THE RECENT DENIAL-of-service attacks that shut down various business establishments on the Internet have been treated by politicians, law enforcement, and the press as some kind of new menace that we have never faced before. Gimme a break. Everything about them has deep historical roots and numerous precedents. They certainly predate the World Wide Web. Some civil libertarians point to the sit-in as a pre-Internet predecessor. Denial of service attacks are, in fact, a sort of virtual sit-in. But I say look further back. Blockade, siege, investment, or whatever you care to call it, predates computers, electricity, and probably writing itself, though obviously there are no written records of that. But the tactic must have been in use at least since the advent of warfare against cities. The siege of Troy was a primitive form of DOS attack. While it caused economic hardship for the Trojans, it was not fatal to their cause. They made do without what the Greeks denied them: access to their fields, groves, and trading partners. It wasn't much fun, but they made do. Then came what history calls the Trojan horse. It wasn't a horse, and it wasn't from Troy, but history is like that. Get used to it. Unlike the Greeks' investment, the Trojan horse was fatal. This was not lost on certain malicious minds. More on them later.
More recently and closer to home was the Pacific Gas & Electric action on Hiroshima Day, 1979. PG&E built a nuclear power plant in an earthquake zone. This is not unlike pulling the pin on a grenade, holding on to the safety, shoving the thing in front of your face, and saying, "Don't worry. We won't drop it." I'm a Pennsylvanian. Had the wind shifted during the Three Mile Island release, my own family would have been dosed. I take an extremely dim view of nuclear power. I consider inducing fission anywhere in the biosphere to be a crime against humanity. So as far as I'm concerned, PG&E deserves whatever happens to it. I heartily endorse any action against the utility as long as it doesn't endanger working people or break the law. I am far from alone in my opinion. And therein lies a tale.
One longtime anti-nuclear activist, who for obvious reasons wishes to remain anonymous, tells it like this:
We had a mole inside PG&E who turned us on to their internal phone list. We Xeroxed it and divided the Bay Area into sections. We each took a section. I took the area of Oakland between 14th Ave. and Fruitvale Avenue, west of 580. Precisely at 8:00 a.m. we each took our stack of leaflets out to distribute. At the top of the leaflet the header read, "Tell PG&E executives what you think." Then came a list of two dozen bigwigs and their phone numbers. Thanks to our mole in a certain copy shop, we had thousands of leaflets. I took a couple of hundred and a staple gun and plastered my end of East Oakland.
I was down to about ten leaflets when I pulled up in front of a liquor store a block from 14th. It was 9:30 or 10:00 by then but already the store was open and a bunch of regulars were hanging on the sidewalk in front of it.
"Hey guys," I said, "Ever been messed with by the gas company?"
"Oh, yeah," said just about everyone.
"Wanna get even?"
"Oh, Yeah!!!"
So I gave them all but one and headed for home. In the rear view I could see them crowded around the phone. A splendid time was had by all.
I went home and called every number. It was 10:00 AM by the time I got started. Already half the numbers were busy or didn't answer at all. The other half were answered by secretaries who obviously had been doing nothing else that day. By 11:00 AM none of the numbers answered and the public numbers, the ones in the White Pages, were all busy. They stayed busy till at least 1:30 when I got bored and headed off to work.
By the next day all those numbers had been changed and PG&E was back to business as usual. It was sweet to strike back at them, whether it did any good or not.
FWIW, it just so happens that I am personally familiar with the liquor store in my friend's story. On a slightly different occasion a different friend of mine was working at a job site nearby. One day as he headed to the store to stock up on junk food, a chopper flew over very low, spraying malathion on the medflies who were alleged to live there and the working-class people who did. One of the guys hanging in front of this store reached into his car, pulled out a shotgun, and blasted away at the chopper. The chopper, needless to say, beat a hasty retreat. So did the guy with the shotgun; he burned rubber and disappeared long before the cops showed up. I'm told they took their time. My friend kept abreast of the neighborhood gossip. The guy with the shotgun was never caught because no one turned him in. In fact, he was considered pretty much a neighborhood hero. Next day the chopper resumed spraying, but not in that area. To that area it never returned.
Both incidents illustrate what should by now be a truism. People defend their territory by whatever means they have at hand. This is not because we are people. It is not even because we are mammals. It is because we are alive and that's how life behaves. And well it should.
