hacktivismpaper.docx
TRANSCRIPT
Running Head: HACKTIVISM 1
Hacktivism: Legal and Social Implications of a Cyber Society
Clairee Schneider, Abby Huisman, Cara MacLaughlin, and Desarae Veit
Iowa State University
MIS 655: Organizational and Social Implications of Human Computer Interaction
Author Note
Contact: [email protected], [email protected], [email protected], and
HACKTIVISM 2
Abstract
Hacktivism is “the practice of gaining unauthorized access to a computer system and carrying
out various disruptive actions as a means of achieving political or social goals” (hacktivism,
n.d.). This research paper explores the legal and social implications of hacktivism, and offers a
systematic review of existing literature related to cybercrimes and the hacktivist group
Anonymous, while emphasizing the moral and ethical boundaries of hacktivism. This paper
reviews existing legislature and multiple legal cases to give an overview of how intended
legislature may be outdated or used to prosecute cases more harshly than non-cybercrimes. A
case study describing and analyzing the Operation Darknet hack by Anonymous will help
describe why ethics surrounding hacktivism are within the grey spectrum of ethics.
Keywords: hacktivism, ethics, cybercrimes, legislature, anonymous
HACKTIVISM 3
Hacktivism: Legal and Social Implications of a Cyber Society
When asking what words people associate with the term “hacktivism” there are a wide
range of answers such as, “criminals” and “demonstrators”. Hacktivism is derived from the
words “hack”, which means “to cut or sever with repeated irregular or unskillful blows; to write
computer programs for enjoyment; to gain access to a computer illegally” (Merriam-Webster,
n.d.) and “activism” which is defined as “a doctrine or practice that emphasizes direct vigorous
action especially in support of or opposition to one side of a controversial issue”
(Merriam-Webster, n.d.). Both of these definitions are equally important when defining what
hacktivism is and isn not. Ludlow (2013) discusses how the media and security companies have
attempted to muddy the definition in his New York Times opinion piece titled “What Is a
‘Hacktivist’?”. These agencies have led people to believe hacktivists are sinister individuals who
are attacking anyone for their own financial gain but Ludlow (2013) argues:
In 2011 if you were worried about an intrusion into your system it was 33 times
more likely that the perpetrator would be a criminal, nation state or disgruntled
employee than a hacktivist. If you weren’t picking fights with Anonymous the
chances would have dropped to zero — at least according to the cases analyzed in
the report.
For this paper we will base our definition on Ludlow’s (2013); hacktivism is using technology
and hacking skills to effect social change.
According to Denning (2015), the Cult of the Dead Cow (cDc) has been given credit for
coining the term “hacktivism” in 1994, but the act of hacktivism existed long before. In the
1980s, the Worms Against Nuclear Killers (WANK) worm was one of the first hackings
HACKTIVISM 4
motivated by an activist’s cause. This worm was aimed at the United States’ Department of
Energy and National Aeronautics and Space Administration (NASA) by an anti-nuclear activist
located in Australia because a plutonium powered space shuttle was scheduled to be launched.
The activists were concerned about what could happen to the Earth if it had explosion similar to
the Challenger space shuttle.
In the mid-1990s, the denial of service (DoS) and taking over a home page to add a
message of dissent became a common activity. In 1996, an unknown hacktivist group took
control of the Department of Justice’s website to protest the Communications Decency Act and
displayed pornographic photographs and changed the text to read, “Department of Injustice”
(Denning, 2015). In 1999, a subgroup of cDc started the group Hacktivismo. According to
Hacktivismo (n.d.), this group was to “to assist (where possible) non-governmental
organizations, social justice groups and human rights entities” (Hacktivismo, 2013).
