By: Robert Labossiere
Somebody stormed e-commerce giants Yahoo!, ETrade, ZDNet, CCN, Buy.com, Amazon.com this week. It looks increasingly like it was not done by hackers.
And amid all the media buzz of anti-corporate conspiracies, it presents lessons we need to heed. It warns of the dangerous potential of stupid or vicious people on the Internet. It also speaks of voice and potential for democratic action and cooperation.
 |
|
The media call the perpetrators "hackers". There is mounting evidence this is wrong. |
The attacks certainly demonstrated the enormous power of computer networks. Somebody planted programs in many remote computers and then activated each computer to send thousands of e-mails to a specific targeted Web site. Researchers have harnessed computing power before by linking computers but never before on this scale or so anonymously. The attacks illustrate the position and power of individuals in the increasingly networked electronic world. The media call the perpetrators "hackers". There is mounting evidence this is wrong.
It has been reported widely that the software programs that were used to create the e-mail storm are freeware easily available on the Web, which raises a question about the cost and availability of software. Many people, including software developers, believe that software should be designed openly so that it can be used and adapted by users. The result would be users who will become more and more literate and able to use computers. Instead what we have are increasing prices of an ever increasing variety of software products purporting to help business or consumers accomplish specific tasks but actually costing them hundreds if not thousands of dollars for questionable increased functionality.
Hackers speak - openly
The hacker community is somewhat more open than people generally believe. Surfing the Web you can easily find a lot of information about hacking, including homepages for individual hackers. Hackers form one of type of community on the Web. Below are some of their responses to the e-mail storm and the way the media has handled it so far:
A hacker named SpaceRogue posted this comment on Hackernews.com: "What is surprising is that some companies are not admitting that they were hit by this attack. Microsoft has admitted that a partner was hit but they would not identify which one. A Lycos statement said that they already take 'extensive precautions' and declined further details. Companies need to realize that clamming up and closing the doors will not prevent this sort of thing from happening again. Only through communication and the sharing and pooling of information will a solution, and the attacker(s), be found."
This from a site called 2600.com: "We feel sorry for the major Internet commerce sites that have been inconvenienced by the Denial of Service attacks. Really, we do. But we cannot permit them or anyone else to lay the blame on hackers. So far, the corporate media has done a very bad job covering this story, blaming hackers and in the next sentence admitting they have no idea who's behind it. Since the ability to run a program (which is all this is) does not require any hacking skills, claiming that hackers are behind it indicates some sort of knowledge of the motives and people involved."
A more researched report comes from a site called thesynthesis.com.
|
|
The Internet still has a radicalizing effect today, despite all the banner ads and promotional hype |
A hacker with Condemned.Org, who goes by the name b|ueberry, said she thought the attacks were done using a program called "Trinoo," which allows one person to set up several systems (thousands possibly) across the Internet and use them in a coordinated attack. This type of program allows the attackers to easily utilize a large network of boxes they have control of across the Internet, and use them to strike at once against their desired targets. As to why these attacks were taking place, she speculated that they "were a bunch of idiots with nothing better to do..."
Chris Tucker, a member of perhaps the best known hacker self-identified group Cult of the Dead Cow described the people behind the e-mail storm as vandals, intent on getting press attention.
Software business in denial
Another issue that the mainstream media is making much of is the lack of security on the Web. According to Marquis Grove, owner/operator of an Ottawa-based security resources directory site called infosyssec.com, there is no effective protection against these kind of attacks because they do not invade the target computer, they simply send it too much e-mail. "They can build more capacity to handle incoming mail or they can shut down for a while, that's about it," he said candidly.
But business response has been quite the contrary. Some say the e-mail storm usefully alerted the Web e-commerce world that it needs to beef up security. Whether the crisis turns into a windfall for security software developers remains to be seen. Programs that send e-mail are simple DOS programs, they are not viruses or trojans, and as Grove said, there is no real defense from them. The only part of the e-mail storm that involved hacking was getting the programs into remote computers.
