x Abu Dhabi, UAEFriday 19 January 2018

'Hacktivists', erasing law and order online for a cause

Recent instances of civil unrest are being mirrored online, chiefly by a faceless collective of free-speech activists targeting large corporations. But little in the way of policing exists to protect ordinary people from such attacks.

A demonstrator being arrested in central London last Thursday during a protest against the British government's plans to raise university fees. While the unrest raged on, a group of "hacktivists" was busy targeting banks and credit-card companies in the wake of Julian Assange's arrest.
A demonstrator being arrested in central London last Thursday during a protest against the British government's plans to raise university fees. While the unrest raged on, a group of "hacktivists" was busy targeting banks and credit-card companies in the wake of Julian Assange's arrest.

London last week, in the days before a crucial vote on raising the cost of higher education and thousands of protesters are on the streets of the capital. They march in freezing temperatures, idealism and anger mixed together, surrounded by police. Occasionally, a small number turn violent. Viewed from buildings overlooking the protests, the scene looks like a small battleground.

Below ground another battle is brewing in server-bunkers and fibreoptic cables. A loose-knit collective of activists launch cyber-attacks on the websites of Mastercard and Visa, the online payment service Paypal and a Swiss bank. The websites of US politicians are targeted, as are those of Swedish lawyers. Their sites, spread on servers around the world, are flooded with fake requests to load pages, known as "distributed denial of service attacks" or DDoS. Under the strain of thousands of requests per second, the sites cannot cope - they freeze, flicker and then go offline.

DDoS attacks are most often used by hackers and criminals, but these activists - or "hacktivists", as they are inevitably nicknamed - invoke a higher cause. They are launching what they call retaliatory strikes against companies that have dissociated themselves from WikiLeaks.org, a whistle-blowing website now at the centre of a political storm for making public 250,000 US diplomatic cables. The hacktivists call it Operation Payback and their targets are linked either to the website or to its enigmatic founder, Julian Assange, currently on bail in the UK over accusations of sex crimes in Sweden. Credit-card companies that blocked donations to WikiLeaks, Assange's Swiss bank that dropped him as a client, US politicians that criticised him and his accuser's Swedish lawyers: all are targeted.

But by whom? The hackers bringing the business of multinational corporations to a standstill are anonymous, hidden in bedrooms and living rooms across the world, their activities obscured through technical wizardry so that they are rarely known even to each other. The damage caused to these websites was minimal - the attackers would later say they only attacked corporate sites, not payment infrastructure, as their way of expressing dissent - but the attacks affected the reputations and balance sheets of the companies.They are known to the media and themselves as Anonymous, but in fact these hundreds of individuals are not a group so much as a collective.

Anonymous grew out of a popular online message-board called 4chan and works as a chaotic and decentralised collective. On message-boards, individuals (who, in the past, did not have to use names and were merely identified as "Anonymous") argue, trade jokes and insults, share images and ideas, and, eventually, through the chaos of the conversation, targets are decided.

There are no leaders - some of the hackers are older, some teenagers, some experienced, some merely playing around. Indeed it makes more sense to see Anonymous as a swarm; coming together for one or two attacks, before dispersing.

This is the shadow war being fought online, the first information war, as one of Anonymous's supporters dubbed it. In fact, there are two parts of this shadow war, triggered by the media publication of the cables and the political reaction to them.

First, there is the role of individual states, particularly the US government. The US is currently exploring legal options against Assange and may yet issue warrants, though on what charges are unclear. At the same time, American politicians have put public pressure on companies to dissociate themselves from WikiLeaks. (It is noticeable that politicians have not gone after The New York Times, which is publishing the cables.) With worrying speed, many US companies have complied, although it is unclear what legal sanctions the government could use against them if they had not. Even the suggestion of going against US politicians seems to have spooked them.

The other side are the hackers themselves. It is in the nature of these attacks that no one can be sure what is happening or who is causing it.

Yet what makes the whole saga around WikiLeaks' release of American diplomatic cables so interesting is that it defies a conventional narrative.

Some of the leaks have been clearly in the public interest, others have not; Assange himself, at the centre of the saga, is an ambiguous protagonist; and while some of Assange's declared supporters have defended free speech, others have attacked innocent bystanders. This brave new world lacks clear heroes and villains.

But such attacks raise important questions about hacktivism and what these so-called cyber-warriors might do in the future. As much as hacktivists use the language of war or revenge, most seem motivated by idealistic ideas of free speech: in statements circulating on the social networking site Twitter, Anonymous have said they are supporting "those who are helping lead our world to freedom and democracy". But these DDoS attacks are illegal, in essence hardly any different from vandalising a company's premises. Financially, they could be worse, potentially costing millions.

In as much as it is possible to discern common patterns in the thinking of these hacktivists, collectively they hold extremely libertarian leanings, especially on information. They tend to be profoundly anti-copyright and anti-censorship, believing that all information, everywhere, always, ought to be free - free of charge and free to circulate.

Before their support for WikiLeaks, Anonymous were best known for orchestrating attacks on the Church of Scientology after it tried to remove from the internet an interview with the actor (and Scientology member) Tom Cruise. The collective has also launched attacks on the websites of companies attempting to stop online sharing of music.

But in other cases, bystanders have been attacked, unnecessarily. The two women in Sweden who have accused Assange of sex crimes have had their identities widely outed across the internet and their lawyers' website has been attacked. Neither of these attacks may have been carried out by Anonymous as a collective, but it is possible some of the individual members were involved. The women, in particular, have had their right to privacy and their legal rights severely compromised.

Hacktivism necessarily operates at the fringes of the law and where you stand on it depends on whether you see Anonymous, at least in this case, as activists protesting against multinational corporations that appear to be doing the bidding of a state, or if you see them as troublemakers and criminals attacking targets indiscriminately.

The publicity generated by the Anonymous attacks has focused attention on how quickly some US companies appeared to capitulate to the desires of politicians, even when those desires were not backed by legal requirements. Such actions, taken in the glare of publicity, set a dangerous precedent and raise questions over other US companies, such as Facebook or Google, that hold significant swathes of personal information.

Yet if there is a problem with companies that hold so much personal information being too compliant with the state, a similar question also arises over hacktivists gaining access to personal material. At a time when millions of people lead much of their lives online, with e-mail, banking information and even sensitive photos and documents being stored around the internet, what happens if groups like Anonymous can hack in and gain access to this information, or disrupt the networks to stop owners from gaining legitimate access?

Then there is the question of policing, of what lines of defence there are for ordinary people and what avenues of recourse. Attacks on corporations usually generate little sympathy among the general public, due to the perceived remoteness of these companies and the difficulty of understanding an online attack. Yet in legal terms, these are criminal acts, potentially disrupting payment systems or companies that people rely on. In such a context, to whom do you complain? The thin blue line of law and order is erased online.

The problem with a swarm like Anonymous is that, being leaderless, it is prone to a lack of discipline and a lack of coherent strategy. One Anonymous hacker told a newspaper that the group often splintered and attacked other members. As much as the collective has argued that its actions are conducted for a higher cause, the fact it is able to carry out these attacks leaves the door open for other, less noble hackers.

In London, police were on the streets to make sure protesters behaved and that the general public was not affected. Neither worked well: the swarming protesters were occasionally badly treated by the police and innocent people were corralled and detained. Yet the guards exist. In the online world, there is no protection. The Anonymous attacks were less of an information war than a skirmish, but they show the weaknesses of the system. The next cyber-warriors may not fight in the name of such noble causes.

Faisal al Yafai is an award-winning journalist and a Churchill Fellow for 2009/2010.