|
Activism,
Hacktivism, and Cyberterrorism: The conflict over
Kosovo has been characterized as the first war on the Internet.
Government and non-government actors alike used the Net to disseminate
information, spread propaganda, demonize opponents, and solicit support
for their positions. Hackers used it to voice their objections to both
Yugoslav and NATO aggression by disrupting service on government
computers and taking over their Web sites. Individuals used it to tell
their stories of fear and horror inside the conflict zone, while
activists exploited it to amplify their voices and reach a wide,
international audience. And people everywhere used it to discuss the
issues and share text, images, and video clips that were not available
through other media. In April, the Los Angeles Times wrote that the
Kosovo conflict was "turning cyberspace into an ethereal war zone
where the battle for the hearts and minds is being waged through the use
of electronic images, online discussion group postings, and hacking
attacks."1 Anthony Pratkanis, professor of psychology at the
University of California, Santa Cruz, and author of Age of Propaganda:
The Everyday Use and Abuse of Persuasion, observed, "What you're
seeing now is just the first round of what will become an important,
highly sophisticated tool in the age-old tradition of wartime
propaganda.... The war strategists should be worried about it, if they
aren't yet." Just how much
impact did the Internet have on foreign policy decisions relating the
war? It clearly had a part in the political discoursetaking place, and
it was exploited by activists seeking to alter foreign policy decisions.
It also impacted military decisions. While NATO targeted Serb media
outlets carrying Milosovic's propaganda, it intentionally did not bomb
Internet service providers or shut down the satellite links bringing the
Internet to Yugoslavia. Policy instead was to keep the Internet open.
James P. Rubin, spokesman for the U.S. State Department, said "Full
and open access to the Internet can only help the Serbian people know
the ugly truth about the atrocities and crimes against humanity being
perpetrated in Kosovo by the Milosevic regime."2 Indirectly, the
Internet may have also affected public support for the war, which in
turn might have affected policy decisions made during the course of the
conflict. The purpose of this
paper is to explore how the Internet is altering the landscape of
political discourse and advocacy, with particular emphasis on how it is
used by those wishing to influence foreign policy. Emphasis is on
actions taken by nonstate actors, including both individuals and
organizations, but state actions are discussed where they reflect
foreign policy decisions triggered by the Internet. The primary sources
used in the analysis are news reports of incidents and events. These are
augmented with interviews and survey data where available. A more
scientific study would be useful. The paper is
organized around three broad classes of activity: activism, hacktivism,
and cyberterrorism. The first category, activism, refers to normal,
non-disruptive use of the Internet in support of an agenda or cause.
Operations in this area includes browsing the Web for information,
constructing Web sites and posting materials on them, transmitting
electronic publications and letters through e-mail, and using the Net to
discuss issues, form coalitions, and plan and coordinate activities. The
second category, hacktivism, refers to the marriage of hacking and
activism. It covers operations that use hacking techniques against a
target=s Internet site with the intent of disrupting normal operations
but not causing serious damage. Examples are Web sit-ins and virtual
blockades, automated e-mail bombs, Web hacks, computer break-ins, and
computer viruses and worms. The final category, cyberterrorism, refers
to the convergence of cyberspace and terrorism. It covers politically
motivated hacking operations intended to cause grave harm such as loss
of life or severe economic damage. An example would be penetrating an
air traffic control system and causing two planes to collide. There is a
general progression toward greater damage and disruption from the first
to the third category, although that does not imply an increase of
political effectiveness. An electronic petition with a million
signatures may influence policy more than an attack that disrupts
emergency 911 services. Although the three
categories of activity are treated separately, the boundaries between
them are somewhat fuzzy. For example, an e-mail bomb may be considered
hacktivism by some and cyberterrorism by others. Also, any given actor
may conduct operations across the spectrum. For example, a terrorist
might launch viruses as part of a larger campaign of cyberterrorism, all
the while using the Internet to collect information about targets,
coordinate action with fellow conspirators, and publish propaganda on
Web sites. Thus, while the paper distinguishes activists, hacktivists,
and terrorists, an individual can play all three roles. The following
sections discuss and give examples of activity in each of these three
areas. The examples are drawn from the Kosovo conflict, cryptography
policy, human rights in China, support for the Mexican Zapatistas, and
other areas of conflict. The examples are by no means exhaustive of all
activity in any of these areas, but intended only to be illustrative.
Nevertheless, they represent a wide range of players, targets, and
geographical regions. The main conclusion
of the paper is that the Internet can be an effective tool for activism,
especially when it is combined with other communications media,
including broadcast and print media and face-to-face meetings with
policy makers. It can benefit individuals and small groups with few
resources as well as organizations and coalitions that are large or
well-funded. It facilitates activities such as educating the public and
media, raising money, forming coalitions across geographical boundaries,
distributing petitions and action alerts, and planning and coordinating
events on a regional or international level. It allows activists in
politically repressive states to evade government censors and monitors. With respect to
hacktivism and cyberterrorism, those who engage in such activity are
less likely to accomplish their foreign policy objectives than those who
do not employ disruptive and destructive techniques. They may feel a
sense of empowerment, because they can control government computers and
get media attention, but that does not mean they will succeed in
changing policy. The main effect is likely to be a strengthening of
cyberdefense policies, both nationally and internationally, rather than
accommodation to the demands of the actors. Activism
The Internet offers
a powerful tool for communicating and coordinating action. It is
inexpensive to use and increasingly pervasive, with an estimated 201
million on-line as of September 1999.3 Groups of any size, from two to
millions, can reach each other and use the Net to promote an agenda.
Their members and followers can come from any geographical region on the
Net, and they can attempt to influence foreign policy anywhere in the
world. This section describes five modes of using the Internet:
collection, publication, dialogue, coordination of action, and direct
lobbying of decision makers. While treated separately, the modes are
frequently used together and many of the examples described here
illustrate multiple modes. Collection
One way of viewing
the Internet is as a vast digital library. The World Wide Web alone
offers about a billion pages of information, and much of the information
is free. Activists may be able to locate legislative documents, official
policy statements, analyses and discussions about issues, and other
items related to their mission. They may be able to find names and
contact information for key decision makers inside the government or
governments they ultimately hope to influence. They may be able to
identify other groups and individuals with similar interests, and gather
contact information for potential supporters and collaborators. There
are numerous tools that help with collection, including search engines,
e-mail distribution lists, and chat and discussion groups. Many Web
sites offer their own search tools for extracting information from
databases on their sites. One advantage of
the Internet over other media is that it tends to break down barriers
erected by government censors. For example, after Jordanian officials
removed an article from 40 print copies of the Economist on sale in
Jordan, a subscriber found a copy on-line, made photocopies, and faxed
it to 1,000 Jordanians. According to Daoud Kuttab, head of the Arabic
Media Internal Network (AMIA), the government would have been better off
leaving the print version intact. "We found this very
exciting," he said. "For the first time the traditional
censorship that exists within national borders was bypassed."
Kuttab said AMIA opened Jordanian journalists to the non-Arab world and
use of the Web as a research tool. "In the Jordanian media, we have
been able to detect a much more open outlook to the world as well as to
Arab issues," he said.4 The Internet itself
is not free of government censorship. According to Reporters Sans
Frontiers, 45 countries restrict their citizens' access to the Internet,
typically by forcing them to subscribe to a state-run Internet service
provider, which may filter out objectionable sites.5 Authoritarian
regimes recognize the benefits of the Internet to economic growth, but
at the same time feel threatened by the unprecedented degree of freedom
of speech. Chinese authorities
block access to Web sites that are considered subversive to government
objectives. This has been only partially effective, however, and Chinese
activists have found ways of slipping information past the controls. For
example, the editors of VIP Reference, a Washington-based electronic
magazine with articles and essays about democratic and economic
evolution inside China, e-mails their electronic newsletter directly to
addresses inside mainland China. The e-mail is sent from a different
address every day to get past e-mail blocks. It is also delivered to
random addresses, compiled from commercial and public lists, so that
recipients can deny having deliberately subscribed. As of January, about
250,000 people received the pro-democracy publication, including people
inside the government who did not want it. Chinese officials were not,
however, complacent. When 30-year-old Shanghai software entrepreneur Lin
Hai sold 30,000 e-mail addresses to VIP Reference, he was arrested and
later sentenced to two years in prison. In addition, authorities fined
him 10,000 yuan (HK$9,300) and confiscated his computer equipment and
telephone. Lin was said to be the first person convicted in China for
subversive use of the Internet. He claimed he was only trying to drum up
business and was not politically active.6 During the Kosovo
conflict, people in Yugoslavia had full access to the Internet,
including Western news sites. The Washington Post reported that
according to U.S. and British officials, the government controlled all
four Internet access providers in Yugoslavia and kept them open for the
purpose of spreading disinformation and propaganda. The Post also said
that Belgrade, with a population of 1.5 million, had about 100,000
Internet connections in mid-April.7 Individuals without their own
connections could get access at Internet cafes. Even though Serbs
had access to Western news reports, both through the Internet and
through satellite and cable television, many did not believe what they
saw and heard from Western media. They considered coverage on Western
television stations such as CNN and Sky News to be as biased as that on
the Yugoslav state-run station, citing instances when Western reports of
Serbian atrocities turned out to be wrong. Alex Todorovic, a
Serbian-American who spent time in Belgrade during the conflict
observed, "By and large, Serbs mistrust the rest of the world=s
media. CNN, for example, is considered the official voice of
Washington."8 Some Yugoslav surfers did not even bother looking at
Western news sites on the Internet. When asked if she visited Web sites
of Western news stations, one 22-year-old student replied, "No, I
don=t believe in their information, so why should I upset myself?"9
Thus, it is not clear that the decision on the part of either Milosovic
or NATO to keep the Internet open in Yugoslavia undermined Milosovic=s
objectives. Further, given that people living in Yugoslavia personally
witnessed and felt the effects of the NATO bombing and either
disbelieved reports or heard little about Serb atrocities against the
ethnic Albanians in Kosovo, it is not surprising that an anti-NATO
discourse ran throughout Belgrade. As one pharmacist observed, "I
have two children. The people who are bombing my kids are my only enemy
right now."10 In addition to
information relating to a particular policy issue, the Web offers
cyberactivists various information that can help them use the Net
effectively. For example, NetAction offers a training guide for the
virtual activist. The guide provides information on the use of e-mail
for outreach, organizing, and advocacy; Web-based outreach and advocacy
tools; membership and fundraising; netiquette and policy issues; and
various resources.11 Publication
The Internet offers
several channels whereby advocacy groups and individuals can publish
information (and disinformation) to further policy objectives. They can
send it through e-mail and post it to newsgroups. They can create their
own electronic publications or contribute articles and essays to those
of others. They can put up Web pages with documents, images, audio and
video clips, and other types of information. The Web sites can serve as
a gathering place and source of information for supporters, potential
supporters, and onlookers. One reason the
Internet is popular among activists is its cost advantage over
traditional mass media. It is easier and cheaper to post a message to a
public forum or put up a Web site than it is to operate a radio or
television station or print a newspaper. Practically anyone can afford
to be a publisher. In addition, the reach of the Internet is global. A
message can potentially reach millions of people at no additional cost
to the originator. Further, activists can control their presentation to
the world. They decide what is said and how. They do not have to rely on
the mass media to take notice and tell their story "right." During the Kosovo
conflict, organizations and individuals throughout the world used their
Web sites to publish information related to the conflict and, in some
cases, to solicit support. Non-government organizations with Kosovo-related
Web pages included the press, human rights groups, humanitarian relief
organizations, churches, and women=s groups. Government Web
sites on Kosovo tended to feature propaganda and materials that
supported their official policies. An exception was the U.S. Information
Agency Web site, which presented a survey of news stories from around
the world, some of which were critical of NATO actions.12 Jonathan
Spalter, USIA Chief Information Officer, commented that "The
measure of our success is the extent to which we are perceived not as
propaganda but anti-propaganda."13 The British
government's Foreign Office used their Web site, in part, to counter
Serb propaganda. Concerned that the Yugoslav public was getting a highly
distorted view of the war, Foreign Secretary Robin Cook posted a message
on their Web site intended for the Serbs. The message said that Britain
has nothing against the Serbs, but was forced to act by the scale of
Yugoslav President Slobodan Milosevic's brutality.14 British Defense
Secretary George Robertson said the Ministry of Defence (MoD) had
translated its Web site into Serbian to counter censorship by Belgrade
of the news.15 The Yugoslav media
was controlled by the Serbian government and served to promote
Milosevic's policies. Yugoslavia had an independent, pro-democracy radio
station, B92, but it was raided by the police in the early days of the
Kosovo conflict and turned over to a government-appointed station
manager.16 B92 had had a run-in with the government earlier in late 1996
when government jammers tried to keep it from airing news broadcasts. At
that time, however, B92 prevailed, in part by encoding their news
bulletins in RealAudio format and posting them on a Web site in
Amsterdam. Radio Free Europe acquired tapes of the news programs and
rebroadcasted them back to the Serbs, circumventing the jammers, who
then gave up.17 But when the government took over B92's facility in
1999, B92's then-managers ceded to the government and also discontinued
posting materials on their Web site, which had offered viewers a
reliable source of information about the conflict. This was considered a
great loss to Yugoslavia's pro-democracy movement and general public,
which had rallied behind Belgrade's top-rated news station. A few individuals
inside Yugoslavia posted to the Internet first-hand accounts of events
as they were being witnessed or shortly thereafter. Their stories told
of fear and devastation, the latter caused not only by the Serb
military, but also by NATO bombs. By all accounts, the situation inside
Yugoslavia was horrible for citizens everywhere, whether Serbian or
ethnic Albanian. The stories may have inspired activists and influenced
public opinion, but it is not clear what if any impact they had on
government decision making. New-media artists
used to the Web to voice their opinions on the Balkans conflict. In late
March, artist and high-school teacher Reiner Strasser put up a site
called Weak Blood, which featured works of visual poetry, kinetic
imagery, and interactive art, all making an anti-violence statement.
