Introduction
With technology on the rise, the 90's
produced many types of hacking and hacktivist groups. During this
decade, hacking was not solely based on the curiosity of tech-savvy
individuals hungry for the knowledge of how a system functioned,
rather, it marked the beginning of defining hacking categorically.
The emerging hacking groups described themselves as hacker's,
cracker's, and hacktivist's. Some took it a step further, classifying
the types of hacking they participated in by using he terms white,
grey, and black hats, using color representation as a way of
describing the purity of their intentions. The
rapid growth of these underground groups made society and the
government very uneasy.
This article discusses some of the more
influential hacking groups that emerged in the 90's. The focus is
primarily on hacktivist groups that used cyberspace as their platform
for protest and hacking groups that exposed security holes in systems
for non-malicious purposes.
Cult of the Dead Cow (cDc) – the 90's
The Cult of the Dead Cow (cDc) hacking
group joined in the mid 80's, however, they did not get media
attention until the early to mid nineties. cDc started as a
text-files group over a bulletin board-based system called Fidonet,
discussing technology plans and day-to-day events (Jordan). As
technology advanced, they began hacking together and became known as
a hacking group, developing later into a hacktivist group (Jordan).
They became popular because of the tools they used but largely
because of their willingness to discuss their views with the public
(Jordan). The group is committed to “digitally correct hacktivism,”
and continues to exemplify that in the stand they take against other
hacktivist groups that they believe are in violation of these
principles (Jordan).
The Cult of the Dead Cow, they coined
the phrase “hacktivism,” and the intended use was to “refer to
to the development and use of technology to foster human rights and
the open exchange of information (Delio).” The cDc believes in the
freedom of information and the freedom to communicate (McCaughey).
They were the first underground hacker group to own a Usenet
newsgroup in 1995, the alt.fan.cult-dead-cow, which they used for
their attempt to achieve “global domination through media
saturation (Chiesa).”
cDc vs. the
Church of Scientology
It was cDc's strong belief in the
elimination of censorship that sparked the “war” they declared on
the Church of Scientology in 1995. The Church of Scientology
attempted to remove alt.religion.scientology from Usenet, claiming
copyright infringement (Poor). The cDc did not react well to the
request for removal because they believed it was a form of censorship
on the internet and that was the precisely what the cDc is against.
In response, the cDc issued a
statement
to the Church of Scientology, proclaiming war (Poor). Once the
statement was released by the cDc, the Usenet group,
alt.religion.scientology, became extremely popular due to the
publicity, people just wanted to know what was there that made the
Church of Scientology want it to be removed. The request to remove
alt.religion.scientology was ignored and considered a huge defeat for
Scientology.
cDc creates
Back Orifice
The cDc also grabbed attention in 1998
when they released the first version of a program called Back Orifice
(BO) (Jordan). BO, at first glance, does not seem like a program
meant to represent a hacktivist message, but according to the cDc,
that was its intention.
BO is an “illicit
remote-administration tool for Windows-based networks. (Jordan)” It
is available online to the public and has a graphical-user-interface,
so even a novice can use it. BO works similarly to a trojan horse,
attaching itself to another file or imported to the target computer,
it runs and installs itself, and finally, deletes the executable file
it created following installation (Jordan). The person who installed
the trojan horse has total access to the targeted computer, allowing
file extraction, program running, and keystroke recording (Jordan).
The cDc had, largely, two reason for
creating the software: to force Microsoft and the user's of their
operating systems to address the security issues and to inform the
user's that the capabilities BO gives the average person are the
capabilities Microsoft already has with anyone using their operating
systems (Jordan). Politically, the intended message being delivered
by the cDc are concerns of security of access and privacy of
information (Jordan). The idea was not to suggest that Microsoft was
doing any of the spying in their power, but to publicize the
situation through the release of BO.
The Haunting of GeoCities and Jim Townsend 1994
In 1994, came the birth of the start-up
GeoCities. They offered one megabyte of computer storage space for
anyone that wanted to run a website within any of the “neighborhoods”
within GeoCities (McCaughey). Anyone who built a website in one of
the neighborhoods was called a “homesteader,” and attracting them
was essential to the business model, because the more people building
GeoCities space, the more valuable the business became (McCaughey).
Initially GeoCities did not require user's to give up space for
advertising on or around their web pages, instead they counted on the
homesteaders to create an alluring site and neighborhood and
GeoCities would include an unoffensive amount of advertisements
(McCaughey). The ads, however, kept increasing and began to include
pop-ups and other forms of aggressive advertisements, driving users
away from the “free” service (McCaughey).
