And when he had made a scourge of small cords, he drove them all out of the
temple, and the sheep, and the oxen; and poured out the changers' money, and
overthrew the tables; And said unto them that sold doves, Take these things hence;
make not my Father's house a house of merchandise.
Recent actions on the Internet against e-commerce sites are not a matter of pleasure-seeking by bored computer nerds. They represent a fundamental disagreement about the purposes of the Internet, and the increasing emphasis on the use of the 'Net as a vehicle for profitable trade rather than of knowledge and discussion. As Jesus ransacked the temple in Jerusalem because it had become a house of merchandise, so the recent attacks on e-commerce web sites are a protest against the manner of it's recent development. But, do we label Jesus as a terrorist? Those involved probably have a reverential view of the 'Net. The public space that the 'Net represents is being promoted as a marketplace for large corporate interests, and many of those who use the 'Net for other purposes are dissatisfied with this.
In recent weeks, there has been much discussion about 'denial-of-service' (DoS) actions against certain e-commerce web sites. Whilst the Internet was originally a place of discussion and networking, the invasion of corporate interests into this space has changed the perceptions of what the purpose of the Internet is. Some believe that the Internet is no longer a 'public' space it has become a domain for the large corporations to peddle their particular brand of unsustainable consumeunsustainable consumerism. For many this is unacceptable. The increasing emphasis on control, driven by the needs of increasing commerce on the 'Net, is also seen by many as threatening the more philanthropic basis of the 'Nets original use.
Whatever the views of particular people about the development of e-commerce on the 'Net, we must not ignore the fact that as another part of society's public space the Internet will be used by groups and individuals as a means of protests. There is no practical difference between cyberspace and the street in terms of how people use the 'Net. What is disconcerting is the response of governments and e-commerce lobbyists to the recent DoS attacks. They are being viewed as an act of terrorism. Now the regulatory agenda in many countries has shifted from expanding the Internet, to controlling the purposes that the 'Net may be used for to restrict certain types of activity. Whilst the Yahoo, eBay and Amazon actions were undoubtedly illegal because of the cracking and modification of other computer systems to launch the action, the backlash against these actions is likely to stifle public debate about the use of the 'Net for protest. It will also criminalise those who seek the use the Internet as a means of extending protest against the corporate forces who now seek to make cyberspace their own.
the electrohippies collective has produced this phas produced this paper as a means of promoting a debate about denial-of-service actions, and whether or not they can be legitimately undertaken within the public space of the Internet. It has also been produced as a response to the many media inquiries we have received over the last few weeks on this issue. The paper outlines the main issues regarding the development of DoS actions, and the distinctions between server- and client-side DoS actions. It also looks at the electrohippies action against the WTO, and considers how the collective intends to develop the tools for client-side actions (DoS or otherwise) further.
The initial wave of Denial-of-Service (DoS) on February 8th/9th this year have highlighted the issue of the use of the Internet as a means of protest. Originally, the attacks were put down to the use of existing tools, such as Tribal Floodnet, to jam web servers. But then it became clear that other computer systems across the globe had been cracked and commandeered to launch the action. As time wore on things took on an air of dramatic suspense, especially when the debate turned to the roles of 'black hat' and 'white hat' hackers.
The important thing is that following the immediate impact of the action there ensued a media panic about a media panic about hackers hijacking the Internet. But the fact is much of the media and political frenzy that followed, from TV news broadcasts to President Clinton's 'cyber-summit', were enabled and motivated by one thing: The majority of ordinary people had not a clue what a 'distributed denial-of-service' action was, or how it worked. The public were ripe for exploitation for newspaper column inches and politician's tough-guy moral profiles, and these groups did so to the fullest extent.
In fact there had been a significant DoS action on the Internet only two months before launched by the electrohippies collective against the World trade Organisation's (WTO) web site. But that event received rather less publicity alongside the large numbers of peaceful protestors who were gassed in the streets of Seattle. However, the two actions are starkly different which is the subject of this paper.
To interpret the events of early February it is necessary to look through the media hype surrounding the actions against e-commerce sites. It is important that people consider the clear and qualitative difference between the use of the 'Net for democratically based protest-related DoS action, and the use of the 'Net for individual actions.
First and foremost, it's a matter of terminology. Throughout the period of the 8th to the 14th February there were consistent references to stent references to 'hackers'. This is, in terms of the formal meaning of the word in the computer world, completely incorrect.
