy and action decisions. Based on the increasing priority
that independent media centers appear to have received by protests and
activist organizations after N30, the coverage will likely attempt to
record law enforcement operations, particularly during the marches, and
even more so if physical response is used by local law enforcement at any
time during the protest and activist events.

Highly effective, relatively low-cost video camera equipment, coupled with
wireless communications and Internet connectivity, can provide protest and
activist groups with the following capabilities: First, the ability to
capture powerful images of events that can be documented as captured or
edited to portray events from any perspective organizers may chose.
Second, is a means for nearly instantaneous, worldwide dissemination of
the orientation these groups may wish to emphasize in employing the
wireless and Internet links. Media coverage helps hacktivists draw and
maintain anonymous support, thereby enhancing their organizational
strength in cyberspace.

The Democratic National Convention, Los Angeles, California - August
14-17, 2000: A number of physical protest events are being planned for the
Democratic National Convention. D2K is the umbrella coalition coordinating
much of what is being planned. One report (unconfirmed) indicates planning
is underway to disrupt 911 services during the convention.

The World Economic Forum (WEF), Melbourne, Australia - September 11-13,
2000: September 11, 2000, ("S11") has been identified as a day to "stand
up to global action." The date coincides with the opening of the World
Economic Forum (WEF) - Asia-Pacific Economic Summit. The S11 Alliance is a
network of organizations, affinity groups, and individuals that share a
common concern about the growth of corporate power and direction of
globalization, and which is organizing a week of cooperation, networking
and protest activity against the WEF. At this point there is no indication
of any call for network direct actions in support of S11 activities.

The 2000 Summer Olympics ("Sydney 2000") - September 15-October 1, 2000:
The Anti- Olympics Alliance is opposed to the Olympic Games and is active
in organizing protests and events to highlight the negative impact of the
games and social injustices. According to one media report, some hackers
have already been moving in and out of sites related to the Games, seeking
weaknesses they can exploit. The report went on to indicate that the
hackers' main targets will be four massive computer farms, three in the US
and one in Australia, that will carry the huge traffic expected through
Olympic web sites. Corporate sponsors of the Olympics could also be
tempting targets.

International Monetary Fund and World Bank 55th Annual Summit - Prague,
Czech Republic - September 26-28, 2000: September 26, 2000, ("S26") has
been identified as a so-called "Global Day of Action," based on activists'
perceptions that the capitalist system exploits people, societies and the
environment for the profit of a few, and is the prime cause of social and
ecological troubles. On September 26, activists will express their
opposition to the World Bank and the IMF and their policies. The "S26
Global Day of Action" proceeds from the successes of the previous "Global
Days of Action against capitalism" on June 18 (J18) and November 30 (N30)
of last year. Sabotaging, wrecking, or interfering with infrastructure has
been identified as a possible action in support of S26. Independent media
coverage is being incorporated into the planning of S26 activities.


Despite the limited indications of planned hacktivist activities and
targeting of infrastructures, cyber protest activities in conjunction with
some or all of the five upcoming events discussed here may occur. This
assessment is based on the following:

- The increasing use of computer and network direct actions by the protest
and activist community; - Activists planning global days of protest have
demonstrated a heightened concern for security; - The effectiveness of
using computer network attacks by protesters to deal with opponents at the
national and international level since J18; - Events targeted for protest
activities all attract media attention and are highly visible.


The NIPC recommends that recipients monitor their information systems and
networks for computer intrusions during the events listed above. These
actions could take the form of intrusions originating or passing through
dial-up connections belonging to both domestic and foreign Internet
service providers, unauthorized system access, unusual or disruptive
E-mail traffic or Web site activity. The effectiveness of one's computer
security procedures should be evaluated. Such procedures include network
intrusion detection, blocking or limiting unnecessary inbound traffic,
regular review of system logs, disabling inactive user accounts, password
and login changes, and ensuring recommended patches are in place.

This communication has been coordinated with the FBI Domestic Terrorism
Office. Please report any illegal or malicious activities to your local
FBI office or the NIPC, and to your military or civilian computer incident
response group, as appropriate.

[ Back to Advisories, Alerts and Warnings ] 

Find me at -
For more info about tao -
The tao anti-genetic engineering project -

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]