Strasser vowed to add one or two pieces a day "as long as bombs are
falling and humans are massacred" in the region.18 Some Serbs with
Internet access sent e-mails to American news organizations calling for
an end to the NATO bombing. Many of the messages contained heated
rhetoric that was anti-NATO and anti-U.S. One letter directed to the
Associated Press ended, "To be a Serb now is to be helpless ... to
listen to the euphemistic and hypocritic phrases as 'peace-making
mission,' moral imperative." Other messages contained human stories
about how their lives were affected. Tom Reid, London correspondent to
the Washington Post, said he received 30-50 messages a day from
professors at universities and activists all over Yugoslavia. The
general tenor of the messages was all the same, "'Please remember
there are human beings under your bombs,'" he said.19 The Serbs
used e-mail distribution lists to reach tens of thousands of users,
mostly in the United States, with messages attacking the NATO bombing
campaign. One message read AIn the last nine days, NATO barbarians have
bombed our schools, hospitals, bridges, killed our people but that was
not enough for them now they have started to destroy our culture
monuments which represents the core of existence of our nation.@ Most
recipients were annoyed by this unwanted "spam," which the
Wall Street Journal dubbed AYugospam.@20 Dennis Longley, a
professor in the Information Security Research Centre at Australia's
Queensland University of Technology, said they received a suspicious
e-mail from Serbia. The message had two paragraphs. The first was the
usual friendly greetings, while the second was a rant about NATO that
read like pure propaganda, characterizing NATO as a "terrorist
organization" that "brought nothing but a gigantic
humanitarian disaster to Kosovo," while attributing the cause of
the problem to "albanian terrorist and separatist actions, not the
repression by the government security forces." The second paragraph
exhibited a style unlike the first and a standard of English well below
that of the sender, leading them to speculate that Serb authorities had
modified the e-mail.21 If that is so, one is left wondering how much
other anti-NATO talk hitting the Net was the work of the government. Of course, not all
of the messages coming out of the Balkans were anti-NATO. Shortly after
the Kosovo conflict began, I found myself on a list called "kcc-news,"
operated by the Kosova [sic] Crisis Center from the Internet domain
"alb-net.com." The messages included Human Rights Flashes from
Human Rights Watch, Action Alerts from the Kosova Task Force,22 and
other appeals for support in the war against the Serbs. One message
contained a flier calling for "sustained air strikes until total
Serb withdrawal" and "ground troops to STOP GENOCIDE
now." The flier included links to Web pages that documented Serb
atrocities and aggression. Even though the
Yugoslav government did not prohibit Internet activity, fear of
government reprisals led some to post their messages through anonymous
remailers so they could not be identified. This allowed for a freer
discourse on Internet discussion groups and contributed to the spread of
information about the situation inside Belgrade and Kosovo. Microsoft
Corp. initiated a section called "Secret Dispatches from
Belgrade" on the Web site of their online magazine Slate. An
anonymous correspondent gives daily reports of both alleged Serb
atrocities and civilian suffering inflicted by NATO bombs.23 After human rights
organizations expressed concern that the Yugoslav government might be
monitoring Internet activity and cracking down on anyone expressing
dissenting views, Anonymizer Inc., a provider of anonymous Web browsing
and e-mail services, launched the Kosovo Privacy Project Web site. The
site, which went on-line in April, offered surfers anonymous e-mail and
instant, anonymous access to Voice of America, Radio Free Europe, and
about 20 other Web sites. According to Federal Computer Week, Anonymizer
planned to add NATO and other Western government information sites to
the Kosovo list, and to launch similar projects for human rights
situations in other parts of the world, for example, China.24 However,
the effectiveness of the Kosovo project was never established. In
August, USA Today reported that activists said the project was little
noticed inside Kosovo, where traditional media seemed unaware while the
fighting knocked out Internet trunk lines in short order.25 The Internet has
raised numerous policy issues in such areas as privacy, encryption,
censorship, electronic commerce, international trade, intellectual
property protection, taxation, Internet governance, cybercrime, and
information warfare, all of which have a foreign policy dimension. As
the issues surfaced and took on some urgency, existing industry and
public-interest groups began to address them. In addition, both national
and international advocacy groups sprung up specifically devoted to
Internet issues. They all operate Web sites, where they publish policy
papers and information about issues, events, and membership. Many also
send out e-mail newsletters and alerts. In the area of
encryption policy, for example, the major players include Americans for
Computer Privacy (ACP), the Center for Democracy and Technology (CDT),
Cyber-Rights & Cyber Liberties, the Electronic Frontier Foundation (EFF),
the Electronic Privacy Information Center (EPIC), the Global Internet
Liberty Campaign (GILC), and the Internet Privacy Coalition. The ACP has
perhaps the largest group of constituents, being composed of 40 trade
associations, over 100 companies, and more than 3,000 individual
members.26 GILC is one of the most global, with member organizations
from Europe, North America, Australia, and Asia. In July 1999, nine
leading U.S.-based Internet companies joined forces to become the voice
of the Internet on issues such as privacy, consumer protection, and
international trade. The industry group, called NetCoalition.com,
includes America Online, Amazon.com, eBay, Lycos, Yahoo!, DoubleClick,
Excite@Home, Inktomi, and Theglobe.com. The companies represent 7 of the
top 10 Internet sites and more than 90% of the world=s Internet users
visit one of the sites at least once a month. The group plans to focus
on 150 Internet-related bills that were introduced in Congress.27 The Internet is
used extensively as a publication medium by hackers (including
hacktivists) and terrorists. Hackers publish electronic magazines and
put up Web sites with software tools and information about hacking,
including details about vulnerabilities in popular systems (e.g.,
Microsoft Windows) and how they can be exploited, programs for cracking
passwords, software packages for writing computer viruses, and scripts
for disabling or breaking into computer networks and Web sites. In March
1997, an article in the New York Times reported that there were an
estimated 1,900 Web sites purveying hacking tips and tools, and 30
hacker publications.28 Terrorist groups
use the Internet to spread propaganda. Back in February 1998, Hizbullah
was operating three Web sites: one for the central press office (www.hizbollah.org),
another to describe its attacks on Israeli targets (www.moqawama.org),
and the third for news and information (www.almanar.com.lb).29 That
month, Clark Staten, executive director of the Emergency Response &
Research Institute (ERRI) in Chicago, testified before a U.S. Senate
subcommittee that "even small terrorist groups are now using the
Internet to broadcast their message and misdirect/misinform the general
population in multiple nations simultaneously." He gave the
subcommittee copies of both domestic and international messages
containing anti-American and anti-Israeli propaganda and threats,
including a widely distributed extremist call for Ajihad@ (holy war)
against America and Great Britain.30 In June 1998, U.S. News & World
Report noted that 12 of the 30 groups on the U.S. State Department=s
list of terrorist organizations are on the Web. As of August 1999, it
appears that virtually every terrorist group is on the Web, along with a
mishmash of freedom fighters, crusaders, propagandists, and
mercenaries.31 Forcing them off the Web is impossible, because they can
set up their sites in countries with free-speech laws. The government of
Sri Lanka, for example, banned the separatist Liberation Tigers of Tamil
Eelam, but they have not even attempted to take down their London-based
Web site.32 Dialogue
The Internet offers
several venues for dialogue and debate on policy issues. These include
e-mail, newsgroups, Web forums, and chat. Discussions can be confined to
closed groups, for example through e-mail, as well as open to the
public. Some media sites offer Web surfers the opportunity to comment on
the latest stories and current issues and events. Government officials
and domain experts may be brought in to serve as catalysts for
discussion, debate issues, or answer questions. Discussion can even take
place on Web sites that themselves lack such facilities. Using Gooey
software from the Israeli company Hypernix, for example, visitors to a
Web site can chat with other Gooey users currently at the site.33 Internet discussion
forums are frequently used to debate, blast, and maybe even attempt to
influence government policies. Encryption policy, for example, is
discussed on the e-mail lists "cypherpunks" and "ukcrypto"
and on several newsgroups, including alt.privacy and sci.crypt. The ukcrypto list
created was created in early 1996 by two academics, Ross Anderson
(Cambridge) and Paul Leyland (Oxford), and one person then in
government, Brian Gladman (NATO SHAPE), who was acting outside his
official capacity. Motivated by a concern that a lack of public
discussion and debate in the United Kingdom on cryptography issues was
allowing the government to set policies that they believed were not in
interests of the United Kingdom and its citizens, they formed the list
with the objective of impacting cryptography policy. They were concerned
both with domestic policy, particularly proposals to restrict the use of
cryptography by U.K. citizens, and on foreign policy, particularly
export controls. As of May 1999, the list has 300 subscribers, including
government officials responsible for U.K.policy and persons in other
countries, including the United States. Many of the key contributors
held influential positions in other policy making fora. Focus is on U.K.
policy issues, but items of international interest are also discussed,
including export controls adopted under the Wassenaar Arrangement (31
countries participate); policy changes adopted by France, the United
States, and other countries; policy statements from the European Union
and other organizations; and some technical issues.34 Gladman believes
the list has made four contributions: 1) educating many about the policy
issues and encouraging journalists and writers to write about them; 2)
bringing individual and industry views closer together and allowing U.K.
industry to see more clearly that agreeing with their government may not
be a good thing if private citizens do not support government policy; 3)
encouraging the more progressive voices in government to speak out and
argue from within government that their views represent those of the
public; and 4) bringing groups together that were previously campaigning
separately. "The most significant contribution of ukcrypto is not
direct," Gladman said. "It is the contribution that it has
made in promoting an educated community of commentators and a forum for
the review of what government is doing that is fully open." On the downside,
some postings on ukcrypto may alienate the very government officials the
authors hope to influence. According to Gladman, Adiscussions on the
list can become slinging matches that quickly put those in government on
the defensive and hence inclined to discount what is being said. It
would be more effective if we had a way of focusing on the issues and
not the personalities.@35 But Andrew Brown gave ukcrypto high marks,
crediting it with most of the thought and co-ordination behind the
successful campaign to keep strong cryptography legal and widely
available. "There, for the past two years, the civil servants
responsible for policy have actually been available, more or less, to
the people who disagree with them," he wrote in New Statesman.