After the September 11, 2001 terrorist attacks, Young Intelligent Hackers Against Terror
(YIHAT) was born (Denning, 2015). The mission of YIHAT was to hinder the funding of terror
groups like Al- Qaeda. The most prominent hacktivist group, Anonymous, was established in
2003 but did not become well known until 2008 when they attacked the Church of Scientology
(Denning, 2015). During the Arab Spring in 2011, Anonymous launched many operations, one
of which was Operation Egypt. The Egyptian government had limited the communication
channels available so no news was going in or out of the country. This motivated Anonymous to
provide instructions of how to use dial-up modems and Ham radios so the story of the protestors
could reach the outside world (Kanalley, 2011).
HACKTIVISM 5
Now hacktivism has been defined for the purpose of this analysis and understand the
history a little more, a deeper dive can be done into the ethical analysis of hacktivism. This paper
will discuss the laws in the United States regarding cybercrimes, do an ethical analysis of
cybercrimes, and dive into the case of Operation Darknet.
United States Laws regarding Cybercrimes (1-2 pages)
The primary federal cybercrime statute is called the Computer Fraud and Abuse Act
(CFAA) which was passed 1984 and amended in 1986. The CFAA was created to reduce illegal
or invasive computer hacking like malware, viruses, worms, and personal attacks from
disgruntled coders and a multitude of cybercrimes. The CFAA is a broad document, like most
outdated legislation that governs software and the web, it was written before smart phones.
Processing capabilities were often measured in megabytes (1024000mb = 1024gb = 1tb).
According to Mayer (2015), from the Pennsylvania Law Review, the most prosecuted
cybercrimes are not terrorists, creators of nation-wide attacks, or larger crimes - the cases arise
from civil claims related to employment disputes.
Tompkins and Ansell (1986) and Mayer (2015) describe the archetypal hacker as a blue
collar day laborer who hacked federal systems by night. This stereotype makes most hackers
seem like supervillains straight out of a comic book or comedy movie, like the 1995 high-tech
thriller Hackers starring Angelina Jolie. Fadriquela and Deuel are described by (Mayer, 2015) as
this typical archetype. Both young people, hard working and by most standards would be
considered average citizens. Fadriquela worked in data processing who hacked Federal servers.
Deuel was a whistleblower who overstepped her access privileges.
HACKTIVISM 6
According to Mayer (2015), before Fadriquela and Deuel cybercrime law was a vague
catchall type doctrine for technology that was/is barely understood by those regulating it. Since
then, the CFAA has become controversial amongst prosecutors, lawmakers, the public, and
scholars (who argue the breadth and severity is not based on data but fear) as it has developed
into a controversial complex and severe doctrine that does not even directly address more
“sophisticated” forms of hacking with “worldwide civil and criminal liability that displaces trade
secret, property, contract, fraud, and copyright law in the information economy” (Mayer, 2015;
Brenton, 2009).
The laws are created to protect citizens from online fraud, identity theft, harassment, and
loss of intellectual property especially from businesses and universities (Mayer, 2015). Instead of
teaching young students and adults how to protect themselves from online crimes and to better
understand technology - authorities have worked to strengthen sanctions and laws against these
crimes or even lesser crimes known as the expansionist perspective. Unfortunately, these laws
are so broad and redundant that they also can identify the average user as a criminal.
Ethics of Cybercrimes
When the Internet was in its infancy, it was considered separate from the rest of the
world. Crimes committed in this separate space became known as “cybercrimes”. Cybercrimes
usually fall into one of two categories: those that are digital equivalents to crimes committed
pre-Internet and the digital age, and those completely unique to computers, networks and the
Internet. In the long term, however, these categories will be of negligible importance. Prior to
society becoming dependent on and interlaced with technology, it was far easier to understand a
specific cybercrime as it relates to a traditional crime. And those that exist wholly due to
HACKTIVISM 7
technology were easily contained in that separate, “cyberspace”. However, current and future
generations will likely see a cybercrime as simply a crime. Distributed denial of service (DDoS)
attacks no longer seem alien and foreign. A bank robbery committed by a masked gunman and
one where a hacker moved funds remotely only differ in the details. Cybercrime do have
additional levels of complexity; this requires individuals, companies, and governments to
understand how to protect one’s online data, similar to locking funds in a safe, arming a security
system or hiring security guards. Similarly, law enforcement agencies have to expand their
capabilities and keep up with technology and the evolution of cybercrime in order to continue
performing their duties.
