Risk
1/11/2013
10:26 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Says DDoS Attacks Like Free Speech

Hacktivist collective Anonymous petitions the White House to make DDoS attacks part of First Amendment protections. Shutdown attacks are akin to Occupy protests, group argues.

Can the Anonymous hacktivist collective hack the First Amendment?

A petition filed this week with the White House seeks to decriminalize distributed denial-of-service (DDoS) attacks, making them a legal form of protesting. In other words, it would extend the First Amendment's protections to protect people's right to disrupt websites.

"Distributed denial-of-service (DDoS), is not any form of hacking in any way," claims the "We The People" petition request. "It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any 'occupy' protest."

According to the petition, "instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time." The petition also calls for anyone jailed for a DDoS-related crime to be immediately released, and the related charges to be expunged from people's arrest records.

[ For the latest on the ongoing John McAfee saga, see McAfee Strikes Back: Spyware Sting Targets Belize Government. ]

While the identity of the person who created the petition is partially anonymized -- it's ascribed to "Dylan K" of Eagle, Wis. -- members of the Anonymous collective are clearly backing the petition. "We Need Your Signature! Make, distributed denial-of-service (DDoS), a legal form of protesting," read a Friday YourAnonNews Twitter post.

For the White House to respond to the petition, the request needs to garner 25,000 signatures by Feb. 6. By Friday morning, however, the petition had received only about 2,000 signatures.

The First Amendment enshrines both the right to freedom of speech and "the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." The DDoS petition, then, implies that current laws should be updated to protect people's right to disrupt websites. "With the advance in internet techonology (sic), comes new grounds for protesting," reads the petition.

The request highlights the fact that that there are currently different rules governing website shutdowns vs. interrupting businesses in the real world. For example, in many Western countries, protestors can choke the entrance to a business -- or even city streets -- for a few hours, and it's legal. "And the digital equivalent of that, a DDoS attack that takes a website offline for a few hours, is illegal," said Mandiant VP Grady Summers at last year's RSA conference in San Francisco. The prosecutions of numerous people involved in DDoS attacks -- or in some readings, protests -- further makes that clear.

If the petition gathers sufficient signatures, and the White House responds, would DDoS fans have any chance of seeing website disruptions get classified as a form of protest? Most likely Congress would need to pass a law that protects DDoS attacks as a form of free speech. Given that federal legislators can't even agree on a bill to protect people's privacy rights online, good luck scheduling a DDoS discussion.

In the meantime, law enforcement officials will no doubt continue to prosecute DDoS attacks. But FBI officials have said they're not unaware of concerns over people's right to protest online, and emphasized they're required by law to protect people's civil liberties, including online.

"That is a huge concern for us ... and there are a number of challenges associated with this," said Eric Strom, unit chief for the Cyber Initiative and Resource Fusion Unit Cyber Division at the FBI, at last year's RSA conference. One of the chief challenges, he said, is that many people who launch DDoS attacks are minors.

How does the bureau gauge when online speech or protests cross a legal line? "If they're just complaining about something, or an issue, they have every right to do that and certainly we don't have a problem with that," he said. "It's when they take that step across the line, to make a point ... [and] they hack into a system, or go after say someone in law enforcement and their families … obviously we're going to take a big interest."

Hack.me is a free platform to build, host and share simple and complex vulnerable Web applications. Find out more about it in this free Black Hat webcast on Jan. 17, with Armando Romeo, founder of eLearnSecurity.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
jerrynesmith
50%
50%
jerrynesmith,
User Rank: Apprentice
1/11/2013 | 6:06:59 PM
re: Anonymous Says DDoS Attacks Like Free Speech
I thought this (DDoS as Freedom of Speech) a ridiculous notion. But I thought the same of corporations' having protected freedom of speech as a person and freedom of speech being spending unlimited money on political campaigns and remaining anonymous.
lgaryHB
50%
50%
lgaryHB,
User Rank: Apprentice
1/11/2013 | 6:17:01 PM
re: Anonymous Says DDoS Attacks Like Free Speech
At the risk of being attacked by Anonymous, I would argue that their premise is cute, but flawed. An Occupy protest sits on public property outside of the established business. Were they to enter the business they are protesting, they would be violating laws on the books, not exercising free speech rights. Also, business is still being conducted inside the premises. DDoS attacks are not by definition staying on the public square, but are entering the established online business site. You cannot knock on the door of an online web page without entering. The attacker might also be violating that business or individual's free speech rights by blocking the web page from being presented in the public internet. And if you were to repeatedly knock on a real business's door thousands of times a second, you would be subject to harassment charges if not trespassing. That is not speech nor is it peaceable assembly.
irishutopia
50%
50%
irishutopia,
User Rank: Apprentice
1/11/2013 | 6:21:26 PM
re: Anonymous Says DDoS Attacks Like Free Speech
hmm...an interesting spin on the idea, but wouldn't this lead to everyone throwing down random DDoS attacks in the name of protest?
ikeman
50%
50%
ikeman,
User Rank: Apprentice
1/11/2013 | 6:25:41 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Doesn't DDoS imply that several compromised systems were required to make this so-called protest? By doing so, they are implicitly including other people in the protest who may not agree with the protest, and they've hacked their computers...sorry, they need to rethink that argument, unless all the computers involved to create the DDoS attack are all their own computers. Plus, protesting should be one person to one protest ratio, not one person can make thousands of the same protest ratio.
jries921
50%
50%
jries921,
User Rank: Apprentice
1/11/2013 | 6:32:12 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Right!

...and setting off Molotov cocktails is covered by the right to keep and bear arms!

I agree that corporate political expenditures aren't free speech either (as the late Justice Hugo Black famously said, "Speech is speech"), but dubious Supreme Court precedents are no excuse.

DDoS attacks are harassment, not speech.
jries921
50%
50%
jries921,
User Rank: Apprentice
1/11/2013 | 6:35:33 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Good point. Unless the owners of all the machines used agreed to participate in the DDoS attack, the attackers are engaging in what amounts to burglary and hijacking (regardless of what the law may happen to say).
Nyuk
50%
50%
Nyuk,
User Rank: Apprentice
1/11/2013 | 7:05:27 PM
re: Anonymous Says DDoS Attacks Like Free Speech
After seeing the faces of IT execs hearing that they are being attacked I'd go further to classify them as terrorism.

Release the drones on them! (At risk of having them taken over. ;-)
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
1/11/2013 | 7:23:21 PM
re: Anonymous Says DDoS Attacks Like Free Speech
My colleague at Dark Reading, Kelly Jackson Higgins, points out that this same issue came up at the most recent DefCon conference. Read more about it: http://www.darkreading.com/dat...

Laurianne McLaughlin
InformationWeek
JerryJ
50%
50%
JerryJ,
User Rank: Apprentice
1/11/2013 | 7:23:51 PM
re: Anonymous Says DDoS Attacks Like Free Speech
lgaryHB is spot on. DDoS is not freedom of speech, it's criminal tresspass. As for jail time, the members of anonymous are civil disobedients (well, some of them are, the others are just bored or in it for kicks). A civil disobedient's duty is to submit to the punishment prescribed by law.
NJ Mike
50%
50%
NJ Mike,
User Rank: Apprentice
1/11/2013 | 7:51:35 PM
re: Anonymous Says DDoS Attacks Like Free Speech
What a load of BS. What these self-righteous jerks are saying that they should be able to exercise their freedom of speech by denying somebody else's their's.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.