Feeds

'Virtual sit-in' tests line between DDoS and free speech

Civil disobedience in the digital age

The essential guide to IT transformation

A University of California professor who organized a "virtual sit-in" that targeted the university president's website has been told he may face criminal charges for mounting a distributed denial of service attack.

UC San Diego Professor Ricardo Dominguez spearheaded the March 4 digital protest by calling on demonstrators to visit a webpage that sent a new page request to the UC president's website every one to six seconds. A separate function automatically sent 404 queries to the server. A "spawn" feature allowed participants to run additional pages in another window, multiplying the strain on the targeted website.

"Okay, now just sit back and relax, or open a new browser window and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN THE BACKGROUND, THE LONGER THE BETTER," a help page for the protest instructed.

Dominguez, an associate professor in UC San Diego's visual arts department, said the demonstration was an act of "electronic civil disobedience," a field he's been studying for more than a decade and for which he earned tenure in 2006. He said he's organized or participated in at least 16 similar protests and until now has never been accused of criminal hacking.

One in 2008 protesting the weaponization of nanotechnology even won him a fellowship from the university administrators, he said.

But that's not how campus officials see things now. In a March 9 email, UC San Diego Senior Vice Chancellor Paul Drake informed Dominguez that in response to the action, network administrators were disconnecting the professor's server.

"On March 4, 2010, I received a report from Administrative Computing and Telecommunications (ACT) that you, using the computing resources of CALIT2, launched a denial of service attack against the computer servers at the Office of the President of the University of California," Drake wrote. "I have instructed ACT not to reconnect the server pending a decision from the Office of the President as to whether they intend to initiate criminal or other charges related to this denial of service attack."

University officials declined to comment on the matter.

Dominguez said the virtual sit-in, which coincided with statewide demonstrations protesting some $900m in budget cuts to California education, was the digital equivalent of the types of civil disobedience championed by Henry David Thoreau, Mohandas Gandhi, and Martin Luther King. He said the protests were designed to generate dialogue about social issues and would have only a minor slowing effect on a website with typical resources.

"It's not as if you're a cracker DDoS and using a botnet and then launching, unknown to anybody who is using that machine, an action that effectively takes down the system," Dominguez told The Register. "This, as a hacker once said, is technologically inefficient and ineffective. It is like being pecked to death by a duckling."

Mark Rasch, a former federal prosecutor who is the founder of Secure IT experts in Bethesda, Maryland, said it would be hard to bring a case under US hacking laws.

"In order for there to be a computer crime, there has to be either an intentional denial-of-service or some form of trespass, which would be an unauthorized access," he told The Register. "The problem you have here is if this is a public website, merely going to the website repeatedly is many, many authorized accesses, not an unauthorized access."

Dominguez said he was scheduled to meet with university officials Thursday so they could begin proceedings to determine if there was criminal intent behind the protest. The professor wasn't available at time of writing to discuss the outcome. No criminal charges have been filed in connection to the sit-in. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?