A hacker, in terms of it's computer jargon usage, is someone who has a deep understanding of computers to the point where they undertake experimentation with their own systems themselves. Quite clearly, this makes some of the members of the electrohippies collective 'hackers'. But the actions against Yahoo and others were launched by crackers experienced hackers who are intent on breaching the security of computers systems they do not have legitimate access to in order to achieve other ends (the origin of the term being that they 'crack' the security of systems).
The events of early February involved crackers breaking into a number of computer systems across the world and installing software on them that generated tens of thousands of hits an hour to the targeted sites. The technical term for these modified systems is 'zombies' they perform the illicit task they were programmed to do without the knowledge of their system operators. Conceivably, only one or two people may have caused all the problems at all the sites hit. These were server-side distributed DoS actions because they are created by abusing the routers of web servers to generate huge numbers of incomplete requests. Effective, but the manner of the action, and it's covert nature, meanovert nature, mean that it does not have any particular democratic legitimacy.
What the electrohippies did for the WTO action was a client-side distributed DoS action. The electrohippies method of operation is also truly distributed since instead of a few servers, there tens of thousands of individual computer users involved in the action. The requests sent to the target servers are generated by ordinary Internet users using their own desktop computer and (usually) a slow dial-up link. That means client-side distributed actions require the efforts of real people, taking part in their thousands simultaneously, to make the action effective. If there are not enough people supporting then the action it doesn't work. The fact that service on the WTO's servers was interrupted on the 30th November and the and 1st of December, and significantly slowed on the 2nd and 3rd of December, demonstrated that there was significant support for the electrohippies action.
So, the difference between the two actions is one of popular legitimacy versus individual will. The structure of the client-side distributed actions developed by the electrohippies means that there must be widespread support across a country, or continent in order to make the system work. Our method has built within it the guarantee of democratic accountability. If people don't vote with their modems (rather thr modems (rather than voting with their feet) the action would be an abject failure.
Fundamentally, it's the mode of the protest on the Internet that is important when evaluating the legitimacy of the action. This is the important factor that was absent from the debate over DoS actions during early February. The power that computer technology, linked via the Internet, gives to the individual is an important factor in levelling the traditional imbalance between the individual and government or large corporations.
As a result of the WTO action the electrohippies collective were labelled as terrorists. However, the e-commerce industry lobby group that did so failed to provide any meaningful analysis of the object of our action they just didn't like our message. It is of course a standard tactic of the PR lobbyist to depict anyone who is a threat to their client as aberrant.
It would appear that there are many vested interests involved in e-commerce who are hell-bent on destroying any non-profit use of the 'Net, particularly if it's directed at the social, environmental or employment practices of corporate interests. The problem with the knee-jerk response of politicians and e-commerce gurus is that we run the risk of losing legitimate electronic action as governments use the excuse of 'hackers' to criminalise certain activities. We must make sure that both the e sure that both the positive and negative aspects of Internet activism are clearly debated, and that cyberspace is not excised from the everyday realm of constitutional rights and freedoms.
As noted above, whilst the Yahoo and other DoS actions were automated on the server-side by just one or a few individuals, distributed client-side actions require that thousands or tens of thousands of people take part. Therein lies the strength of the action. Distributed client-side DoS action is only effective if it has mass support, and hence a democratic mandate from a large number of people on the Net to permit the aNet to permit the action to take place. These type of actions are directly analogous to the type of demonstrations that take place across the world. One or two people do not make a valid demonstration 100,000 people do.
The most basic type of client-side DoS action must utilise some form of framed web page. This is because the page must be able to run the client-side script whilst loading remote pages into other frames in the page. Whilst is possible to have elaborate systems to achieve the loading of multiple pages, the simplest client-side distributed DoS web page is only around 350 bytes long!
<!-- Simple DDoS tool (by DJNZ and the electrohippies collective Jan. '00) --> <HTML><HEAD><TITLE>Basic, standalone denial of service tool</TITLE></HEAD> <FRAMESET COLS="50%,50%" FRAMESPACING=0 BORDER=3 ONLOAD="setTimeout('self.location.reload(true)',4000);"> <FRAME SRC="http://www.target1.com" NAME="site1" NORESIZE SCROLLING="no"> <FRAME SRC="http://www.target2.com" NAME="site2" NORESIZE SCROLLING="no"> </FRAMESET></HTML>
In this case the page displays two frames, each targeted at a different web site (or even the same web site). The page then reloads itself beck into the browser every 4 seconds, so reloading the two target pages. The effect of this constantThe effect of this constant reloading is to queue requests to the web servers, so holding up other traffic. This is a very minimal type of DoS action, and is not that effective unless tens of thousands of people undertake the action simultaneously. Modern web servers and routers can also defeat this type of attack fairly simply if there is not a lot of support for it.
