Waging peace on the Internet

Thoughts on Hacktivism from the cDc

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Hacking is a contact sport.
The more people who have contact with one another, the better.
-- Shaolin Punk,
Proxy Boss,

There's an international book burning in progress; the surveillance cameras are rolling; and the water canons are drowning freedom of assembly. But it's not occurring anywhere that television can broadcast to the world. It's happening in cyberspace.

Certain countries censor access to information on the Web through DNS (Domain Name Service) filtering. This is a process whereby politically challenging information is blocked by domain address (the name that appears before the dot-com/net/org suffix, as in Tibet.com, etc.). State censors also filter for politically or socially-unacceptable ideas in e-mail. And individual privacy rights and community gatherings are similarly regulated.

China is often identified as the world's worst offender with its National Firewall and arrests for on-line activity. But the idea that the new Mandarins could have pulled this off by themselves is absurd. The Chinese have aggressively targeted the Western software giants, not only as a means of acquiring technical know-how, but also as agents for influencing Western governments to their advantage through well-established corporate networks of political lobbying. Everything is for sale: names, connections, and even national security.

Witnessing hi-tech firms dive into China is like watching the Gadarene swine. Already fat and greedy beyond belief, the Western technology titans are being herded towards the trough. And with their snouts deep in the feedbag, they haven't quite noticed the bacon being trimmed off their ass. It isn't so much a case of technology transfer as digital strip-mining. Advanced research and technical notes are being handed over to the Chinese without question. It couldn't be going better for the Communists. While bootstrapping their economy with the fruits of Western labor and ingenuity, they gain the tools to prune democracy on the vine.

But to focus on Beijing's strategy misses the larger opportunity of treating the spreading sickness that plagues cyberspace. Cuba not only micromanages its citizens' on-line experience, it has recently refused to sell them computers, the US trade embargo notwithstanding. Most countries indulging in censorship claim to be protecting their citizens from pornographic contagion. But the underlying motive is to prevent challenging opinions from spreading and coalescing through the chokehold of state-sponsored control. This includes banning information that ranges from political opinion, religious witness, "foreign" news, academic and scholarly discovery, news of human rights abuses all the intellectual exchange that an autocratic leadership considers to be destabilizing.

The capriciousness of state-sanctioned censorship is wide-ranging.

* In Zambia, the government attempted to censor information revealing their plans for constitutional referenda.

* In Mauritania - as in most countries - owners of cybercafés are required to supply government intelligence agents with copies of e-mail sent or received at their establishments.

* Even less draconian governments, like Malaysia, have threatened Web-publishers, whose only crime is to publish frequent Web site updates. Timely and relevant information is seen as a threat.

* South Korea's national security law forbids South Koreans from any contact - including contact over the Internet - with their North Korean neighbors.

The risks of accessing or disseminating information are often great.

* In Ukraine, a decapitated body found near the village of Tarachtcha is believed to be that of Georgiy Gongadze, founder and editor of an on-line newspaper critical of the authorities.

* In August 1998, an eighteen year old Turk, Emre Ersoz, was found guilty of "insulting the national police" in an Internet forum after participating in a demonstration that was violently suppressed by the police. His ISP provided the authorities with his address.

* Journalist Miroslav Filipovic has the dubious distinction of having been the first journalist accused of spying because his articles detailed the abuses of certain Yugoslav army units in Kosovo, and were published on the Internet.

These are dangerous trends for all of us. The Cult of the Dead Cow (cDc) and Hacktivismo are not prepared to watch the Internet's lights dim simply because liberal democracies are asleep at the switch.

Our fathers and grandfathers fought wars defending, among other things,­ our right to speak and be heard. They even fought to defend unpopular opinions. It is the unpopular opinions that are most in need of defense. Without them, society would remain unchallenged and unwilling to review core beliefs. It is this tension between received truths and challenging ones that keeps societies healthy and honest. And any attempt at preventing the open exchange of ideas should be seen for what it is:­ censorship.

For the past four years the cDc has been talking about hacktivism. It's a chic word, beloved among journalists and appropriators alike. Yet the meaning is serious. Our definition of hacktivism is, "using technology to advance human rights through electronic media." Many on-line activists claim to be hacktivists, but their tactics are often at odds with what we consider hacktivism to be.

From the cDc's perspective, creation is good; destruction is bad. Hackers should promote the free flow of information, and causing anything to disrupt, prevent, or retard that flow is improper. For instance, cDc does not consider Web defacements or Denial of Service (DoS) attacks to be legitimate hacktivist actions. The former is nothing more than hi-tech vandalism, and the latter, an assault on free speech.

As we begin to challenge state-sponsored censorship of the Internet, we need to get our own house in order. There have to be accepted standards of what constitutes legitimate hacktivism, and what does not. And of course, none of this will be easy. Hacktivism is a very new field of endeavor that doesn't rely on mere technical expedience. We have to find new paradigms. (Tossing the letter E in front of a concept that has meaning in meat-space, to borrow a term from the Electronic Disturbance Theatre, is convenient but rarely meaningful). There is no such thing as electronic civil disobedience. Body mass and large numbers don't count as they do on the street. On the Internet, it's the code that counts, specifically code and programmers with conscience.

