>From: rkmoore@iol.ie
>To: cyberjournal, cyber-rights, CuDigest, activ-l, wsn
>Cc: Phil Agre / RRE
Dear netizens,
Are you fully aware of how extremely fragile and vulnerable are Internet
infrastructures such as this list? Did you know that any Internet server
(eg, "@sun.soci.niu.edu" or "@cpsr.org" or "@weber.ucsd.edu") can be taken
off the air at any time with no warning by a "mailbomb" attack? ...that
your personal email address and web site can be incapacitated in the same
way? ...and that there is no effective way to prevent such an attack nor
to defend against it? Did you know such an attack can be conveniently
mounted by any sizable group of people who have an ideological axe to
grind, or by a smaller group with only minimal software support (to
automatically generate thousands of pseudo messages)?
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
~-=-=-=-=-=-=~THE DANGER IS REAL~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=-=-=~
A successful attack of this kind was carried out last Summer against IGC
(Insitute for Global Communications), and IGC was promptly forced to close
down a Basque-related web site that a Spanish citizens' group had deemed to
be objectionable. Phil Agre (RRE news service) published the first
announcemnt of the event that came to my attention:
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~
| Date: Thu, 17 Jul 1997 15:34:17 -0700 (PDT)
| From: Maureen Mason <mmason@igc.apc.org>
| Subject: IGC censored by mailbombers
|
| Hi Phil,
|
| [...]
|
| We host a site (http://www.igc.org/ehj) for a US group supporting Basque
| independence in Spain and France, and have gotten protest letters over the
| past 4 months saying that the site "suppports terrorism" because a section
| of it contains material on ETA, an armed group somewhat like the IRA in
| Northern Ireland, at http://www.igc.org/ehj/html/eta.html (the rest of the
| site includes material on human rights, politics, other Basque
| independence groups and hyperlinks to site with opposing views).
|
| But now the protest--fueled by ETA's kidnapping and killing of a
| Spanish politician this month--has turned into a serious
| "mailbombing" campaign against that is threatening to bring our
| servers to a halt. We are also getting hundreds of legitimate
| protest messages, which we can handle. What is damaging us is
| thousands of anonymous hits to our mail servers from hundreds of
| different mail relays, with bogus return addresses; there's not
| much we can do about these short of blocking access from hundreds
| of mail servers as new sources of mailbombings appear.
|
| Our other email users (we have 13,000 members) are having their
| mail tied up or can't reach it, and our support lines are tied
| up with people who can't access their mail.
| -=-=-=-=-=-=~-<snip>-~=-=-=-=-=-=-
|
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~
Shortly after this posting, IGC (a "progressive" non-profit
service-provider) submitted to the demands of the attack and took down the
Basque-independence site. The mailbombing then ceased.
The attack was not only successful, but it was very selective (a surgical
strike on IGC) - there was no general disruption of the net, minimal
collateral opposition was generated, and media and officaldom simply
ignored the episode (as far as I know). If it had been an attack on some
corporate-operated server, and it had disrupted financial transactions, one
could well imagine headlines about "net terrorism" and perhaps prompt
legislation to "crack down" on "excessive" net freedoms. (Notice how we
lose either way if such attacks become more prevelant.)
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
-=-=-=-=-=-=~WHY YOU SHOULD BE CONCERENED~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=~
Is this something we need to be concerned with?
I suggest that it is; I will explain why; and I will recommend some simple
counter measures - cheap "fire insurance" if you will - that should be
promptly implemented by anyone who wants to retain some ability to "stay in
touch" in the event of determined mailbombing campaigns (or net-attacks of
any description).
Fast forward to "-=~COUNTER MEASURES~=-" if you're already sufficietly
"conerned" and want to skip to the chase.
The means by which serious, but selective, net disruption could be brought
about should be clear at this point... here's a fully plausible scenario:
-=-=-=-=-=-=~-~=-=-=-=-=-=-
Imagine that a group of the Christian-Coalition genre were to
make an issue of the fact that many "liberal" servers and web-sites on
the net support discusson of abortion, gay liberation, revolution,
pornography, and socialism. We've seen how even murder (of abortion
doctors) has been a result of fundamentalist fervor - is there any
reason to assume that a mail-bomb attack on "liberal God-denying net
servers" would be considered "out of bounds" as a tactic to "stop the
anti-christ" and slow the further erosion of "family values"?
-=-=-=-=-=-=~-~=-=-=-=-=-=-
Substitute your own scenario if you prefer, but I hope it's clear that only
_intention_ stands between us and the loss of our networking. If some
activist group - on their own or via encouragement and support of "others"
- takes it in their head to bring an end to widespread progressive
networking, they can do it. And if legal remedies are attempted, it is
difficult to imagine anything effective coming out of Washington (or the UK
or Germany or etc) that wouldn't do us more harm than good. My first
recommendation (:>) is to knock on wood and say "God willing" each time you
dial in to the net.
So the means and the danger are clear, and have been established by
precedent. The remaining question is:
Do we have any reason to expect that such an attack will in fact be
mounted?
