Business Under Attack

Baldwin Louie — Mon, 10 Apr 2000 18:00:00 -0400

Over the next two weeks, a group calling itself the Electrohippies Collective plans a campaign of online disruption designed to send a warning to companies involved in genetically modifying plants and animals. The planned attack represents an escalation in the online battles between radical-left activists and their targets, often multinational corporations.

The Electrohippies have distributed a new client-side "distributed denial of service" - or DDOS - tool, a weapon that can be used from any PC, as opposed to earlier versions that ran on a server.

In the last few years, groups protesting everything from nuclear tests in India to China's human-rights record have hijacked Web sites to broadcast their messages. But as activists step up their use of the Net as a protest vehicle, cyber protests are evolving from standard Web site defacements - which are often annoying rather than destructive - to all-out wars. Online campaigners like the Electrohippies are becoming more aggressive and sophisticated, with mass e-mail messages that bombard companies, DDOS attacks to interrupt Web sites, and posts of negative comments on message boards in attempts to deflate stock prices.

Renewed interest in "hacktivism" was sparked by the widely publicized campaign late last year against Net company eToys.com over its trademark infringement lawsuit against Etoy.com, a conceptual art group in Switzerland. After Etoy.com refused to sell its domain to eToys for $500,000, the U.S. online toy retailer sparked a furor among online activists when it got an injunction against Etoy.com prohibiting it from using the domain name. Not only did protesters use DOS tools against eToys in the weeks leading up to Christmas, they flooded financial message boards with negative information about eToys in an effort to trash its stock.

EToys' share price plunged from $67 per share in late November to around $10 a share in late March - a slump which has more to do with stiff competition and a general downturn in the e-retail market than the protest campaign. Nonetheless, Santa Monica, Calif.-based eToys eventually dropped its lawsuit and agreed to reimburse the Swiss group up to $40,000 in legal fees.

Another group, the Federation of Random Action, launched a DDOS attack in February against two Occidental Petroleum (OXY) sites and a third site run by Fidelity Investments, an Occidental shareholder, says Ben Venzke, manager of intelligence production at iDefense, an Alexandria, Va.-based security firm. The group is protesting Occidental's plans to explore for oil in Colombia on what the U'wa tribe says is its ancestral land.

Fidelity spokesman Vin Loporchio says the company was aware of the protest plans, but declines to comment on whether Fidelity took any measures to counter an attack. "We have no issues on the Web site," says Loporchio. "It's business as usual."

Indeed, most targeted sites downplay the effects of cyber protests. During the World Trade Organization meeting in Seattle last November, the WTO was able to fend off a DDOS attack in which several million hits bombarded the site each day, says WTO spokesman Jean-Guy Carrier. "The site always remained accessible to the thousands of regular users despite the denial of service attacks," he says.

Protest groups acknowledge the limitations of their current methods. It takes at least a few thousand hits to make a dent in a target server's bandwidth, says the Electrohippies' U.K. spokesman Paul Mobbs. It takes 15,000 to 30,000 people using the tool simultaneously to have a noticeable impact.

That's why the group is working to refine its weapons. Protest groups are improving DDOS software programs to make them easier to use - and harder to stop.

The Electrohippies' new software works best when used by multiple PCs to attack a single site. "Not only is [cyberactivism] a growing trend, it's also something that is continuing to evolve and increasingly become more complex," says iDefense's Venzke.

Venzke is worried that protesters will soon turn to even more nefarious DDOS tools, such as those used by the unidentified hackers who crippled Yahoo (YHOO), eBay (EBAY) and a handful of other major sites in February. Those attacks were launched by "zombie" servers after DDOS software tools such as Trin00, TFN2k or Stachaldraht were sneaked onto the machines and programmed to attack simultaneously. Such attacks require the efforts of only one hacker at a single PC to infiltrate the software onto the launchpad machines.

"While many of these groups do not support the use of the more dangerous DDOS tool, there are other camps in the cyberactivist community that are distributing them," Venzke says. "In cyberspace you don't have to have another 100 people who believe as you do to move forward with an action to cripple a company."

