Rewind one year. It's December 1999 and the World Trade Organization (WTO) is holding a summit in Seattle, Wash., to discuss e-commerce. Hordes of political activists take to the streets protesting the WTO and its policies. Their technology-savvy counterparts, however, wage war on a different front - the Internet.
A group calling itself the Electrohippies, a U.K.-based organization that practices "electronic activism and civil disobedience," bombards the WTO Web site with http-redirects in a massive denial-of-service attack attempting to bring the site down. One group is pounding the pavement and hurling debris while the other is pounding the keyboard hurling electronic requests to a server. Both qualify as forms of protest, both are forms of political activism, but some argue that the latter is a crime, one that's on the rise.
The rapid expansion of the Internet and the explosion of e-commerce have given political activists a new tool to spread their message to the world. The Net is fast-becoming the outlet of choice for cyber-protesters across the globe, and is gaining ground on television as the medium that will affect change in government policy, business decisions and even war.
Hacking for a political purpose, sometimes referred to as "hacktivism," is a practice that is quickly gaining notice in the public domain as a powerful tool for activists looking to make their message known. But where does political activism stop and cyber-terrorism
"There's no question that I've seen, and the community has seen, an increase in politically motivated hacking," said Jose Granado, Senior Manager with the security division in Ernst & Young's Houston office. Granado believes, as do many others, that the increased use of the Internet has given rise to an increase in the number and frequency of computer hacking. Abuses such as activists taking down Web pages or orchestrating denial of service attacks on specific businesses, effectively crippling its e-commerce capabilities are on the rise.
"You name the issue of the day and it becomes the target of the next attack," said Granado.
"One man's political activism is another man's terrorism," remarked Paul A. Strassmann, security expert, former director of defense information for the Department of Defense and president of the Information Economics Press.
Strassmann places the emergence of this new breed of political protest in the early 1990s while the United States and its allies faced off against Iraq in the Persian Gulf War. "If I had to choose a single time to index it I would have to say the Gulf War in 1991 and 1992. Suddenly, the world woke up to this idea. Computers emerged as a weapon as well as a vulnerability."
"Five or 10 years ago, hardly any of this [type of hacking] was happening. The population of computer devices was low and the devices that did exist were not connected. Also, the demographic of the people using those devices has changed," said Strassmann. The emergence of Windows 95, he said, created a monoculture that facilitated the growth of hacking for a purpose. "The gateway was opened. Devices were playing in one species of everything," he said. This gave hackers the upper hand.
The fact that there are more influential, powerful people using the Internet today makes it a more attractive tool to activists that target the powerful and influential individuals and corporations of the world Strassmann said.
Lines are blurry on crime
So where does activism on the Internet cross the line into hacktivism and become a crime? Granado said that the difference is simple. "Obviously the Internet should continue to be used to convey the message of people or groups, but there are forums to do it in. Put up your own Web page. There are more constructive methods to get your word or message out than hacking. When you take the tactic to trash someone else's intellectual property to draw attention to yourself, it's crossing the line."
While DNS attacks and run-of-the-mill hacking are still considered to be crimes, Strassmann says there is more sinister hacking afoot. He alluded to an underground movement of hackers acting as part of terrorist organizations that are regularly siphoning millions off of daily international transactions that are transmitted electronically. These mass thefts, according to Strassmann, are committed in order to fund terrorist activities.
"Real money has disappeared numbering in the millions. Daily transactions flow over electronic wires that amount to 1/7 of the world's GNP. If you want to think about a perfect crime, you siphon off a little here and a littler there," Strassmann said. "Every terrorist movement needs money to fund its activities. Most of theses heists get covered up. There is no bank in the world that will admit that they have been taken. Banks provide for losses."
The experts say that while disabling an organization or company's Web site may not have the shock value of a protester smeared with blood on CNN, the Internet's growing popularity as a medium of choice for the political activist. "It may not be on the same level as television, but it's getting there," said Granado.
Strassmann added "I would say that people that have some kind of political agenda will do anything to gain attention. Many so-called protests are organized entirely from a media attention perspective."
Help is out there
There are steps that can be taken to repel and respond to certain types of attacks. Software applications like the recently released AppShield, from Sanctum Software works by spotting clever attempts by hackers to manipulate what might inadvertently be a wide variety of vulnerabilities in Web-based applications, for the purpose of changing business information, such as pricing, through scripting ploys, and other exploits. While Jawz, Inc., recently announced details of its newly formed Cyber Crime Response Unit. This group will be focused on providing its clients with Computer Incident Response Team (CIRT) capabilities, Computer Crime Investigation and Forensic Analysis, and Forensic Training and Certification. The formation of this new unit, according to Jawz, is in response to lagging cybercrime legislation and a need for e-businesses to defend themselves and respond to any type of security breach.
According to Gartner Group, Inc., governments at all levels have failed to fund resources adequately to address cybercrime, leaving criminals exploiting the Internet unpunished and with little fear of law enforcement. The results of a recent Gartner report reveal that approximately 97 percent of all law enforcement funding for cyber-crime investigation in the United States is spent on about 300 federal agents -- less than 0.1 percent of the 600,000 law enforcement agents serving the United States. In 2000, federal discretionary spending on law enforcement is estimated to be $17 billion. Of that, only $10 million is allocated for computer crime-related training, staffing and support � less than 0.1 percent of all law enforcement-related spending.
Strassmann said that safety measures and legislation project a false sense of security. "Hacking and interference like this is like traffic. There are going to be accidents. Traffic is going to be tied up. People are going to get hurt. People are going to die. There is not a security measure in place that is perfect. For every way to detect [a hack or intrusion] there's a way to circumvent it."
"Hacking is here to stay," continued Strassmann "The best you can do is make it so hard to do that they'll go after some other dummies. The thing that scares hackers more than anything else is that when they do something easily that it is a trap, a sting." He said the most effective way to combat any type of hacker is through aggressive deterrence � going after hackers in sting operations. "Building a moat is not going to work," he said.
In lieu of aggressively pursuing hackers, Granado, who is also the national leader of white hat, ethical hacking for Ernst & Young said there are three crucial steps that a business or organization must take to ensure minimal damage.
"The No. 1 thing you can do to protect yourself against hacking is, obviously, whatever operating system is on the machine that serves your Web site, make sure it's locked down from a security perspective. Make sure all the latest patches are installed, etc. Second, there are a lot of software products out there that can monitor your Web site traffic and keep logs. Review those logs and you might be able to predict a problem before it turns embarrassing. Lastly, it's important that an organization has a process in place for a quick response to any attack. This process will ensure that the site can be quickly brought down in the background and repaired so that business confidence isn't impacted," said Granado.
Let us know what you think about the story, e-mail Kevin Komiega, assistant news editor.