Contact Me By Email

Sunday, March 18, 2012

News Analysis: The Soul of the New Hacktivist

News Analysis: The Soul of the New Hacktivist:


IN 1988, a Cornell graduate student, Robert Tappan Morris, let loose a computer worm on the fledgling version of the Internet. He said it was meant to be an experiment, but the code he wrote spun out of his control, affecting roughly 50,000 computers connected to the network at the time. Mr. Morris, who happened to be the son of a National Security Agency scientist, became one of the earliest convicted hackers.

Pranksters followed, scrawling their signatures on Web sites for bragging rights. Organized crime found it could extract millions of dollars by hacking into banks. Then, just as the rest of us had gotten used to living much of our lives online, came the hacktivists.

Calling themselves Anonymous, they hacked into conference calls among agents of the F.B.I. (in January) and broke into the computer networks of the Vatican (last week). It has become impossible to tell who and what Anonymous might target — or exactly who within Anonymous might be behind it. Critics and defenders argue endlessly about how much of what they do should be treated as political protest — or strictly as a crime.

Leaderless, multinational and known by the ubiquitous, sly Guy Fawkes mask, Anonymous is fueled by a raft of causes, from repression in Tunisia to animal rights in Tennessee to a defense of the whistle-blower site WikiLeaks.

Whatever the cause, its message is amplified by the Internet itself, as is its impact. At a time when life, commerce and statecraft have gone digital, hacktivists can threaten governments, or they can just as easily dump innocent people’s credit card numbers on the Internet for more common criminals to steal.

“The weapon is much more accessible, the technology is more sophisticated,” said Chenxi Wang, a vice president in charge of security at Forrester Research. “Everything is online — your life, my life — which makes it much more lethal.”

Anonymous, for its part, has spawned a variety of spinoffs. Anybody can be Anonymous. And anybody who calls himself Anonymous can carry out an attack in its name. One hacker in Britain last week, calling himself a member of Anonymous, stole the health records of thousands of women registered with an abortion service provider in Britain. His boasts on Twitter put other Anonymous members in an awkward position, considering that Anonymous also took credit for attacks on the Vatican.

Some factions of Anonymous use brute force to shut down target Web sites. Other factions break into systems and steal data.

They have threatened to take down Internet root servers — part of the Web’s basic infrastructure — on April Fools’ Day, which would effectively shut down the global Internet.

Mary Landesman, a security researcher who now works at Cisco, has tracked cybercrime from its early days, when virus writers showed off their wares on message boards and hackers defaced porn sites for fun. In December 2000, Ms. Landesman saw a lament: A virus writer wondered on a message board where her fellow virus writers had gone. Ms. Landesman took it as a harbinger of the danger ahead: The virus writers had begun to work for people who could pay them, and they kept quiet.

By the early 2000s, a nimble multinational criminal business network had begun to emerge. Hackers could trade in bots and malicious software and help themselves to other people’s bank accounts. Soon cyberespionage rings could steal source code.

Politically motivated hackers began to emerge in the late 1990s — each one with a distinct case and a focused target. Hackers from China and Taiwan dueled against one another. Anti-nuclear activists defaced an Indian government site after the government in New Delhi conducted nuclear tests. Hackers rallied in support of the Zapatistas, an insurgent group in southern Mexico that even in the pre-Twitter days used the Internet to drum up overseas support.

Anonymous rewrote the hacktivist playbook. It began to challenge a far broader political and economic order. “This really is cyberwar, and I don’t use that term in a sensational way,” said Richard Power, who chronicled the cybercrime of the 1990s in his book “Tangled Web.” “You’re looking at not just one particular cause. You’re attacking the whole power structure. It involves some core critique.”

Anonymous first took an overtly political turn in 2008, when it set its sights on the Church of Scientology. It soon morphed into a multipurpose, global movement. It turned Twitter into its virtual soapbox, used YouTube to promote its own iconography and cleverly aligned itself with causes popular with young people all over the world, from the Occupy movement to the Arab Spring to Internet censorship.

This week, on one of several Twitter accounts that claim to be affiliated with Anonymous, there came a call to donate money to put up billboards saying “Don’t Mess With the Internet,” alongside put-downs of “traitors” and quotes from Virginia Woolf and Oscar Wilde.

Gabriella Coleman, an anthropologist who studies hacktivist culture, described Anonymous as the modern-day “trickster,” at times playful, at others scaring the daylights out of people, and usually slippery. “Grasping them is very difficult,” she said, “putting our finger on them sociologically.”

Anonymity, with a lowercase “a,” also makes the movement vulnerable. Those who affiliate with the movement use a variety of tools to cloak their identities and the devices on which they work. They rarely know one another’s offline identities. That means they rarely know who among them may already have become a turncoat.

Last week, federal authorities announced that a notorious hacker who went by the nickname Sabu and spoke on behalf of an Anonymous offshoot called LulzSec had been cooperating with law enforcement for six months. Several of his suspected accomplices were indicted in federal court in Manhattan.

That Anonymous can metastasize and spread is arguably at the core of its success. Its critics also see in it a kernel of their downfall.

“Anonymous has given birth to something that will either implode on itself and that will be that,” Ms. Landesman said, or, she added, in the same breath, “I don’t know.”


(Via NYT > Technology)

Digital Domain: Seeking Ways to Make Computer Passwords Unnecessary

Digital Domain: Seeking Ways to Make Computer Passwords Unnecessary:

An end to NewUser123? Researchers are seeking to eliminate the need for computer passwords using software that can recognize you just by the way you type.

(Via NYT > Home Page)