Identity theft, robbery, prostitution, slavery, drug trade and even murder-for-hire are just
some of the crimes that have expanded into cyberspace. Although the average ‘foreign prince
with millions’ email scam has been since the beginning of the e-mail, many crimes can be found
in both the mundane and unknown, hidden parts of the web. On one side of the spectrum, we
have an official-appearing phishing email, a cleverly worded Craigslist ad or an unsecure Wi-Fi
network and on the other, the Dark Web. Other crimes, like sharing copyrighted media via
services like Napster or a Tor network, can begin as a seemingly innocent act until the existing
law is challenged, interpreted and applied to the digital realm. The Internet is an open playing
field for criminals and law-abiding citizens alike. Most crimes of any severity, type or scope, can
be attempted and committed by anyone with the means. Anonymity, both real and potential, as
well as the fact that the Internet is borderless, keeps criminals a step ahead of victims and law
enforcement. On top of that, technologies like, IP cloaking or spoofing data, only assist in
covering tracks.
HACKTIVISM 8
For the average law-abiding user, there are basic guidelines that can be followed to
ensure basic protection of online data from hackers, thieves and scammers. Unfortunately, even
the most attentive user can have an old, forgotten account on some website used in “a former
life” that gets hacked and compromised. Users do assume a certain amount of risk when using
the most benign sites on the web. In certain circumstances, the websites and services used can
assist users in the task of protecting themselves and their data. Email clients like Gmail and
Outlook have built-in functionality to identify junk and phishing emails. Multi-step
authentication and password requirements are also things many companies offer that help their
users. When a company encounters a breach of their network and data, they often inform their
users with the necessary details to provide said users with the ability to get ahead of any potential
fallout. Although this notification has become a basic, nearly obligatory, act among reputable
companies, companies and users alike have to be on the same page in terms of how the assumed
risk is divvied between the parties, what the company will do and what contributions, if any, the
user is expected to make to ensure protection of the information shared.
For crimes like drug trafficking, slave trade, prostitution and the sharing or distribution of
child pornography, users on both side of the transaction are criminals. When criminals have been
caught concerning these cybercrimes, the story often makes the news. As the facts unfold, a
massive operation is revealed that involved a taskforce or maybe multiple law enforcement
agencies and many specialists testify with lots of technical and legal jargon. There are many
things that can make investigating these crimes challenging and even impossible. Take the case
concerning the Silk Road and Ross Ulbrich, for example. The prosecution had to prove that Ross
Ulbrich and operator of the Silk Road (the “Dread Pirate Roberts”) were in fact one in the same.
HACKTIVISM 9
On top of that, with Bitcoin being the primary currency exchanged, Bitcoin had to be considered
a real currency that could be “laundered” in the eyes of the law and Ulbrich, who merely
operated the site, the site, has discussed challenging the search of the server used the host the site
which was physically located in Iceland. Questions of jurisdiction are of the utmost importance
for many far-reaching cybercrimes. There are traditional crimes, like bank robbery or cross-state
firearm sales, that are claimed under federal jurisdiction here in the United States. How does one
investigate and prosecute a crime if the hackers are in one country, the group paying the hackers
is in another, the target company is headquartered in a third country and their physical servers
are in a fourth? Multi-national agencies, like Interpol, and interagency cooperation are helpful
for the investigation. But considering that fights over jurisdiction between states, counties and
civil counsel are normal for both criminal and civil cases here in the United States, it is hard to
imagine that there would not be months or years of argument over jurisdiction, even if there are
only two countries involved.
