Since the early 1980s, there were wire and mail fraud criminal provisions in criminal statutes that did not address computer crime. The Act made the unauthorized access of classified information a felony and a misdemeanor to "access financial records or record histories stored in a financial institution," or to trespass a government computer. In response to the growing issues, Congress enacted the Comprehensive Crime Control Act independent of the existing criminal laws. Congress contemplated whether criminal statutes should be amended to include computer-related offenses. Throughout 1985, Congress held hearings on this issue, which prompted the enactment of the Computer Fraud and Abuse Act (CFAA) of 1986.
Here, a comparison will be made between the "Accessing a Computer and Obtaining Information" provision with the trespass provision. Under 18 U.S.C. § 1030(a)(2),(1) a person intentionally accesses (2) a computer without or exceeding authorization (3) to obtain information from either financial records from a financial institution or “consumer reporting agency,” (4) the U.S. government, or a protected computer, it's a misdemeanor and; (5) if it was to either gain “commercial advantage or private financial gain,” (6) “in furtherance of any criminal or tortious act,” or (7) the information is valued at more than $5,000, it’s a felony. Here, although possibly not as invoked, a hacktivist who may want to expose, similar to a whistleblower, financial information would be subject to a misdemeanor. The felony portion of the act is likely to be inapplicable because hacktivists generally don't seek financial gain from their acts.
Among the many amendments, the following are most commonly invoked in hacktivist cases: -- Criminalized, not only direct threats to damage a computer, but steal data from a victim's computer; publicly disclose the data; or failing to repair the damage caused. --- Conspiring to commit a "computer hacking offense" became a criminal offense. -- Broadened the "protected computer" definition. 18 U.S.C. § 1030(e)(2). Lastly, the Act is a mixed criminal and civil statute. For certain provisions, affected victims can file civil suit.
Broken into three subsections: (1) 18 U.S.C. § 1030(a)(5)(A) The person knowingly causes the “transmission of a program, information code, or command”; (2) And from that conduct, intentionally causes damage to the protected computer without authorization; If these are satisfied, a misdemeanor applies. But, if in addition, among other circumstances, (a) The access results in a loss of $5,000 for one year; (b) threatens public health or safety; (c) modifies a person’s medical care, damages systems that are “used by or for” government entities; (d) “administration of justice, national defense, or national security,”; (e) or the damage affects 10 or more protected computers within that year, it’s a felony. A "protected computer" includes financial institutions and U.S. government property.
The Act is separated into seven categories. All, except for four, are most likely to apply to hacktivists are underlined below. (1) Obtaining National Security Information (2) Accessing a Computer and Obtaining Information (3) Trespassing in a Government Computer (4) Accessing a Computer to Defraud & Obtain Value (5) Intentionally Damaging by Knowing Transmission (6) Recklessly Damaging by Intentional Access (7) Negligently Causing Damage & Loss by Intentional Access Trafficking in Passwords (8) Extortion Involving Computers
Under 18 U.S.C. § 1030(b), A person who attempts to commit the crime in § 1030 are subject to penalties, as if the crime had been completed. Here, like criminal laws, hacktivists would be subject to the statute's reach and to its penalties even if unsuccessful.
Under 18 U.S.C. § 1030(a)(5)(B), if a person: (1) intentionally accesses (2) a protected computer (3) without authorization; and (4) recklessly causes damage, it's a misdemeanor. If one of the circumstances in § 1030(a)(5)(A) happen as well, a felony applies.
Under 18 U.S.C. § 1030(a)(5)(C), a personal that (1) intentionally accesses (2) a protected computer (3) without authorization and (4) causes damage and loss is subject to a misdemeanor. Notice the exceeds authorization clause is omitted, and the circumstances under § 1030(a)(5)(A) are not included. This seems to be a catch-all.
Under 18 U.S.C. § 1030(A)(7), a person who (1) intentionally seeks to (2) extort money or “any other thing of value”; and (3) transmits in interstate or foreign commerce “a communication” that contains (4) either a threat to damage a protected computer; (5) threat to “obtain or reveal confidential information without or in excess of authorization;” or “demand[s] or requests[s] [] money or value in relation to damage” that is done with the extortion. At face-value, this may not seem like a statute that would apply to hacktivists, but the "thing of value" is undefined in the statute, and a mere financial statement could qualify and subject the hacktivist to liability.
