ricardo dominguez on 4 Aug 2000 17:43:47 -0000 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
[Nettime-bold] FBI Assessment of Cyber Protest |
-----Original Message-----
From: Lancaster, Mike Sent: Tuesday, August 01, 2000 3:29 PM To: L_SAC-EAST Subject: FBI Assessment of Cyber Protest with upcoming events in US and Australia, others FYI
FBI ANSIR Program ANSIR E-MAIL - National Infrastructure Protection Center Information System Assessment (Assessment 00-051); Potential hacktivism in connection with certain protest events, July-September 2000 INTRODUCTION Hacktivism refers to the merging of political activism and computer hacking. The use of hacktivism has been noted in protest activities since the Electronic Disturbance Theater (EDT) launched a series of so-called network direct actions (web page defacements and denial-of service attacks) against web sites of the Mexican government in1998. Since then, the larger protest community has shown skills in computer-based support capabilities for protest events in general, and network direct actions in particular, both of which have been increasing steadily. Hacktivist activities may occur in connection with the following national and international events: * Republican National Convention, Philadelphia, July 31 -August 4, 2000 * Democratic National Convention, Los Angeles, August 14-August 17, 2000 * World Economic Forum, Melbourne, Australia, September 11-13, 2000 * 2000 Summer Olympics, Sydney, Australia, September 15-October 1,2000 * IMF & World Bank 55th Annual Summit Prague, Czech Republic, September 26-28, 2000. THE ROLE OF HACKTIVISM IN PROTEST EVENTS The only current indication of planned hacktivist activities is a report that hackers are targeting computers in Australia and the
United
States during the Olympic Games. In addition, interfering with banking and finance infrastructures has been identified as possible in conjunction with protest activities against the IMF & World Bank 55th
AnnualSummit.
This limited indication (thus far) of computer network protest activities may be the result of growing concern among activists for their own
operational security. However, emerging trends suggest that the
use of computer network ("cyber") protest activities in
connection
with upcoming events should not be discounted. Traditional physical protest activity during the events will likely be accompanied by various types of cyber disturbance. Protests could include denial-of-service attacks, web page disruptions and defacements, and so-called virtual sit-ins (i.e., barraging a targeted web server with multiple, simultaneous requests, using specialized software designed for the purpose of overloading the server). Cyber protests could also target corporate, financial and U. S. government web sites and computer networks, particularly those related to banking, finance, or economics. Beyond this rather focused cyber, and parallel physical protest activity, we do not expect problems which would disable large segments of U. S. infrastructures. The use of computers and network direct actions by the protest and activist community have been increasing. Recent indications include protest activity targeted at the World Trade Organization, which included some actions by hactivists (NO2WTO and N30) in Seattle in November and December, 1999. Some postings by members of protest groups have discussed the role of hacktivism and ways to employ denial of service. Additionally, there appears to be increasing ties of hacktivism to the wider community of computer enthusiasts and hackers. An example of heightened security awareness in the hacktivist community is the opening of the following site in February, 2000: [http://security.tao.ca]. The main focus of the site is computer security and activism with an emphasis on how to "stay safe in an ever-monitored world." UPCOMING EVENTS Republican National Convention, Philadelphia, Pennsylvania, July 31-August 4, 2000: A group identified as the Philadelphia Direct Action Group (PDAG) is planning a series of activities against the perceived "wrongs" of the US electoral system. The R2K Network is the umbrella organization aiming to unite the activities of various organizations demonstrating during the Republican National Convention. There does not appear to be a single, shared goal among the protesters. Currently, there are no indications of network direct actions, as part of the so-called Unity 2000 or J30 events being planned by the protesters. Independent media coverage has been set up to provide alternative coverage of the convention. One objective of this effort is to move the focus away from the convention floor. A second objective is to expose the actions of multinational and other corporate entities attempting to influence convention policy and action decisions. Based on the increasing priority that independent media centers appear to have received by protests and activist organizations after N30, the coverage will likely attempt to record law enforcement operations, particularly during the marches, and even more so if physical response is used by local law enforcement at any time during the protest and
activist
events. Highly effective, relatively low-cost video camera equipment, coupled with wireless communications and Internet connectivity, can provide protest and activist groups with the following capabilities: * First, the ability to capture powerful images of events that can be documented as captured or edited to portray events from any perspective organizers may chose. * Second, is a means for nearly instantaneous, worldwide dissemination of the orientation these groups may wish to emphasize in employing the wireless and Internet links. Media coverage helps hacktivists draw and maintain anonymous support, thereby enhancing their organizational strength in cyberspace. The Democratic National Convention, Los Angeles, California, August 14-17, 2000: A number of physical protest events are being planned for the Democratic National Convention. D2K is the umbrella coalition coordinating much of what is being planned. One report (unconfirmed) indicates planning is underway to disrupt 911 services during the convention. The World Economic Forum (WEF), Melbourne, Australia, September 11-13, 2000: September 11, 2000, ("S11") has been identified as a day to "stand up to global action." The date coincides with the opening of the World Economic Forum (WEF) - Asia-Pacific Economic Summit. The S11 Alliance is a network of organizations, affinity groups, and individuals that share a common concern about the growth of corporate power and direction of globalization, and which is organizing a week of cooperation, networking and protest activity against the WEF. At this point there is no indication of any call for network direct actions in support of S11
activities.