In 1999, Yahoo! purchased GeoCities,
changing the structure of the service almost entirely. Instead of the
user having a free web site to use for their business or otherwise,
Yahoo! changed the terms of service to state that they owned whatever
content was on any homestead and could do with it whatever they
pleased (McCaughey).
In response to this, the user's began
to protest the changes. Jim Townsend, a user and contract software
developer, created a website called “cometo/boycottyahoo,” which
rallied all the user's that wanted to protest the changes in terms.
Since so many of the users were computer savvy, within hours of
launching the protest site, people began posting banner ads and
graphics to help the cause. Townsend was careful to encourage
streamlining the ads to address the intellectual property issues at
hand. Suddenly, these banner ads overtook GeoCities pages and became
known as “The Haunting of GeoCities,” receiving a lot of public
attention in the news. In just 3 days, Jim Townsend's page received
over one million hits.
By July 6th, one week after the
Haunting began, Yahoo! adjusted their terms of service, ending the
boycott. This was only 9 days after they began requiring their users
to sign the terms of service revision (McCaughey).
Milw0rm 1998
A group of teenage boys from the UK,
US, and New Zealand, hacked into the Bhabha Atomic Research Centre
(BARC), a nuclear research facility located in India. The facility
had nuclear tests planned that were to occur on May 11th – 13th of
1998 and in protest, the boys broke into the BARC system and claimed
to have stolen emails and the data from the tests as well as
destroyed two of the eight servers data (Mehta). BARC officials
denied the events occurred but the public was already nervous about
the possibility, wondering if they could adequately handle the
responsibility of nuclear weapons if they allowed their system to get
hacked (Mehta).
After the repeated denial of the lost
data, the boys of Milw0rm began releasing some of the information
they stole from BARC online and showing it individuals that admit to
seeing the documents. In addition to the data stolen, the group also
replaced their homepage with a mushroom cloud and the words: “If a
nuclear war does start, you will be the first to scream...."
(Mehta).
The boys were never prosecuted in for
the take over of the BARC system. According to
this
article, India believes the US did know about the attack on their
nuclear facility and most likely possessed the information obtained
by the hackers. The US denies having had any knowledge of the
protest/hack occurring.
Electronic Disturbance Theater (EDT)
The Electronic Disturbance Theater is a
group of artists and activists that practice what they call
“electronic civil disobedience.” Electronic civil disobedience
uses tactics from civil disobedience, a group of people blocking
space with their bodies to prevent entry, but instead of occupying
physical space, they use the internet to create a block virtually.
The EDT achieves one of the first forms of electronic civil
disobedience by creating FloodNet, also known as the Swarm, combining
political action, theory, and artform (Jordan). (McCaughey)
The first major project of the EDT was
supporting the Zapatistas rebels in Chiapas, Mexico. The goal was for
the Zapatista Army of National Liberation's voices to be heard by the
Mexican Government. EDT targeted websites of authorities that
appeared to be in support of the repression of the Zapatista uprising
(Jordan). They hacked into the Mexican government website in April of
1998 and left messages for the officials and they overloaded their
pages by sending enough requests to slow the site down or crash it
completely (Jordan).
In June of 1998, EDT attempted to
strike the Mexican government with FloodNet again unsuccessfully.
They were prepared for the attack and administered one to counter.
Once the Mexican government system detected FloodNet it activated a
javascript attack that would open webpages on the computer that
initialized the attack until the computer crashed, terminating
FloodNet.
Electronic Frontier Foundation (EFF)
With technology and hacker communities
on the rise, so did the criminal cases and unwarranted surveillance
against the confirmed and perceived hacking groups. Three men in the
industry recognized the need for the protection of civil liberties.
The Electronic Frontier Foundation was founded in 1990 by John Perry
Barlow, Mitch Kapor, and John Gilmore. When they announced the
forming of the organization, they also informed the public they would
be represented Steven Jackson Games and many other bulletin board
service users against the United States Secret Service. (
Electronic)
The Secret Service orchestrated
sequence of raids against recipients of a classified document, copied
illegally, and distributed that outlined the way 911 Emergency System
works. Steven Jackson Games was one of the raids, confiscating most
of the tools and equipment needed for him to continue his business.
The Secret Service never found the document and Steven Jackson was
innocent and returned his computers, however, he and his staff
discovered that electronic messages they had sent to each other had
been deleted. Jackson's business was just about bankrupt and he felt
his freedom of speech and privacy rights had been violated.
(Electronic)
The Jackson case was important in the
development of legal frameworks regarding the internet. Following
this case, e-mails were regarded with as much privacy as telephone
calls and requires a warrant before seizing them. (Electronic)
Conclusion
The 90's brought many changes in the
development of hacking and hacktivism, evident in the evolving
execution and public policy. During this decade, the preliminary
laws, primarily put in place in the 80's, were updated to include
more protection for government agencies and businesses. For example,
t
he Counterfeit Access
Device and Computer Fraud and Abuse Act of 1986 would no longer
suffice to combat the growing security threats and was updated twice.
