Hacktivists or Cyberterrorists? The Changing Media Discourse on Hacking
First Monday

Hacktivists or Cyberterrorists? The Changing Media Discourse on Hacking by Sandor Vegh

Hacktivists or Cyberterrorists? The Changing Media Discourse on Hacking by Sandor Vegh
This paper scrutinizes the language of government reports and news media sources to shed light on their role in forming a negative image of politically motivated hacking in general, and online political activism, in particular. It is argued that the mass media's portrayal of hacking conveniently fits the elite's strategy to form a popular consensus in a way that supports the elite's crusade under different pretexts to eradicate hacking, an activity that may potentially threaten the dominant order.


Discourse on hacktivism
The media's role





Especially after September 11, the national debate on the security of cyberspace has intensified. It has negatively influenced movements that rely on hacking (like hacktivism), or other anti-hegemonic forms of Internet use, such as free access, open source, or privacy protection. Hackers and online political activists are now forced to defend themselves against being labeled by the authorities as cyberterrorists.

Restrictive legislation can more easily be passed with public support that increases under a perceived threat, and thus justifies lending more power to the government. Because of the sensationalist nature of hacking, the media is a willing partner of the government in vilifying hackers and hacktivists, and even blaming the Internet as a terrorist territory. Whether intentionally influenced or not, the mass media's portrayal of hacking conveniently fits the elite's strategy to form a popular consensus in a way that supports the elite's crusade under different pretexts to eradicate hacking, an activity that may potentially threaten the dominant order. While the focus is on hackers, several related issues are touched upon, such as encryption, surveillance, censorship, and privacy, which are also key to digital resistance. As such, we see a great effort on the part of the government to control these technologies and forms of online dissent.



Discourse on hacktivism

One major change in the discourse of hacktivism and cyberterrorism is the impact of the terrorist events of September 11, 2001. On that day, four U.S. commercial airplanes were hijacked in a single coordinated attack, two of them flown into the twin towers of the World Trade Center in New York, both of which later collapsed, killing more than 3,000 people on site. As a response, the United States Government declared a global war on terrorism. In addition to the military and other campaigns abroad, the Government introduced a series of protective and restrictive regulations in the name of national security. Many of these new laws have serious implications for civil liberties and individual rights; however, the threat projected by the government seemed convincing enough to outweigh the public's concern about the curtailment of their constitutional rights. Among the issues addressed, special attention was paid to counter-terrorism and cybersecurity.

In an admittedly simplified approach, most computer intrusions (hacker attacks) were now classifiable under terrorism. In separate legislation, the mere suspicion of terrorism gave the authorities disproportionate rights, e.g., extended periods of custody without filing actual charges, or the possibility of capital punishment if convicted. Furthermore, the executive branch voted itself the right to undertake the entire process from accusation to punishment outside the public eye in protected and secret military tribunals. One undoubted implication of these regulations on online political activism is that if the state now reacts to terrorism as war, any act of disruptive or destructive activism in cyberspace will potentially fall into the category of cyberterrorism, or even cyberwar.

Referring to low-level computer intrusions, Electronic Frontier Foundation Executive Director Shari Steele asserts that, "treating relatively harmless online pranksters as terrorists is not an appropriate response to the Sept. 11 attacks on the U.S." (Legard, 2001). Privacy and civil rights activist groups and watchdog organizations have already voiced their concerns about the proposed legislation. Academia has reacted similarly. Many conferences are now dedicated to the post-9-11 social, political, and cultural changes. As the usual turn-around time for scholarly publications since September 11 passed, we see a great many journal articles assessing the damage on civil liberties and calling for more deliberations before new legislation is enacted.

But even before the terrorist events of September 11 and the ensuing flood of misguided legislative measures, computer hacking had been feared almost to the extent of real terrorist attacks. Once computer networks became the lifeline of developed post-industrial nations the possibility of damage that could be caused by unauthorized entry into computer systems scared many authorities and professionals responsible for operating them. From the beginning, they rejected the idea of a hacker ethic, freedom of information, intellectual curiosity, or anything that legitimized hacking. Yet, it is undeniable that there are hackers out there with malicious intent or, in other words, criminals or terrorists who may use computer systems to achieve their goals. In the beginnings, hackers were a dedicated group of talented and innovative programmers committed to make a better and more efficient use of the Internet. Then, just like in the case of any technology, people came on board with malicious intent and claimed the same status as "old time" hackers. The problem is, however, that the tools and methods are very much the same for a classic hack as for a computer terrorist act.