"They have had to justify their actions, not to the public, but to
a small group of geographically dispersed experts ... It's a kind of
updated version of Lions v Christians."36 Nigel Hickson, one
of the principal players in the policy debates from the U.K. Department
of Trade and Industry, agrees the Internet and ukcrypto in particular
have played a role in shaping U.K. cryptography policy.37 But he was
also critical of the list: "Whilst ukcyrpto has undoubtedly had an
influence on the development of UK encryption policy, it has tended to
polarise the debate into extremes. This may be because there tends to be
a large silent majority on the list who do not directly contribute
because o f commercial or policy reasons."38 Besides participating
in ukcrypto, the DTI has published draft consultation documents on the
Web for comment. Many of the comments they receive arrive through
electronic mail. DTI has also met with industry groups and participated
in non-Internet forums such as conferences and seminars. These have also
helped shape policy decisions. There are Usenet
newsgroups and other interactive forums that focus on practically every
conceivable topic relating to foreign (and domestic) policy. Whether
these are effective or not in terms of influencing policy is another
matter. After studying the impact of the Net on the American political
system, Richard Davis, a political science professor at Brigham Young
University and author of The Web of Politics, observed that "In
Usenet political discussions, people talk past one another, when they
are not verbally attacking each other. The emphasis is not problem
solving, but discussion dominance."39 Davis also found
interactivity on the Internet to be primarily an illusion:
"Interest groups, party organizations, and legislators seek to use
the Web for information dissemination, but they are rarely interested in
allowing their sites to become forums for the opinions of
others."40 Coordination of
Action Advocacy groups can
use the Internet to coordinate action among members and with other
organizations and individuals. Action plans can be distributed by e-mail
or posted on Web sites. Services are cheaper than phone and fax
(although these services can also be delivered through the Internet),
and faster than physical delivery (assuming Internet services are
operating properly, which is not always the case). The Internet lets
people all over the world coordinate action without regard to
constraints of geography or time. They can form partnerships and
coalitions or operate independently. One Web site was
created to help activists worldwide coordinate and locate information
about protests and meetings. According to statements on Protest.Net, the
Web site serves "to help progressive activists by providing a
central place where the times and locations of protests and meetings can
be posted." The site=s creator said he hoped it would "help
resolve logistical problems that activists face in organizing events
with limited resources and access to mass media."41 The site
features news as well as action alerts and information about events. The power of the
Internet to mobilize activists is illustrated by the arrest of Kurdish
rebel leader Abdullah Ocalan. According to Michael Dartnell, a political
science professor at Concordia University, when Turkish forces arrested
Ocalan, Kurds around the world responded with demonstrations within a
matter of hours. He attributed the swift action in part to the Internet
and Web. "They responded more quickly than governments did to his
arrest," he said. Dartnell contends the Internet and advanced
communication tools were changing the way people around the world play
politics. Anti-government groups are establishing alliances and
coalitions that might not have existed before the technology was
introduced.42 The force of the
Internet is further illustrated by the day of protest against business
that took place on June 18, 1999. The protests, which were set up to
coincide with a meeting of the G8 in Cologne, Germany, was coordinated
by a group called J18 from a Web site inviting people to plan individual
actions focusing on disrupting "financial centres, banking
districts and multinational corporate power bases." Suggested
activity included marches, rallies, and hacking. In London, up to 2,000
anti-capitalists coursed through the city shouting slogans and
spray-painting buildings.43 According to the Sunday Times, teams of
hackers from Indonesia, Israel, Germany, and Canada attacked the
computers of at least 20 companies, including the Stock Exchange and
Barclays. More than 10,000 attacks were launched over a 5-hour period.44
During the Kosovo
conflict, the Kosova Task Force used the Internet to distribute action
plans to Muslims and supporters of Kosovo. A March 31 Action Alert, for
example, asked people to organize rallies in solidarity with Kosovo at
local federal buildings and city halls on April 3 at 11:00 AM; organize
public funeral prayers; make and encourage others to make daily calls or
send e-mail to the White House asking for Kosovo independence, sustained
air strikes until total Serb withdrawal from Kosovo, and arming of
ethnic Albanians in Kosovo; and make and encourage others to make calls
to their Representatives and Senators. An April 18 alert asked every
community in the U.S. to establish a Kosova Room for action and
information. Each room was to be equipped with a bank of phones for
making 1,000 calls to the White House and Congress in support of
resolution #HCR 9, calling for independence of Kosovo. The International
Campaign to Ban Landmines (ICBL), a loose coalition of over 1,300 groups
from more than 75 countries, has made extensive use of the Internet in
their efforts to stop the use, production, stockpiling, and transfer of
antipersonnel landmines, and to increase international resources for
humanitarian mine clearance and victim assistance. According to ICBL=s
Liz Bernstein, the Net has been the dominant form of communication since
1996.45 It has been used to coordinate events and committee functions,
distribute petitions and action alerts, raise money, and educate the
public and media. Although most direct lobbying is done through
face-to-face meetings and letters, e-mail has facilitated communications
with government policy makers. Bernstein said the Net Ahas helped the
nature of the campaign as a loose coalition, each campaign setting their
own agenda yet with common information and communication.@46 Ken
Rutherford, co-founder of Land Mine Survivors Network, noted that the
Internet also helped establish bridges from North America and Europe to
Asia and Africa, and helped enable quick adoption of the 1997 landmine
treaty.47 It became international law on March 1, 1999 and, as of
September 16,1999, has been signed by 135 countries and ratified by 86.
In 1997, the Nobel Peach Prize was awarded to the ICBL and its then
coordinator, Jody Williams.48 Human rights
workers increasingly use the Internet to coordinate their actions
against repressive governments. One tool that has become important in
their battles is encryption, as it allows activists to protect
communications and stored information from government interception.
Human rights activists in Guatemala, for example, credited their use of
Pretty Good Privacy (PGP) with saving the lives of witnesses to military
abuses.49 Encryption is not the ultimate solution, however, as
governments can outlaw its use and arrest those who do not comply. PGP was originally
developed by a Colorado engineer and activist, Phil Zimmermann, who
wanted to make strong encryption available to the public for privacy
protection against government eavesdroppers. Although the software was
export-controlled, someone (not Zimmermann) quickly posted it on a
foreign Internet site where it could be downloaded by anyone, anywhere,
despite export regulations. Since then, other encryption tools have been
posted on Internet sites all over the world, and the argument is
frequently made that the availability of such tools demonstrates the
futility of export controls. This is one factor driving export policy
towards increased liberalization, but other factors have also
contributed, including the role of encryption in electronic commerce and
a concern that export controls harm the competitiveness of industry.
That drive is countered, however, by a concern that the widespread
availability of encryption will make it harder for law enforcement and
intelligence agencies to gather intelligence from communications
intercepts. Indeed, terrorists
also use the Internet to communicate and coordinate their activities.
Back in 1996, the headquarters of terrorist financier bin Laden in
Afghanistan was equipped with computers and communications equipment.
Egyptian "Afghan" computer experts were said to have helped
devise a communication network that used the Web, e-mail, and electronic
bulletin boards.50 Hamas activists have been said to use chat rooms and
e-mail to plan operations and coordinate activities, making it difficult
for Israeli security officials to trace their messages and decode their
contents.51 The U.S.
government's program to establish an Advanced Encryption Standard (AES)
illustrates how government can use the Internet to invite and coordinate
participation in a decision-making process of international
significance. The Department of Commerce National Institute of Standards
and Technology (NIST) set up a Web site with information about the AES
program and AES conferences, a schedule of events, candidate encryption
algorithms (more than half from outside the United States),
documentation and test values, and links to public analysis efforts all
over the world. The site contains an electronic discussion forum and
Federal Register call for comments. Public comments are posted on the
site and NIST representatives contribute to the on-line discussions and
answer questions.52 Because the AES will offer a foundation for secure
electronic commerce and privacy internationally, involving the
international community from the beginning will help ensure its success
and widespread adoption. Cryptographers from all over in the world have
been participating. NIST's use of the
Internet to aid a decision process seems to be unusual. While most
government sites provide an e-mail address for making contact, they do
not support discussion forums or even actively solicit comments on
specific pending policy decisions. However, to the extent that
government agencies invite or welcome e-mail messages and input through
electronic discussion groups, the Internet can serve the democratic
process. Because it is easier to post or send a message on the Internet
than to send a written letter, professionals and others with busy
schedules may be more inclined to participate in a public consultation
process or attempt to influence policy when policy makers are readily
accessible through the Internet. Lobbying
Decision Makers
Whether or not
government agencies solicit their input, activists can use the Internet
to lobby decision makers. One of the methods suggested by the Kosova
Task Force for contacting the White House, for example, was e-mail.
Similarly, a Canadian Web site with the headline "Stop the NATO
Bombing of Yugoslavia Now!" urged Canadians and others interested
in stopping the war to send e-mails and/or faxes to the Canadian Prime
Minister, Jean Chretien, and all members of the Canadian Parliament. A
sample letter was included. The letter concluded with an appeal to Astop
aggression against Yugoslavia and seek a peaceful means to resolve the
Kosovo problem.@53 E-mail has been
credited with halting a U.S. banking plan aimed to combat money
laundering. Under the "Know Your Customer" policy, banks would
have been required to monitor customer's banking patterns and report
inconsistencies to federal regulators. Recognizing the value of the
Internet to its deliberations, the Federal Deposit Insurance Corporation
(FDIC) put up a Web site, published an e-mail address for comments, and
printed out and tabulated each message. By the time the proposal was
withdrawn, they had received 257,000 comments, 205,000 (80%) of which
arrived through e-mail. All but 50 of the letters opposed the plan.