The Internet is our territory. Its development was paid for with our tax money. We paid for it. We own it. It's ours. Yet now not only must we face the onerous ignominy of having to pay for access, but also, once we get inside we find that our so-called representatives in government have handed virtually all of it over to the corporations they really represent. This is exactly like buying a house, then coming home from work to find a toll booth at the front door, a supermarket in the kitchen, a department store in the living and bed rooms, and a porno shop in the bath.
So I say hurrah for any hacker who can take down any corporate e-commerce site for even a moment. Good for you, guys. You're heroes in my book.
But is that what really happened this month? Did hackers take down all those mega dot-coms? It's not entirely certain, not by any stretch of the imagination, no matter what you may hear on the news. Don't trust what the news says about hackers. As hacker quarterly 2600 astutely pointed out:
So far, the corporate media has done a very bad job covering this story, blaming hackers and in the next sentence admitting they have no idea who's behind it.
We can wonder who. We can speculate who. But of course we mustn't neglect the possibility that it wasn't a who at all but a what. Hacker News Network noted that when a Long Island technology consulting company claimed that one of its servers was hijacked on two separate days to launch a denial-of-service attack, it sounded from its description a whole lot more like a case of a misconfigured mail server that allowed spam relays.
But probably most of the attacks were an act of human will. As always in such cases, we should ask ourselves cui bono? Who would benefit from incidents that could lead to new types of government surveillance? Who indeed?
"What better way to 'prove' the need for massively expanded government surveillance and create a frenzy of support for it?" civil rights advocate Jim Warren asked.
Days after President Clinton designated electronic "law enforcement" a top priority and allocated $240 million for wiretapping purposes, the National Security Agency's main spy computers experienced "inexplicable" crashes, followed quickly by apparent attempts to cripple e-commerce with attacks on key Web sites by hackers unknown.
Warren also cited massive phone service disruptions in the Midwest this week and glitches experienced by Concentric Networks' otherwise "very reliable mail-server."
"Suddenly, (hackers) seem to have become far better than any have ever been before," Warren wrote. "But then again – what organization has the best computer and phone-system (hackers) in the world?! There is No Such Agency." The last sentence alludes, of course, to the National Security Agency.
As Warren said in a recent interview, "It's a disturbing coincidence that immediately after the Clinton administration declares war on cyber-terrorism ... suddenly we have a continuous cascade of denial-of-service attacks on the highest-of-the-high on the Internet. On the one hand it's ridiculous to think the NSA, or the Clinton administration, or the FBI would pull something like this. On the other, it's insane to think Nixon would organize a break-in to wiretap his political opponents."
Or consider this curious statement from CNN:
The FBI may well be taking a proactive approach now. ZDNet confirmed to CNN that the FBI contacted the company before it knew it was being hit and has begun to investigate.
To learn about what exactly a "proactive approach" means to the FBI, start asking search engines about COINTELPRO. When you've had your fill of that, read up on Waco, Geronimo ji Jagga Pratt, and Leonard Peltier. The short version: Scully and Mulder they ain't.
Of course, we must remember that the lion's share of hacking is dot-coms hacking one another. There's simply too much money to be made not to hack one another and too much money to be lost by admitting to having been a victim.
Then there's the matter of the banks. According to the Associated Press, at least eight times – starting days before the unusually forceful attacks against major commercial Web sites – computer experts at some of the nation's largest financial institutions received detailed warnings about impending attacks. Banking officials, it is said, never passed their detailed warnings to the FBI or other law enforcement agencies, even as alerts escalated and one after another the giants fell. I find this extremely difficult to believe. Banks and law enforcement have traditionally worked hand in glove. If you doubt they're in cahoots, start making large deposits of small bills and see what happens.
While the government and its corporate masters work to protect their own secret files from hackers, the personal privacy of working folks is rapidly going the way of the dodo. Northwest Airlines recently began court-authorized searches of the home computers of between 10 and 20 flight attendants, looking for private e-mail and other evidence that the employees helped to organize a sick-out at the airline over the New Year's holiday. Northwest defended the search, noting that a federal court had authorized it. It sounds to me like a case of "he who pays the piper calls the tune." The search has since been suspended pending a temporary settlement of the airline's lawsuit against Teamsters Local 2000, which represents 11,000 flight attendants. Even so, this bodes ill for privacy, especially for workers. Business speech is apparently not subject to the same protections as political speech.
