Team 11, Topic 2, Post 2: Hacking and Hacktivism in the 90's

Introduction

With technology on the rise, the 90's produced many types of hacking and hacktivist groups. During this decade, hacking was not solely based on the curiosity of tech-savvy individuals hungry for the knowledge of how a system functioned, rather, it marked the beginning of defining hacking categorically. The emerging hacking groups described themselves as hacker's, cracker's, and hacktivist's. Some took it a step further, classifying the types of hacking they participated in by using he terms white, grey, and black hats, using color representation as a way of describing the purity of their intentions. The rapid growth of these underground groups made society and the government very uneasy.

This article discusses some of the more influential hacking groups that emerged in the 90's. The focus is primarily on hacktivist groups that used cyberspace as their platform for protest and hacking groups that exposed security holes in systems for non-malicious purposes.

Cult of the Dead Cow (cDc) – the 90's

The Cult of the Dead Cow (cDc) hacking group joined in the mid 80's, however, they did not get media attention until the early to mid nineties. cDc started as a text-files group over a bulletin board-based system called Fidonet, discussing technology plans and day-to-day events (Jordan). As technology advanced, they began hacking together and became known as a hacking group, developing later into a hacktivist group (Jordan). They became popular because of the tools they used but largely because of their willingness to discuss their views with the public (Jordan). The group is committed to “digitally correct hacktivism,” and continues to exemplify that in the stand they take against other hacktivist groups that they believe are in violation of these principles (Jordan).

The Cult of the Dead Cow, they coined the phrase “hacktivism,” and the intended use was to “refer to to the development and use of technology to foster human rights and the open exchange of information (Delio).” The cDc believes in the freedom of information and the freedom to communicate (McCaughey). They were the first underground hacker group to own a Usenet newsgroup in 1995, the alt.fan.cult-dead-cow, which they used for their attempt to achieve “global domination through media saturation (Chiesa).”

cDc vs. the Church of Scientology

It was cDc's strong belief in the elimination of censorship that sparked the “war” they declared on the Church of Scientology in 1995. The Church of Scientology attempted to remove alt.religion.scientology from Usenet, claiming copyright infringement (Poor). The cDc did not react well to the request for removal because they believed it was a form of censorship on the internet and that was the precisely what the cDc is against. In response, the cDc issued a statement to the Church of Scientology, proclaiming war (Poor). Once the statement was released by the cDc, the Usenet group, alt.religion.scientology, became extremely popular due to the publicity, people just wanted to know what was there that made the Church of Scientology want it to be removed. The request to remove alt.religion.scientology was ignored and considered a huge defeat for Scientology.

cDc creates Back Orifice

The cDc also grabbed attention in 1998 when they released the first version of a program called Back Orifice (BO) (Jordan). BO, at first glance, does not seem like a program meant to represent a hacktivist message, but according to the cDc, that was its intention.

BO is an “illicit remote-administration tool for Windows-based networks. (Jordan)” It is available online to the public and has a graphical-user-interface, so even a novice can use it. BO works similarly to a trojan horse, attaching itself to another file or imported to the target computer, it runs and installs itself, and finally, deletes the executable file it created following installation (Jordan). The person who installed the trojan horse has total access to the targeted computer, allowing file extraction, program running, and keystroke recording (Jordan).

The cDc had, largely, two reason for creating the software: to force Microsoft and the user's of their operating systems to address the security issues and to inform the user's that the capabilities BO gives the average person are the capabilities Microsoft already has with anyone using their operating systems (Jordan). Politically, the intended message being delivered by the cDc are concerns of security of access and privacy of information (Jordan). The idea was not to suggest that Microsoft was doing any of the spying in their power, but to publicize the situation through the release of BO.

The Haunting of GeoCities and Jim Townsend 1994

In 1994, came the birth of the start-up GeoCities. They offered one megabyte of computer storage space for anyone that wanted to run a website within any of the “neighborhoods” within GeoCities (McCaughey). Anyone who built a website in one of the neighborhoods was called a “homesteader,” and attracting them was essential to the business model, because the more people building GeoCities space, the more valuable the business became (McCaughey). Initially GeoCities did not require user's to give up space for advertising on or around their web pages, instead they counted on the homesteaders to create an alluring site and neighborhood and GeoCities would include an unoffensive amount of advertisements (McCaughey). The ads, however, kept increasing and began to include pop-ups and other forms of aggressive advertisements, driving users away from the “free” service (McCaughey).