The ability of a web server to handle these requests depends on its bandwidth that's the physical capacity to move data in and out. For most servers bandwidth is split. Usually there is only a small proportion of the bandwidth devoted to data coming into the site compared to data going out (this is because far more data flows out more data flows out of web servers than flows in). So, constantly requesting information puts pressure on the server at it's weakest point it's incoming bandwidth.
Bandwidth is finite you can only move so many bits in and out of a system. Therefore, the manufacturer's of servers have developed ever-more elaborate ways of maximising data throughput within the finite confines of bandwidth. The most basic of these is the use of compression (making data take less space) and multiplexing (slotting the many different data packets into the first available space on the data stream, irrespective of the order they are sent in) to maximise throughput. But recently web servers have developed new ways of handling requests to maximise the number of requests that can be handled.
The principle of a DoS action is to queue requests to the web server. Requests are queued on a first in/first out basis. As each request is dealt with the server retrieves a file from disk and sets it up for transmission over the 'Net. Systems like this are easily overwhelmed by too many requests because the system of data retrieval intensively uses system run time.
To get around this problem caching was developed. In this system the most popular pages are not held on disk, they are held in memory at the 'front-end' of the server. Any request for these pages results in immediate dispatch of the data. Caches f the data. Caches come in different sizes the larger the cache the more data it can hold. The latest adaptation of this system is to have the server monitor traffic to decide what is the most heavily used content of the web site, and cache only that material. Systems that use this approach can handle massive amounts of traffic for example Inktomi's Trafficmaster system that can dynamically cache up to 1 terabyte (1,048,576 megabytes) of site content.
There are three obvious countermeasures to this system:
But whatever measures and countermeasures are employed, the basic approach of the electrohippies, and the use of client-side scripting, means that the 'democratic guarantee' isatic guarantee' is still there. It will still take tens of thousands (if not hundreds of thousands) of people acting over a short period to make the action effective.
There is one further issue that must be dealt with regarding any type of DoS action legitimacy. the electrohippies collective have evolved a general set of principles that govern not only our action, but also the 'lending' of our activism tools to other groups. Everyone, no matter how foul, has the right to express their views, so long as those views do not intimidate or abuse the rights of others. DoS actions are of course in direct contradiction to this principle because by closing a web site you are in effect preventing freedom of speech, and in a virtual sense, freedom of association. It is important therefore that any DoS action is not undertaken on a whim, but is clearly and openly justified.
the electrohippies collective believe that the acts or views perpetrated by the targets of a DoS action must be reprehensible to many in society at large, and not just to a small group. It is on this basis that the collective undertook the action against the WTO during their conference in Seattle, and it is also the basis upon which we are planning future actions.
The important issue regarding the justification for a DoS actification for a DoS action is proportionality. It is not acceptable to disrupt the communications of an organisation on a general basis. The 'event' that justified the use of a DoS tactic must provide a focus on which the debate about the activities of the organisation with a particular set of actions for example a court case, a conference or product launch. the collective undertook the action against the WTO during their Seattle conference because it was clear that the one event would produce a public dialogue about the past conduct and the future course of the organisation. In actuality, the electrohippies event provided an opportunity for around 450,000 people (over 5 days) across the globe to express their dissatisfaction with the WTO and without the risk of being gassed by Seattle's 'robocops'.
The effect of the action must be to substitute the deficit of speech by one group by encouraging debate with others. During the period the electrohippies WTO action was undertaken our web site provided a large number of links to sites containing information about globalisation, free-trade and it's effects on society and the environment. These pages were selected from those who were both for and against the position of the WTO. In our view this packaging of a resource for people to explore and learn about the issue ensured that they were fully aware of the issues when taking tsues when taking the action. It also ensured that others visiting our web site could explore both sides of the argument.
