Last summer I posted “In Praise of [Some] DDoSs?”, a quick essay documenting the response gap between DDoS attacks and sit-ins. My argument didn’t equate the two so much as it pointed out that there are some conceptual similarities (in terms of denying access as a form of protest) and vastly different criminal responses.
Thanks to 4chan (first time I have ever uttered that particular phrase) the debate is renewed anew as intellectuals attempt to piece together a coherent theoretical framework for thinking about the Wikileaks Revenge DDoSs.
A few thoughtful posts out there include:
- Nancy Scola’s 10 Ways To Think ABout DDoS Attacks is a good rundown of the various positions.
- Deanna Zandt’s take on the power dynamics of the DDoS
- Ethan Zuckerman’s gentle pushback on the power dynamics argument, noting that what the weak can effectively use against the powerful the powerful can even more effectively use against the weak
Will edit in more as they come to my attention.
Germany’s major carrier Lufthansa became the target of a Distributed Denial of Service (DDoS) attack…The attack was initiated by Andreas-Thomas Vogel, an activist and website administrator for the Libertad, an advocacy group criticizing as “inhumane” Lufthansa’s policy of letting the police use its planes for the forced deportation of asylum seekers. On June 20, 2001, Vogel called for Internet users to participate in what he claimed to be an “online demonstration.” He released software that systematically contacted the website of Lufthansa and flooded the company’s web server with messages, forcing it to shut down. According to Lufthansa lawyers and Human Rights organizations, Lufthansa registered about 1.2 million hits that day, which originated from some 13,000 computers.
I’m currently doing some work on cyberaggression for Urs Gasser at the Berkman Center. The Vogel case – quoted above – would seem to be a textbook example of malicious online aggression: a number of users, acting in concert, overwhelm the web servers of a foe until the site shuts down. As far as I can tell, it is a textbook distributed denial of service attack, with the one rather noteworthy exception that instead of hiring out a botnet for an hour or so Vogel actually got real people to run the software.
So here is the question: should we treat Vogel like a ruthless criminal or like a virtuous activist? Or, in other words, was the Lufthansa DDoS more like blackmail (Vogel was charged with coercion) or more like a sit-in?