Information Week Article on Hacktivism

Date Tue, 21 Nov 2000 01:47:06 GMT

[: hacktivism :]

This is from the November 13, 2000 issue of "Information Week".  I
always feel amused by the underlying premise that any employee in the
IT field who reads this type of article will automatically accept and
identify with the corporate interest.  We're expected to know how, but
not why.  He (or she) who knows how will always work for he (or she)
who knows why.

Beware Cyberattacks
By George V. Hulme and Bob Wallace

A group of pro-Muslim hackers calling itself Gforce Pakistan last week
defaced more than 20 Web sites and posted threats to launch an Internet
attack against AT&T. The message on the sites, run by Israeli
organizations and companies such as the World Peace Center, Borah
Torah, and, said there will be more attacks against
Israel and its allies. It encouraged hackers to E-mail the group for
the date and time of future hits.

The postings began just days after Lucent Technologies Inc. fought off
a denial-of-service attack on its Web site that apparently was launched
by a pro-Palestinian group. The company won't provide details on the
attack or how it defended itself, but security experts suggest AT&T and
Lucent were targets because of the amount of business they do with and
within Israel.

Other U.S. companies need to be on the lookout. The number of
politically motivated Web-site defacements, distributed denial-of
service attacks, and computer system break-ins is growing, in part
because of simple, widely available "click-and-attack" tools and Web
sites that make it easy for hackers--as well as anyone with a political
grudge--to launch attacks.

The FBI's National Infrastructure Protection Center last month issued a
public advisory that stated, "Due to the credible threat of terrorist
acts in the Middle East region and the conduct of these Web attacks,
recipients should exercise increased vigilance to the possibility that
U.S. government and private-sector Web sites may become potential
targets." It was the FBI's second such warning this year.

The Mideast isn't the only source of activity. Last week, both major
U.S. political parties fell victim. A Republican National Committee Web
site had to be taken down after it was altered with a pro-Al Gore
message and a link to Gore's campaign Web site. Also, the Democratic
National Committee's external E-mail system was shut down for several
hours on Nov. 6 after repeated attacks. The DNC says it doesn't know
where the attacks originated.

Security experts say system breaches by geopolitical and social
activists are a serious and growing problem. While there's no way of
knowing what percentage of them are politically motivated, last year
there were about 3,700 Web-site defacements; so far this year, the
number is nearly 4,200, according to, which tracks such
infractions. InformationWeek reviewed 138 Web-site defacements that
have taken place since Oct. 31, and 53 appear to have been political in
nature, with messages ranging from the need to feed the hungry to anti
Israel, Palestine, and U.S. screeds.

Security analysts have coined a word to describe the politically
motivated troublemaking: hacktivism. And they say no company or
organization is safe. In June, hackers redirected Nike .com's traffic
to the home page of a grassroots activist site,,
which carried a message of protest against the Asia Pacific World
Economic Forum held in September. S11 .org denied involvement in the 19
hour attack on Nike's site.

Convicted hacker Kevin Mitnick, recently paroled after spending more
than five years in prison for break-ing into companies' computer
systems, says most political hackers aren't just having fun--they're
trying to send a message. "The bigger the target, the more the message
gets reported, and the more effective it is," he says.

"I absolutely think there has been a rise in the political involvement
of hackers," says "Tweety Fish," a member of the hacker group known as
the Cult of the Dead Cow. "It's becoming more apparent that hackers
have the potential to cause really meaningful debate and potential

Hackers aren't the only ones who've noticed a change. "These attacks
represent a paradigm shift that scares me because they're fast becoming
a fashionable and effective way to show political dissent and
aggression," says Charles Neal, director of the elite CyberAttack Tiger
Team at Exodus Communications Inc., the Web-hosting company. The team
is charged with protecting Exodus' systems and those of its customers.
"As more unhappy people around the world get comput-ers and Internet
access, the number of these attacks will increase."