Since the first politically-charged hacking incidents, authorities have always placed hackers on a scale the other end of which is occupied by cyberterrorists. This is best exemplified by the language used to describe hacking in industry and government documents:

"What we might call a political hack or an example of Hacktivism, information warfare theorists, like those at RAND, the National Defense University, or for that matter within the Defense Information Systems Agency, might define pejoratively as a subcategory of cyber terrorism ... one of the most important battlefields within so-called Information Warfare is at this conceptual level, in the area of definition. We need to seriously question and abandon some of the language that the state uses to demonize genuine political protest and expression" (Wray, 1998).

Indeed, most works on the subject, whether classified as information security, computer crimes, online social activism, or cyberterrorism, intentionally or unintentionally blur the boundaries of socially justified activism and criminal or even terrorist activities. The simple injection of colorful terminology, such as cybervandalism, cyberterrorism, or malicious hackers, disregards the motives and goals of online activism and puts those socially or politically progressive but marginalized voices whose main chance to be heard is through the Internet even more to the peripheries.

Stefan Wray, activist and former graduate student at New York University, is particularly concerned about the official linguistic twists since he himself is deeply involved in hacktivism. As a co-founder of the Electronic Disturbance Theater (EDT), an Internet activist group, he worked out the theory of extraparliamentarian direct action net politics, related to the concept of electronic civil disobedience exercised by EDT. In particular, his group was in large part responsible for globalizing the Zapatista movement in Chiapas, Mexico, through their virtual sit-ins against the server of the Mexican President's Office and other symbolic targets.

In another important contribution to the discourse on the importance of terminological clarity regarding cyberterrorism and hacktivism, Devost et al. (1998) examine the potential of cyberterrorism and provide a possible model to prepare for "information warfare." In the introduction, they clarify the terminological ambiguities of terrorism and crime, as applied to cyberspace, and point out the necessarily different legislative, law enforcement, and national security responses. They declare that "labeling every malicious use of computer systems as 'terrorism' serves only to exacerbate confusion and even panic among users and the general public, and frequently hinders prosecution and prevention by blurring the motivations behind the crime" (Devost et al., 1998). Thus, it is imperative to underline that terminological ambiguities do have serious policy and legislative implications. The interrogation of language used by official sources and print news media is of utmost importance (Vegh, in progress).

Both Wray's and Devost's works are, in a way, direct responses to the call by Cronin and Crawford (1999) to integrate information warfare theory into discourses of other disciplines. They argue that IW theories - so far restricted to the military domain - should also be explored in a more general sense to better understand the implications of computer attacks: "Information warfare concepts deserve to be liberated from their military associations and introduced into other discourse communities concerned with understanding the social consequences of pervasive computing" (p. 257).

This confusion also affected academia. For experts in computer and information security, or scholars of information warfare theory, it is natural to include cyber protesters in their pool of perpetrators and hacktivism as a moderate form of cyberterrorism, since the methods of intrusion and disruption are similar, although they differ a lot in motivation, scale, and outcome. Discussing the political motives and tactics of hackers, for example, Denning (2001) puts hacktivism and cyberterrorism on the same continuum. She does differentiate among online activism, hacktivism, and cyberterrorism based on the severity of the activity's impact on the normal operation of target systems. Online activism is non-disruptive, hacktivism is disruptive, while cyberterrorism causes "great harm" or "severe economic damage".

If we consider Pollitt's (1997) definition of cyberterrorism - which results "in violence against non-combatant targets by subnational groups or clandestine agents" - we may reformulate the conditions for a hack to be an act of cyberterrorism, as one causing significant damage, harm, and violence. These attributes will be important when evaluating the media reports about hacking incidents later in this study. Although Denning brings these categories close to each other but differentiates among them, others following her ideas are less attentive to these details and tend to blur the difference at the expense of the image of online activists (see Paul, 2001).

The National Infrastructure Protection Center (NIPC) report of October 2001 looked at some prominent international cyberprotest incidents, based on news media articles (National Infrastructure Protection Center, 2001). The report concluded that the number, intensity, and impact of cyberactivism will increase in the future. Furthermore, the report claimed that the primary goal of cyberprotesting will shift from embarrassing the target entity or calling attention to a cause to intentional destruction of information. However, no evidence was presented to substantiate this claim.