So are these actions legitimate? The self-proclaimed hacktivists claim they are not terrorists and consider their attacks a form of civil disobedience, arguing that the sophisticated DDOS tools are legal.

"We don't crack computers. We don't attempt to break into servers. What we do is open, and visible for all to see," says the Electrohippies' Mobbs. "The most our efforts will do is stall the server for a few hours - it does no physical damage - although they might need a reboot."

The Electrohippies point out that their new DDOS tool, in contrast to malicious software like Trin00 or Stachaldraht, is still only effective with mass support. "The Electrohippies believe the acts or views perpetrated by the targets of a DOS action must be reprehensible to many in society at large," reads a statement posted on the Web site of the Electronic Civil Disobedience, a sister group to the Electrohippies.

What's more, the group warns its victims before it attacks. It hasn't decided which companies to attack in the April protest; likely targets include Frito-Lay (dossier), Haagen-Dazs, McDonald's, Nestle and Procter & Gamble.

To the victims, DOS attacks are tantamount to censorship. "In the final analysis, the denial of service attacks were most of all a disservice to our many users from around the world, who might have found the site slower than usual at the height of the attacks," says the WTO's Carrier. "Personally, I think it is comparable to shutting down newspapers, television and radio stations because you don't like what they are saying."

Even some other hackers are critical of the protesters' methods. "The DDOS attacks of early February [against Occidental] were nothing more than packet-wanking [network pranks usually carried out by mischief-makers] at its finest," wrote a hacker who calls himself "Oxblood ruffin!cDc," a representative of hacker group Cult of the Dead Cow, in a response to the Electronic Civil Disobedience paper. "Denial of service attacks are a violation of the First Amendment, and of the freedoms of expression and assembly. No rationale, even in the service of the highest ideals, makes them anything other than what they are - illegal, unethical, and uncivil."

However, Oxblood discounts the power of DOS protests. "They require a large number of people to become effective, and then they only jostle the Web server so it can't function properly for a time," Oxblood points out. "On a scale of one to 10, this stuff rates about a three."

It will remain unclear whether DOS protests are illegal until a lawsuit is won or legislation is enacted against them. A case could be made for civil or criminal action if intent to harm and actual damage or profit loss is shown, says Tony Carbone, managing director at Richards & O'Neill, a New York law firm.

Interestingly, some groups are taking a more corporate approach to their anticorporate activities. For example, RTMark (pronounced art-mark), which claims it's a legitimate corporation, relies on laws designed to protect shareholders from their companies' wrongdoings. As a "brokerage," RTMark raises money for and encourages corporate sabotage while at the same time it's shielded by the limited liability protections designed for companies. How? It sells virtual shares in so-called "mutual funds" to finance its pranks, such as a phony campaign Web site for George W. Bush.

RTMark has even turned to eBay to raise funds. The company auctioned off four tickets to the Whitney Art Museum's biennial exclusive VIP party on March 21, raising about $8,000. Previously, RTMark raised $4,500 to fund attacks against Mexican government sites, the U.S. Defense Department and the Frankfurt Stock Exchange in 1998 in support of the rebel Zapatistas in Chiapas, Mexico.

Neither Etoy.com nor the affiliated Toywar Resistance Network use DDOS tools in cyberattacks. "We do not and will not use them," states TRN Founder Randy Kruzan. "However, we do not dispute their use in protest, and we do believe them to be a highly effective way to get the attention of the sites they are used against. E-mail can be filtered to disregard messages containing protest-related messages, phones can be screened and snail-mail can be thrown away. The most effective attack on an e-commerce company is to block user access to the product, thus preventing sales."

That's why the Electrohippies continue to improve denial-of-service software to help others launch cyberattacks. "In our view, cyberspace is another part of society - just like the street or the council chamber," Mobbs says. "We are therefore devising tools, methods and best practice to enable others to undertake effective grassroots protest and lobbying via the Internet, just as they would via the conventional media or public spaces.

"We're serious [about] what we do; this isn't a stunt."

When the Net Is a Weapon

VIEW POP UP CHART - SORRY THIS CHART IS NO LONGER AVAILABLE

The Industry Standard - Business Under Attack - Comments

Business Under Attack