FDIC=s chair, Donna Tanoue, said it was the huge volume of e-mail that
drove the decision to withdraw the proposal. "It was the nature and
the volume [of the comments]," she said. "When consumers can
get excited about an esoteric bank regulation, we have to pay
attention."54 Most of the e-mail
was driven by an on-line advocacy campaign sponsored by the Libertarian
Party. About 171,000 (83%) of the e-mail messages were sent through the
party's Web site. The party advertised its advocacy campaign in talk
radio interviews and by sending a notice to its e-mail membership
list.55 One could argue that the results were due more to the efforts of
a large non-government organization than to a grassroots response from
the citizens. Indeed, many e-mail
campaigns have been driven by non-government organizations. The
organizations send e-mail alerts on issues to electronic mailing lists,
offer sample letters to send members of Congress and other decision
making bodies, and, in some cases, set up e-mailboxes or Web sites to
gather signatures for petitions. The petition process can be automated,
making it possible to gather huge volumes of signatures across a wide
geographic area with little effort and cost. One Web site, e-The People,
offers hundreds of petitions to choose from and 170,000 e-mail addresses
of government officials.56 Computer
Professionals for Social Responsibility (CPSR) organized an Internet
petition campaign in early 1994 to protest the U.S. government's
proposal to adopt the Clipper encryption chip as a standard.57 The chip
offered strong encryption, but would have given law enforcement agencies
the capability to decrypt a subject's messages when conducting a
court-ordered wiretap against the subject. Despite numerous safeguards
to ensure government agencies could not violate the privacy of users of
the chip,58 Clipper was strongly opposed for privacy (and other)
reasons, and the general sentiment expressed on Internet newsgroups and
e-mail discussion lists was strongly anti-Clipper. CPSR announced their
petition through e-mail and set up an e-mail address whereby people
could sign on. They collected tens of thousands of signatures, but it is
not clear the petition had much impact. The government moved forward
with the standard anyway.59 Although Clipper
was to be a U.S. standard, it was tied in with the government=s foreign
encryption policy. Because of its back door, it was to be generally
exportable, unlike other encryption products with comparable
cryptographic strength. Also, the Administration urged other governments
to adopt a similar approach. However, after extensive lobbying efforts
by industry and civil liberties groups, Clipper met its death. The
government moved instead toward a more flexible and liberal approach to
encryption export controls. Because of the low
cost of operation, individuals can run their own advocacy campaigns. For
example, during the heart of the impeachment process against President
Clinton, Joan Blades and Wes Boyd, a husband and wife team in Berkeley,
founded MoveOn.org and put up a Web site inviting citizens to sign a
one-sentence petition: "The Congress must immediately censure
President Clinton and move on to pressing issues facing the
country." In just four months, the petition gathered a half-million
signatures. Another petition that read "In the Year 2000 election,
I will work to elect candidates who courageously address key national
issues and who reject the politics of division and personal
destruction" was sent to every member of the House and Senate.
MoveOn.org received pledges of $13 million and more than 650,000
volunteer hours for congressional candidates in the 2000 election who
supported their position.60 It is difficult to assess the impact of the
site on the impeachment process, but it may have amplified public
opinion polls, which showed the American public supported Clinton and
wanted Congress to turn to other issues. While activists can
attempt to influence policy makers through e-mail, it is not clear most
policy makers listen (the FDIC, which asked for comments, was an
exception). Richard Davis found that "the Internet has not lived up
to its promise as a forum for public expression to elected officials. In
fact, while publicly encouraging e-mail, members are becoming
increasingly disenchanted with it. If the most idealistic members
originally envisioned e-mail as the impetus for intelligent
communication with constituents, they have seen e-mail deteriorate into
a mass mailing tool for political activists." Davis concluded that
"members may even discount e-mail communication."61 According
to the Wall Street Journal, Senator Charles Schumer's office gives first
priority to old-fashioned letters. Persons sending an e-mail to his
account get back an automatic response telling them to submit a letter
if they want a personal reply.62 The most successful
advocacy groups are likely to be those that use the Internet to augment
traditional lobbying methods, including personal visits to decision
makers and use of broadcast media to reach the public. These operations
can be time consuming and expensive, favoring groups that are
well-funded. They also require a network of long-term and trusted
relationships with policy makers, sponsors, and voters. This supports
Davis's conclusion that the promise of the Internet as a forum for
participatory democracy is unlikely to be realized. Davis found that
existing dominant players in American politics -- the media, interest
groups, candidates, and policy makers -- are adapting to the Internet to
retain preeminence; and that the Internet is not an adequate tool for
public political movement.63 Hacktivism
Hacktivism is the
convergence of hacking with activism, where "hacking" is used
here to refer to operations that exploit computers in ways that are
unusual and often illegal, typically with the help of special software
("hacking tools"). Hacktivism includes electronic civil
disobedience, which brings methods of civil disobedience to cyberspace.
This section explores four types of operations: virtual sit-ins and
blockades; automated e-mail bombs; Web hacks and computer break-ins; and
computer viruses and worms. Because hacking incidents are often reported
in the media, operations in this category can generate considerable
publicity for both the activists and their causes. Virtual Sit-Ins
and Blockades
A virtual sit-in or
blockade is the cyberspace rendition of a physical sit-in or blockade.
The goal in both cases is to call attention to the protestors and their
cause by disrupting normal operations and blocking access to facilities.
With a sit-in,
activists visit a Web site and attempt to generate so much traffic
against the site that other users cannot reach it. A group calling
itself Strano Network conducted one of the first such demonstrations as
a protest against French government policies on nuclear and social
issues. On December 21, 1995, they launched a one-hour Net-Strike attack
against the Web sites operated by various government agencies. At the
appointed hour, participants from all over the world were instructed to
point their browsers to the government Web sites. According to reports,
at least some of the sites were effectively knocked out for the
period.64 In 1998, the
Electronic Disturbance Theater (EDT) took the concept of electronic
civil disobedience a step further. They organized a series of Web
sit-ins, first against Mexican President Zedillo=s Web site and later
against President Clinton=s White House Web site, the Pentagon, the
School of the Americas, the Frankfurt Stock Exchange, and the Mexican
Stock Exchange. The purpose was to demonstrate solidarity with the
Mexican Zapatistas.65 According to EDT=s Brett Stalbaum, the Pentagon
was chosen because Awe believe that the U.S. military trained the
soldiers carrying out the human rights abuses.@ For a similar reason,
the School of the America=s was selected.66 The Frankfurt Stock Exchange
was targeted, Stalbaum said, "because it represented capitalism's
role in globalization utilizing the techniques of genocide and ethinic
cleansing, which is at the root of the Chiapas' problems. The people of
Chiapas should play a key role in determining their own fate, instead of
having it pushed on them through their forced relocation (at gunpoint),
which is currently financed by western capital."67 To facilitate the
strikes, the organizers set up special Web sites with automated
software. All participants had to do was visit one of the FloodNet
sites. When they did, their browser would download the software (a Java
Applet), which would access the target site every few seconds. In
addition, the software let protesters leave a personal statement on the
targeted server=s error log. For example, if they pointed their browsers
to a non-existent file such as "human_rights" on the target
server, the server would return and log the message "human_rights
not found on this server." Stalbaum, who wrote the software,
characterized FloodNet as "conceptual net art that empowers people
through active/artistic expression."68 EDT estimated that
10,000 people from all over the world participated in the sit-in on
September 9 against the sites of President Zedillo, the Pentagon, and
the Frankfurt Stock Exchange, delivering 600,000 hits per minute to
each. The Pentagon, however, did not sit by idly. It struck back. When
their server sensed an attack from the FloodNet servers, they launched a
counter-offensive against the users= browsers, redirecting them to a
page with an Applet program called "HostileApplet." Once
there, the Applet was downloaded to their browsers, where it endlessly
tied up their machines trying to reload a document until the machines
were rebooted. President Zedillo=s site did not strike back on this
occasion, but at a June sit-in, they used software that caused the
protestors= browsers to open window after window until their computers
crashed. The Frankfurt Stock Exchange reported that they were aware of
the protest, but believed it had not affected their services. They said
that they normally got about 6 million hits a day. Overall, EDT
considered the attack a success. "Our interest is to help the
people of Chiapas to keep receiving the international recognition that
they need to keep them alive," said Stalbaum.69 When asked about
the impact of their Web strikes, EDT's Ricardo Dominguez responded,
"Digital Zapatismo is and has been one of the most politically
effective uses of the Internet that we know of since January 1, 1994. It
has created a distribution network of information with about 100 or more
autonomous nodes of support. This has enabled the EZLN (Zapatista
National Liberation Army) to speak to the world without having to pass
through any dominant media filter. The Zapatistas were chosen by Wired
as one of the twenty-five most important people on-line in 1998. ... The
Zapatista network has, also, held back a massive force of men and the
latest Drug War technologies from annihilating the EZLN in a few
days." Regarding FloodNet specifically, he said the main purpose of
the Electronic Disturbance Theatre's Zapatista FloodNet performance
"is to bring the situation in Chiapas to foreground as often as
possible. The gesture has created enough ripples with the Pentagon and
the Mexican government that they have had to respond using both on-line
and off-line tactics. Thus, these virtual sit-ins have captured a large
amount of traditional media attention. You would not be interviewing us
if this gesture had not been effective in getting attention to the
issues on a global scale."70 EDT has used their
FloodNet software against the White House Web site to express opposition
to U.S. military strikes and economic sanctions against Iraq. In their
"Call for FloodNet Action for Peace in the Middle East," EDT
articulated their philosophy. "We do not believe that only
nation-states have the legitimate authority to engage in war and
aggression. And we see cyberspace as a means for non-state political
actors to enter present and future arenas of conflict, and to do so
across international borders."71 Animal right=s activists have also
used the FoodNet software to protest the treatment of animals. Over 800
protestors from more than 12 countries joined a January 1999 sit-in
against Web sites in Sweden.72 And on June 18, FloodNet was one of the
tools used in the anti-capitalist attack coordinated by J18.73 Whether Web sit-ins
are legal is not clear. Mark Rasch, former head of the Department of
Justice=s computer crime unit, said that such attacks run the risk of
violating federal laws, which make it a crime to distribute a program,
software code, or command with the intent to cause damage to another's
site. AIt may be an electronic sit-in, but people get arrested at
sit-ins,@ he said.74 A related question is the legality of using a
denial-of-service counter-offensive. In the case of the Pentagon, their
response most likely would be considered lawful, as it is permissible
for a nation to take "proportional" actions to defend against
an attack that threatens its security. There are a variety
of methods whereby an individual, acting alone, can disrupt or disable
Internet servers. These frequently involve using attack software that
floods the server with network packets. During the Kosovo conflict,
Belgrade hackers were credited with conducting such attacks against NATO
servers. They bombarded NATO=s Web server with Aping@ commands, which
test whether a server is running and connected to the Internet. The
effect of the attacks was to cause line saturation of the targeted
servers.75 When large numbers
of individuals simultaneously attack a designated site, such as with the
ECD Web sit-ins, the operation is sometimes referred to as
"swarming." Swarming can amplify other types of attack, for
example, a ping attack or an e-mail bombing (discussed next). E-Mail Bombs
It is one thing to
send one or two messages to government policy makers, even on a daily
basis. But it is quite another to bombard them with thousands of
messages at once, distributed with the aid of automated tools. The
effect can be to completely jam a recipient=s incoming e-mail box,
making it impossible for legitimate e-mail to get through. Thus, an
e-mail bomb is also a form of virtual blockade. Although e-mail bombs
are often used as a means of revenge or harassment, they have also been
used to protest government policies. In what some U.S.
intelligence authorities characterized as the first known attack by
terrorists against a country's computer systems, ethnic Tamil guerrillas
were said to have swamped Sri Lankan embassies with thousands of
electronic mail messages. The messages read "We are the Internet
Black Tigers and we=re doing this to disrupt your
communications."76 An offshoot of the Liberation Tigers of Tamil
Eelam, which had been fighting for an independent homeland for minority
Tamils, was credited with the 1998 incident.77 The e-mail bombing
consisted of about 800 e-mails a day for about two weeks. William
Church, editor for the Centre for Infrastructural Warfare Studies (CIWARS),
observed that "the Liberation Tigers of Tamil are desperate for
publicity and they got exactly what they wanted ... considering the
routinely deadly attacks committed by the Tigers, if this type of
activity distracts them from bombing and killing then CIWARS would like
to encourage them, in the name of peace, to do more of this type of
"terrorist activity."78 The attack, however, was said to have
had the desired effect of generating fear in the embassies. During the Kosovo
conflict, protestors on both sides e-mail bombed government sites.