We need to start thinking in terms of disruptive compliance rather than civil disobedience if we want to be effective on-line. Disruptive compliance has no meaning outside of cyberspace. Disruptive, of course, refers to disruptive technology, a radically new way of doing things; compliance refers back to the Internet and its original intent of constructive free-flow and openness.

But what disruptively compliant, hacktivist applications shall we write, and more importantly, how shall we write them? There are essentially two ways of writing computer programs: closed/proprietary, and, open/public. In non-technical terms, a closed program would be like a menu item in a restaurant for which there was no recipe. An open program would be like a dish for which every ingredient, proportion, and method of preparation was published. Microsoft is an example of a closed, hi-tech restaurant; Linux is its stellar opposite, an open code cafeteria where all is laid bare. For years the technical community has been raging over the absolutes of closed over open code, an argument only slightly more boring than whether Macs are better than PCs.

The answer to this debate is relative; it leans closer to the user's requirements than to the geek community's biases. If the user wants an inflexible, controlled - and often insecure - experience, then closed is the way to go. But if the user opts for greater variety and freedom from control, then flexible, open code is the only option. The choices are similar, although not equivalent, to living in an authoritarian society as opposed to a free one.

Hacktivism chooses open code, mostly. Although there might be very specific instances where we would choose to obscure or hide code, going by the averages we support the same standards-based, open code methodology that built the Internet in the first place. It is germane that users of hacktivist applications sitting behind national firewalls in China and other repressive regimes are more worried about being caught with 'criminal software' than crashing their computers. End user safety is paramount in such instances, and if closing down code would prevent arrests, then so be it. Techno-correctness is a luxury of the already free.

There are numerous arguments for open code, from the rhapsodic possibilities of the Open Source Initiative, through the demotic juggernaut of the Free Software Foundation, to the debate laden pages of Slashdot with its creditable fetish for better security. And everyone is right in his or her own way. But there is another compelling reason to show the code apart from any technical or philosophical considerations.

The field is getting crowded.

Four years ago when cDc first started talking about hacktivism, most Internet users didn't know, or care, about things like state-sponsored censorship or privacy issues. But now the terrain has changed. Increasingly human rights organizations, religious and political groups, and even software developers, are entering the fray, each for unique reasons. It would be premature to call such an unlikely accretion of stakeholders a coalition. In fact, there is every reason to believe there are greater opportunities for carping over differences than leveraging common cause into shared success. But open code may become the glue that binds.

As more and more disparate groups attempt to loosen dictators' restraints over Internet, it's important to keep focused on their common goals and not petty differences. The more transparent and crystalline their progress towards collective goals becomes, the more likely it is that those objectives will be achieved. Open code, like the open and inclusive nature of democratic discourse itself, will prove to be the lingua franca of hacktivism. And perhaps more importantly, it will demonstrate that hacktivists are waging peace, not war.

In 1968 the Canadian communications guru Marshall McLuhan stated, "World War Three will be a guerilla information war with no division between military and civilian participation."

Anyone who's watched the Web after an international incident knows how true that statement is. Teenagers from China have attacked sites in Taiwan and the U.S., and vice versa, just to name one claque of combatants. And although the exchanges are more annoying than truly damaging, they do support McLuhan's theory. As the Internet erupts into battle zones, Hacktivists could become something akin to a United Nations peacekeeping force. But rather than being identified by blue helmets, they'll be recognized by the openness of their code and the quality and safety of their applications designed to defeat censorship and challenge national propaganda.

One key to countering the cadres of information censors in China and elsewhere is the fluidity of open code projects. Another is through peer-to-peer (P2P) networks. P2P has floated into public awareness mostly as a result of the Napster phenomenon. The 'peers' on the network are computers, and yet not so different from a society of peers in a democracy. Some are more powerful than others, but they all have common attributes. This is in contrast with the traditional, and more pervasive, client/server network mechanism, where little computers go to big ones and ask for something, be it a Web page, an application, or even processing power.

What is most interesting about P2P technologies is that they turn the much-ballyhooed Information Superhighway into a two-way street. Peers become both clients and servers, or 'clervers' as one naming convention has it. Files can be shared, a la Napster; or processes from one or many partner computers can be strung together to create supercomputers, among other things. What makes these systems attractive to hacktivist developers is they are difficult to shut down. Large central servers are easy to locate and take down. But clouds of peers in numerous arrays springing up around the datascape are far more problematic.

This is not to say that P2P networks are invincible. Napster got shut down. But when the salt is out of the shaker, it's hard to get it back in. With Naptser down, a legion of even more powerful file-trading devices arose to take its place. The fact that Napster was easy to use and didn't require a steep learning curve was also key to its success, other convergences notwithstanding. This is fundamental to anyone hoping to appeal to non-technical users, many of whom are partially blinded and deafened by national firewalls.

