Civil Disobedience in Cyberspace

The information revolution is the key to the development of new designs and capabilities for sustainable swarming--from the establishment of an initial posture of dispersed forces, to the coalescing of those forces for an attack, to their dissevering return to the safety of wide dispersion, and their preparation for a new pulse. Only a new generation of robust information gathering and distribution systems can support such pulsing. -- In Athena's Camp

Civil disobedience has been a part of the American political experience since the inception of this country. But today, as we enter the next century, we are faced with the possibilities and realities of different, hybrid, electronic forms of civil disobedience. A fusion of computer technology with the more traditional forms of American civil disobedience has created new electronic and digital varieties of civil disobedience that take place in cyberspace, on the net, or in the matrix. -- Stefan Wray

As hackers become politicized and as activists become computerized, we are going to see an increase in the number of cyber-activists who engage in what will become more widely known as Electronic Civil Disobedience. The same principals of traditional civil disobedience, like trespass and blockage, will still be applied, but more and more these acts will take place in electronic or digital form. The primary site for Electronic Civil Disobedience will be in cyberspace. -- Stefan Wray

Traditional civil disobedience, non-violent direct action, involves denial of service, occupation, obstruction. Examples include arms protesters sitting in the road leading into an arms fair, road protesters occupying land. The obstruction can be as simple as locking a gate leading into a depot. Occupation of land can be more than just sitting on the land. A practise now used by road protesters is to sit up trees or dig down into tunnels, the eviction becomes more difficult, takes longer, more expensive. A grey area is damage to machinery. If violence is defined as damage to humans, sentient beings, Gaian life-processes, then damage to machinery is seen as OK, especially machinery that is being used for environmental damage such as quarry machinery and road building machinery, or machinery of war. Damage to genetic crops and other GMOs is seen as OK because these are mutant man-made creations that could lead to widespread environmental damage.

Cyberspace is the new frontier. Unlike traditional action that takes place at a physical location it enables global mass action to be focused on a single vulnerable point.

Cyberspace has until recently been used as a communication, networking tool. The first to make extensive use of Internet were the Zapatistas with their e-mail communiques. The world learnt what was happening in the Chiapas. Internet is now an important networking tool. Zapatistas have an interlinked network of Web sites, groups are increasingly learning to network as they see the advantages and learn to recognise common enemies. June 18, the global day of action against capital, would not have been possible without Internet.

Direct action in cyberspace is one end of the spectrum of infowar, where aggressive infowar can be seen as the cyberspace equivalent of physical warfare. The virtual sit-in, the equivalent to a physical site occupation.

The best known electronic direct actions have been the attacks on Web servers belonging to the Mexican government on behalf of the Zapatistas as part of an international demonstration of solidarity using a programme called Flood Net developed by the Electronic Disturbance Theater.

Electronic Disturbance Theater have been pioneers in the techniques of electronic civil disobedience 'working at the intersections of radical politics, recombinant and performance art, and computer software design'. As others take up the challenge they hope 'to eventually blend into the background to become one of many autonomous groups heightening and enhancing the ways and means of computerised resistance.'

Hype aside, firewalls are weak and ineffective, hence the recent add-on of intrusion detection. Firewalls only handle the attacks they are programmed for, others go through easily, and even then a restructuring of the attack sequence will often defeat a firewall. Firewalls are designed to protect against a penetrative attack, that is to stop something getting in. Web servers are designed to supply information, attackers ask them to do just that, only in a way that brings down the server and clogs the information highway leading into the server. Overload a Web server and at the very least there will be be a denial of service, usually it will be knocked out. This is what Flood Net does, it overloads the server by making multiple Web page requests, at the rate of 1 every 3 seconds. Flood Net asks for a non-existent directory, which also enables it to spam the server error log with a message.

If a request of the form

is made of a server, where the directory human-rights does not exist, the server will return with an error message something of the form of

	human-rights does not exist on this server

The error log will also be spammed with the message human-rights.

The idea for Flood Net originated with Anonymous Digital Coalition, who suggested a coordinated attack on Mexican financial institutions in response to the Acteal Massacres in Chiapas by repeated hitting of the reload button. Flood Net simply automates the requests by means of a Java applet.

Mexico has counter-attacked by means of a JavaScript which repeatedly opens windows on the attacking browser, eventually disabling the browser. The countermeasure can be disabled by disabling JavaScript (something that should always be done anyway as a security measure). Future proposals include an array of Flood Nets using 'swarm' techniques.

There has also been a counter-attack on the Electronic Disturbance Theater by the Pentagon. Electronic Disturbance Theater launched an attack on the Pentagon (9 September 1998). As the Pentagon attack was announced in advance, the Pentagon were able to prepare countermeasures. When the attack commenced, the Pentagon counter-attacked with a Java applet called 'hostileapplet' which generated a series of rapidly appearing Java coffee cups across the bottom of the browser screen coupled with the phrase 'ACK'. The browsers crashed. Electronic Disturbance Theater are now considering suing the Pentagon using Posse Comitatus, an 1878 law which bans the use of the military in domestic law enforcement.

Multiple Web requests are not the only possibilities. Posting on newsgroups of cracked games on a non-existent ftp server, will very quickly bring down the site, if it lacks a ftp server.

Hacking used to be an esoteric area, and still is for good hacks, but numerous scripts and other tools now exist making it a lot easier for the novice. To the extent that a novice can pick and choose and refine an attack by means of pull-down menus and option selections.

A useful tool is Back Orifice, developed by Cult of the Dead Cow, which exploits non-existent security (a feature of all Microsoft products). Once installed on a target machine, the attacker has total control over the machine. The machine can then be used as a tool for an attack elsewhere.