The 2000 Summer Olympics ("Sydney 2000"), September 15-October 1, 2000: The Anti-Olympics Alliance is opposed to the Olympic Games and is active inorganizing protests and events to highlight the negative impact of the games and social injustices. According to one media report, some hackers have already been moving in and out of sites related to the Games, seeking weaknesses they can exploit. The report went on to indicate that the hackers' main targets will be four massive computer farms, three in the US and one in Australia, that will carry the huge traffic expected through Olympic web sites. Corporate sponsors of the Olympics could also be tempting targets. International Monetary Fund and World Bank 55th Annual Summit - Prague, Czech Republic, September 26-28, 2000:
September 26, 2000, ("S26") has been identified as a so-called"Global Day of Action," based on activists' perceptions that the capitalist system exploits people, societies and the environment for the profit of a few, and is the prime cause of social and ecological troubles. On September 26, activists will express their opposition to the World Bank and the IMF and their policies. The "S26 Global Day of Action" proceeds from the successes of the previous "Global Days of Action against capitalism" on June 18 (J18) and November 30 (N30) of last year. Sabotaging, wrecking, or interfering with infrastructure has been identified as a possible action in support of S26. Independent media coverage is being incorporated into the planning of S26 activities. CONCLUSION Despite the limited indications of planned hacktivist activities and targeting of infrastructures, cyber protest activities in conjunction with some or all of the five upcoming events discussed here may
occur. This assessment is based on the following: The increasing use of computer and network direct actions by the
protest and activist community;
- Activists planning global days of protest have
demonstrated
a heightened concern for security;
- The effectiveness of using computer network attacks by protesters to deal with opponents at the national and international level since J18; - Events targeted for protest activities all attract media attention and are highly visible. RECOMMENDATION The NIPC recommends that recipients monitor their information systems and networks for computer intrusions during the events listed above. These actions could take the form of intrusions originating or passing through dial-up connections belonging to both domestic and foreign Internet service providers, unauthorized system access, unusual or disruptive E-mail traffic or Web site activity. The effectiveness of one's computer security procedures should be evaluated. Such procedures include network intrusion detection, blocking or limiting unnecessary inbound traffic, regular review of system logs, disabling inactive user accounts, password and login changes, and ensuring recommended patches are in place. Recipients are asked to report, actual or suspected, criminal activity to their local FBI office or to NIPC, and to your military or civilian computer incident response group and other law enforcement agencies as appropriate. The NIPC website is located at http://www.nipc.gov. This FBI Awareness of National Security Issues and Response (ANSIR) communication is intended for corporate security professionals and others who have requested to receive unclassified national security advisories. Individuals who wish to become direct recipients of FBI ANSIR communications should provide business card information, i.e. company name, address, phone, fax, etc., to ansir@leo.gov for processing, with a brief description of the product and/or service provided by your organization. Mike Michael S Lancaster Assistant Director Strategic Assessment Center 1710 SAIC Dr McLean VA 22102 703.676.5767 (v) 703.676.4829 (f) michael.lancaster@saic.com |