Over the next two weeks, a group calling itself the Electrohippies Collective plans a campaign of online disruption designed to send a warning to companies involved in genetically modifying plants and animals. The planned attack represents an escalation in the online battles between radical-left activists and their targets, often multinational corporations.The Electrohippies have distributed a new client-side "distributed denial of service" – or DDOS – tool, a weapon that can be used from any PC, as opposed to earlier versions that ran on a server.
In the last few years, groups protesting everything from nuclear tests in India to China's human-rights record have hijacked Web sites to broadcast their messages. But as activists step up their use of the Net as a protest vehicle, cyber protests are evolving from standard Web site defacements – which are often annoying rather than destructive – to all-out wars. Online campaigners like the Electrohippies are becoming more aggressive and sophisticated, with mass e-mail messages that bombard companies, DDOS attacks to interrupt Web sites, and posts of negative comments on message boards in attempts to deflate stock prices.
Renewed interest in "hacktivism" was sparked by the widely publicized campaign late last year against Net company eToys.com over its trademark infringement lawsuit against Etoy.com, a conceptual art group in Switzerland. After Etoy.com refused to sell its domain to eToys for $500,000, the U.S. online toy retailer sparked a furor among online activists when it got an injunction against Etoy.com prohibiting it from using the domain name. Not only did protesters use DOS tools against eToys in the weeks leading up to Christmas, they flooded financial message boards with negative information about eToys in an effort to trash its stock.
EToys' share price plunged from $67 per share in late November to around $10 a share in late March – a slump which has more to do with stiff competition and a general downturn in the e-retail market than the protest campaign. Nonetheless, Santa Monica, Calif.-based eToys eventually dropped its lawsuit and agreed to reimburse the Swiss group up to $40,000 in legal fees.
Another group, the Federation of Random Action, launched a DDOS attack in February against two Occidental Petroleum (OXY) sites and a third site run by Fidelity Investments, an Occidental shareholder, says Ben Venzke, manager of intelligence production at iDefense, an Alexandria, Va.-based security firm. The group is protesting Occidental's plans to explore for oil in Colombia on what the U'wa tribe says is its ancestral land.
Fidelity spokesman Vin Loporchio says the company was aware of the protest plans, but declines to comment on whether Fidelity took any measures to counter an attack. "We have no issues on the Web site," says Loporchio. "It's business as usual."
Indeed, most targeted sites downplay the effects of cyber protests. During the World Trade Organization meeting in Seattle last November, the WTO was able to fend off a DDOS attack in which several million hits bombarded the site each day, says WTO spokesman Jean-Guy Carrier. "The site always remained accessible to the thousands of regular users despite the denial of service attacks," he says.
Protest groups acknowledge the limitations of their current methods. It takes at least a few thousand hits to make a dent in a target server's bandwidth, says the Electrohippies' U.K. spokesman Paul Mobbs. It takes 15,000 to 30,000 people using the tool simultaneously to have a noticeable impact.
That's why the group is working to refine its weapons. Protest groups are improving DDOS software programs to make them easier to use – and harder to stop.
(Page 1 of 3)