How would you like your boss to have a good long look at your bookmarks, your cookies, your favorites, or your medical records, let alone your e-mail? Do you think a judge would ever give you a look inside your boss's home computer? What do you think his favorites are?
The White House announced that President Clinton will meet with the nation's top computer-security experts and technology executives in part to talk about the recent attacks. The White House said the meeting had originally been organized on the heels of the president's budget proposal for $2 billion to protect the country's most important computer systems from cyberattacks. Apparently "most important computer systems" do not include the home computer systems of labor activists.
Nor, it would seem, does the government's plan include protections from intrusions into home systems by the government itself. Months ago a Carnegie-Mellon University team issued a white paper warning about denial-of-service attacks. Over the New Year's weekend, the FBI posted free software on its Web site that would allow computer owners to detect whether denial-of-service tools, known as daemons, had been secretly placed on their computers. Some 2,600 companies and others supposedly downloaded the free software, and three found daemons, triggering FBI criminal investigations. Anybody who would willingly install free software from the FBI on their computer obviously needs a refresher course on recent history. They could well stand to reread Homer, too.
Using recent hack attacks on corporate sites as examples, the establishment press has been portraying hackers' ability to surreptitiously place virtual robots on the hard drives of commercial servers as a threat to individual home computers. Protect yourself, we are being told, or some teenage terrorist might seize control of your computer without you even knowing it. Many computer users might be surprised to know it, but having control of your computer seized without your even knowing it is everyday life on the Net.
Consider if you will one of the major perps, the mighty Wintel behemoth, a.k.a. Evil Inc., worldwide purveyors of monoculture, bloatware, and bugs. Let's leave for another day the lessons biology has taught us about the inherent vulnerabilities of monocultures. For the moment, let's just look at how these guys do business. It is not without reason that Microsoft's promo ad slogan "One World. One Web. One Program." is so chillingly familiar.
"Ein Volk. Ein Reich. Ein Fuehrer."
– Adolf Hitler
Even if persistent rumors linking Microsoft to the legendary Bavarian Illuminati prove false (most likely, IMHO) and Bill Gates is not really the Antichrist, these guys are, at the very least, not sporting sportsmanlike players. According to Reuters, in 1991, when a competitor threatened to break the Microsoft lock on desktop software, Microsoft engineers discussed a fairly underhanded but not entirely unexpected counterattack: a software bug to be hidden inside an early version of Windows. In a Sept. 30, 1991, message about the plan, David Cole, head of Windows development, told another executive that if the bug detected a rival's program it would "put competitors on a treadmill" and "should surely crash at some point shortly later." Cole also warned that the existence of the bug had to be kept secret.
Evil is contagious. The Microsoft ethos has come to pervade the mammoth software industry that has grown up around its near ubiquitous Windows OS. Through the centripetal magic of telecom I happen to know a fairly adept Wintel hacker. She recently told the following story on a list we both frequent. She always thought that Norton actually created viruses so people would buy its products. It makes sense, doesn't it? Who would buy an antivirus program if there were no viruses? What's more, she has never actually had a virus attack, ever, except ...
... an interesting thing the other day. She downloaded Winamp and was playing a CD through it. While playing music, she logged on to the Internet to check mail (not browse) and found out that Winamp has activated its own minibrowser, a stripped-down version of Internet Explorer. She normally uses Netscape. She disconnected from the Internet, and her system froze up. It seems that Winamp was doing its own communication and, as she puts it, "got pissed" when she disconnected "without asking its permission." When she rebooted, Win95b told her that she had not exited properly and that it would now scan her disk.
It found a corrupted Winamp file and repaired it by making it a .chk file. She opened it with Notepad. What was in the file? It was stuff that she had never seen, downloaded, or installed. You could even see what song she had been listening to. She has since discovered that Real Juke Box and Real Audio Player also do their own covert communication while one is browsing. She says to stay away from sites that have scripting capability because they can access your commands and even format your hard drive while you are browsing them.
"Whatever it was doing," she said, "it froze up my computer, forced a reboot and scandisk, and corrupted at least one file, which scandisk converted into a .chk file. That ain't Kosher. Perhaps you don't mind someone sneaking into your house, accessing your stuff without your authorization, and trashing it, but I do."
So do I.
_____________________________
The nessie files runs alternate Mondays. To discuss this column in altcity, our virtual community, click here.