Laws and law enforcement have needed to adapt to the integration of technology in
crimes and criminals of all kinds, not just cybercrimes and cybercriminals. “Federal legislative
response so far has been to impose computer abuse liability on network attackers” (Mayer,
2015). Every state has enacted their own cyber laws and statutes by 2000 (Mayer, 2015).
Although there is an inclination to assume that powerful technology is safe in the hands of “the
good guys”, this is by no means a straightforward or simple issue. Although criminals do have
the skills, or can pay for the skills, to, say, create a backdoor into an iPhone, having Apple©
create the backdoor for law enforcement does not offer any increased protection for potential
victims. By designing technology with a deliberate flaw, the company is in fact increasing the
HACKTIVISM 10
risk for its users. The people with the skills to hack into and compromise technology are
typically one of three types: black hats (those who use their power for bad), white hats (those
who use their power for good) and grey hats (those who fall somewhere in the middle, doing
bad/illegal things for the “greater good” or for a price). Big name tech companies offer monetary
rewards to those willing to find and report vulnerabilities; in turn, companies can fix the
vulnerabilities and protect their users. A backdoor of any kind is merely a known vulnerability
that will never be patched or fixed. This does mean that law enforcement is required to jump
through extra hoops or use alternative means to find out the potential information that any
proposed shortcut would provide. It also ensures that criminals too are required to take additional
measures to commit crimes. In an ideal world, this also cuts down on the crimes, or prevalence
of crime, both of which would be positive for law enforcement agencies.
Case Study: Operation Darknet by Anonymous
About Anonymous. The group Anonymous is arguably the most well-known hacktivist
organization in the world today. The group started on a website called 4chan, a forum-style
website where people could post on any thread. On some threads anonymity was forced so every
post appeared as if it was coming from a user with the name “Anonymous” (Olson, 2012, p. 28).
At the start, members of Anonymous would just work together to orchestrate internet pranks, like
the one pulled on the users of Habbo Hotel, a popular virtual hangout website, where everyone in
the group made the same avatar and surrounded the pool with a “closed due to fail and AIDS”
sign (Olson, 2012, p. 49). The pranks pulled by Anonymous started evolving and pushing
boundaries. In 2004, subset of Anonymous made accounts on sites frequented by pedophiles.
HACKTIVISM 11
Upon receiving a message from another user, this group would post threats and say they were
from Child Protective Services and threaten the user with legal action (Olson, 2012).
Many experts agree that 2008 was then Anonymous went from being jokesters to
hacktivist when the Church of Scientology sent Gawker a cease-and-desist letter for publishing a
leaked video of Tom Cruise praising the religion. A post was made on 4chan about the events
and users decided to perform a DoS to take down the Church of Scientology website and flood
their call centers (Olson, 2012, p. 60-90). Since being recognized as a hacktivist group, attacks
have been directed at a number of places, for example: Tunisia, Bank of America, Sony, the
Westboro Baptist Church, the Ku Klux Klan, and Donald Trump. The organization has become
so well known that in 2012, Time acknowledged them on the list of “The World's 100 Most
Influential People” (Gellman, 2012).
Unlike other hacktivist groups, Anonymous has not formally outlined a specific objective
for their hacktivism but based on prior operations, they have contested censorship by promoting
information transparency and have tried to counter oppression. Since no formal group mission
has been formed, it is common for members of the group to disagree on how and when to take
action. Gregg Housh, a former member of Anonymous, told ABC News , “I don’t think you’ll be
able to find an Anon that won’t be upset about at least one op [operation]” (Sands, 2016).
Operation Darknet. The hacker group, known as Anonymous, conducted a large scale
attack on internet child pornography in October 2011. The hack was an attempt to bring
pedophiles into the light by using a software virus that allowed Anonymous to record the
pedophiles IP addresses. “The hacker group has claimed that it has shut down more than 40 Web
sites for sharing pedophilia and released the names of more than 1,500 alleged users of a website
HACKTIVISM 12
called Lolita City, containing more than 100GB of child pornography” (Bora, 2011).
