"Hacktivism in Connection with Protest Events of September 2002"
September 23, 2002


Hacktivism describes the convergence of political activism and computer attacks
and hacking, where "hacking" refers to illegal or unauthorized access to, and
manipulation of computer systems and networks. The use of hacktivism has been
noted in protest activities since the Electronic Disturbance Theater endorsed a
series of so-called network-direct actions against Web sites of the Mexican
government in 1998. Although there has been no direct cyber threat against the
International Monetary Fund (IMF) and World Bank meetings during the week of
September 23, 2002, several hacker groups may attempt to conduct cyber protests
during the meetings.

Physical Protestors

Similar to past meetings of the IMF and World Bank, thousands of protestors are
expected to turn out near the Washington, D.C. headquarters of these two
institutions. These protestors represent a loose alliance of groups that have
environmental, anti-globalization, debt-relief, or human-rights agendas.
Although they are not a unified grouping, these protestors have grown more
familiar with each other during several past protests. This may give rise to
coordinated action during the upcoming protests.

Prior protests against the IMF and World Bank were disruptive and resulted in
minor clashes with police and property damage to businesses. Some protestors may
be planning criminal or violent activity-especially against local branches of
companies or organizations that represent capitalism and globalization. In
addition, a small group that intends to disrupt the meetings with a physical
attack may use cyber means to enhance the effects of the physical attack or to
complicate the response by emergency services to the attack. The cyber portion
of this attack can be executed by sympathetic hackers or by mercenary hackers
seeking publicity.

Potential Cyber Threats

Although there has been no direct cyber threat against the IMF and World Bank
meetings, several hacker groups may attempt to conduct cyber protests during the
meetings. The agenda of these groups may only be tangentially related to the
agenda of the physical protest groups, and the cyber groups may view the
meetings as a platform to display their hacking talent or to propagate a
specific message. Cyber protestors can engage in Web page defacements,
denial-of-service attacks, misinformation campaigns, and the like.


The NIPC recommends that recipients monitor their information systems and
networks for computer intrusions during the events listed above. These actions
could take the form of intrusions originating or passing through dial-up
connections belonging to both domestic and foreign Internet service providers,
unauthorized system access, unusual or disruptive e-mail traffic or Web site
activity. The effectiveness of one's computer security procedures should be
evaluated. Such procedures include network intrusion detection, blocking or
limiting unnecessary inbound traffic, regular review of system logs, disabling
inactive user accounts, password and login changes, and ensuring recommended
patches are in place.

Recipients of this assessment are encouraged to report computer intrusions to
their local FBI office ( or the NIPC, and
to other appropriate authorities. Incidents may be reported online at The NIPC Watch and Warning Unit can be
reached at (202) 323-3204/3205/3206 or

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to