The target user is socially engaged, but not necessarily technically adept. Beneath the surface the programs can be as complicated as you please, but on top, from the functionality/usability perspective, the apps have to be dead simple and easy to use. And they have to be trustworthy.

Here is where the Napster analogy breaks down. Trust was never a paramount factor in using the application. It was a fun loving network developed on the free side of the firewall, where users' greatest worries were, a) Can I find what I want? b) How long will it take to download? c) Is it of good quality? and, d) Do I have time to download four more tunes before I go to the keg party?

No one ever had to ask, a) If I'm caught using this, will I be arrested? b) Is this application good for ten years in jail?

Having millions of students on the Napster network made sense because the more users there are on-line, the larger the lending library becomes. Users behind national firewalls cannot be so casual. Having millions of users on a network may be one thing, but only a fool would trust more than his or her closest friends when the consequences of entrapment are so high. Thus, carefree peer-to-peer networks are replaced by careful hacktivist-to-hacktivist (H2H) networks.

H2H networks are like nuclear families living in large communities. Everyone may live in the same area, but each family has its own home where the doors open, close, and lock. And occasionally, a family member will bring someone new home. Everyone will sit around the living room, and if all goes well, the guest will be shown the library, perhaps, and maybe even someone's bedroom. All of this is based on earned trust. H2H networks will operate along these lines, where families will share a space and grant permission to one another as well as to certain visitors. The greater the trust, the more permissions will be granted; and for guests visiting the home, trust will be earned incrementally.

This model is already in existence, more or less. Using the Internet to communicate between known and trusted computers is a fact of business life. Virtual Private Networks are used daily to communicate sensitive and proprietary data. The same can be done by taking elements of this model and marrying them to H2H network development. But saying is not doing, and even the best marriages can unravel and fail. It's important to realize these things are possible but have never been done before.

Building H2H networks is not just a matter of guessing at how particular technologies will respond under fire. Hackers must know what users in the field need. We have been telling anyone who will listen that hackers, grassroots activists, and other parties who care about Internet freedom and the growth of democracy must partner up and work together.

Hacktivismo has been working with Chinese hackers and human rights workers, and the collaboration has been both fruitful and energizing. Occasionally there are cultural conflicts, but this has nothing to do with where anyone was born, and everything to do with how people get things done. Hackers tend towards MIT professor Dave Clark's credo which states, "We reject: kings, presidents, and voting. We believe in: rough consensus and running code." Trust will come as development partners begin working more closely and learning that we aren't so different as we appear at the surface.

Research and development is phase one. Then comes distribution. Hackers have never had a problem distributing software. If you write something worth running, it will end up in every corner of the globe, something else we've learned from experience.

Leveraging existing distribution channels with those of our partners will ensure that users who most need liberating software will get it. Some human rights organizations have vast e-mail databases that will become increasingly invaluable for raising awareness, and in some instances, act as a distribution layer. Other areas of co-operation are also possible, especially in translations for non-English users where documentation and re-skinning U.I.s [the process of replacing the user interface of an application from, say, English to Chinese, or Arabic, etc.] will take development to ever-wider usefulness.

Last, although certainly not least, we need to acknowledge the Chinese government for their unwitting contributions to Hacktivismo's work. After reverse engineering some of their fundamental technologies we've discovered a few cracks where the light might shine through. But it does raise the question: why are we put in the position of doing this work? With billions of dollars in government budgets at their disposal, when are the world's liberal democracies going to put some of their resources into opening up the Internet? We know they don't care about human rights policy when it conflicts with jobs at home; but what about international security? As Beijing continues to play the patriotism card domestically, a more open Internet could diffuse traditional xenophobia through greater one-on-one interaction on-line.

But until Western governments become engaged, the main challenge for hackers is to keep focused on the goal of liberating the Internet. We realize that, but for the grace of God, we could be sitting on the other side of the firewall. It's a sentiment that is being picked up, although it would be a lie to say that thousands of hackers want to get into the game.

Still, enough are beginning to take up this cause that we should be able to see results, if new partnerships hold. There's a new generation of freedom fighters, sitting behind computers, who believe that it can be done. ®

Related Links

The Hacktivismo Declaration
Reporters Without Frontiers
The Free Software Foundation
The Open Source Initiative

About the cDc
Based in Lubbock, Texas, the Cult of the Dead Cow (cDc) was founded in 1984 and is the most influential group of hackers on the Internet. The cDc is dedicated to protecting the online privacy rights of all Internet users. Its mission is to eliminate the abuse of Internet privacy that is rampant in the United States and throughout the world. For more information on the cDc, please visit www.cultdeadcow.com

About Hacktivismo
Hacktivismo is a special group within the cDc committed to developing technologies in support of the highest standards of human rights. It is comprised of hackers, human rights workers, and artists from North America, Europe, Israel, Taiwan, and the People's Republic of China. For more information, please visit www.hacktivismo.com

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.