Feeds

'Virtual sit-in' tests line between DDoS and free speech

Civil disobedience in the digital age

Website security in corporate America

A University of California professor who organized a "virtual sit-in" that targeted the university president's website has been told he may face criminal charges for mounting a distributed denial of service attack.

UC San Diego Professor Ricardo Dominguez spearheaded the March 4 digital protest by calling on demonstrators to visit a webpage that sent a new page request to the UC president's website every one to six seconds. A separate function automatically sent 404 queries to the server. A "spawn" feature allowed participants to run additional pages in another window, multiplying the strain on the targeted website.

"Okay, now just sit back and relax, or open a new browser window and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN THE BACKGROUND, THE LONGER THE BETTER," a help page for the protest instructed.

Dominguez, an associate professor in UC San Diego's visual arts department, said the demonstration was an act of "electronic civil disobedience," a field he's been studying for more than a decade and for which he earned tenure in 2006. He said he's organized or participated in at least 16 similar protests and until now has never been accused of criminal hacking.

One in 2008 protesting the weaponization of nanotechnology even won him a fellowship from the university administrators, he said.

But that's not how campus officials see things now. In a March 9 email, UC San Diego Senior Vice Chancellor Paul Drake informed Dominguez that in response to the action, network administrators were disconnecting the professor's server.

"On March 4, 2010, I received a report from Administrative Computing and Telecommunications (ACT) that you, using the computing resources of CALIT2, launched a denial of service attack against the computer servers at the Office of the President of the University of California," Drake wrote. "I have instructed ACT not to reconnect the server pending a decision from the Office of the President as to whether they intend to initiate criminal or other charges related to this denial of service attack."

University officials declined to comment on the matter.

Dominguez said the virtual sit-in, which coincided with statewide demonstrations protesting some $900m in budget cuts to California education, was the digital equivalent of the types of civil disobedience championed by Henry David Thoreau, Mohandas Gandhi, and Martin Luther King. He said the protests were designed to generate dialogue about social issues and would have only a minor slowing effect on a website with typical resources.

"It's not as if you're a cracker DDoS and using a botnet and then launching, unknown to anybody who is using that machine, an action that effectively takes down the system," Dominguez told The Register. "This, as a hacker once said, is technologically inefficient and ineffective. It is like being pecked to death by a duckling."

Mark Rasch, a former federal prosecutor who is the founder of Secure IT experts in Bethesda, Maryland, said it would be hard to bring a case under US hacking laws.

"In order for there to be a computer crime, there has to be either an intentional denial-of-service or some form of trespass, which would be an unauthorized access," he told The Register. "The problem you have here is if this is a public website, merely going to the website repeatedly is many, many authorized accesses, not an unauthorized access."

Dominguez said he was scheduled to meet with university officials Thursday so they could begin proceedings to determine if there was criminal intent behind the protest. The professor wasn't available at time of writing to discuss the outcome. No criminal charges have been filed in connection to the sit-in. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.