In 1999, Yahoo! purchased GeoCities, changing the structure of the service almost entirely. Instead of the user having a free web site to use for their business or otherwise, Yahoo! changed the terms of service to state that they owned whatever content was on any homestead and could do with it whatever they pleased (McCaughey).

In response to this, the user's began to protest the changes. Jim Townsend, a user and contract software developer, created a website called “cometo/boycottyahoo,” which rallied all the user's that wanted to protest the changes in terms. Since so many of the users were computer savvy, within hours of launching the protest site, people began posting banner ads and graphics to help the cause. Townsend was careful to encourage streamlining the ads to address the intellectual property issues at hand. Suddenly, these banner ads overtook GeoCities pages and became known as “The Haunting of GeoCities,” receiving a lot of public attention in the news. In just 3 days, Jim Townsend's page received over one million hits.

By July 6th, one week after the Haunting began, Yahoo! adjusted their terms of service, ending the boycott. This was only 9 days after they began requiring their users to sign the terms of service revision (McCaughey).

Milw0rm 1998

A group of teenage boys from the UK, US, and New Zealand, hacked into the Bhabha Atomic Research Centre (BARC), a nuclear research facility located in India. The facility had nuclear tests planned that were to occur on May 11th – 13th of 1998 and in protest, the boys broke into the BARC system and claimed to have stolen emails and the data from the tests as well as destroyed two of the eight servers data (Mehta). BARC officials denied the events occurred but the public was already nervous about the possibility, wondering if they could adequately handle the responsibility of nuclear weapons if they allowed their system to get hacked (Mehta).

After the repeated denial of the lost data, the boys of Milw0rm began releasing some of the information they stole from BARC online and showing it individuals that admit to seeing the documents. In addition to the data stolen, the group also replaced their homepage with a mushroom cloud and the words: “If a nuclear war does start, you will be the first to scream...." (Mehta).

The boys were never prosecuted in for the take over of the BARC system. According to this article, India believes the US did know about the attack on their nuclear facility and most likely possessed the information obtained by the hackers. The US denies having had any knowledge of the protest/hack occurring.

Electronic Disturbance Theater (EDT)

The Electronic Disturbance Theater is a group of artists and activists that practice what they call “electronic civil disobedience.” Electronic civil disobedience uses tactics from civil disobedience, a group of people blocking space with their bodies to prevent entry, but instead of occupying physical space, they use the internet to create a block virtually. The EDT achieves one of the first forms of electronic civil disobedience by creating FloodNet, also known as the Swarm, combining political action, theory, and artform (Jordan). (McCaughey)

The first major project of the EDT was supporting the Zapatistas rebels in Chiapas, Mexico. The goal was for the Zapatista Army of National Liberation's voices to be heard by the Mexican Government. EDT targeted websites of authorities that appeared to be in support of the repression of the Zapatista uprising (Jordan). They hacked into the Mexican government website in April of 1998 and left messages for the officials and they overloaded their pages by sending enough requests to slow the site down or crash it completely (Jordan).

In June of 1998, EDT attempted to strike the Mexican government with FloodNet again unsuccessfully. They were prepared for the attack and administered one to counter. Once the Mexican government system detected FloodNet it activated a javascript attack that would open webpages on the computer that initialized the attack until the computer crashed, terminating FloodNet.

Electronic Frontier Foundation (EFF)

With technology and hacker communities on the rise, so did the criminal cases and unwarranted surveillance against the confirmed and perceived hacking groups. Three men in the industry recognized the need for the protection of civil liberties. The Electronic Frontier Foundation was founded in 1990 by John Perry Barlow, Mitch Kapor, and John Gilmore. When they announced the forming of the organization, they also informed the public they would be represented Steven Jackson Games and many other bulletin board service users against the United States Secret Service. (Electronic)

The Secret Service orchestrated sequence of raids against recipients of a classified document, copied illegally, and distributed that outlined the way 911 Emergency System works. Steven Jackson Games was one of the raids, confiscating most of the tools and equipment needed for him to continue his business. The Secret Service never found the document and Steven Jackson was innocent and returned his computers, however, he and his staff discovered that electronic messages they had sent to each other had been deleted. Jackson's business was just about bankrupt and he felt his freedom of speech and privacy rights had been violated. (Electronic)

The Jackson case was important in the development of legal frameworks regarding the internet. Following this case, e-mails were regarded with as much privacy as telephone calls and requires a warrant before seizing them. (Electronic)

Conclusion

The 90's brought many changes in the development of hacking and hacktivism, evident in the evolving execution and public policy. During this decade, the preliminary laws, primarily put in place in the 80's, were updated to include more protection for government agencies and businesses. For example, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1986 would no longer suffice to combat the growing security threats and was updated twice. New laws, such as, the Communications Decency Act of 1996 and the National Information Infrastructure Protection Act of 1996, were also added to legislation.