According to PA News, Nato spokesman Jamie Shea said their server had
been saturated at the end of March by one individual who was sending
them 2,000 messages a day.79 Fox News reported that when California
resident Richard Clark heard of attacks against NATO=s Web site by
Belgrade hackers, he retaliated by sending an e-mail bomb to the
Yugoslav government=s site. Clark said that a few days and 500,000
e-mails into the siege, the site went down. He did not claim full
responsibility, but said he "played a part." That part did not
go unrecognized. His Internet service provider, Pacific Bell, cut off
his service, saying his actions violated their spamming policy.80 An e-mail bombing
was conducted against the San Francisco-based Internet service provider
Institute for Global Communications (IGC) in 1997 for hosting the Web
pages of the Euskal Herria Journal, a controversial publication edited
by a New York group supporting independence of the mountainous Basque
provinces of northern Spain and southwestern France. Protestors claimed
IGC "supports terrorism" because a section on the Web pages
contained materials on the terrorist group Fatherland and Liberty, or
ETA, which was responsible for killing over 800 during its nearly
30-year struggle for an independent Basque state. The attack against IGC
began after members of the ETA assassinated a popular town councilor in
northern Spain.81 The protestor's
objective was censorship. They wanted the site pulled. To get their way,
they bombarded IGC with thousands of bogus messages routed through
hundreds of different mail relays. As a result, mail was tied up and
undeliverable to IGC's e-mail users, and support lines were tied up with
people who couldn't get their mail. The attackers also spammed IGC staff
and member accounts, clogged their Web page with bogus credit card
orders, and threatened to employ the same tactics against organizations
using IGC services. The only way IGC could stop the attack was by
blocking access from all of the relay servers.82 IGC pulled the site
on July 18, but not before archiving a copy so that others could put up
mirrors. Within days of the shutdown, mirror sites appeared on half a
dozen servers on three continents. Chris Ellison, a spokesman for the
Internet Freedom Campaign, an English group that was hosting one of the
mirrors, said they believe "the Net should prove an opportunity to
read about and discuss controversial ideas." The New York-based
journal maintained their objective was to publish "Ainformation
often ignored by the international media, and to build communication
bridges for a better understanding of the conflict."83 An article
by Yves Eudes in the French newspaper Le Monde said the e-mail bomb
attack against the IGC site represented an "unprecedented conflict@
that Ahas opened up a new era of censorship, imposed by direct action
from anonymous hackers."84 About a month after
IGC threw the controversial Basque journal Euskal Herria Journal off its
servers, Scotland Yard=s Anti-Terrorist Squad shut down Internet
Freedom's U.K. Web site for hosting the journal. According to a press
release from Internet Freedom, the squad claimed to be acting against
terrorism. Internet Freedom said it would move its news operations to
its U.S. site.85 The case involving
Euskal Herria Journal illustrates the power of hacktivists on the
Internet. Despite IGC's desire to host the controversial site, they
simply could not sustain the attack and remain in business. They could
have ignored a few e-mail messages demanding that the site be pulled,
but they could not ignore an e-mail bombing. The case also illustrates
the power of the Internet as a tool for free speech. Because Internet
venues for publication are rich and dispersed throughout the world, it
is extremely difficult for governments and hacktivists alike to keep
content completely off the Internet. It would require extensive
international cooperation and, even then, a site could operate out of a
safe haven that did not sign on to international agreements. Web Hacks and
Computer Break-Ins
The media is filled
with stories of hackers gaining access to Web sites and replacing some
of the content with their own. Frequently, the messages are political,
as when a group of Portuguese hackers modified the sites of 40
Indonesian servers in September 1998 to display the slogan "Free
East Timor" in large black letters. According to the New York
Times, the hackers also added links to Web sites describing Indonesian
human rights abuses in the former Portuguese Colony.86 Then in August
1999, Jose Ramos Horta, the Sydney-based Nobel laureate who represents
the East Timor independence movement outside Indonesia, warned that a
global network of hackers planned to bring Indonesia to a standstill if
Jakarta sabotaged the ballot on the future of East Timor. He told the
Sydney Morning Herald that more than 100 hackers, mostly teenagers in
Europe and the United States, had been preparing the plan.87 In June 1998, a
group of international hackers calling themselves Milw0rm hacked the Web
site of India's Bhabha Atomic Research Center (BARC) and put up a
spoofed Web page showing a mushroom cloud and the text "If a
nuclear war does start, you will be the first to scream ...". The
hackers were protesting India=s recent nuclear weapons tests, although
they admitted they did it mostly for thrills. They said that they also
downloaded several thousand pages of e-mail and research documents,
including messages between India's nuclear scientists and Israeli
government officials, and had erased data on two of BARC's servers. The
six hackers, whose ages range from 15 to 18, hailed from the United
States, England, the Netherlands, and New Zealand.88 Another way in
which hacktivists alter what viewers see when they go to a Web site is
by tampering with the Domain Name Service so that the site=s domain name
resolves to the IP address of some other site. When users point their
browsers to the target site, they are redirected to the alternative
site. In what might have
been one of the largest mass home page takeovers, the antinuclear
Milw0rm hackers were joined by Ashtray Lumberjacks hackers in an attack
that affected more than 300 Web sites in July 1998. According to
reports, the hackers broke into the British Internet service provider
EasySpace, which hosted the sites. They altered the ISP=s database so
that users attempting to access the sites were redirected to a Milw0rm
site, where they were greeted with a message protesting the nuclear arms
race. The message concluded with "... use your power to keep the
world in a state of PEACE and put a stop to this nuclear bullshit."
John Vranesevich, who runs the hacker news site AntiOnline, said,
"They're the equivalent to the World Trade Center bombings; [they]
want to get their story told and bring attention to themselves."89'
Several Web sites
were hacked during the Kosovo conflict. According to Fox News, the
Boston Globe reported that an American hacking group called Team Spl0it
broke into government Web sites and posted statements such as "Tell
your governments to stop the war." Fox also said that the Kosovo
Hackers Group, a coalition of European and Albanian hackers, had
replaced at least five sites with black and red "Free Kosovo"
banners.90 The Bosnian Serb news agency SRNA reported that the Serb
Black Hand hackers group had deleted all data on a U.S. Navy computer,
according to the Belgrade newspaper Blic. Members of the Black Hand
group and Serbian Angel planned daily actions that would block and
disrupt military computer operated by NATO countries, Blic wrote.91
Black Hand had earlier claimed responsibility for crashing a Kosovo
Albanian Web site. "We shall continue to remove (ethnic) Albanian
lies from the Internet," a member of the group told Blic.92 In the wake of
NATO's accidental bombing of China=s Belgrade embassy in May, angry
Chinese allegedly hacked several U.S. government sites. Newsbytes
reported that the slogan Adown with barbarians@ was placed in Chinese on
the home page of the U.S. Embassy in Beijing, while the Department of
Interior Web site showed images of the three journalists killed during
the bombing, crowds protesting the attack in Beijing, and a fluttering
Chinese flag.93 According to the Washington Post, Interior spokesman Tim
Ahearn said their computer experts had traced their hacker back to
China. The newspaper also reported that the Department of Energy's home
page read: "Protest
U.S.A.=s Nazi action! Protest NATO=s brutal action! We are Chinese
hackers who take no cares about politics. But we can not stand by seeing
our Chinese reporters been killed which you might have know. Whatever
the purpose is, NATO led by U.S.A. must take absolute responsibility.
You have owed Chinese people a bloody debt which you must pay for. We
won=t stop attacking until the war stops!"94 NATO did not, of
course, declare an end to the war because of the hacking. The impact on
foreign policy decisions, if any at all, likely paled in comparison to
the bombing itself. Following the accident, China suspended high-level
military contacts with the United States.95 Acting in the name
of democracy and human rights, hackers have targeted Chinese government
computers. One group, called the Hong Kong Blondes, allegedly
infiltrated police and security networks in an effort to monitor China=s
intelligence activities and warn political targets of imminent
arrests.96 According to OXblood Ruffin, "foreign minister" of
the Cult of the Dead Cow, the Blondes are an underground group of
Chinese dissidents who aim to destabilize the Chinese government. They
have threatened to attack both Chinese state-owned organizations and
Western companies investing in the country.97 The Los Angeles
Times reported that a California computer science student who calls
himself Bronc Buster and his partner Zyklon cracked the Chinese network,
defacing a government-run Web site on human rights and interfering with
censorship. The hacker said they came across about 20 firewall servers
blocking everything from Playboy.com to Parents.com, and that they
disabled the blocking on five of the servers. He said they did not
destroy any data, but only moved files.98 Bronc Buster
belonged to a group of 24 hackers known as the Legion of the Underground
(LoU). In a press conference on Internet Relay Chat (IRC) in late
December 1998, an LoU member declared cyberwar on the information
infrastructures of China and Iraq. He cited civil rights abuses and said
LoU called for the complete destruction of all computer systems in China
and Iraq.99 The declaration of
cyberwar prompted a coalition of other hacking groups to lash out
against the campaign. A letter co-signed by 2600, the Chaos Computer
Club, the Cult of the Dead Cow (CDC), !Hispahak, L0pht Heavy Industries,
Phrack, Pulhas, and several members of the Dutch hacking community
denounced the cyberwar, saying "Declaring war against a country is
the most irresponsible thing a hacker group could do. This has nothing
to do with hacktivism or hacker ethics and is nothing a hacker could be
proud of." Reid Fleming of the CDC said "One cannot
legitimately hope to improve a nation=s free access to information by
working to disable its data networks."100 By the time the
letter went out, LoU had already issued a statement saying that the
declaration of war on IRC did not represent the position of the group.
