The Electrohippies' new software works best when used by multiple PCs to attack a single site. "Not only is [cyberactivism] a growing trend, it's also something that is continuing to evolve and increasingly become more complex," says iDefense's Venzke.Venzke is worried that protesters will soon turn to even more nefarious DDOS tools, such as those used by the unidentified hackers who crippled Yahoo (YHOO) , eBay (EBAY) and a handful of other major sites in February. Those attacks were launched by "zombie" servers after DDOS software tools such as Trin00, TFN2k or Stachaldraht were sneaked onto the machines and programmed to attack simultaneously. Such attacks require the efforts of only one hacker at a single PC to infiltrate the software onto the launchpad machines.
"While many of these groups do not support the use of the more dangerous DDOS tool, there are other camps in the cyberactivist community that are distributing them," Venzke says. "In cyberspace you don't have to have another 100 people who believe as you do to move forward with an action to cripple a company."
So are these actions legitimate? The self-proclaimed hacktivists claim they are not terrorists and consider their attacks a form of civil disobedience, arguing that the sophisticated DDOS tools are legal.
"We don't crack computers. We don't attempt to break into servers. What we do is open, and visible for all to see," says the Electrohippies' Mobbs. "The most our efforts will do is stall the server for a few hours – it does no physical damage – although they might need a reboot."
The Electrohippies point out that their new DDOS tool, in contrast to malicious software like Trin00 or Stachaldraht, is still only effective with mass support. "The Electrohippies believe the acts or views perpetrated by the targets of a DOS action must be reprehensible to many in society at large," reads a statement posted on the Web site of the Electronic Civil Disobedience, a sister group to the Electrohippies.
What's more, the group warns its victims before it attacks. It hasn't decided which companies to attack in the April protest; likely targets include Frito-Lay, Haagen-Dazs, McDonald's, Nestle and Procter & Gamble.
To the victims, DOS attacks are tantamount to censorship. "In the final analysis, the denial of service attacks were most of all a disservice to our many users from around the world, who might have found the site slower than usual at the height of the attacks," says the WTO's Carrier. "Personally, I think it is comparable to shutting down newspapers, television and radio stations because you don't like what they are saying."
Even some other hackers are critical of the protesters' methods. "The DDOS attacks of early February [against Occidental] were nothing more than packet-wanking [network pranks usually carried out by mischief-makers] at its finest," wrote a hacker who calls himself "Oxblood ruffin!cDc," a representative of hacker group Cult of the Dead Cow, in a response to the Electronic Civil Disobedience paper. "Denial of service attacks are a violation of the First Amendment, and of the freedoms of expression and assembly. No rationale, even in the service of the highest ideals, makes them anything other than what they are – illegal, unethical, and uncivil."
However, Oxblood discounts the power of DOS protests. "They require a large number of people to become effective, and then they only jostle the Web server so it can't function properly for a time," Oxblood points out. "On a scale of one to 10, this stuff rates about a three."
(Page 2 of 3)