The ECPA amends the Federal Wiretap Act of 1968. The Act protects "wire, oral, and electronic communications while the communications are in transit, such as stored data on a computer, emails, and phone conversations. The Act is comprised of three titles. The first two which are most relevant to hacktivism: --Title I= AKA the Wiretap Act. This prohibits the intentional actual or attempted "interception, disclosure," or procuring to intercept or to try to attempt the interception of "wire, oral or electronic communication." --Title II= aka the Stored Communications Act (SCA) protects contents in files by service providers, IP addresses, and records of subscribers.
AKA "Worms against Nuclear Killers" The worm affected the Galileo Space Probe set to launch two days later in Kennedy Space Station in Florida. It traveled through NASA's interconnected computer network finding openings in the security system, and spread to the US Department of Energy in Chicago; European Center for Nuclear Research in Switzerland; and the Riken Accelerator Facility in Japan. The French Secret Service uncovered that the worm came from a network in Australia.
In the 1997 book, Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, journalist Suelette Dreyfus speculates that Australian hackers were behind the attack. The message "you talk of times of peace for all, and then prepare for war." is from a song called Blossoms of Blood by an Australian rock band, Midnight Oil. A documentary was released about the hack, In the Realm of the Hackers, in which NASA officials believe the hackers were Electron and Phoenix (pseudo-names). No one was identified or prosecuted for the NASA attack, but Electron and Phoenix were prosecuted for other computer crimes including the interference with the US Defense.
The CFAA was an amendment to the first federal criminal law. The Act is triggered when there is a computer is intentionally accessed without authorization or in excess of authorization. "Without authorization" remains today undefined in the Act. According to legislative history, the Act sought to balance the interests of prosecuting computer offenses by the Federal government and the states. The CFAA included additional provisions on computer offenses, such as penalizing the intentional alter, damage, or destruction of another's data.
The Zippies, a U.K.-based activist group, also called cyber-hippies, were known to employ the first DDoS (Denial of Service Attack) as a political protest. Known as "The Intervasion of the UK," the group sent email bombs to several government agencies to protest Prime Minister John Major's Criminal Justice and Public Order Act, that outlawed outdoor raves with music having repetitive beats. During this time, the world's first cyber cafe popped up, Cyberia in London, that provided free internet access to the public. The co-founder, Eva Pascoe, was a supporter of the movement.
In protest of the DOJ's Communications Decency Act (CDA) which takes down offensive material, hackers engaged in web defacement by replacing the DOJ's homepage with pornographic images.
The Electronic Disturbance Theatre (EDT) was co-created by Roberto Dominguez. The group's approach to DDoS was to model the civil rights of sit-in of Ghandi, Martin Luther King, Jr., and the like to protest neoliberalism. The virtual sit-ins through a system called FloodNet, was used protest against human rights abuses. FloodNet was a java script that reloaded the refresh button every time based on the number of participants. Virtual sit-ins were done to Mexican President Zedillo's website in support of the Zapatista rebels that were advocating indigenous rights, the White House, the School of the Americas, a US army training station for foreign officials that were accused of human rights abuses, among other websites. Anonymous went on to adopt this type of crowd-sourcing activism by creating voluntary botnets, in which the group called on volunteers to take over websites.
The Cult of the Dead Cow was born in 1989 in Lubbock, Texas, but came to be known in 1999 when the group released a security system, BackOrifice 2000 (BO2KY) , that would gain control over computers running Windows. Their mission was to show the security vulnerabilities in Microsoft, which was at its peak in the late 90s. Their work caught not only Microsoft's attention, but the FBI. Apart from Microsoft, cDc has advocated on human rights issues and shed light on international issues by partnering with international hackers. For instance, cDc worked with a Chinese hacker group called the Hong Kong Blondes to hack computer networks of the Chinese government for human rights abuses.
According to researcher Molly Sauter, author of The Coming Swarm: DDoS Actions, Hacktivism and Civil Disobedience, the first DDoS, "Net'strike" could be traced to an Italian hacktivist group called Strano Network. The group hacked the French government's website in protest of their nuclear policy. Given that during the late 90s, internet connection was expensive, the attack only lasted an hour.
Similar to cDc, Hacktivismo focused on human rights causes. It took a step further by creating a "Hacktivism Declaration" that modeled the UN's Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. The group's promotion of Internet freedom goes in hand with its rejection of DDoS.
What was a series of online pranks on a website, 4chan.org, created by fifteen year-old Christopher Poole, led to the eventual creation of Anonymous. In 4chan.org, Poole's memes and hyperlinks, most famously the Lolcats and Rickrolls, brought a multitude of anonymous hackers with politically motives to connect with one other.