Anonymous also asked that law enforcement agencies use the list to prosecute individuals on the
list.
Anonymous vowed to continue to bring down servers, no matter who it belonged to, if
there was child pornography on it. One particular server they were determined to disrupt was the
Freedom Hosting server, which held “95 percent of the child pornography listed on Hidden
Wiki” (Bora, 2011). According to Bora (2011), Freedom Hosting refused to bow down to
Anonymous’ demands, therefore forcing Anonymous to disrupt the server themselves. Freedom
Hosting retaliated by bringing the server back online within 24 hours. Anonymous then hacked
into Freedom Hosting’s servers again and brought the server back down again and vowed to
“...kill pedobears everywhere, starting with Freedom Hosting” (Bora, 2011). Anonymous has
stated that they will continue to bring pedophiles to light in the coming years, without warning
and without remorse.
Ethics of Operation Darknet. Ethics is a complicated subject as there is no right or
wrong answer, as it is based on an individual’s belief system on certain topics and actions.
People become passionate about what they believe is “right” or “wrong”, and can vary from
person to person. Fortunately, there are some ethical guidelines written by the Computer Ethics
Institute (n.d.), that help guide “good” computer usage, they are called the Ten Commandments
of Computer Ethics (see Appendix A). Anonymous’ Operation Darknet case is unique because it
brings up the issue of pedophilia and internet hacking. Although Anonymous’ intentions were to
help children who were being exploited by online pedophiles, Anonymous did break several of
the commandments while doing so, particularly the first three computer commandments: “(1)
HACKTIVISM 13
Thou shalt not use a computer to harm other people, (2) Thou shalt not interfere with other
people's computer work, and (3) Thou shalt not snoop around in other people's computer files”
(Computer Ethics Institute, n.d.).
The first three commandments were broken by Anonymous, and therefore theoretically
made the hack unethical, but many would argue that unveiling pedophiles, made the hack ethical.
Ethics, very rarely, has a clear cut solution or answer, ethics of hacktivism is no different.
Anonymous would argue that they were providing a public service to better help the worldwide
community and protect innocent children, as the authorities could not find or prosecute the users
themselves. On the other hand, Anonymous was prosecuted by some individuals because they
were hacking into personal property, and interfering and snooping within personal servers.
Public Response. After reviewing the #OpDarknet hashtag on Twitter (n.d.) public
opinion was in favor of the Operation Darknet hack, because it was providing a greater service to
the public, protecting children from abuse and exploitation. Most of the negative backlash came
from individuals who utilized the Hidden Wiki, to view and share pedophilia. Some individuals
that were outed in the attack claimed that they were not using those illegal sites for pedophelia,
and were utilizing the site to provide other services for illegal activities, not just pedophelia
(Bora, 2011).
Conclusion
Hacktivism is a growing field among technologically inclined individuals, accumulating
people together from across the world and different countries to fight censorship. Anonymous is
one such group but it is not a true group but a collection of individuals that are each fighting for
an individual cause that they believe in, no one person speaks for the entire Anonymous group
HACKTIVISM 14
(Righteous, 2016). As these types of groups become more powerful, the ethics of these hacks
will continue to be questioned and we are not likely going to come to a consensus as a society
whether these actions are “good” or “bad”.
HACKTIVISM 15
References
#OpDarknet hashtag on Twitter. (n.d.). Retrieved December 1, 2016, from
https://twitter.com/hashtag/OpDarkNet?src=hash&lang=en
Baker, G. D. (1993). Trespassers will be prosecuted: Computer crime in the 1990s. J. Marshall J.
Computer & Info. L., 12, 61.
Baker, G. D. (1993). Trespassers Will Be Prosecuted: Computer Crime in the 1990s, 12
Computer LJ 61 (1993). The John Marshall Journal of Information Technology &
Privacy Law, 12(1), 4.
Bertrand, N. (2015, May 29). The case against Silk Road's 31-year-old founder was
unprecedented. Retrieved November 29, 2016, from
http://www.businessinsider.com/the-case-against-silk-road-founder-ross-ulbricht-was-un
precedented-2015-5.