Here is one person's view, received this morning over the wsn list:
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~
| Date: Mon, 23 Feb 1998
| From: <name suppressed>
| To: WORLD SYSTEMS NETWORK <wsn@csf.colorado.edu>
| Subject: The REAL WAR yet to come
|
| This Iraq/US stand off business is just international snow ball
| fights.
|
| Get this, the US says they want Iraq to honour UN decisions but
| says in the same breath "we (the USA) will not honour UN
| decisions. The Americans fall for that ?
|
| The REAL WAR will come when the USA will be attacked by
| people of conscience from the ground through the Internet. The
| US Govt will subversively attempt to close down or disturb internet
| comunications to disrupt ground swells. The only interests the US
| has is oil ! Fuelled by the Oil Companies. Think about it. This
| GREAT Technologically advanced nation is not a nation of
| electronic vehicles in the late 1990's. Amateur futurists like myself
| could have predicted this scenario in 1960. I think it is time that
| the world citizens of this planet set the record straight.
|
| Be prepared however for disconnection through the Internet !
|
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~
The Oil Theory re/ Iraq is a bit simplistic, but the Effective Progressive
Activism Scenario is one to take very seriously. There hasn't been a
"real" protest movement during the Internet era, not one within an
order-of-magnitude of, say, the sixties movements. If such a movement were
to arise, if it were to create political discomfort for those in power, and
if the net were being used effectively for coordination and news
distribution (eg, worldwide distribution of videos of 'blacked out' protest
events) - then it would not be at all surprising if counter-measures were
undertaken.
In such an event, various governments might simply close down servers,
under some kind of conspiracy or riot-act charges. Or a "spontaneous"
attack of the variety described above could be covertly encouraged and
supported. The choice would be "theirs", and the tactics could be selected
on the basis of PR-effect & political expediency. And the targets wouldn't
just be extremist groups, they'd be the whole progressive communications
infrastructure. At least that's what would make obvious Machivellian sense
in such a scenario: nip problems in the bud, as it were.
As the US persists in its determination to deploy new weapons systems
against Iraq, and as global opposition grows and generalizes to the
sanctions as well, we could be on the very verge of a political movement
significant enough to show up on Washington's early-warning radar. If the
net is doing its part in such a movement - as many of us are endeavoring to
encourage - we should not be surprised by a bud-nipping reactionary
response, in some adequately disguised or rhetorically justified form.
If not Iraq, then the MAI And National Sovereignty, or Disgust With
Corporate Political Domination, or, if we get our act together, All Of The
Above. Corporate globalization has had easy sailing for too long, and has
made too many enemies - an energetic opposition movement is only a
spark-in-dry-grass away, by the estimate of this observer.
You may think Internet is Unsinkable, but even the Titanic had _some_
lifeboats; I suggest we don't steam unprepared into uncertain waters.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
-=-=-=-=-=-=~COUNTER MEASURES~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=-=-=~
What countermeasures are available to us?
The goal of countermeasures, I suggest, should be to facilitate
communication-by-other means among people and groups who have come to
depend on Internet in their political and educational activity. Obviously
alternative communication means would be less effective than the net, but
in time of emergency _some_ connectivity will be preferable to total
isolation (ie: dependence on mass media for information).
My recommendation is to identify who your "key net contacts" are - people
whose presence you take for granted in your net communications, people you
are collaborating with, people who provide you with important information,
people who are likely to be in touch with others in an emergency situation.
The next step is to contact those people NOW - while you still can
conveniently - and exchange with them your phone numbers, fax numbers, and
postal addresses. You might even go so far as to make preliminary
arrangements for "phone-tree" or "photocopy-tree" protocols for
distributing information, but most of us probably won't get around to that,
life being what it is. The important thing is to have the necessary data
on hand well in advance of need.
If serious net disruption does occur, for whatever reason, it is critically
important to observe certain common-sense protocols in the use of phone and
fax numbers. Effective anarchic communications require a certain finesse
and forethought.
For example, if you're a member of somone's email list (eg, cyberjournal)
you SHOULD NOT send faxes to the moderator such as: "Please tell me what's
going on, I'm curious". That would jam up communications, and would lead
people to disconnect their fax machines. Only contact "information source"
people if you have important information that needs to be shared, or if you
want to volunteer to be an "echo node" - to redistribute information to
others. Other than that you should use your fax bandwidth to build up a
"peer" network and then try to connect as a group with wider neworking
efforts.
Much of our technology would continue to serve us: we could still use our
email software (Eudora or whatever) to create and manage our messages, but
we'd fax them to lists of recipients or we'd print them - for posting on
physical bulletin boards and kiosks or for copying and distributing.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
-=-=-=-=-=-=~A REQUEST~=-=- re: NOW -=-=-=-=-=-=~=-=-=-=-=-=-=-=-=-=-=~
I hereby invite those of you with whom I reguarly correspond, or who would
like to be on an emergency information-distribution network, to please send
me whatever contact details you'd like to make available. Don't expect
accompanying comments to be read, but please indicate your informational
needs and your willingness to assist in communications support in the event
of emergency. The information will simply be filed away (and backed up at
trusted international sites) for the time being.
I will do my best to see that this information is used only in emergency,
and that any "unsubscribe" requests, so to speak, would be prompty honored.
My own emergency contact information is below. Phone and fax will be made
available on a TBD basis.
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~
Posted by: Richard K. Moore | PO Box 26, Wexford, Ireland
rkmoore@iol.ie | www.iol.ie/~rkmoore/cyberjournal
* Non-commercial republication encouraged - with this sig *
~=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=~