ASSESSMENT 02-002 "Hacktivism in Connection with Protest Events of September 2002" September 23, 2002
Introduction Hacktivism describes the convergence of political activism and computer attacks and hacking, where "hacking" refers to illegal or unauthorized access to, and manipulation of computer systems and networks. The use of hacktivism has been noted in protest activities since the Electronic Disturbance Theater endorsed a series of so-called network-direct actions against Web sites of the Mexican government in 1998. Although there has been no direct cyber threat against the International Monetary Fund (IMF) and World Bank meetings during the week of September 23, 2002, several hacker groups may attempt to conduct cyber protests during the meetings. Physical Protestors Similar to past meetings of the IMF and World Bank, thousands of protestors are expected to turn out near the Washington, D.C. headquarters of these two institutions. These protestors represent a loose alliance of groups that have environmental, anti-globalization, debt-relief, or human-rights agendas. Although they are not a unified grouping, these protestors have grown more familiar with each other during several past protests. This may give rise to coordinated action during the upcoming protests. Prior protests against the IMF and World Bank were disruptive and resulted in minor clashes with police and property damage to businesses. Some protestors may be planning criminal or violent activity-especially against local branches of companies or organizations that represent capitalism and globalization. In addition, a small group that intends to disrupt the meetings with a physical attack may use cyber means to enhance the effects of the physical attack or to complicate the response by emergency services to the attack. The cyber portion of this attack can be executed by sympathetic hackers or by mercenary hackers seeking publicity. Potential Cyber Threats Although there has been no direct cyber threat against the IMF and World Bank meetings, several hacker groups may attempt to conduct cyber protests during the meetings. The agenda of these groups may only be tangentially related to the agenda of the physical protest groups, and the cyber groups may view the meetings as a platform to display their hacking talent or to propagate a specific message. Cyber protestors can engage in Web page defacements, denial-of-service attacks, misinformation campaigns, and the like. Recommendation The NIPC recommends that recipients monitor their information systems and networks for computer intrusions during the events listed above. These actions could take the form of intrusions originating or passing through dial-up connections belonging to both domestic and foreign Internet service providers, unauthorized system access, unusual or disruptive e-mail traffic or Web site activity. The effectiveness of one's computer security procedures should be evaluated. Such procedures include network intrusion detection, blocking or limiting unnecessary inbound traffic, regular review of system logs, disabling inactive user accounts, password and login changes, and ensuring recommended patches are in place. Recipients of this assessment are encouraged to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@ fbi.gov IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk