Hacktivism

What is hacktivism? I visited the site www.thehacktivist.com to understand how they defined it. In short it is the melding of hacking and activism. Hacking is essentially writing software that circumvents computer or network security, and activism is generally a political effort to draw attention to, and persuade people, on some topic. In the site’s Hacktivist PDF pamphlet they note that a number of viruses were developed to call attention to some issue. For example, they describe the w32vote-a worm that infected millions of computers in last months of 2001 as a program that infected people’s computers and brought screens up that suggested people vote for peace.

But if you go F-Secure, a company that sells virus protection software, they tell a different story. They describe w32vote-a as a malicious, but poorly created piece of software that, after propagating itself, “modifies the autoexec.bat file in order to format the C: drive after the next reboot”, but, fortunately for all the people inflicted with the worm, that “part of the script is broken” (http://www.f-secure.com/v-descs/vote.shtml). F-Secure’s description seems odd to me. How is it that someone capable of writing software that self-propagates and opens browsers on people’s computers isn’t capable of correctly modifying an autoexect.bat? Modifying a batch file is relatively straight forward.

I also did a news search and found a story on the worm by Cnet news that claims that “antivirus companies warned Monday that an e-mail message asking for peace between America and Islam actually carries an extremely malicious and destructive payload” (http://news.cnet.com/New-worm-exploits-terrorist-attacks/2100-1002_3-273427.html). This story quotes industry security experts who say the threat is real, but I couldn’t find any information in the story about anyone actually loosing data.

I’m not trying to say that we should believe the hactivists at their word, but why should we believe Cnet and F-Security at theirs? Aren’t their profits based on getting people scared enough to buy their software? Let’s just take a quick look at the Security Software & Services Industry (SS&SI), which is just one part of the larger tech industry. Yahoo Finance says the three biggest companies in SS&SI, Symantec, Check Point and MCAFEE, have market capitalizations of $13.6 B, $9.0 B, and $7.2B, respectively. That ‘B’ stands for billion, so together these three companies are worth close to 30 billion dollars, and they make up just part of the Security Software & Services Industry (http://biz.yahoo.com/ic/823.html). So these companies have a rather large incentive to portray any virus or worm as something that needs to be countered.

Would members of Corporate America stretch the truth to make a profit? Maybe? Would they intentionally block political messages aimed at calling attention to a minority view (which, in the months after 9/11, peace was an alternate minority view in America)? Personally, I don’t think CEO’s are focused on squashing political voices. But what about when it is a choice between letting a minority voice be heard and profit taking? Hacktivists may have legitimate political messages, and even grievances, that might otherwise not be heard in main-stream media. But by sending messages in covert ways that are easily, and often justifiably, framed by corporate interests as complicated threats perpetrated by criminals, they aren’t doing themselves any favors or winning over any sympathizers. On the other hand, for some, hactivism maybe the only voice left.