The Counterfeit Access Device and Computer Fraud and Abuse Act (CFAA) was amended in 1994 and 1996. The amendment in 1996 included “non public” to the terms to cover systems that allow the public to access certain parts but not all areas (Computer). More specifically, even though a person is authorized to enter a system they are not authorized to do anything criminal. The lines had already been clearly defined regarding government agencies and their personnel, but now a policy was in place for other agencies.

The National Information Infrastructure Protection Act was an enacted as, somewhat, and extension of the CFAA, providing federal criminal liability if a person was in violation of entering a system, unauthorized, and causing damages. The act contains several major sections outlining the offenses specifically. The first section criminalizes unauthorized access of electronic files of classified government information. The second section forbids taking electronic information from financial, government, or private agencies used in interstate business. The third section abjures the purposeful and unlawful access of private computers in the US government. Finally, the fourth section prohibits the entry of protected computers without permission and with mal intent, unless the person can prove the damages were less then $5,000. (National)

The government wasn't the only organization defining rights in cyberspace, the EFF's co-founder John Perry Barlow wrote a piece that articulates hacktivism in 1996 entitled, “The Declaration of the Independence of Cyberspace.” Barlow's manifesto is written to our government, letting them know they are not welcome to govern cyberspace, that the internet is government free and no one invited them to join us (Electronic). It also seems to be speaking directly to the passing of the Communications Decency Act, which passed the same year, meant to limit the people's freedom of speech if it was deemed indecent, by saying: “In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us...” (Electronic).

As time moves on and we explore the 21st century, many more developments regarding hacktivism and public policy will be discussed. Stay tuned...

Works Cited

Chiesa, Raoul, Stefania Ducci, and Silvio Ciappi. Profiling hackers: the science of criminal profiling as applied to the world of hacking. Boca Raton: Auerbach Publications, 2009. Print.

"Communications Decency Act of 1996." EPIC - Electronic Privacy Information Center. EPIC, n.d. Web. 25 May 2013. <http://epic.org/free_speech/cda/cda.html>.

"Computer Fraud and Abuse Act Summary | US Internet Laws." Cyber Law | Defamation Lawyer | Technology Lawyer | Kelly Warner. Kelly/Warner, n.d. Web. 25 May 2013. <http://www.aaronkellylaw.com/computer-fraud-and-abuse-act-us-summary/>.

Delio, Michelle. "Hacktivism and How It Got Here ." wired.com . N.p., 14 July 2004. Web. 21 May 2013. <http://www.wired.com/techbiz/it/news/2004/07/64193?currentPage=all>.

"Electronic Frontier Foundation." Electronic Frontier Foundation: Defending Your Rights In the Digital World. Electronic Frontier Foundation, n.d. Web. 24 May 2013. <https://www.eff.org/>.

Jordan, Tim, and Paul A. Taylor. Hacktivism and cyberwars: rebels with a cause?. London: Routledge, 2004. Print.

McCaughey, Martha, and Michael D. Ayers. Cyberactivism: online activism in theory and practice. New York: Routledge, 2003. Print.

Mehta, Abhay. "Milworm Bites BARC." outlookindia.com, more than just the news magazine from India. N.p., 22 June 1998. Web. 24 May 2013. <http://www.outlookindia.com/article.aspx?205741>.

"National Information Infrastructure Protection Act Act (NIIPA) of (1996) - Computer, Access, Security, and Government ." Free Encyclopedia of Ecommerce . N.p., n.d. Web. 25 May 2013. <http://ecommerce.hostip.info/pages/769/National-Information-Infrastructure-Protection-Act-NIIPA-1996.html>.

"Poor Mojo Newswire: 1995: Cult of the Dead Cow vs. Scientology." Poor Mojo's Almanac(k). N.p., n.d. Web. 23 May 2013. <http://www.poormojo.org/pmjadaily/archives/020713.php>.