ricardo dominguez on 4 Aug 2000 17:43:47 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] FBI Assessment of Cyber Protest


-----Original Message-----
From: Lancaster, Mike
Sent: Tuesday, August 01, 2000 3:29 PM
To: L_SAC-EAST
Subject: FBI Assessment of Cyber Protest with upcoming events in
US and Australia, others
FYI

FBI ANSIR Program

ANSIR E-MAIL - National Infrastructure Protection Center Information
System Assessment (Assessment 00-051); Potential hacktivism in connection
with certain protest events, July-September 2000

INTRODUCTION

Hacktivism refers to the merging of political activism and computer
hacking. The use of hacktivism has been noted in protest activities
since the Electronic Disturbance Theater (EDT) launched a series of
so-called network direct actions (web page defacements and denial-of
service attacks) against web sites of the Mexican government in1998.
Since then, the larger protest community has shown skills in
computer-based support capabilities for protest events in general,
and network direct actions in particular, both of which have been
increasing steadily.

Hacktivist activities may occur in connection with the following
national and international events:

* Republican National Convention, Philadelphia, July 31 -August 4, 2000
* Democratic National Convention, Los Angeles, August 14-August 17, 2000
* World Economic Forum, Melbourne, Australia, September 11-13, 2000
* 2000 Summer Olympics, Sydney, Australia, September 15-October 1,2000
* IMF & World Bank 55th Annual Summit Prague, Czech Republic, September 26-28, 2000.

THE ROLE OF HACKTIVISM IN PROTEST EVENTS

The only current indication of planned hacktivist activities is a
report  that hackers are targeting computers in Australia and the United
States during the Olympic Games. In addition, interfering with banking and
finance  infrastructures has been identified as possible in conjunction
with protest activities against the IMF & World Bank 55th AnnualSummit.
This limited indication (thus far) of computer network protest activities
 may be the result of growing concern among activists for their own
operational security. However, emerging trends suggest that the
use of computer network ("cyber") protest activities in connection
with upcoming events should not be discounted.

Traditional physical protest activity during the events will likely be
accompanied by various types of cyber disturbance. Protests could
include denial-of-service attacks, web page disruptions and
defacements, and so-called virtual sit-ins (i.e., barraging a targeted web server
with multiple, simultaneous requests, using specialized software
designed for the purpose of overloading the server). Cyber protests
could also target corporate, financial and U. S. government web sites
and computer networks, particularly those related to banking,
finance, or economics. Beyond this rather focused cyber, and parallel
physical protest activity, we do not expect problems which would disable
large segments of U. S. infrastructures.

The use of computers and network direct actions by the protest and
activist community have been increasing. Recent indications include protest
activity targeted at the World Trade Organization, which included
some actions by hactivists (NO2WTO and N30) in Seattle in November and
December, 1999. Some postings by members of protest groups have
discussed the role of hacktivism and ways to employ denial of
service. Additionally, there appears to be increasing ties of hacktivism to
the wider community of computer enthusiasts and  hackers. An example of
heightened security awareness in the hacktivist community is the opening
of the following site in February, 2000:  [http://security.tao.ca]. The
main focus of the site is computer security and activism with an
emphasis on how to "stay safe in an ever-monitored world."

UPCOMING EVENTS

Republican National Convention, Philadelphia, Pennsylvania, July 31-August
4, 2000:

A group identified as the Philadelphia Direct Action Group (PDAG) is
planning a series of activities against the perceived "wrongs" of
the US electoral system. The R2K Network is the umbrella organization
aiming to unite the activities of various organizations demonstrating during
the Republican National Convention. There does not appear to be a
single, shared goal among the protesters. Currently, there are no indications of
network direct actions, as part of the so-called Unity 2000 or J30
events being planned by the protesters.

Independent media coverage has been set up to provide alternative
coverage of the convention.  One objective of this effort is to move
the focus away from the convention floor. A second objective is to
expose the actions of multinational and other corporate entities attempting
to influence convention policy and action decisions. Based on the
increasing priority that independent media centers appear to have
received by protests and activist organizations after N30,  the
coverage will likely attempt to record law enforcement operations,
particularly during the marches, and even more so if physical response
is used by local law enforcement at any time during the protest and activist
events.

Highly effective, relatively low-cost video camera equipment, coupled
with wireless communications and Internet connectivity, can provide
protest and activist groups with the following capabilities:

* First, the ability to capture powerful images of events that can
be documented as captured or edited to portray events from any
perspective organizers may chose.