When Estonia took out a Soviet statue out of its capital, Tallinn. The Estonia government experienced a series of DDoS attacks-- the largest known in history. Russian hackers were behind the attack. The pro-Kremlin group, Nashi, claimed responsibility. The group denied that the Russian government directed them. Estonia asked Russia for help, unsuccessfully. The Council of Europe’s Convention on Cybercrime requires, to this day, mutual assistance in cybercrime investigations, but Russia had not signed it, and that remains the same to this day.
Anonymous releases a Youtube video announcing Project Chanology, a protest against the Church of Scientology claiming it spreads misinformation and suppresses critics. A few weeks after the video, Anonymous physically protested in different locations against the Church wearing Guy Fawkes masks.
When Tunisian dictator Zine el-Abidine Ben Ali, blocked the US Department cables disclosing corruption in the Tunisian government, Anonymous then attacked the government websites that also impacted the Tunisian stock exchange. The group assisted protesters on the ground for months through the "Freedom Ops" movement.
In Operation Avenge Assange, Anonymous protested the cut off payments of MasterCard and Visa to WikiLeaks. Anonymous hacked the card companies and slowed Paypal's traffic.
As an offshoot of Anonymous, AntiSec focuses particularly on security issues. It hacked a private intelligence group by taking its website offline and taking about 200 GB of data. In doing so, AntiSec engaged in the largest public "d0xing" by disclosing the data online.
"Nightmare" knocked out the Tel Aviv Stock Exchange and El Al airlines along with Saudi hacker 0xOmar to protest against Israel. 0xOmar previously had released thousands of Israelis' credit card numbers. As a result of "Nightmare" and 0xOmar's hack, a cyberwar ensued with Israeli hackers took out the Saudi Stock Exchange and the Abu Dhabi Securities Exchange offline.
February 14th marked the anniversary of the Bahraini government's violent forces in the country's capital, Manama, during the Arab uprisings. Anonymous attacked the Bahraini government's websites and its supporter, such as Combined Systems, a Pennsylvania-based tear gas manufacturer. The government retaliated by prohibiting the import of Guy Fawkes masks. Fifteen days later, Interpol arrested 25 alleged Anonymous hackers, including ringleader Hector Monsegur, aka as "Sabu," that lead to more hacker arrests.
Similar to the Stratfor data dump, Anonymous launched Par: Anoia (Potentially Alarming Research: Anonymous Intelligence Agency) that comprised of submitted data, such as leaked emails from the Syrian Foreign Ministry and footage from the New York Police Department's involvement in the Occupy protests in 2011.
Hackers interfere with several government agencies in protest of Aaron Swartz's suicide after a federal indictment for releasing millions of academic articles in JSTOR.
The DTSA, signed into law by President Obama, is a civil statute that prohibits misappropriation of an entity's trade secrets if it's related to a "product or service used in, or intended for use, interstate or foreign commerce." Generally, companies deferred to state trade secret misappropriation laws, but the federal statute has brought consistency.
Benefits (1) Transparency (2) The mix in person and online activism. Online activism can also assist, especially with COVID where a large number of people can’t join in. Negative Effects (1) Harm to a country. Specifically, health;Strained foreign relations when people turn against a foreign government rather than the group of hacktivists; Economic development, i.e. knowing down the stock exchange. (3) There is not a set Hacktivism manual like was set forth by Hacktivismo. (4) D0xing can create reputational damage, embarassment and some accusations would not escape defamation suits. (5) it is hard for others to join in on acts like d0xing (release of confidential information), unlike the electronic civil disobedience from the Electronic Disturbance Theatre (EDT).
Recommendations: (1) International treaty. An international treaty that allows countries to assist one another, such as the Council of Europe’s Convention on Cybercrime. This way, each country who signs on knows what measures and what triggers action; as Internet is becomes more global, the “hacktivist” act of a person shouldn’t justify the intervention of one country to another or economic sanctions. Because this will ultimately harm innocent citizens on both sides. (2) State-assisted hacktivism. CFAA excludes, under 18 U.S.C. § 1030(f), lawfully authorized activities from law enforcement and intelligence agencies. Thus, possibly state-sponsored hacktivism may help in more transparency and finding the "bad guys." (3) Reform of Whistleblower laws? With D0xing, the current whistleblower laws available on the local, state, and federal level are specific to employer-employee context. By expanding it to more professions, it may encourage transparency, and it may encourage more individuals to remove anonymity.
We'd love to hear from you. Please send questions or feedback to the below email addresses.
Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.
We can be contacted by email at: hello@tiki-toki.com.
You can also follow us on twitter at twitter.com/tiki_toki.
If you are having any problems with Tiki-Toki, please contact us as at: help@tiki-toki.com
Close