ricardo dominguez on 6 Aug 2000 02:27:08 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> FBI Assessment of Cyber Protest

-----Original Message-----
From: Lancaster, Mike
Sent: Tuesday, August 01, 2000 3:29 PM
Subject: FBI Assessment of Cyber Protest with upcoming events in
US and Australia, others



ANSIR E-MAIL - National Infrastructure Protection Center Information
System Assessment (Assessment 00-051); Potential hacktivism in 
connection with certain protest events, July-September 2000


Hacktivism refers to the merging of political activism and computer
hacking. The use of hacktivism has been noted in protest activities
since the Electronic Disturbance Theater (EDT) launched a series of
so-called network direct actions (web page defacements and denial-of
service attacks) against web sites of the Mexican government in1998.
Since then, the larger protest community has shown skills in
computer-based support capabilities for protest events in general, and
network direct actions in particular, both of which have been
increasing steadily.

Hacktivist activities may occur in connection with the following
national and international events:

* Republican National Convention, Philadelphia, July 31 -August 4,
* 2000 Democratic National Convention, Los Angeles, August 14-August
* 17, 2000 World Economic Forum, Melbourne, Australia, September
* 11-13, 2000 2000 Summer Olympics, Sydney, Australia, September
* 15-October 1,2000 IMF & World Bank 55th Annual Summit Prague, Czech
* Republic, September 
26-28, 2000.


The only current indication of planned hacktivist activities is a
report  that hackers are targeting computers in Australia and the
United States during the Olympic Games. In addition, interfering with
banking  and finance  infrastructures has been identified as possible
in conjunction with protest activities against the IMF & World Bank
55th AnnualSummit.  This limited indication (thus far) of computer
network protest  activities may be the result of growing concern
among activists for their own operational security. However,
emerging trends suggest that the use of computer network ("cyber")
protest activities in connection with upcoming events should not be

Traditional physical protest activity during the events will likely be
accompanied by various types of cyber disturbance. Protests could
include denial-of-service attacks, web page disruptions and
defacements, and so-called virtual sit-ins (i.e., barraging a targeted
 web server with multiple, simultaneous requests, using specialized
software designed for the purpose of overloading the server). Cyber
protests could also target corporate, financial and U. S. government
web sites and computer networks, particularly those related to
banking, finance, or economics. Beyond this rather focused cyber, and
parallel physical protest activity, we do not expect problems which
would disable large segments of U. S. infrastructures.

The use of computers and network direct actions by the protest and
activist community have been increasing. Recent indications include 
protest activity targeted at the World Trade Organization, which
included some actions by hactivists (NO2WTO and N30) in Seattle in
November and December, 1999. Some postings by members of protest
groups have discussed the role of hacktivism and ways to employ denial
of service. Additionally, there appears to be increasing ties of
hacktivism  to the wider community of computer enthusiasts and
hackers. An example of heightened security awareness in the hacktivist
community is the opening of the following site in February, 2000:
[http://security.tao.ca]. The main focus of the site is computer
security and activism with an emphasis on how to "stay safe in an
ever-monitored world."


Republican National Convention, Philadelphia, Pennsylvania, July 
31-August 4, 2000:

A group identified as the Philadelphia Direct Action Group (PDAG) is
planning a series of activities against the perceived "wrongs" of the
US electoral system. The R2K Network is the umbrella organization
aiming to unite the activities of various organizations demonstrating
 during the Republican National Convention. There does not appear to
be a single, shared goal among the protesters. Currently, there are no
 indications of network direct actions, as part of the so-called
Unity 2000 or J30 events being planned by the protesters.

Independent media coverage has been set up to provide alternative
coverage of the convention.  One objective of this effort is to move
the focus away from the convention floor. A second objective is to
expose the actions of multinational and other corporate entities 
attempting to influence convention policy and action decisions. Based
on the increasing priority that independent media centers appear to
have received by protests and activist organizations after N30,  the
coverage will likely attempt to record law enforcement operations,
particularly during the marches, and even more so if physical
response is used by local law enforcement at any time during the
protest and  activist events.

Highly effective, relatively low-cost video camera equipment, coupled
with wireless communications and Internet connectivity, can provide
protest and activist groups with the following capabilities:

* First, the ability to capture powerful images of events that can
be documented as captured or edited to portray events from any
perspective organizers may chose.