* Second, is a means for nearly instantaneous, worldwide
dissemination of the orientation these groups may wish to emphasize in employing
the wireless and Internet links. Media coverage helps hacktivists draw
and maintain anonymous support, thereby enhancing their organizational
strength in cyberspace.

The Democratic National Convention, Los Angeles, California,  August
14-17, 2000:

A number of physical protest events are being planned for the
Democratic National Convention. D2K is the umbrella coalition coordinating much
of what is being planned. One report (unconfirmed) indicates planning
is underway to disrupt 911 services during the convention.

The World Economic Forum (WEF), Melbourne, Australia, September 11-13, 2000:

September 11, 2000, ("S11") has been identified as a day to "stand
up to global action." The date coincides with the opening of the World
Economic Forum (WEF) - Asia-Pacific Economic Summit. The S11
Alliance is a network of organizations, affinity groups, and individuals that
share a common concern about the growth of corporate power and direction
of globalization, and which is organizing a week of cooperation, networking
and protest activity against the WEF. At this point there is no indication
of any call for network direct actions in support of S11 activities.

The 2000 Summer Olympics ("Sydney 2000"), September 15-October 1, 2000:

The Anti-Olympics Alliance is opposed to the Olympic Games and is
active inorganizing protests and events to highlight the negative impact of
the games and social injustices.  According to one media report, some
hackers have already been moving in and out of sites related to the
Games, seeking weaknesses they can exploit. The report went on to
indicate that the hackers' main targets will be four massive computer
farms, three in the US and one in Australia, that will carry the
huge traffic expected through Olympic web sites. Corporate sponsors of
the Olympics could also be tempting targets.

International Monetary Fund and World Bank 55th Annual Summit  - Prague,
 Czech Republic, September 26-28, 2000:

September 26, 2000, ("S26") has been identified as a so-called"Global
Day of Action," based on activists' perceptions that the capitalist
system exploits people, societies and the environment for the profit
of a few, and is the prime cause of social and ecological troubles. On
September 26, activists will express their opposition to the World
Bank and the IMF and their policies. The "S26 Global Day of Action"
proceeds from the successes of the previous "Global Days of Action against
capitalism" on June 18 (J18) and November 30 (N30) of last year.
Sabotaging, wrecking, or interfering with infrastructure has been
identified as a possible action in support of S26. Independent media
coverage is being incorporated into the planning of S26 activities.

CONCLUSION

Despite the limited indications of planned hacktivist activities and
targeting of infrastructures, cyber protest activities in conjunction
with some or all of the five upcoming events discussed here may
occur. This assessment is based on the following:
 
The increasing use of computer and network direct actions by the
protest and activist community;
 -  Activists planning  global days  of protest have demonstrated
a heightened concern for security;
-  The effectiveness of using computer network attacks by protesters
to deal with opponents at  the national and international level since J18;
-  Events targeted for protest activities all attract media attention
and are highly visible.

RECOMMENDATION

The NIPC recommends that recipients monitor their information systems
and networks for computer intrusions during the events listed above.
These actions could take the form of intrusions originating or
passing through dial-up connections belonging to both domestic and foreign
Internet service providers, unauthorized system access, unusual or
disruptive E-mail traffic or Web site activity. The effectiveness of
one's computer security procedures should be evaluated. Such
procedures include network intrusion detection, blocking or limiting
unnecessary inbound traffic, regular review of system logs, disabling inactive
user accounts, password and login changes, and ensuring recommended
patches are in place.

Recipients are asked to report, actual or suspected, criminal activity
to their local FBI office or to NIPC, and to your military or civilian
computer incident response group and other law enforcement agencies
as appropriate.  The NIPC website  is located at http://www.nipc.gov.

This FBI Awareness of National Security Issues and Response (ANSIR)
communication is intended for corporate security professionals and
others who have requested to receive unclassified national security
advisories. Individuals who wish to become direct recipients of FBI
ANSIR communications should provide business card information, i.e.
company name, address, phone, fax, etc., to ansir@leo.gov for
processing, with a brief description of the product and/or service
provided by your organization.

Mike


Michael S Lancaster
Assistant Director
Strategic Assessment Center
1710 SAIC Dr McLean VA 22102
703.676.5767 (v) 703.676.4829 (f)
michael.lancaster@saic.com