DoS Attacks = Legitimate Protests?
This month, MasterCard, Visa, PayPal and other organizations that pulled the plug on services for WikiLeaks were hit by a spate of denial-of-service attacks (DoS) for which a grouping of hackers called Anonymous claimed responsibility. "Operation Payback," what the attackers called their take-down, was launched through a distributed network of volunteers whose sheer numbers overloaded the websites.
The ideologically-motivated attacks can be seen as a form of protest, a political statement made in unity. This raises a legal question for the government, what constitutes legitimate -- and protected -- dissent in cyberspace?
Democracies "allow disruptive protests and even deploy the forces of law and order to protect them. That is the price of political freedom, negotiated over many years and subject to many checks and balances," notes The Economist.
Rob Gonggrijp, the founder of the Amsterdam-based Internet provider XS4ALL criticized Anonymous during his keynote at the hacker conference known as the Chaos Communication Congress in Berlin on Dec. 27, and said that more actionable moves have to be taken in the fight to allow greater freedom of information on the Internet. "Whatever our role is, it is certainly not to deny freedom of speech to people or organizations who don't like freedom of speech," he said.
Hackers called out the protests, saying that they could backfire because such attacks would be perceived as non-peaceful. "This will play right into the hands of those who wish to paint us all as threats," said pro-WikiLeaks hacker circle 2600, in a statement, "It certainly does not help WikiLeaks to be associated with such immature and boorish activities any more than it helps the hacker community."
In a rapidly professionalizing hacker scene, Anonymous has been sneered at as an army of "script kiddies" -- the derogatory term used for those who lack the technical know-how to come up with original tricks, and the resulting confidence to claim responsibility for their stunts.
Jester, who claimed responsibility for a denial-of-service attack aimed at disabling WikiLeaks before the release of 250,000 diplomatic cables in November, made sure to distinguish himself from any anonymous masses with this tweet: "Just so we are all straight and clear -- WikiLeaks hit is not a 'Distributed' Dos, it's a simple Dos -- I don't use intermediaries or botnets."
"Anons are just an angry mob with pitchforks and torches, attacking anything that moves," r0d3nt, a hacker friend tweeted to me, when the attackers attacked the wrong target, confusing domain host EasyDNS, with EveryDNS, the domain provider that pulled the plug on the connection between domain name wikileaks.org and the WikiLeaks Web servers.
Anonymity may have been what shot the attackers in the foot. The moral footing for peaceful lawbreaking must be an individual's readiness to claim responsibility and stand up for his actions, The Economist argues. "The furtive, nameless nature of DDoS attacks disqualifies them from protection."