The Internet and democratic voice
No one but those with advanced computer skills have the ability to do this kind of networking now. But it raises a question whether someone will soon develop tools that will allow average Netizens to network their computers together to achieve common goals. Networks could be used to problem solve and store data, to give access to more powerful software to more people at lower cost, or perhaps even to create purchasing cooperatives and lobby groups on scales never seen before.
|
|
The Internet is about "voice" - being able to relay information instantaneously between hundreds or thousands or millions of people who never talked to each other before |
Doc Searls, recently in Toronto launching his book The Cluetrain Manifesto, believes that the unprecedented communication that worldwide networks enable is profoundly changing things. He thinks the Internet still has a radicalizing effect today, despite all the banner ads and promotional hype and you-may-already-be-a-winner sweepstakes.
He calls this special effect "voice." It is about being able to relay information instantaneously between hundreds or thousands or millions of people who never talked to each other before because they didn't have tools that would allow them to. Those tools are now within reach and they may be getting even better.
Security programs can guard against unwanted intruders but none can be completely secure; they are barriers developed by people and other people will always find ways through them. Maybe it didn't involve high-level hacking and maybe the effect on actual business was minimal, but there is much more behind this assault on e-commerce than attention getting. It has taught us that there are many lessons yet to be learned about our emerging virtual reality. One of the most important is that it is more than imaginary, or virtual. Real people with real concerns make it work. We will prove the value of our networked world.
Copyright 2000 Robert Labossiere. Reproduction of this article in electronic or other media is strictly prohibited without express permission of the author.
Robert Labossiere has been involved in alternative publishing and independent presses since 1982 when he helped co-found the Winnipeg culture-crit magazine Midcontinental. He has also written for Fuse and others. In the mid-eighties he succumbed to an uncontrollable urge to impale himself on the status quo and went to law school. His law practice since 1992 has focussed in part on the creative community. He is presently the Executive Director of The Electronic Rights Licensing Agency (TERLA) a copyright collective that represents Canadian freelance writers, photographers and illustrators.
The meaning of hack
From: www.mcs.kent.edu/docs/general/hackersdict/03Appendices
"The word {hack} doesn't really have 69 different meanings", according to MIT hacker Phil Agre. "In fact, {hack} has only one meaning, an extremely subtle and profound one which defies articulation. Which connotation is implied by a given use of the word depends in similarly profound ways on the context. Similar remarks apply to a couple of other hacker words, most notably {random}."
Hacking might be characterized as 'an appropriate application of ingenuity'. Whether the result is a quick-and-dirty patchwork job or a carefully crafted work of art, you have to admire the cleverness that went into it.
An important secondary meaning of {hack} is 'a creative practical joke'. This kind of hack is easier to explain to non-hackers than the programming kind. Of course, some hacks have both natures; see the lexicon entries for {pseudo} and {kgbvax}. But here are some examples of pure practical jokes that illustrate the hacking spirit:
In 1961, students from Caltech (California Institute of Technology, in Pasadena) hacked the Rose Bowl football game. One student posed as a reporter and 'interviewed' the director of the University of Washington card stunts (such stunts involve people in the stands who hold up colored cards to make pictures). The reporter learned exactly how the stunts were operated, and also that the director would be out to dinner later.
While the director was eating, the students (who called themselves the 'Fiendish Fourteen') picked a lock and stole a blank direction sheet for the card stunts. They then had a printer run off 2300 copies of the blank. The next day they picked the lock again and stole the master plans for the stunts - large sheets of graph paper colored in with the stunt pictures. Using these as a guide, they made new instructions for three of the stunts on the duplicated blanks. Finally, they broke in once more, replacing the stolen master plans and substituting the stack of diddled instruction sheets for the original set.
The result was that three of the pictures were totally different. Instead of 'WASHINGTON', the word 'CALTECH' was flashed. Another stunt showed the word 'HUSKIES', the Washington nickname, but spelled it backwards. And what was supposed to have been a picture of a husky instead showed a beaver. (Both Caltech and MIT use the beaver - nature's engineer - as a mascot.)
After the game, the Washington faculty athletic representative said: "Some thought it ingenious; others were indignant." The Washington student body president remarked: "No hard feelings, but at the time it was unbelievable. We were amazed."
This is now considered a classic hack, particularly because revising the direction sheets constituted a form of programming.