Viruses are a grey area as these are an attack on a machine and can lead to extensive collateral damage. Word macro viruses (again a feature of Microsoft's non-existent security) have led to an exponential proliferation of viruses. It is a very simple matter to change the macro code, and automated tools now exist. E-mails have led to a proliferation of Word macro viruses, as the word file, with macro, can be an e-mail attachment. Senior management are seen as susceptible targets as their level of computer illiteracy is probably only exceeded by their lack of concern for the environment and human rights. Copies of viruses used should always be passed to anti-virus companies to prevent damage in the wider arena.

Cyber activists are able to cloak themselves in anonymity. Anonymizers on the Web, anonymous re-mailers for e-mail, hide where they are coming from and where they are going. Though some are of dubious security, and some have been set up as a sting operation by intelligence agencies, so it is always advisable to chain. Net cafes, and on-line Web based e-mail, offer further levels of anonymity. Hard encryption, like PGP, previously the preserve of the State, protects the content of communications that are not for public consumption. Steganography, where a message is hidden within another file (eg an image file), hides even the fact that a message is being sent. If the cloaking file is posted to a busy user group, it also disguises who are the recipients. Offshore sites to spam e-mail servers are under development, including the possibility of a secure satellite.

Cyber protest is most effective when coupled with street protest. A McDonald's Global Day of Action, leafleting, blockading, occupying or otherwise disrupting their world-wide junk food outlets, could be coupled with knocking out their Web site. Similarly, should the Monsanto action against genetiX snowball ever get to trial, solidarity against Monsanto outside the court could be coupled with worldwide coordinated cyber protests. Cyber attacks on the London Mexican embassy was timed to coincide with the June 18 day of action.

CAAT are past masters of direct action against the arms trade and its financial backers. They moved into cyberspace for the first time with an attack on the Web site of an international arms fair. To coincide with the BAe (Beyond All ethics) AGM (QEII Conference Centre, Westminster, 4 May 2000) they are planning virtual action against BAe.

To coincide with the street demonstrations in Seattle, ElectroHippies, a newly formed group of cyber activists, launched an attack on the WTO.

Cyber activism is not penalty free any more than is the traditional forms of direct action. Since the advent of the Draconian Criminal Justice Act, protesters in the UK can be charged with Aggravated Trespass, previously a civil matter of trespass, or dealt with as a Breach of the Peace, Obstruction of a Police Officer, or some other minor misdemeanour. Cyber activists can be charged under the equally Draconian Computer Misuse Act. For this reason, it is always advisable to pick targets in other countries which may avoid being caught under local legislation. The State has not sat idly by. Cyber terrorism is seen by the State as a major area of concern and the Pentagon has been targeting cyber activists.

Web Resources


John Aglionby, East Timorese threaten Jakarta with cyber chaos, The Guardian, 19 August 1999

Anon, No Opencast!, Do or Die: Voices From Earth First!, No 7

Anon, Shell Actions Across the Country, Earth First! Action Update, No 54, December 1998

John Arquilla & David Ronfeldt (eds), In Athena's Camp: Preparing for Conflict in the Information Age, RAND, 1997

BBC, Direct Democracy: American Style, Radio 4, BBC, 15 August 1999

Hakim Bey, T. A. Z. The Temporary Autonomous Zone, Ontological Anarchy, Poetic Terrorism, Autonomedia, 1994

David Corn, The Pentagon Trolls the Net, The Nation, 4 March 1996

Critical Art Ensemble, The Electronic Disturbance, Autonomedia, 1994

Critical Art Ensemble, Electronic Civil Disobedience and Other Unpopular Ideas, Autonomedia, 1996

William Gibson, Neuromancer, HarperCollins, 1994 {Tenth Anniversary Special Edition}

Gilles Deleuze & Felix Guattari, trans Brain Massumi, A Thousand Plateaus: Capitalism and Schizophrenia, The University of Minnesota Press, 1987

Katie Hafner & John Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier, Corgi Books, 1993

Kate Hilpern, Secretaries with skills in sabotage, Office Hours, The Guardian, 17 April 2000

Peter Melchett, Today's vandal will be tomorrow's hero: There are times when breaking the law and risking prison is the right thing to do, The Independent on Sunday, 1 August 1999

Keith Parkins, Henry David Thoreau, July 1999

Keith Parkins, Civil Disobedience, August 1999

Keith Parkins, The Battle of Watlington, September 1999

Keith Parkins, Globalisation - the role of corporations, December 1999

Keith Parkins, World Trade Organisation, December 1999

Keith Parkins, Spooks on the net, December 1998

Keith Parkins, Virus: A Computer Malaise, Books on Disk, 1995

Richard Reeves, Nicole Veash & John Arlidge, Virtual chaos baffles police, The Observer, 20 June 1999

Winn Schwartau, Cyber-civil disobedience Inside the Electronic Disturbance Theater's battle with the Pentagon, Network World, 11 January 1999

Bruce Sterling, The Hacker Crackdown, Viking, 1993

Henry David Thoreau, Civil Disobedience, 1849

Jon Ungoed-Thomas & Maeve Sheehan, Riot organisers prepare to launch cyber war on the city, The Sunday Times, 15 August 1999

John Vidal, Seeds of dissent, G2, The Guardian, 17 August 1999

Stefan Wray, On Electronic Civil Disobedience [paper presented to 1998 Socialist Scholars Conference, 20-21 March 1998]

Stefan Wray, Transforming Luddite Resistance into Virtual Luddite Resistance: Weaving A World Wide Web of Electronic Civil Disobedience, 7 April 1998 {earmarked for publication in the Earth First! Journal}

Gaia index ~ Direct Action
(c) Keith Parkins 1999-2000 -- April 2000 rev 8