Gallery

Hack the hackers

Posted on 27 Jan 2005 at 14:43

The CyberArmy brigades are organised along military lines of command. Each one has a designated commander and in turn contains a number of 'sub-brigades'. These smaller units have their own commanding officer and executive officer, answerable to his or her brigade commander. The commander answers to a superior at group staff level, and the group staff have a command structure consisting of generals, marshals and the executive staff. All of these are ultimately led by a commander-in-chief.

CyberArmy's website describes the group as an online union working 'for a better Internet', and actively seeks additional recruits. Higher ranks have access to more of the group's 'resources' and a system of promotions enables new recruits to progress through the ranks.

To enforce discipline, each month CyberArmy sub-brigades must report their activities to their brigade commander, who includes these in a monthly brigade report, sent to the central staff. The report highlights progress in the brigade's activities and projects. When activities are deemed unacceptable, discipline comes from a commanding officer or a judicial panel of CyberArmy members. Punishments vary from demotion to the complete stripping of rank and position. Is this structure and insistence on reporting enough to ensure members keep their activities legal, though?

In answer, CyberArmy's Paul Ward told PC Pro, 'Due to the nature of CyberArmy being an online community, we cannot keep a check on all our members 100 per cent of the time, but the safeguards that are in place guarantee that any unacceptable actions will not take place within the structure.

'As an example of self-regulation, look at Usenet,' said Ward. 'Usenet is not controlled by any one organisation or body of people, it operates by a peer system. That is, Usenet users themselves are moderators of groups, or enforcers of the rules, and they are the people who report abuse to ISPs and network backbones.'

While CyberArmy may rely on people's personal moral code to prevent hacking attempts becoming too destructive, another school of thought claims hacking has become a valid protest tool for any individual.

Ricardo Dominguez freely admits to co-ordinating online protests aimed at the Mexican government during the late-1990s. He, via his group The Electronic Disturbance Theater, fights to end what he claims is the military suppression of ethnic people in Mexico, and sees short DDoS attacks initiated by groups of activists as a legitimate way to get their message across. 'What we wanted was to create a process by which a large community could gather together and sit down following the traditions of Gandhi, Martin Luther King and Act Up, and create a symbolic disturbance based on the weight of that community,' said Dominguez.

To do this, Dominguez used protest software called FloodNet, written by Carmin Karasic, which periodically requests web page updates - a little like holding down the F5 key in your web browser. 'There are times when the human community in the flesh has to stand on the information superhighway for a brief period of time like any civil disobedience and say enough is enough,' said Dominguez.

Counter strike

While such protests are symbolic, short lasting and political in nature, corporations that find themselves the victims of purely malicious activities can also strike back using a new subscription-only service from Symbiot of Austin, Texas (www.symbiot.com).

Symbiot claims its $10,000-per-month iSIMS service can make a positive identification of even a carefully cloaked hacker for the purposes of frustrating their efforts and gathering evidence. With an attack under way, iSIMS can slow the responses of the servers to the hacker's requests to a mere trickle, redirect a hacker's efforts into a trap masquerading as a real server, and even reflect traffic back at the hacker's system.