History of Hacktivism

Nice article by Dorothy Denning.

Hacktivism emerged in the late 1980s at a time when hacking for fun and profit were becoming noticeable threats. Initially it took the form of computer viruses and worms that spread messages of protest. A good example of early hacktivism is "Worms Against Nuclear Killers (WANK)," a computer worm that anti-nuclear activists in Australia unleashed into the networks of the National Aeronautics and Space Administration and the US Department of Energy in 1989 to protest the launch of a shuttle which carried radioactive plutonium.

By the mid-1990s, denial of service (DoS) attacks had been added to the hacktivist's toolbox, usually taking the form of message or traffic floods. In 1994, journalist Joshua Quittner lost access to his e-mail after thousands of messages slamming "capitalistic pig" corporations swamped his inbox, and a group called itself "The Zippies" flooded e-mail accounts in the United Kingdom with traffic to protest a bill that would have outlawed outdoor dance festivals. Then in 1995, an international group called Strano Network organized a one-hour "Net'strike" against French government websites to protest nuclear and social policies. At the designated time, participants visited the target websites and hit the "reload" button over and over in an attempt to tie up traffic to the sites.

Her conclusion comes as no surprise:

Hacktivism, including state-sponsored or conducted hacktivism, is likely to become an increasingly common method for voicing dissent and taking direct action against adversaries. It offers an easy and inexpensive means to make a statement and inflict harm without seriously risking prosecution under criminal law or a response under international law. Hacking gives non-state actors an attractive alternative to street protests and state actors an appealing substitute for armed attacks. It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.

Posted on September 21, 2015 at 6:34 AM • 15 Comments


David MSeptember 21, 2015 8:49 AM

[...] the launch of a shuttle which carried radioactive plutonium.

There's such a thing as non-radioactive plutonium?

HermanSeptember 21, 2015 10:01 AM

One of the isotopes of plutonium has a half Life of 25000 years so it is practically not radio active.

Tony H.September 21, 2015 10:39 AM

"it's a pleonasm."

Not to be confused with a neoplasm, which is what you wind up with if you interact too closely with the "radioactive plutonium" in question.

David R JenkinsSeptember 21, 2015 11:02 AM

"Radioactive plutonium" is better known as enriched plutonium.Non-radioactive plutonium is better known as depleted plutonium.

WaelSeptember 21, 2015 11:22 AM

@Tony H., @Niffum,

Not to be confused with a neoplasm

Valid caution, especially since pleonasm is an anagram of neoplasm

Clive RobinsonSeptember 21, 2015 12:51 PM

Whilst most would agree with,

It has become not only a popular means of activism, but also an instrument of national power that is challenging international relations and international law.

We also know that the USG under the inspiration of Obama now regard it as a Primary or First Strike Act of War" and thus claim they can legitimately respond with kinetic munitions as self defence.

Further as most here know, there is no way to accurately if at all determin the origin of a "cyber-attack", thus there is nothing to stop one part of the USG spoofing an attack to make it appear from say Syria and then sending in the drones to hellfire the place into rubble, dust and a few splashes of "red mist" in the name of democracy and freedom...

name_requiredSeptember 21, 2015 1:33 PM

Message floods started in the mid 90's? I got attacked with that in 1985. Also in 1985 I wrote a program that flooded D-Dials with messages (like a bot in a chat room).

The date for this is off by a decade.

Zek HielSeptember 21, 2015 1:52 PM

@Herman, just fyi the shorter the Half-Life, the more it spits out stuff, what it spits out is relative to its decay path's, this is why trying to base "good" "bad" on a single method of quantification is stupid. I would much rather hold something in my hand with a HL of 2b years vs. never go near something with a HL of 25yr.

CyberJoeJimCockerSpanielSeptember 21, 2015 8:51 PM

Further to what Clive is saying, when you have an anonymous hacker's collective such as Anonymous that has no central hierarchy, then when you see a cyberattack signed, in this notional case, 'Anonymous', it could be members of the original collective or their successors--whether under the control of a TLA or not--or it could be members of the TLA conducting a false flag for their own purposes. Indeed, one attack could be Anonymous, the next attack could be an American TLA, the third attack Anonymous, the next attack a Russian TLA. How would you know?

Moreover, when we see attacks signed by supposed 'citizens' groups' of hackers which reveal things that one would think that only a nation state would be competent to learn, then there's a question raised whether the 'citizens' group' of hackers is not just a cutout.

Stuff signed by Syrian or Ukrainian hackers seems suspicious in this regard.

It has always seemed odd that a Belorussian antivirus company that no one has ever heard of uncovered Stuxnet.

Cyber wilderness of cybermirrors.

Lawrence D’OliveiroSeptember 21, 2015 9:02 PM

Dorothy Denning ... wasn’t she in favour of Government-mandated backdoors in encryption during the first Crypto Wars?

name.withheld.for.obvious.reasonsSeptember 21, 2015 10:44 PM

The primary frame of reference for the strategic/tactical details (PPD-20), where authorities cited by yet another document (FM 3-38 Cyberwarfare Field Manual), and yet again by DoD directives and another EO that devolves power from the President to the Secretary, Deputy Secretary, and the Executive Officers of the IC member community.

The high level strategic (and I understand that it is still tactical) policy, compartmentalized architectures of management and operations (over time tends to lose strategic objectives/goals) are summarized as follows:

1. DoD must defend its own networks, systems, and information;

2. DoD must be prepared to defend the United States and its interests against cyberattacks of significant consequence.

3. if directed by the President (this language is deliberate) or the Secretary of Defense, DoD must be able to provide integrated cyber capabilities to support military operations and contingency (another key term) plans.

What I have been unable to convey is the material (statue, law, memorandum, and directive) support for military decision processes to control the execution of force--where there was no action or force in play. In other words, the Director of the Department of Energy can initiate war--the Director of DOE can call for and make the first shot, as can the DIA, NSA, CSS, etc....35 players that hold the potential power to fire the first salvo.

If you thought the law had come off the rails of the constitution, this is the plunge into the abyss whereby democracy becomes exclusively retrospective.

albertSeptember 22, 2015 12:58 PM

When discussing state actors, it's important to remember that retribution (punishment) is still their primary motivation. All political systems are punitive in nature. When you're a politician, it's what you do*. If ya wanna be a good guy, ya gotta have bad guys.

Retribution requires attribution. Or does it? Does the US _really_ care who gets blamed, as long as it's on the Official State Bogeymen list?r By focusing on attribution, attention is deflected from the real issue: lack of security. It seems unreasonable to think that the hackers are responsible for the state of our security infrastructure, and by destroying them, we make the cyber-world 'safe' again.

It's clear from history, that in the case of the US, no real reason is necessary for starting a War, only attribution by proclamation.

Another example of security theatre, in the service of political theatre, in the service of financial theater... The New Yorker needs to expand it's 'Theater' section.

* love to see that in a Geico commercial...

bruhahSeptember 22, 2015 11:58 PM

@ Clive Robinson

>thus there is nothing to stop one part of the USG spoofing an attack to make it appear from say Syria and then sending in the drones to hellfire the place into rubble

There is and its called foreign relations policy.

The USG does not take a reactive stance, nor does the expert freshman strategist.

anonymousOctober 15, 2015 1:57 PM

Bruce, why didn't you mentioned Julian Assange?

It is already a History of Hacktivism. As I know, he used Low Orbit Ion Cannon with his friends and community in the Europe. He helped Snowden to shelter in Russia.

And actually, today he looks like Target #1 for U.S. Gov in scope of Hacktivism.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.