"The LoU does not support the damaging of other nations computers,
networks or systems in any way, nor will the LoU use their skills,
abilities or connections to take any actions against the systems,
networks or computers in China or Iraq which may damage or hinder in any
way their operations."101 Bronc Buster said the IRC declaration was
issued by a member before he left and never came back.102 In August 1999, a
cyberwar erupted between hackers in China and Taiwan. Chinese hackers
defaced several Taiwanese and government Web sites with pro-China
messages saying Taiwan was and would always be an inseparable part of
China. "Only one China exists and only one China is needed,"
read a message posted on the Web site of Taiwan=s highest watchdog
agency.103 Taiwanese hackers retaliated and planted a red and blue
Taiwanese national flag and an anti-Communist slogan: "Reconquer,
Reconquer, Reconquer the Mainland," on a Chinese high-tech Internet
site. The cyberwar followed an angry exchange by Chinese and Taiwanese
in response to Taiwan's President Lee Teng-hui's statement that China
must deal with Taiwan on a "state-to-state" basis.104 One of the
consequences of hacking is that victims might falsely attribute an
assault to a foreign government rather than the small group of activists
that actually conducted it. This could strain foreign relations or lead
to a more serious conflict. The Chinese
government has been accused of attacking a U.S. Web site devoted to the
Falun Gong meditation sect, which Chinese authorities outlawed in July
1999. Bob McWee, a sect practitioner in Middleton, Maryland, said his
site had been under a persistent electronic assault. In addition to a
continuous denial-of-service attack, someone had tried breaking into his
server. He said he was able to trace the penetration attempt to the
Internet Monitoring Bureau of China's Public Security Ministry.105 If
the attack did indeed originate with the Chinese police, this would have
major foreign policy implications. It would suggest that the Chinese
government views Web sites operating on foreign soil as legitimate
targets of aggression when those sites support activities prohibited on
home soil. Web hacks and
computer break-ins are extremely common, and targets include commercial
and educational computers as well as government ones. The results of the
1999 Information Security Industry Survey showed that the number of
companies experiencing penetrations jumped from 12% in 1997 to 23% in
1998 (almost double).106 About 26% of respondents to the ERRI/EmergencyNet
News Local/County/State Computer "Hacking" Survey said they
thought they had been the victims of an unauthorized intrusion or attack
on their computer systems.107 And 30% of respondents to the 1999 CSI/FBI
Computer Crime and Security Survey reported intrusions from
outsiders.108 Most of the attacks, however, were probably not motivated
by politics (hacktivism), but rather thrills, curiosity, ego, revenge,
or financial gain. In the area of Web hacks alone, Attrition.Org
recorded more than 1,400 cases of vandalism by July 1999 for the
year.109 Computer Viruses
and Worms Hacktivists have
used computer viruses and worms to spread protest message and damage
target computer systems. Both are forms of malicious code that infect
computers and propagate over computer networks. The difference is that a
worm is an autonomous piece of software that spreads on its own, whereas
a virus attaches itself to other files and code segments and spreads
through those elements, usually in response to actions taken by users
(e.g., opening an e-mail attachment). The boundary between viruses and
worms, however, is blurry and not important to the discussion here. The first protest
to use a worm occurred about a decade ago, when anti-nuclear hackers
released a worm into the U.S. National Aeronautics and Space
Administration SPAN network. On October 16, 1989, scientists logging
into computers at NASA's Goddard Space Flight Center in Greenbelt,
Maryland, were greeted with a banner from the WANK worm: W O R M S A G A I N S T N U C L E A R K I L L E R S _______________________________________________________________ \__ ____________ _____ ________ ____ ____ __ _____/ \ \ \ /\ / / / /\ \ | \ \ | | | | / / / \ \ \ / \ / / / /__\ \ | |\ \ | | | |/ / / \ \ \/ /\ \/ / / ______ \ | | \ \| | | |\ \ / \_\ /__\ /____/ /______\ \____| |__\ | |____| |_\ \_/ \___________________________________________________/ \ / \ Your System Has Been Officically WANKed / \_____________________________________________/ You talk of times of peace for all, and then prepare for war. At the time of the
attack, antinuclear protestors were trying to stop the launch of the
shuttle that carried the Galileo probe on its initial leg to Jupiter.
Galileo's 32,500-pound booster system was fueled with radioactive
plutonium. John McMahon, protocol manager with NASA's SPAN office,
estimated that the worm cost them up to half a million dollars of wasted
time and resources. It did not have its intended effect of stopping the
launch. The source of the attack was never identified, but some evidence
suggested that it might have come from hackers in Australia.110 Computer viruses
have been used to propagate political messages and, in some cases, cause
serious damage. In February 1999, the London Sunday Telegraph reported
that an Israeli teen had become a national hero after he claimed to have
wiped out an Iraqi government Web site. "It contained lies about
the United States, Britain and Israel, and many horrible statements
against Jews," 14-year-old Nir Zigdon said.111 "I figured that
if Israel is afraid of assassinating Saddam Hussein, at least I can try
to destroy his site. With the help of some special software I tracked
down the site=s server to one of the Gulf states."112 The Tel Aviv
hacktivist then sent a computer virus in an e-mail attachment to the
site. "In the e-mail message, I claimed I was a Palestinian admirer
of Saddam who had produced a virus capable of wiping out Israeli
websites," Zigdon said. "That persuaded them to open the
message and click on the designated file. Within hours the site had been
destroyed. Shortly afterwards I received an e-mail from the site
manager, Fayiz, that told me to 'go to hell'."113 During the Kosovo
conflict, businesses, public organizations, and academic institutes
received virus-laden e-mails from a range of Eastern European countries,
according to mi2g, a London-based Internet software company. "The
contents of the messages are normally highly politicised attacks on
NATO's unfair aggression and defending Serbian rights using poor English
language and propaganda cartoons," the press release said. It went
on to say "The damage to the addressee is usually incorporated in
several viruses contained within an attachment, which may be plain
language or anti-NATO cartoon."114 In an earlier press release,
mi2g warned that "The real threat of cyber warfare from Serbian
hackers is to the economic infrastructure of NATO countries and not to
their better prepared military command and control network."115 It is extremely
difficult, perhaps impossible, for an organization to prevent all
viruses, as users unwittingly open e-mail attachments with viruses and
spread documents with viruses to colleagues. Although anti-viral tools
can detect and eradicate viruses, the tools must be kept up-to-date
across the enterprise, which may have tens of thousands of machines, and
they must be installed and used properly. While viruses bearing
political messages may not seem to pose a serious problem, an
organization hit by one may have to shut down services in order to
eradicate it from its network. The seriousness of
viruses is underscored by two recent surveys. The 1999 Information
Security Industry survey found that 77% of respondents had experienced a
computer virus. This was up from 73% in 1998. More distressing, the ERRI/EmergencyNet
News Local/County/State Computer "Hacking" Survey found that
almost 83% of respondents had been the victim of a virus. Even a benign
virus could significantly impact the ability of governments to provide
essential services. Viruses, especially
those carrying destructive payloads, are a potentially potent tool in
the hands of cyberterrorists. Other tools of hacktivism, including
computer network attacks, could likewise be put to highly destructive
ends. This is the topic discussed next. Cyberterrorism In the 1980s, Barry
Collin, a senior research fellow at the Institute for Security and
Intelligence in California, coined the term "cyberterrorism"
to refer to the convergence of cyberspace and terrorism.116 Mark Pollitt,
special agent for the FBI, offers a working definition: "Cyberterrorism
is the premeditated, politically motivated attack against information,
computer systems, computer programs, and data which result in violence
against noncombatant targets by subnational groups or clandestine
agents."117 Politically motivated attacks that cause serious harm,
such as severe economic hardship or sustained loss of power or water,
might also be characterized as cyberterrorism. This section
discusses the extent to which cyberterrorism is a problem today and is
likely to be a problem in the near future. It also covers domestic and
international initiatives aimed as countering a wide variety of
cyberthreats, including cyberterrorism, certain forms of hacktivism, and
other non-politically motivated computer network attacks. The Threat
As discussed in the
preceding sections, terrorist groups are using the Internet extensively
to spread their message and to communicate and coordinate action.
However, there have been few if any computer network attacks that meet
the criteria for cyberterrorism. The 1998 e-mail bombing by the Internet
Black Tigers against the SRI Lanken embassies was perhaps the closest
thing to cyberterrorism that has occurred so far, but the damage cause
by the flood of e-mail, for example, pales in comparison to the deaths
of 240 people from the physical bombings of the U.S. embassies in
Nairobi and Dar es Salaam in August of that year. Is cyberterrorism
the way of the future? For a terrorist, it would have some advantages
over physical methods. It could be conducted remotely and anonymously,
it would be cheap, and it would not require the handling of explosives
or a suicide mission. It would likely garner extensive media coverage,
as journalists and the public alike are fascinated by practically any
kind of computer attack. One highly acclaimed study of the risks of
computer systems began with a paragraph that concludes "Tomorrow's
terrorist may be able to do more with a keyboard than with a
bomb."118 In a 1997 paper,
Collin describes several possible scenarios. In one, a cyberterrorist
hacks into the processing control system of a cereal manufacturer and
changes the levels of iron supplement. A nation of children get sick and
die. In another, a cyberterrorist attacks the next generation of air
traffic control systems. Two large civilian aircraft collide. In a
third, a cyberterrorist disrupts banks, international financial
transactions, and stock exchanges. Economic systems grind to a halt, the
public loses confidence, and destabilization is achieved.119 Analyzing the
plausibility of Collin's hypothetical attacks, Pollitt concludes that
there is sufficient human involvement in the control processes used
today that cyberterrorism does not B at present B pose a significant
risk in the classical sense. In the cereal contamination scenario, for
example, he argues that the quantity of iron (or any other nutritious
substance) that would be required to become toxic is so large that
assembly line workers would notice. They would run out of iron on the
assembly line and the product would taste different and not good. In the
air traffic control scenario, humans in the loop would notice the
problems and take corrective action. Pilots, he says, are trained to be
aware of the situation, to catch errors made by air traffic controllers,
and to operate in the absence of any air traffic control at all.120
Pollitt does not imply by his analysis that computers are safe and free
from vulnerability. To the contrary, his argument is that despite these
vulnerabilities, because humans are in the loop, a cyberattack is
unlikely to have such devastating consequences. He concludes that
"As we build more and more technology into our civilization, we
must ensure that there is sufficient human oversight and intervention to
safeguard those whom technology serves." In a 1997 article
titled "How Many Terrorists Fit on a Computer Keyboard?"
William Church presents a strong case that the United States does not
yet face a compelling threat from terrorists using information warfare
techniques to disrupt critical infrastructure. They lack either the
motivation, capabilities, or skills to pull off a cyberattack at this
time. Church does not rule out a physical attack against the
infrastructure, but such a threat is neither new nor matured by U.S.
reliance on technology.121 There are drawbacks
to terrorists using cyber weapons over physical ones. Because systems
are complex, it may be harder to control an attack and achieve a desired
level of damage. Unless people are injured, there is also less drama and
emotional appeal. Further, terrorists may be disinclined to try new
methods unless they see their old ones as inadequate.122 There is little
concrete evidence of terrorists preparing to use the Internet as a venue
for inflicting grave harm. However, in February 1998, Clark Staten,
executive director of the Emergency Response & Research Institute in
Chicago, testified that it was believed that "members of some
Islamic extremist organizations have been attempting to develop a
>hacker network= to support their computer activities and even engage
in offensive information warfare attacks in the future."123 And in
November, the Detroit News reported that Khalid Ibrahim, who claimed to
be a member of the militant Indian separatist group Harkat-ul-Ansar, had
tried to buy military software from hackers who had stolen it from U.S.
Department of Defense computers they had penetrated. Harkat-ul-Ansar,
one of the 30 terrorist organizations on the State Department list,
declared war on the United States following the August cruise-missile
attack on a suspected terrorist training camp in Afghanistan run by
Osama bin Laden, which allegedly killed nine of their members. The
attempted purchase was discovered when an 18-year-old hacker calling
himself Chameleon attempted to cash a $1,000 check from Ibrahim.
