KEEPING THE AMATEUR ROGUE OUT OF THE CYBER HOUSE

Finally, how do you keep amateur rogues out of the cyberhouse? Today, you probably can't; but, tomorrow (see Chapter 16, 'The Information Warfare Arsenal of The Future')-well, that's another matter.

Today however, motivated amateur rogue 'hacktivists' have grabbed headlines, announcing they've collected credit card and other personal data on some 2,500 business and political leaders by breaking into the database of the recent World Economic Forum. Increasingly, these amateur social activists have turned to hacking to make their point, breaking into computer systems and wreaking havoc on organizations they oppose. The Internet has turned out to be a remarkable tool for nonviolent protest on a scale activists could only dream of before.

As previously explained, the term 'hacktivist' was first applied to supporters of the Zapatista rebels in Mexico's southern state of Chiapas, who have sabotaged Mexican government Web sites since 1998 and held 'virtual sit-ins' designed to overload servers. More recently, the tactic has been used in Serbia, Pakistan, and India-and by both Palestinians and Israelis in the Middle East. In one case, Palestinian sympathizers broke into a Web site operated by a pro-Israel lobbying group in the United States, stealing credit card information and e-mail addresses.

However, the theft of private data is a relatively new tactic, which goes beyond defacing Web sites and electronic bombardment of servers. Antiglobalist protesters contend the WTO's trade treaties benefit big corporations and rich countries at the expense of the environment and workers. They consider the World Economic Forum, which holds its high-profile annual meetings in the Swiss resort of Davos, to epitomize the elitist dealmaking they oppose.

Protesters who showed up in person were largely stymied by a heavy police presence at the recent Davos meeting. On-line, however, they effectively surmounted physical barriers.

Another Frontier

The Net is another frontier for people to engage in these types of activities. The attacks against forum organizers showed just how far hacktivists could reach. They obtained the travel itineraries (including flight numbers) of politicians from around the world, and published them on the Web. This poses operational security problems, and goes beyond what's been seen before.

Almost every major corporation and organization has been hit at one time or another by hacking, with McDonald's, Starbucks, and the WTO being favorite targets of hacktivists. During the WTO's last major meeting, in Seattle in December 1999, the organization faced attempts to shut down its system.

There were millions of bits of spam thrown at the WTO, but they had a good defense which bounced these right back like junk e-mail. People are still being misled by a copycat Web site that uses the WTO's old name (GATT) and looks nearly identical to the real WTO site.

In some respect, it is really quite clever and quite funny. But it is less funny when people believe it (as has been the case) and go to a lot of trouble and then are deceived.