With so many activists using the Internet, it's only natural that many governments will try to outlaw or restrict Internet use for their citizens as a way to censor their speech. To counter this disturbing trend, activists such as the self-proclaimed Cypherpunks ( focus on using various technical tools like encryption to protect and ensure free speech on the Internet. Still other activists use the Internet itself as a medium for expressing and disseminating their beliefs. Combining hacking with activism, these "hacktivists" promote their ideas through computer viruses, web page defacements, and denial-of-service attacks.

Computer viruses as activist messages

Teaching people about a worthwhile cause can be the hardest job of any activist group. Ideally, activists need a way to deliver their messages for free that will spread to as many people as possible. Email may be free and have the potential to spread around the world, but an even more ideal communication medium is a computer virus.

Unlike email, which must be manually and intentionally transmitted from one person to another, a computer virus can act entirely on its own without any human intervention whatsoever. One of the earliest hacktivist viruses was an MS-DOS virus called the Fu Manchu virus, which buried itself in memory and waited for the user to type in the names of Ronald Reagan, Margaret Thatcher, or former South African President P.K. Botha. The moment the user typed in one of these names, the Fu Manchu virus changed the names into obscene words.

To protest French nuclear testing, someone wrote the Nuclear virus to infect Microsoft Word documents and insert the text, "STOP ALL FRENCH NUCLEAR TESTING IN THE PACIFIC!" at the end of every document.

Computer viruses can spread from one computer to another, but the speed of their infection can rarely match the speed of distribution that an email worm can achieve. Two hacktivist worms include the Mari@mm worm and the Staple worm, both of which can send a copy of themselves to every email address stored in a Microsoft Outlook address book. When the Mari@mm worm infects a computer, it puts a marijuana icon on the screen. If the user clicks on this icon, a dialog box appears, as shown in Figure 4-2, promoting the legalization of marijuana.

Click To expand Figure 4-2: The Mari@mm worm promotes the legalization of marijuana.

The Staple worm emails itself to the first 50 email addresses stored in a Microsoft Outlook address book and displays the following message:


Remember that one day YOU may be in this situation.

We need every possible help.

Israeli soldiers killed in cold blood 12 year old Palestinian child

Mohammad Al-Durra, as his father tried to protect him in vain with

his own body. As a result of the indiscriminate and excessive use of

machine gun fire by Israeli soldiers, journalists and bystanders

watched helplessly as the child was savagely murdered.

Palestinian Red Crescent Society medic Bassam Balbeisi

attempted to intervene and spare the child's life but live

ammunition to his chest by Israeli fire took his life in the process.

The child and the medic were grotesquely murdered in cold blood.

Mohammad's father, Jamal, was critically injured and permanently

paralyzed. Similarly, approximately 40 children were slain, without

the media taking notice or covering these tragedies.



Unlike regular viruses or worms, hacktivist viruses or worms rarely destroy data deliberately, because their intent is to spread their message and not harm any users.

Defacing web pages with activist messages

Burying your activist message in a virus or a worm is like shoving a newsletter in a bottle and throwing it in the ocean with the hope that somebody will find it. Rather than risk letting their messages travel haphazardly around the world (and possibly appearing in front of people who can't even read that particular language), many hacktivists take a more assertive approach and deface web pages instead, as shown in Figure 4-3.

Click To expand
Figure 4-3: A defaced web page can publicize your message to a worldwide audience, such as this message defacing the website of Microsoft's office in Saudi Arabia.

Defacing a web page means sneaking past the website's security and modifying or replacing the home web page. Hacktivists would love to deface a highly visible website, such as or, which would promote their message to thousands of people all over the world, but the more visible a website is, the more secure and closely watched it is likely to be. Deface the web page of a prominent newspaper, such as USA Today, and within minutes, someone will notice and contact the system administrators to shut it down and remove all your hard work.

As an alternative, many hacktivists target more obscure websites. Not only is security likely to be much weaker, but there's a greater chance that web page defacements will go unnoticed for several hours or even days, increasing the odds that more people will view the defaced web page, as shown in Figure 4-4. (Of course, although an obscure website that has been defaced may not be fixed as quickly, fewer people will likely see the defaced web pages no matter how long they may remain online.)

Click To expand
Figure 4-4: Defaced web pages often display graphic images to promote their messages, such as this web page that defaced the site of the Republic of Cameroon.

Web page defacements tend to increase during any period of conflict between opposing forces, such as during the bombing of Yugoslavia by NATO forces, the tension that occurred between China and the United States after an American spy plane made an emergency landing at a Chinese air base, and the never-ending battle between the Palestinians and the Israelis. Both sides tend to target the other side's websites with the goal being to deface as many web pages as possible, ideally targeting websites that have some direct relationship to the conflict in the first place.

Online monkey wrenching

Even web page defacements can be too timid for some hacktivists. Rather than simply publicize their ideas, some hacktivists would rather directly attack an enemy instead. This extreme form of hacktivism, similar to the monkey-wrenching tactics of environmentalists who spike trees or blow up bulldozing equipment, seeks to deny an enemy's ability to use their computers to promote their message to others.

To mimic the work-stopping abilities of sit-in protests, where hordes of people physically bring a factory, school, or government building to a standstill by getting in the way, a hacktivist group calling themselves the Electronic Disturbance Theater ( decided to create software to help others stage virtual sit-ins that can disrupt an enemy's website or email access.

The Hacktivist ( offers the Electronic Disturbance Theater's tools, including Tribal Port Scan (written in Java) and FloodNet (a Java applet that tries to slow a targeted webserver to a standstill by continually requesting web pages). Also available from other sources are additional virtual sit-in tools with names like ClogScript, FloodScript, and WebScript, all of which allow multiple users to assault a target for a coordinated denial-of-service attack.

To help learn specific tactics involving hacktivism, you can even attend a training camp offered by the Ruckus Society (, which had previously trained protesters for disrupting the 1999 World Trade Organization (WTO) summit in Seattle. The Ruckus Society tends to attract all types of hacktivists, from those opposing Microsoft's monopoly on the operating system market to those fighting to allow free speech on the Internet by all citizens, regardless of nationality. For more information about the growing hacktivist movement, visit the Hacktivism site (

Of course, some activists have no qualms about breaking the law or allying themselves with questionable organizations in order to further their agenda (which makes activists no more morally or ethically superior than the politicians, governments, and corporations they're attacking). For another look at different activist groups, visit the site (, which reveals information about activist groups that may not endear them to the general public.

For example, reports that PETA (People for Ethical Treatment of Animals) once gave $70,500 to Rodney Coronado, a convicted arsonist who served a five-year prison sentence for a 1992 animal-rights-related firebombing at Michigan State University. also reports that the founder of Mothers Against Drunk Drivers (MADD), Candy Lightner, recently broke ties with the group, believing "that the movement I helped create has lost direction." Rather than focus on eliminating drunk drivers, many believe that MADD has unnecessarily expanded their aims to prohibit any alcohol use at all.