Chameleon said he did not have the software and did not give it to
Ibrahim, but Ibrahim may have obtained it or other sensitive information
from one of the many other hackers he approached.124 Given that there
are no instances of cyberterrorism, it is not possible to assess the
impact of acts that have taken place. It is equally difficult to assess
potential impact, in part because it is hard to predict how a major
computer network attack, inflicted for the purpose of affecting national
or international policy, would unfold. So far, damages from attacks
committed for reasons other than terrorism, for example, to seek revenge
against a former employer, have generally been confined to immediate
targets. No lives have been lost. Cyberdefense
The main impact of
cyberthreats on foreign and domestic policy relates to defending against
such acts, particularly attacks against critical infrastructures. At the
international level, several countries, including the U.S., have been
addressing such issues as mutual legal assistance treaties, extradition,
the sharing of intelligence, and the need for uniform computer crime
laws so that cybercriminals can be successfully investigated and
prosecuted even when their crimes cross international borders, as they
so often do. This effort is not focused on either cyberterrorism or
hacktivism, but rather addresses an array of actions that includes all
forms of hacking and computer network attacks, computer and
telecommunications fraud, child pornography on the Net, and electronic
piracy (software, music, etc.). It also covers state-sponsored
cyberwarfare operations that use hacking and computer network attacks as
a military weapon. At the initiative
of the Russian Federation, the U.N. General Assembly adopted a
resolution related to cybercrime, cyberterrorism, and cyberwarfare in
December 1998. Resolution 53/70, Developments in the Field of
Information and Telecommunications in the Context of International
Security, invites member states to inform the Secretary-General of their
views and assessments on (a) the issues of information security, (b)
definition of basic notions related to information security, and 8
advisability of developing international principles that would enhance
the global information and telecommunications systems and help combat
information terrorism and criminality.125 The U.S. has taken
several steps to better protect its critical infrastructures. In July
1996, President Clinton announced the formation of the President=s
Commission on Critical Infrastructure Protection (PCCIP) to study the
critical infrastructures that constitute the life support systems of the
nation, determine their vulnerabilities to a wide range of threats, and
propose a strategy for protecting them in the future. Eight
infrastructures were identified: telecommunications, banking and
finance, electrical power, oil and gas distribution and storage, water
supply, transportation, emergency services, and government services. In
their final report, issued in October 1997, the commission reported that
the threats to critical infrastructures were real and that, through
mutual dependence and interconnectedness, they could be vulnerable in
new ways. "Intentional exploitation of these new vulnerabilities
could have severe consequences for our economy, security, and way of
life."126 The PCCIP noted
that cyberthreats have changed the landscape. "In the past we have
been protected from hostile attacks on the infrastructures by broad
oceans and friendly neighbors. Today, the evolution of cyberthreats has
changed the situation dramatically. In cyberspace, national borders are
no longer relevant. Electrons don't stop to show passports. Potentially
serious cyberattacks can be conceived and planned without detectable
logistic preparation. They can be invisibly reconnoitered, clandestinely
rehearsed, and then mounted in a matter of minutes or even seconds
without revealing the identity and location of the attacker."127 In assessing the
threat from both physical and cyberattacks, the PCCIP concluded that
"Physical means to exploit physical vulnerabilities probably remain
the most worrisome threat to our infrastructures today. But almost every
group we met voiced concerns about the new cyber vulnerabilities and
threats. They emphasized the importance of developing approaches to
protecting our infrastructures against cyberthreats before they
materialize and produce major system damage."128 The
recommendations of the PCCIP led to Presidential Decision Directive (PDD)
63, which established the National Infrastructure Protection Center (NIPC),
the Critical Infrastructure Assurance Office (CIA), the National
Infrastructure Assurance Council (NIAC), and private sector Information
Sharing and Assessment Centers (ISACs).129 The Department of Defense
also established a Joint Task Force - Computer Network Defense (JTF-CND).
That critical
systems are potentially vulnerable to cyberattacks was underscored by a
June 1997 exercise, code named Eligible Receiver, conducted by the
National Security Agency (NSA). The objective was to determine the
vulnerability of U.S. military computers and some civilian
infrastructures to a cyberattack. According to reports, two-man teams
targeted specific pieces of the military infrastructure, including the
U.S. Pacific Command in Hawaii, which oversees 100,000 troops in Asia.
One person played the role of the attacker, while another observed the
activity to ensure that it was conducted as scripted. Using only readily
available hacking tools that could easily be obtained from the Internet,
the NSA hackers successfully gained privileged access on numerous
systems. They concluded that the military infrastructure could be
disrupted and possible troop deployments hindered. The exercise also
included written scenarios against the power grid and emergency 911
system, with resulting service disruptions. For the latter, they
postulated that by sending sufficient e-mails to Internet users telling
them the 911 system had a problem, enough curious people would phone 911
at once to overload the system. No actual attacks were made against any
civilian infrastructures.130 The vulnerability
of commercial systems to cyberattacks is repeatedly demonstrated by
survey results such as those mentioned earlier. There is no evidence
that non-government systems are any more or less vulnerable than
government ones, or that the security posture of either group, as a
whole, is generally improving -- despite the availability and use of a
growing supply of information security tools. Conclusions
The Internet is
clearly changing the landscape of political discourse and advocacy. It
offers new and inexpensive methods for collecting and publishing
information, for communicating and coordinating action on a global
scale, and for reaching out to policy makers. It supports both open and
private communication. Advocacy groups and individuals worldwide are
taking advantage of these features in their attempts to influence
foreign policy. Several case
studies show that when the Internet is used in normal, non-disruptive
ways, it can be an effective tool for activism, especially when it is
combined with other media, including broadcast and print media and
face-to-face meetings with policy makers. As a technology for
empowerment, the Net benefits individuals and small groups with few
resources as well as organizations that are large or well-funded. It
facilitates activities such as educating the public and media, raising
money, forming coalitions across geographical boundaries, distributing
petitions and action alerts, and planning and coordinating events on a
regional or international level. It allows activists in politically
repressive states to evade government censors and monitors. In the area of
hacktivism, which involves the use of hacking tools and techniques of a
disruptive nature, the Internet will serve mainly to draw attention to a
cause, as such incidents are regularly reported by news media. Whether
that attention has the desired effect of changing policy decisions
related to the issue at hand is much less certain. Hacktivists may feel
a sense of empowerment, because they can control government computers
and get media attention, but that does not mean they will succeed in
changing policy. So far, anecdotal evidence suggests that for the
majority of cases, they will not. With regards to
cyberterrorism, that is, the use of hacking tools and techniques to
inflict grave harm such as loss of life, few conclusions can be drawn
about its potential impact on foreign policy, as there have been no
reported incidents that meet the criteria. What can be said is that the
threat of cyberterrorism, combined with hacking threats in general, is
influencing policy decisions related to cyberdefense at both a national
and international level. If one looks at terrorism in general for
insights into the potential impact of cyberterrorism, one finds that the
impact of terrorism on the foreign policy issues at hand is similarly
difficult to assess, but here again, the threat of terrorism,
particularly chem, bio, and nuclear terrorism, is having a significant
impact on national defense policy. Acknowledgments
I am grateful to
Liz Bernstein, Ricardo Dominguez, Ekaterina Drozdova, Peter Ford, Brian
Gladman, Sy Goodman, Nigel Hickson, Jason Hunter, Dennis Longley, Diana
Owen, David Ronfeldt, Ken Rutherford, Julie Ryan, Brett Stalbaum, and
Chuck Weiss for helpful discussions, suggestions, and comments. Endnotes
1. Ashley Dunn,
"Crisis in Yugoslavia -- Battle Spilling Over Onto the
Internet," Los Angeles Times, April 3, 1999. 2. David Briscoe,
"Kosovo-Propaganda War," Associated Press, May 17, 1999. 3. NUA Internet
Surveys, www.nua.ie. The site is updated regularly with the latest
estimate. 4. Alan Docherty,
ANet Journalists Outwit Censors," Wired News, March 13, 1999. 5. AThe Twenty
Enemies of the Internet,@ Press release, Reporters Sans Frontiers,
August 9, 1999. 6. Maggie Farley,
ADissidents Hack Holes in China=s New Wall,@ Los Angeles Times, January
4, 1999. Adrian Oosthuizen, ADissidents to Continue E-Mail Activity
Despite Court Verdict,@ South China Morning Post, February 2, 1999. 7. Michael Dobbs,
AThe War on the Airwaves,@ Washington Post, April 19, 1999. 8. Alex Todorovic,
AI=m Watching Two Different Wars,@ Washington Post, April 18, 1999. 9. Ibid, Michael
Dobbs. 10. Ibid, Alex
Todorovic. 11. ANetAction=s
Virtual Activist Training Guide,@ http://www.netaction.org/training. 12. www.usia.gov. 13. David Briscoe,
AKosovo-Propaganda War,@ Associated Press, May 17, 1999. 14. AConflict in
the Balkans -- Cook Enlists Internet to Send Serbs Message,@ Daily
Telegraph, London, April 2, 1999, p. 9. 15. Rebecca
Allison, ABelgrade Hackers Bombard MoD Website in >First= Internet
War,@ PA News, March 31, 1999. 16. Leander Kahney,
AYugoslavia=s B92 Goes Dark,@ Wired News, April 2, 1999. 17. Bob Schmitt,
AAn Internet Answer to Repression,@ Washington Post, March 31, 1997, p.
A21. 18. Matthew
Mirapaul, AKosovo Conflict Inspires Digital Art Projects,@ New York
Times (Cybertimes), April 15, 1999. 19. Larry McShane,
AYugoslavs Condemn Bombs Over E-mail to U.S. media,@ Nando Times, April
17, 1999, www.nandotimes.com. 20. Ellen Joan
Pollock and Andrea Petersen, AUnsolicited E-Mail Hits Targets in America
in First Cyberwar,@ Wall Street Journal, April 8, 1999. 21. Dennis Longley,
personal communication, July 15, 1999. 22. The task force
uses the spelling AKosova@ in its name and in all references to Kosovo. 23. Rick
Montgomery, AEnemy in Site -- It=s Time to Join the Cyberwar,@ Daily
Telegraph, Australia, April 19, 1999. 24. Daniel Verton,
ANet Service Shields Web Users in Kosovo,@ Federal Computer Week, April
19, 1999. 25. Will Rodger,
AOnline Human-Rights Crusaders,@ USA Today, August 25, 1999. 26.
www.computerprivacy.org. 27. AInternet
Heavies Back New Net-Policy Group,@ IDG, July 14, 1999. 28. Steve Lohr, AGo
Ahead, Be Paranoid: Hackers Are out to Get You,@ New York Times, March
17, 1997. 29. John Arquilla,
David Ronfeldt, and Michele Zanini, ANetworks, Netwar, and
Information-Age Terrorism,@ in Countering the New Terrorism, RAND, 1999,
p. 66. The authors cite AHizbullah TV Summary 18 February 1998,@ Al-Manar
Television World Wide Webcast, FBIS-NES-98-050, February 19, 1998 and
ADevelopments in Mideast Media: January-May 1998,@ Foreign Broadcast
Information Service (FBIS), May 11, 1998. 30. Clark L.
Staten, Testimony before the Subcommittee on Technology, Terrorism and
Government Information, U.S. Senate Judiciary Committee, February 24,
1998. 31. Bob Cromwell=s
site at Purdue has an excellent collection of links.
http://RVL4.ecn.purdue.edu/~cromwell/lt/terror.html. 32. Kevin Whitelaw,
ATerrorists on the Web: Electronic >Safe Haven=,@ U.S. News &
World Report, June 22, 1998, p. 46. The State Department=s list of
terrorist organizations is at http://www.state.gov/www/global/terrorism/index.html.
33. Chris Oaks,
AEvery Web Site a Chat Room,@ Wired News, June 14, 1999. 34. Personal
correspondence with Brian Gladman, May 4, 1999, augmented by my own
observations from subscribing to the list since the beginning. 35. Ibid. 36. Andrew Brown,
AEditors Wanted,@ New Statesman, April 26, 1999. 37. Private
conversation with Nigel Hickson on April 29, 1999. 38. Nigel Hickson,
private communication, July 28, 1999. 39. Richard Davis,
The Web of Politics, Oxford University Press, 1999, p. 177. 40. Davis, p. 178. 41. www.protest.net.
