Hacker Sitings and News
4/8/00
http://www.msnbc.com:80/news/389408.aspHactivists to Attack Biotech Firms
Monsanto, Aventis are likely first targets for ElectrohippiesBy Bob Sullivan
MSNBCMarch 31 —
Major biotechnology firms Monsanto Co. and Aventis Co. S.A. will find themselves in the digital crosshairs starting this weekend. According to a spokesman for the Electrohippies, a group that plans Internet-based protests, the two companies will first be targeted with a straightforward e-mail write-in campaign. But by the end of the week, new denial-of-service software tools will be distributed and could be aimed at the Internet operations of both firms. And according to one security expert, other big-name companies like PepsiCo and McDonald’s could also be targeted. VIRTUAL SIT-INS ARE not new, but groups that plan the events are becoming much more sophisticated. That concerns Ben Venzke, an executive at computer security firm iDefense.com.
“They have the potential to be very damaging to a company’s Internet efforts,” he said. “I don’t doubt that for one second.” Company Web sites and e-mail servers will be targeted, he said, with protesters planning to overwhelm both — similar to the way computer vandals overwhelmed major Web sites like Yahoo, eBay and Amazon in February.
Monsanto and Aventis are being attacked for their participation in genetic modification of food crops, according to the Electrohippies. Venzke says the list of potential targets is much larger and includes Sara Lee, Nestle, PepsiCo, McDonald’s, Haagen-Dazs, Novartis Seeds and Procter & Gamble.
“These are companies that have showed up on target lists before,” he said. “Or are getting singled out, getting a lot of discussion time in chat groups. We don’t know what the target list is — but these are types of companies that are very high on the radar of these groups.”Paul Mobbs, spokesman for the Electrohippies, would not comment on the list of targets, but did say Monsanto and Aventis would begin receiving protest e-mails starting April 2.
The campaign begins April 1, when the protest group will give a sarcastic “April Fool’s” award to a Web site named “junkscience.com,” which describes itself as devoted to debunking “faulty scientific data and analysis used to used to further a special agenda.” The site generally runs counter to the Electrohippies’ views on issues such as genetically altered food.
“The award is going to the person most out of touch with reality on the issue of biotechnology,” Mobbs said.
Electrohippies members will be urged to send e-mails of protest to the site.
Then early next week, e-mail campaigns will target specific companies involved in production of genetically modified crops. The Electrohippies have created a tool that automatically writes and addresses protest e-mails to political leaders of industrialized nations and corporate executives. Mobbs said: “Monsanto will certainly be on that list, and I’ve added Aventis myself.” Aventis was recently formed from the merger of French chemical group Rhone-Poulenc and German-based Hoechst. Neither Monsanto nor Aventis immediately returned phone calls.While the semi-automated e-mail protest campaign is being waged, visitors to the Electrohippies Web site will have the chance to vote on use of a new software tool designed to overwhelm a company’s Web page with so many requests that it shuts down. Mobbs says the vote will be simple majority rule: If more than 50 percent say yes, the tool will be released and the targets announced, probably next weekend.
Any targeted site will be given advance warning, Mobbs said.
The Electrohippies tool has created controversy in the computer hacker world. Several high-profile hackers have sent mass e-mails protesting it and any form of denial-of-service attack.
“Hacktivism should not boil down to DoS attacks and script kiddie antics, it should be about making changes and informing people,” wrote Bronc Buster, a well-known hacker, on the “hactivism” mailing list after the attack was announced.The tool is actually a simple Web page that can be e-mailed to potential protestors. No “zombie” computers are used or compromised — third-party zombies, which allow anonymity, were used in the now-infamous Yahoo and Amazon attacks.
During the Electrohippies-organized protest, all attacks will come directly from the protester’s computer.
“We are into open and accountable action,” Mobbs said.The tool itself simply repeatedly requests 12 to 15 elements on a Web page, not unlike a user manually hitting “refresh” over and over to download a page. In fact, last November, the Electrohippies staged a protest of the World Trade Organization using that technique. A single Web page was designed to open up multiple browsers on any user’s computer, with all the browsers requesting WTO.org. That effort slowed the trade organization’s Web site but also slowed the Electrohippies site, which hosted the “attack” page.
This new tool refines that method considerably. Since it can be e-mailed, there will be no choke point at the Electrohippies Web site. Attacks will come directly from protester computers. The tool will not request entire Web pages, but rather specific images or functions that particularly drain the victim computer. And the requests will be made from each attacking computer in random order, which foils some of a Web server’s caching abilities.The genetically modified food protest has not yet stirred up as much widespread support as other recent online protest efforts, according to Venzke — and so it might not actually succeed in shutting down or even slowing corporate Web sites.
“For this action it would appear that the Electrohippies have a fairly strong base of support through their own channels, but ... we are not seeing other groups out actively supporting it.”
But corporate sites are considerably less robust than high-traffic Internet sites — they have far fewer visitors, so they have fewer servers and less bandwidth into and out of their networks. So they are much more vulnerable to the attack methods to be used by the Electrohippies than a site like Yahoo would be, Venzke said.