news center

To the virtual barricades

To the virtual barricades

作者:魏峁  时间:2019-03-07 02:04:00  人气:

By Duncan Graham-Rowe ON 16 August, two weeks before East Timor’s referendum on independence, the East Timorese human rights campaigner José Ramos-Horta delivered an ultimatum to the Indonesian government. If the outcome of the referendum was not upheld, he threatened in the pages of the Thai newspaper The Nation, he would mobilise an army of a hundred teenagers around the world to wreak havoc in Indonesia. By hacking into government computers, they would disrupt vital communications, drain bank accounts, alter flight bookings and redirect military strikes. The government didn’t seem unduly concerned. A senior Indonesian official, interviewed in the Melbourne newspaper The Age four days later, described Horta’s proposal as “terrorism against democracy”. And as this issue goes to press, the cyber army has yet to strike. Horta claims it is waiting for his go-ahead. “I told them I wanted to give the elections a chance,” he told New Scientist. But in the meantime, martial law has been declared in East Timor and untold numbers of people have disappeared or been murdered. The government may have called Horta’s bluff. But his threat is the latest to have sprung from a new union of pressure groups and computer hackers. And while many activists welcome the novel weapon in their armoury, it is still illegal and, some fear, open to abuse. British MP Anne Campbell, who speaks on technological matters, believes that it represents a real threat to democracy. “However much one disapproves of the Indonesian regime, the very idea that a group of hackers can disrupt a country in this way is very scary,” she says. As the hackers hone their skills, says Frank Cilluffo, director of the Task Force on Information Warfare at the Center for Strategic and International Studies in Washington DC, the temptation to hire themselves out as mercenaries may become too great. “It’s when we see this marriage of real hostile intent with real capability that we’re in trouble,” he says. “We haven’t seen this yet, but it’s clearly just a matter of time.” Horta is convinced that this capability exists. According to him, representatives of the hacker group contacted him while he was lecturing in Europe and North America. They told him they were sympathetic and wished to help. Then they gave him a demonstration. “They simply showed me what they can do in terms of accessing bank accounts of Indonesian military people, particularly Suharto,” Horta says. “They can access his bank account, and the banks of the Indonesian military.” Sympathetic insiders Winn Schwartau, founder of the online magazine InfoWar and an organiser of the InfowarCon `99 meeting in Washington DC last week, also thinks that the threat is real. “It’s probably reasonable to assume that there is an insider or two who is sympathetic towards the East Timorese situation,” he says. “Once you’ve got someone, your job is made very easy.” Even without an insider, he says, it can be done—as was demonstrated two years ago when the US Department of Defense conducted a “war game” to test its defences against cyber attacks. In an operation dubbed Eligible Receiver, fifty hackers tried to infiltrate DoD systems using only the simplest of hacking tools. Their task was to simulate an attack from North Korea. Despite the best efforts of the DoD, intelligence and security agencies, and the private sector, says Schwartau, the hackers reduced a virtual electricity grid to 50 per cent effectiveness in just seven days. To pull off such a stunt in Indonesia, he says, would require a highly coordinated effort, possibly involving years of preparation. But that may well have happened. Indonesia has suffered a number of minor hacking attacks in recent years and to Schwartau, it is likely that these were designed to map or test its systems. Planning and organisation are the trademarks of the new breed of hackers. Traditionally, hackers have worked alone or in small groups, often choosing their targets according to the size of the challenge rather than for political expediency. Beating a system’s defences was generally reward enough. But the new generation’s aims are more serious, and go far beyond posting propaganda on websites or clogging networks by bombarding them with e-mails. For those pressure groups that are too small to achieve their aims through traditional means, says Cilluffo, hacking is the great equaliser. And it offers anonymity. “What is significant is the ability to mobilise millions of people—to create and forge worldwide links—and our inability to respond to this,” he says. “Smoking keyboards are hard to find.” Hence the recent growth in “hactivism”. During the riots in London’s financial heart in June, after an anti-Third World debt demonstration turned sour, security software company mi2g reported that up to 10 000 cyber attacks were launched on the City by an international group of hackers calling itself “June18”. Greenpeace, renowned for its use of direct action, says it has never used such tactics but refuses to comment on their possible future use. And John Jackson, director of the pro-democracy Burma Campaign, said that while he wouldn’t encourage such action he fully understands its use in nonviolent situations. To some, hactivism is simply an extension of existing means of protest. “It continues that tradition of trespass and blockage which has been part of the history of civil disobedience since Gandhi and Martin Luther King,” says Ricardo Dominguez, founder of the Electronic Disruption Theater, a US-based group which organises protest “sit-ins” on websites—the use of special programmes to interfere with a website, eventually preventing access. Rising crime But others view hactivism as a serious threat. Last May, for example, the US Department of Energy website, among others, was hacked in retaliation for NATO’s accidental bombing of the Chinese embassy in Belgrade. The FBI and the DoD—which suffers nearly 100 attacks a day—have been forced to set up cyber defence initiatives. And Michael Vatis, assistant director of the FBI and head of its National Infrastructure Protection Center, reports that cyber crimes have doubled each year for the past couple of years, with more than 800 cases now pending. If the British example is anything to go by, this could be the tip of the iceberg. Hardly any of the attacks made on the City of London in June were reported to the police, says a spokeswoman for Britain’s National Criminal Intelligence Service, because most companies are reluctant to publicise the flaws in their security. What’s more, in this type of warfare, Western countries may turn out to be the most vulnerable, because of their high dependence on computers and electronic technology. Viruses pose a particular threat. According to Paul Ducklin, a virus expert with British software company Sophos, any virus that is effective against your enemy is almost certain to be effective against your own computers, too. But Schwartau says that it is possible to limit the damage to specific systems if you can home in on some unique feature of them—a driver, say, or an element of the keyboard. For instance, Horta’s hackers told him they had more than a dozen viruses designed to infect only Indonesian targets. Meanwhile, Horta continues to hold a virtual gun to the head of the Indonesian government. He says he feels morally justified. “I’ve been categorically assured that not one life will be lost,