Bora, K. (2011, October 23). Anonymous Back in Action: Targets Child Porn Web Sites,
Releases User Names. Retrieved December 01, 2016, from
http://www.ibtimes.com/anonymous-back-action-targets-child-porn-web-sites-releases-us
er-names-325728
Brenton, K. W. (2009). Trade Secret Law and the Computer Fraud and Abuse Act: Two
Problems and Two Solutions. U. Ill. JL Tech. & Pol'y, 429.
Computer Ethics Institute. (n.d.). Ten Commandments of Computer Ethics. Retrieved December
01, 2016, from http://computerethicsinstitute.org/publications/tencommandments.html
Denning, D. (2015, September 8). The Rise of Hacktivism. Retrieved November 07, 2016, from
http://journal.georgetown.edu/the-rise-of-hacktivism/
HACKTIVISM 16
Eddy, M. (2014, February 4). Inside the Dark Web. Retrieved November 29, 2016, from
http://www.pcmag.com/article2/0,2817,2476003,00.asp.
Gellman, B. (2012). Anonymous -The World's 100 Most Influential People: 2012- Printout.
Retrieved November 13, 2016, from
http://content.time.com/time/specials/packages/printout/0,29239,2111975_2111976_2112
122,00.html
hacktivism. (n.d.). Dictionary.com Unabridged . Retrieved December 6, 2016 from
Dictionary.com website http://www.dictionary.com/browse/hacktivism
Hacktivismo: Board of Advisors. (n.d.). Retrieved November 13, 2016, from
http://www.hacktivismo.com/about/index.php
Johnson, D. G. (2009). Chapter 6 Digital Order. Computer ethics (4th ed.). Englewood Cliffs,
NJ: Prentice-Hall.
Kanalley, C. (2011, January 29). Anonymous Internet Users Team Up To Provide
Communication Tools For Egyptian People. Retrieved November 12, 2016, from
http://www.huffingtonpost.com/2011/01/29/anonymous-internet-egypt_n_815889.html
Koepsell, D. R. (2000). An emerging ontology of jurisdiction in cyberspace. Ethics and
Information Technology, 2 , 99-104. Retrieved November 13, 2016.
Ludlow, P. (2013, January 13). What is a 'Hacktivist'? Retrieved November 12, 2016, from
http://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/?_r=1
Mayer, J. (2015). Cybercrime Litigation. U. Pa. L. Rev., 164, 1453.
Merriam-Webster. (n.d.). Retrieved November 12, 2016, from
http://www.merriam-webster.com/dictionary/
HACKTIVISM 17
Olson, P. (2012). We are Anonymous: Inside the hacker world of Lulzsec, Anonymous, and the
global cyber insurgency. New York, NY: Little, Brown and Company.
Righteous. (2016, October 28). What is Anonymous? Retrieved December 05, 2016, from
http://anonhq.com/what-is-anonymous/
Sands, G. (2016, March 19). What to Know About the Worldwide Hacker Group 'Anonymous'
Retrieved October 02, 2016, from
http://abcnews.go.com/US/worldwide-hacker-group-anonymous/story?id=37761302
Spinello, R. A. (2000). Concluding Section of Chapter Two: "Governing and Regulating the
Internet”. Jones & Bartlett. CyberEthics: Morality and Law in Cyberspace. 10-13.
Retrieved November 13, 2016.
Tompkins Jr, J. B., & Ansell, F. S. (1986). Computer Crime: Keeping Up with High Tech
Criminals. Crim. Just., 1, 31.
HACKTIVISM 18
Appendix A
The Ten Commandments of Computer Ethics (Computer Ethics Institute, n.d.)
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people's computer work.
3. Thou shalt not snoop around in other people's computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people's computer resources without authorization or
proper compensation.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the program you are writing or
the system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and respect
for your fellow humans.