42. Martin Stone,
AProf to Build Archive of Insurgency Groups,@ Newsbytes, March 3, 1999. 43. Edward Harris,
AWeb Becomes a Cybertool for Political Activists,@ Wall Street Journal,
August 5, 1999, B11; Barbara Adam, AJ18 Hackers Could Target Australian
Companies on Friday,@ Australian Associated Press, June 16, 1999. 44. Jon Ungoed-Thomas
and Maeve Sheehan, ARiot Organisers Prepare to Launch Cyber War on City,
Sunday Times, August 15, 1999. 45. Private
communication from Liz Bernstein, October 4, 1999, 46. Ibid. 47. Private
communication with Ken Rutherford, October 6, 1999. 48. See also the
ICBL Web site at www.icbl.org and the Web site of the Land Mine
Survivors Network at www.landminesurvivors.org. 49. Alan Boyle,
ACrypto Can Save Lives,@ ZDNet, January 26, 1999. PGP provides both file
and electronic-mail encryption. 50. John Arquilla,
David Ronfeldt, and Michele Zanini, ANetworks, Netwar, and
Information-Age Terrorism,@ in Countering the New Terrorism, RAND, 1999,
p. 65. The authors cite AAfghanistan, Saudi Arabia: Editor=s Journey to
Meet Bin-Laden Described,@ London al-Quds al-=Arabi, FBIS-TOT-97-003-L,
November 27, 1996, p. 4, and AArab Afghans Said to Launch Worldwide
Terrorist War,@ 1995. 51. Ibid. The
authors cite AIsrael: U.S. Hamas Activists Use Internet to Send Attack
Threats,@ Tel Aviv IDF Radio, FBIS-TOT-97-001-L, October 13, 1996, and
AIsrael: Hamas Using Internet to Relay Operational Messages,@ Tel Aviv
Ha=aretz, FBIS-TOT-98-034, February 3, 1998, p. 1. 52. The NIST AES
Web site is at csrc.nist.gov/encryption/aes/aes_home.htm. 53.
www.aeronautix.com/nato/yugoslavia.html 54. Rebecca Fairley
Raney, AFlood of E-Mail Credited with Halting U.S. Bank Plan,@ The New
York Times (Cybertimes), March 24, 1999. 55. Ibid. 56. Edward Harris,
AWeb Becomes a Cybertool for Political Activists,@ Wall Street Journal,
August 5, 1999, B11. The Web site is at www.e-thepeople.com. 57. The persons
organizing the campaign went on to form the Electronic Privacy
Information Center (EPIC) shortly thereafter. 58. For example,
each chip was uniquely keyed and decryption was not possible without
getting the keys to the subject=s chip from two separate government
agencies. 59. For an
interesting discussion of the Internet campaign against Clipper, see
Laura J. Gurak, Persuasion and Privacy in Cyberspace, Yale University
Press, 1997. 60. Chris Carr,
AInternet Anti-Impeachment Drive Yields Big Pledges of Money, Time,@
Washington Post, February 7, 1999. Site is at www.moveon.org. 61. Davis, p. 135. 62. Edward Harris,
AWeb Becomes a Cybertool for Political Activists,@ Wall Street Journal,
August 5, 1999, B11. 63. Davis, p. 168. 64. Information
provided to the author from Bruce Sterling; Winn Schwartau, Information
Warfare, 2nd ed., Thunder=s Mouth Press, 1996, p. 407. 65. For an in-depth
analysis of the Zapatista=s Anetwar,@ see David Ronfeldt, John Arquilla,
Graham E. Fuller, and Melissa Fuller, The Zapatista ASocial Netwar@ in
Mexico, RAND Report MR-994-A, 1998. 66. Niall McKay,
APentagon Deflects Web Assault,@ Wired News, September 10, 1998. 67. Brett Stalbaum,
private correspondence, July 23, 1999. 68. Brett Stalbaum,
AThe Zapatista Tactical FloodNet,@ www.thing.net/~rdom/ecd/ZapTact.html.
69. Niall McKay,
APentagon Deflects Web Assault,@ Wired News, September 10, 1998; Brett
Stalbaum, personal communication, January 30, 1999. 70. Ricardo
Dominguez, personal communication, February 2, 1999. 71. www.aec.at/infowar/NETSYMPOSIUM/ARCH-EN/msg00633.html.
72. ADay of Net
Attacking Against Vivisection,@ Communique from the Animal Liberation
Front, December 31; 1998. AThe First Ever Animal Liberation Electronic
Civil Disobedience Virtual Sit-In on the SMI Lab Web Site in Sweden,@
notice from Tactical Internet Response Network, http://freehosting.at.webjump.com/fl/floodnet-webjump/smi.html.
AECD Report -- SMI Shuts Down Their Computer Network!!!,@ http://www.aec.at/infowar/NETSYMPOSIUM/ARCH-EN/msg00678.html,
January 15, 1999. 73. Jon Ungoed-Thomas
and Maeve Sheehan, ARiot Organisers Prepare to Launch Cyber War on City,
Sunday Times, August 15, 1999. 74. Carl Kaplan,
AFor Their Civil Disobedience, the >Sit-In= is Virtual,@ the Cyberlaw
Journal, New York Times on the Web, May 1, 1998. The law is Title 18
U.S.C. section 1030 (a)(5)(A). 75. Rebecca
Allison, ABelgrade Hackers Bombard MoD Website in >First= Internet
War,@ PA News, March 31, 1999. 76. AE-Mail Attack
on Sri Lanka Computers,@ Computer Security Alert, No. 183, Computer
Security Institute, June 1998, p. 8. 77. Jim Wolf,
AFirst >Terrorist= Cyber-Attack Reported by U.S.,@ Reuters, May 5,
1998. 78. CIWARS
Intelligence Report, May 10, 1998. 79. Rebecca
Allison, ABelgrade Hackers Bombard MoD Website in >First= Internet
War,@ PA News, March 31, 1999. 80. Patrick Riley,
AE-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight,@ Fox
News, April 15, 1999. 81. Rebecca Vesely,
AControversial Basque Web Site Resurfaces,@ Wired News, August 28, 1997;
ATwo More Basque Politicians Get ETA Death Threats,@ Reuters, San
Sebastian, Spain, December 16, 1997. 82. AIGC Censored
by Mailbombers,@ letter from Maureen Mason and Scott Weikart, IGC,
posted on http://www.infowar.com. 83. Rebecca Vesely,
AControversial Basque Web Site Resurfaces,@ Wired News, August 28, 1997.
84. Yves Eudes,
AThe Zorros of the Net,@ Le Monde, November 16, 1997 85. AAnti-Terrorist
Squad Orders Political Censorship of the Internet,@ press release from
Internet Freedom, September 1997. 86. Amy Harmon,
A>Hacktivists= of All Persuasions Take Their Struggle to the Web,@
New York Times, October 31. 1999. 87. Lindsay Murdoch,
AComputer Chaos Threat to Jakarta,@ Sydney Morning Herald, August 18,
1999, p. 9. 88. James Glave,
ACrackers: We Stole Nuke Data,@ Wired News, June 3, 1998; Janelle
Carter, AHackers Hit U.S. Military Computers,@ Associated Press,
Washington, June 6, 1998; AHackers Now Setting Their Sights on
Pakistan,@ Newsbytes, June 5, 1998. 89. Jim Hu,
APolitical Hackers Hit 300 Sites,@ CNET, July 6, 1998. The Milw0rm page
is shown at http://www.antionline.com. 90. Patrick Riley,
AE-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight,@ Fox
News, April 15, 1999. 91. ASerb Hackers
Reportedly Disrupt U.S. Military Computers,@ Bosnian Serb news agency
SRNA, March 28, 1999. 92. ASerb Hackers
Declare Computer War,@ Associated Press, October 22, 1998. 93. Martyn
Williams, AFederal Web Sites Under Attack After Embassy Bombing,@
Newsbytes, May 10, 1999. 94. Stephen Barr,
AAnti-NATO Hackers Sabotage 3 Web Sites,@ Washington Post, May 12, 1999.
95. AChina Suspends
Contacts With U.S.,@ Associated Press, Beijing, May 9, 1999. 96. Niall McKay,
AChina: The Great Firewall,@ Wired News, December 1, 1998. See also
Sarah Elton, AHacking in the Name of Democracy in China,@ The Toronto
Star, July 4, 1999. 97. Neil Taylor,
ACDC Says Hackers Are Threat,@ IT Daily, August 26, 1999. 98. Maggie Farley,
ADissidents Hack Holes in China=s New Wall,@ Los Angeles Times, January
4, 1999. 99. http://www.hacknews.com/archive.html?122998.html.
100. Letter of
January 7, 1999. 101. Statement of
January 7, 1999. 102. James Glave,
AConfusion Over >Cyberwar,= Wired News, January 12, 1999. 103. APro-China
Hacker Attacks Taiwan Government Web Sites,@ Reuters, August 9, 1999. 104. Annie Huang,
AHackers= War Erupts Between Taiwan, China,@ Associated Press, Taipei,
Taiwan, August 9, 1999. 105. ABeijing Tries
to Hack U.S. Web Sites,@ Associated Press, July 30, 1999. McWee=s Web
site is at www.falunusa.net. 106. http://www.infosecuritymag.com/july99/.
107. Private e-mail
from Clark Staten, July 19, 1999. 108. Richard Power,
A1999 CSI/FBI Computer Crime and Security Survey,@ Computer Security
Issues & Trends, Vol. V, No. 1, Winter 1999. 109. Ted Bridis,
AHackers Become An Increasing Threat,@ Associated Press, July 7, 1999. 110. Ibid. 111. Tom Gross,
AIsraeli Claims to Have Hacked Saddam Off the Net,@ London Sunday
Telegraph, February 7, 1999. 112. Ibid. 113. Ibid. 114. mi2g Cyber
Warfare Advisory Number 2, April 17, 1999, M2 Communications, April 19,
1999. 115. M2
Communications, April 8, 1999. 116. Barry Colin,
AThe Future of Cyberterrorism,@ Crime and Justice International, March
1997, pp. 15-18. 117. Mark M.
Pollitt, ACyberterrorism B Fact or Fancy?@ Proceedings of the 20th
National Information Systems Security Conference, October 1997, pp.
285-289. 118. Computers at
Risk, National Academy Press, 1991. 119. Barry Colin,
AThe Future of Cyberterrorism,@ Crime and Justice International, March
1997, pp. 15-18. 120. Mark M.
Pollitt, ACyberterrorism B Fact or Fancy?@ Proceedings of the 20th
National Information Systems Security Conference, October 1997, pp.
285-289. 121. William
Church, AInformation Warfare Threat Analysis for the United States of
America, Part Two: How Many Terrorists Fit on a Computer Keyboard?@
Journal of Infrastructural Warfare, Summer 1997. 122. Kevin Soo Hoo,
Seymour Goodman,and Lawrence Greenberg, AInformation Technology and the
Terrorist Threat,@ Survival, Vol 39, No. 3, Autumn 1997, pp. 135-155. 123. Clark L.
Staten, testimony before the Subcommittee on Technology, Terrorism and
Government Information, U.S. Senate Judiciary Committee, February 24,
1998. 124.
A>Dangerous= Militant Stalks Internet,@ Detroit News, November 9,
1998. 125. G.A. Res.
53/70, U.N. GAOR, 53rd Sess., U.N. Doc. A/RES/53/70. 126. Critical
Foundations: Protecting America=s Infrastructures, The Report of the
President=s Commission on Critical Infrastructure Protection, October
1997, Report Summary, http://www.pccip.gov. 127. Ibid. 128. Ibid. 129. AProtecting
America=s Critical Infrastructures: PDD 63,@ The White House, May 22,
1998. See also White Paper AThe Clinton Administration=s Policy on
Critical Infrastructure Protection: Presidential Decision Directive 63,@
May 22, 1998, and ANational Infrastructure Assurance Council,@ Executive
Order, The White House, July 14, 1999. 130. CIWARS
Intelligence Report, Centre for Infrastructural Warfare Studies, June
21, 1998; APentagon Computer Systems Hacked,@ Info Security News, June
1998; Douglas Pasternak and Bruce B. Auster, ATerrorism at the Touch of
a Keyboard,@ U.S. News & World Report, July 13, 1998, p. 37. |