New laws, such as, the
Communications
Decency Act of 1996 and the
National
Information Infrastructure Protection Act of 1996, were also
added to legislation.
The Counterfeit Access Device and
Computer Fraud and Abuse Act (CFAA) was amended in 1994 and 1996. The
amendment in 1996 included “non public” to the terms to cover
systems that allow the public to access certain parts but not all
areas (Computer). More specifically, even though a person is
authorized to enter a system they are not authorized to do anything
criminal. The lines had already been clearly defined regarding
government agencies and their personnel, but now a policy was in
place for other agencies.
The National Information Infrastructure
Protection Act was an enacted as, somewhat, and extension of the
CFAA, providing federal criminal liability if a person was in
violation of entering a system, unauthorized, and causing damages.
The act contains several major sections outlining the offenses
specifically. The first section criminalizes unauthorized access of
electronic files of classified government information. The second
section forbids taking electronic information from financial,
government, or private agencies used in interstate business. The
third section abjures the purposeful and unlawful access of private
computers in the US government. Finally, the fourth section prohibits
the entry of protected computers without permission and with mal
intent, unless the person can prove the damages were less then
$5,000. (National)
The government wasn't the only
organization defining rights in cyberspace, the EFF's co-founder John
Perry Barlow wrote a piece that articulates hacktivism in 1996
entitled, “
The
Declaration of the Independence of Cyberspace.” Barlow's
manifesto is written to our government, letting them know they are
not welcome to govern cyberspace, that the internet is government
free and no one invited them to join us (Electronic). It also seems
to be speaking directly to the passing of the Communications Decency
Act, which passed the same year, meant to limit the people's freedom
of speech if it was deemed indecent, by saying: “
In
the United States, you have today created a law, the
Telecommunications Reform Act, which repudiates your own Constitution
and insults the dreams of Jefferson, Washington, Mill, Madison,
DeToqueville, and Brandeis. These dreams must now be born anew in
us...” (Electronic).
As
time moves on and we explore the 21st century, many more developments
regarding hacktivism and public policy will be discussed. Stay
tuned...
Works Cited
Chiesa, Raoul, Stefania Ducci, and
Silvio Ciappi. Profiling hackers: the science of criminal
profiling as applied to the world of hacking. Boca Raton:
Auerbach Publications, 2009. Print.
"Communications Decency Act of
1996." EPIC - Electronic Privacy Information Center.
EPIC, n.d. Web. 25 May 2013.
<http://epic.org/free_speech/cda/cda.html>.
"Computer Fraud and Abuse Act
Summary | US Internet Laws." Cyber Law | Defamation Lawyer |
Technology Lawyer | Kelly Warner. Kelly/Warner, n.d. Web. 25 May
2013.
<http://www.aaronkellylaw.com/computer-fraud-and-abuse-act-us-summary/>.
Delio, Michelle. "Hacktivism and
How It Got Here ." wired.com . N.p., 14 July 2004. Web.
21 May 2013.
<http://www.wired.com/techbiz/it/news/2004/07/64193?currentPage=all>.
"Electronic Frontier Foundation."
Electronic Frontier Foundation: Defending Your Rights In the
Digital World. Electronic Frontier Foundation, n.d. Web. 24 May
2013. <https://www.eff.org/>.
Jordan, Tim, and Paul A. Taylor.
Hacktivism and cyberwars: rebels with a cause?. London:
Routledge, 2004. Print.
McCaughey, Martha, and Michael D.
Ayers. Cyberactivism: online activism in theory and practice.
New York: Routledge, 2003. Print.
Mehta, Abhay. "Milworm Bites
BARC." outlookindia.com, more than just the news magazine
from India. N.p., 22 June 1998. Web. 24 May 2013.
<http://www.outlookindia.com/article.aspx?205741>.
"National Information
Infrastructure Protection Act Act (NIIPA) of (1996) - Computer,
Access, Security, and Government ." Free Encyclopedia of
Ecommerce . N.p., n.d. Web. 25 May 2013.
<http://ecommerce.hostip.info/pages/769/National-Information-Infrastructure-Protection-Act-NIIPA-1996.html>.
"Poor Mojo Newswire: 1995: Cult of
the Dead Cow vs. Scientology." Poor Mojo's Almanac(k).
N.p., n.d. Web. 23 May 2013.
<http://www.poormojo.org/pmjadaily/archives/020713.php>.