The threats come from all over. In May, 3Com Corp.'s computer systems
were the subject of denial-of-service and other attacks from government
buildings in Kosovo and Albania. "We thought it was kids at first, but
government-sponsored terrorism is a new thing," says David Starr,
senior VP and CIO for the networking equipment vendor, adding that 3Com
was probably targeted simply for being a large American company.

Some IT managers are taking the threat seriously. "I'm concerned for a
couple of reasons," says Steve Lopez, architect of enterprise
infrastructure and networks at the National Board of Medical Examiners
in Philadelphia. "If this keeps up on an international basis, you're
definitely going to see the creation of heavy regulation on the
Internet. And not a day goes by when my systems aren't probed for
vulnerabilities so they could be used as zombie machines for these mass

J.P. Morgan & Co. in New York has dedicated security staff assigned to
firewalls and intrusion-detection monitoring. "Because we use the
Internet for trading, we're much more sensitive to hacktivism. We take
security super-seriously," says Andrew Comas, the bank's head of
technology research.

But not everyone seems concerned. AT&T says only one of its business
customers has inquired about the latest threats. Jonathan Cohen,
director of advanced IP services with AT&T's data and Internet services
group, says companies should invest in managed firewall and intrusion
detection systems to reduce their susceptibility."Customers are at
greater risk because more hackers are politically motivated to do
harm," he says.

3Com's Starr agrees, noting that hackers are constantly probing his
systems to see if they can be taken over and used surreptitiously. "I
get thousands of attacks a week. From kids to criminals to foreign
governments," he says. "Before we put firewalls in and started logging
them, we didn't know it was happening, so it was getting through."

It has become easy to launch cyberattacks. "All someone needs to know
to participate in a distributed denial-of-service attack is how to
point and click," says Mike Assante, chief operating officer at
security company LogiKeep Inc. The FBI has uncovered at least three Web
sites that offer such automated launch pads. "This is the first time
I've seen a client-server-enabled E-warfare application," says Chris
Rouland, director of the X-Force vulnerability research team for
Internet Security Systems Inc.

Earlier this year, a pro-Israeli site provided tools that visitors
could use to attack Web sites affiliated with Hezbollah, an anti-Israel
terrorist organization, Assante says. The setup involved more than
8,500 servers in both Israel and the United States to flood Hezbollah
Web sites with hundreds of thousands of hits a day.

Not surprisingly, many companies are wary of revealing information
about the measures they're taking to protect against hackers. But some
IT managers are turning to experts to help them understand where the
threats are coming from. "You'd be naive if you went into business in
countries known for espionage and didn't have an understanding of the
threat level," says Eddie Schwartz, assistant VP and CIO at Nationwide
Insurance Cos., who subscribes to a LogiKeep service that informs him
of hacking activities around the world.

Businesses are also installing sophisticated security measures. More
than half of the 4,900 IT managers who responded to the Global Security
Survey, conducted by InformationWeek Research and
PricewaterhouseCoopers earlier this year, say they've implemented
protocol filtering and deployed intrusion-detection tools. Exodus is
testing an integrity-monitoring package that performs baseline analysis
of files, then checks them for adds, deletions, or changes--as often as
every 15 minutes.

Internet Security's Rouland suggests that companies deploy a moving
target approach to defend their Web systems, automatically rerouting
traffic to another server. "The idea is that as soon as you see this
sort of attack happening, you automatically start swinging around your
system to move out of the fire," he says. "It's not something that
eliminates the attack, but it mitigates it to a window of five to 10
minutes." Companies can also configure their upstream routers to
temporarily block attacks.

Security professionals say such measures can only minimize threats, not
eliminate them. "There's no prevention of these attacks," says AT&T's
Cohen. "We're constantly on the defensive."

And all the experts agree that the nature and number of attacks is go
ing to get worse before it gets better. Says Exodus' Neal, "Once people
realize how to use computers for information warfare, you've opened
Pandora's box--with no way to close it."

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]