Finally, there are two important aspects to the operation of the electrohippies collective that we believe are important to anyone undertaking electronic activism or electronic civil disobedience openness and accountability. the collective does not use encryption as part of our communications with each other, and with those we associate with, as a matter of principle. We have nothing to hide, as we believe that our purpose is valid, and so we do not seek to hide it from any authorities who seek to surveil us. Likewise, we do not try bury our identities from law enforcement authorities any authority could, if it chose to, track us down in a few hours. However, because some of us work in the IT industry, we do not make our general membership known because this would endanger our livelihoods. The right to take action against another entity on the 'Net must be balanced with the principle of accountability.
The mission of the electrohippies collective is to assist the process of change towards a more fair and sustainable society using only electrons. Electronic communications and the new media represent a new space within society that we have to utilise as we would the street or the council chamber. Our aim is to use our skills to make tools available for ordinary people to do undertake electronic activism themselves. We must reduce the complex to the everyday, and enable people to access technology and use it to further their own causes.
Many of the people responding to electronic activism, such as the iDefense group, perceive this point of view as a threat to the democratic order. To put it simply, politicians and the forces of the status quo are not the defenders of democracy they merely administrate it. The real defenders of democracy are those who dissent from the status quo, for by that dissent they make democracy viable. Therefore, if we wish to defend democracy, and prevent society slipping into the sort of technological nightmare described by many 20th Century sci-fi authors, then it is up to those who lead dissent to take the initiative in developing electronic activism. If we do not then the forces who wish to develop the new electronic media will run rampant unchecked by the ordinary democratic forces that operate in 'real life' society.
the collective are definitely not cyber-terrorists. Anyone who says we are is misrepresenting our position, and is debasing the real meaning of the term 'terrorist'. One of the implicit meanings of the term terrorist is the use of violence for political ends. How litical ends. How can you have violence in cyberspace? If so, how do we evolve such a definition? Doescyber-violence mean the use of computer systems for purposes they are not programmed to do? Such a definition would not include the act of cracking (since the system would be responding as programmed), but it would include any damage done to systems once a system was successfully cracked. If we accept this definition of cyberviolence then we engage in 'non-violent' action; the use of systems in ways they were programmed to be used, but used in a mode as to convey a message or protest. Such a definition encompasses everything from sending an email to a politician to a full-scale client-side distributed denial-of-service actions.
The Internet is a mechanistic system hence it is fundamentally dumb, and can only apply terse logical rules. The public can use this characteristic of the 'Net to engage in collective actions to get their message across deconstructing the intended message to be broadcast in cyberspace and placing the alternative viewpoint. To adapt the catch phrase, 'In cyberspace everyone can hear you scream if you want them to'.
What we're all about is bringing community accountability to the Internet. Government's and corporations are setting up stall on the 'Net in the expectation that the space ison that the space is immune from the normal pressure present in society like a new frontier.... but it isn't. We have to treat cyberspace as if it were another part of society. Therefore, we must find mechanisms for lobbying and protest in cyberspace to complement those normally used in real life. Without public pressure cyberspace will have no moral or normative controls to control the excesses of politicians, groups or corporations who would seek to dominate that public space.
Within the next two months the electrohippies collective will be launching a new week-long action in support of a global campaign by other organisations. This will utilise two new tools:
The first of these tools is complete, and is just undergoing compatibility tests across various browsers and platforms. But the DIY kit is complete it tools is already 'out there' on the 'Net being beta-tested as this paper is written through people developing newgh people developing new client-side DoS actions with it. The second email tool is currently under development, but will be rolled out for our special action in April. Likewise, there will be a simpler DIY version to accompany it.
However, in distributing these tools the collective are putting conditions on their use:
There are many who criticise our approach of 'openness and accountability'. Some equate it with 'turning yourself in' before the action. We however view it as a basic guarantee of human rights, for both those taking part and those who are the subject of the action. But in our view this essential for two reasons:
This, really, is THE issue that defines the purpose of our actions. We must make cyberspace another, equal, part of society. We will not achieve this by developing ever-better methods of financial transactions and accounting. We will do it by extending the ordinary legal and moral guarantees of freedom of expression and association to this space, and promoting equal access irrespective of race, class or language. If the state and corporations cannot tolerate dissent in cyberspace, then they will have a widespread, and legitimate, backlash from those already using the media for this purpose before the advent of e-commerce.
action tool development group,
the electrohippies collective
© 2000 the electrohippie collective. Produced by Paul Mobbs. Released under the
GNU Free Documentation License
(with invariant sections being the document title and author identification, no front-cover texts, and no back-cover texts).