* Second, is a means for nearly instantaneous, worldwide
dissemination of the orientation these groups may wish to emphasize in
 employing the wireless and Internet links. Media coverage helps
hacktivists draw and maintain anonymous support, thereby enhancing
their organizational strength in cyberspace.

The Democratic National Convention, Los Angeles, California,  August
14-17, 2000:

A number of physical protest events are being planned for the
Democratic National Convention. D2K is the umbrella coalition 
coordinating much of what is being planned. One report (unconfirmed)
indicates planning is underway to disrupt 911 services during the

The World Economic Forum (WEF), Melbourne, Australia, September 11-13,

September 11, 2000, ("S11") has been identified as a day to "stand up
to global action." The date coincides with the opening of the World
Economic Forum (WEF) - Asia-Pacific Economic Summit. The S11 Alliance
is a network of organizations, affinity groups, and individuals  that
share a common concern about the growth of corporate power and
direction of globalization, and which is organizing a week of
cooperation,  networking and protest activity against the WEF. At
this point there is no  indication of any call for network direct
actions in support of S11 activities.

The 2000 Summer Olympics ("Sydney 2000"), September 15-October 1, 2000:

The Anti-Olympics Alliance is opposed to the Olympic Games and is
active inorganizing protests and events to highlight the negative
impact  of the games and social injustices.  According to one media
report, some hackers have already been moving in and out of sites
related to the Games, seeking weaknesses they can exploit. The report
went on to indicate that the hackers' main targets will be four
massive computer farms, three in the US and one in Australia, that
will carry the huge traffic expected through Olympic web sites.
Corporate sponsors of the Olympics could also be tempting targets.

International Monetary Fund and World Bank 55th Annual Summit  -
Prague, Czech Republic, September 26-28, 2000:

September 26, 2000, ("S26") has been identified as a so-called"Global
Day of Action," based on activists' perceptions that the capitalist
system exploits people, societies and the environment for the profit
of a few, and is the prime cause of social and ecological troubles. On
September 26, activists will express their opposition to the World
Bank and the IMF and their policies. The "S26 Global Day of Action"
proceeds from the successes of the previous "Global Days of Action 
against capitalism" on June 18 (J18) and November 30 (N30) of last
year.  Sabotaging, wrecking, or interfering with infrastructure has
been identified as a possible action in support of S26. Independent
media coverage is being incorporated into the planning of S26


Despite the limited indications of planned hacktivist activities and
targeting of infrastructures, cyber protest activities in conjunction
with some or all of the five upcoming events discussed here may
occur. This assessment is based on the following:

The increasing use of computer and network direct actions by the
protest and activist community;
-  Activists planning  global days  of protest have demonstrated
a heightened concern for security;
-  The effectiveness of using computer network attacks by protesters
to deal with opponents at  the national and international level since 
-  Events targeted for protest activities all attract media attention
and are highly visible.


The NIPC recommends that recipients monitor their information systems
and networks for computer intrusions during the events listed above.
These actions could take the form of intrusions originating or passing
through dial-up connections belonging to both domestic and  foreign
Internet service providers, unauthorized system access, unusual or
disruptive E-mail traffic or Web site activity. The effectiveness of
one's computer security procedures should be evaluated. Such
procedures include network intrusion detection, blocking or limiting
unnecessary inbound traffic, regular review of system logs, disabling
 inactive user accounts, password and login changes, and ensuring
recommended patches are in place.

Recipients are asked to report, actual or suspected, criminal activity
to their local FBI office or to NIPC, and to your military or civilian
computer incident response group and other law enforcement agencies
as appropriate.  The NIPC website  is located at http://www.nipc.gov.

This FBI Awareness of National Security Issues and Response (ANSIR)
communication is intended for corporate security professionals and
others who have requested to receive unclassified national security
advisories. Individuals who wish to become direct recipients of FBI
ANSIR communications should provide business card information, i.e.
company name, address, phone, fax, etc., to ansir@leo.gov for
processing, with a brief description of the product and/or service
provided by your organization.


Michael S Lancaster
Assistant Director
Strategic Assessment Center
1710 SAIC Dr McLean VA 22102
703.676.5767 (v) 703.676.4829 (f)

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net