Briefing

Hacktivism Hits State of Michigan's Website

Protesters express their displeasure about state government services in Michigan through attempted denial-of-service attack.

September 19, 2007 — CSO — Dan Lohrmann, Michigan’s chief information security officer, found out about the cyber sit-in from a reporter. It was Tuesday, May 15, 2007, and a group calling itself the Electronic Disturbance Theater asked Michigan residents to voice their opposition to proposed cuts in state healthcare programs by targeting the Michigan.gov/ website.

Over the next two days, participants accessed the group’s website and downloaded a small browser plug-in that repeatedly hit Michigan.gov. Though Electronic Disturbance Theater sees its actions as a mixture of performance art and civil disobedience, to Lohrmann, it looked very much like a denial-of-service attack. “Had a million people joined in, it would have been interesting,” says Lohrmann. “Not in a good way.”

To Lohrmann’s relief, far fewer than 1 million people hit the Michigan.gov site on the day of the sit-in. Web counters reported a jump of several hundred thousand page views—about a 10 percent bump in traffic. Cyber sit-ins came of age nearly a decade ago, but recently, these disruptions have been cropping up again.

There was a “sit-in element” to the recent attacks on Estonia’s online infrastructure, according to Jose Nazario, senior security engineer at Arbor Networks. Though many of these attacks were conducted via networks of hacked, botnet computers, the attackers also created code that anybody could download to voluntarily turn their PC into part of the protest.

Lohrmann was struck by the type of people who were drawn into the Michigan protest. “This was parents working with bad guys,” he says.

Unlike DoS attacks, cyber sit-ins do not really have to disrupt service to be effective, says Dorothy Denning, professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. Like the sit-in protests of the 1960s, these actions are effective whenever they bring publicity to a particular cause.

“That’s mostly what they do,” she says. Electronic Disturbance Theater may not have taken down Michigan.gov last May, but the Michigan press and this story you're reading now covered the cyber sit-in, Denning points out. “Obviously they’re getting a little publicity,” she says. And that may just be enough for the activists.

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Security

» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.

» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.

» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.

» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.

» Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.

Center sponsored by