A more empirical research study on the topic has been published by the Institute for Security Technology Studies at Dartmouth College (Institute for Security Technology Studies, 2001). It examined cyberterrorism and possible forms of cyberactivism during conflicts, particularly the War on Terrorism led by the United States prompted by the terrorist attacks on America on September 11, 2001. This work was researched during 2000 and focused on a number of key political conflicts and the coinciding cyberattacks, such as the clash of India and Pakistan over Kashmir, the ongoing struggle between Israel and Palestine, the Kosovo conflict, and the U.S.-China spy plane incident. It gained special significance following the events of September 11, and highlighted the possibility of cyberterrorism against the U.S. The report outlined trends in cyberterrorist activities and ultimately made predictions of imminent dangers to the U.S. from cyberspace.

The report concluded that cyberattacks immediately accompany physical attacks, cyberattacks are increasing in volume, sophistication, and coordination, and cyberattackers are attracted to high value targets. These findings undoubtedly imply a higher likelihood for cyberterrorism against the United States as a result of the ongoing War on Terrorism; however, they point out that there has actually been a very limited use of the Internet by known terrorist groups to wage attacks. To date, the majority of cyberattacks are annoying "nuisance" attacks. The terrorists' primary use of the Internet consists of formulating plans, raising funds, spreading propaganda, and communicating securely (Institute for Security Technology Studies, 2001).

In light of these serious threats from cyberspace, it is worth noting that the national discourse on cyberterrorism is about something that - fortunately - has not yet happened. It is, therefore, desirable for the government to show credibly that cyberterrorism does, indeed, exist, or is at least highly probable to occur in the future, in order to keep up the seriousness of the threat under the disguise of which restrictive legislation can be easily passed that increases the power of the government.

One spectacular example of such official language used in government documents is the testimony of Jack L. Brock, Director, Defense Information and Financial Management Systems, Accounting and Information Management Division, before the Permanent Subcommittee on Investigations, Committee on Government Affairs, U.S. Senate:

"As you will learn from our testimony, these so-called hacker intrusions not only cost Defense tens of millions of dollars, but pose a serious threat to our national security" (Brock, 1996, p. 10).

"the Defense Information Systems Agency (DISA) estimates that as many as 250,000 attacks may have occurred last year" (Brock, 1996, p. 2).

"Air Force officials at Wright-Patterson Air Force Base told us that, on average, they receive 3,000 to 4,000 attempts to access information each month from countries all around the world" (Ibid.).

"Many attacks, however, have been very serious. Hackers have stolen and destroyed sensitive data and software. [...] They have 'crashed' entire systems and networks, denying computer service to authorized users and preventing Defense personnel from performing their duties" (Brock, 1996, p. 3).

"Rome Lab officials told us, however, that if their air tasking order research project had been damaged beyond repair, it would have cost about $4 million and 3 years to reconstruct it" (Brock, 1996, p. 4).

"It is quite possible that at least one of the hackers may have been working for a foreign country interested in obtaining military research data or learning what the Air Force is working on" (Ibid.).

"Without increased attention by Defense top management and continued oversight by the Congress, security weaknesses will continue. Hackers and our adversaries will keep compromising sensitive Defense systems" (Brock, 1996, p. 7). [all italics mine]

Among other threatening statistics, he mentions that about 120 countries are developing info-warfare techniques (Brock, 1996, p. 5). Here, the large number is threatening since it is roughly 60 percent of all countries officially registered, the majority of which are developing nations [1]. Other reports more cautiously cite 20 to 30 countries developing or already possessing cyberoffensive capabilities. Even more telling, however, is the list of specific countries posing the greatest threats. The Defense Science Board report, for example, singles out China (p. 13). Russia is also often part of the top cyberwarfare contenders (e.g., Denning, 2001). Balancing their well-known backwardness in terms of development in information technologies with the recently very popular concept of "asymmetrical warfare," James Adams (2001) in a Foreign Affairs article adds Iran and Iraq to the list (and also some U.S. allies, such as France and Israel) (Adams, 2001, p. 102). It is still getting even more interesting with the Dartmouth College report, which slips in the information-infrastructurally underdeveloped Cuba, North Korea, and Libya among the others, though the cited report does not mention them at all (Institute for Security Technology Studies, 2001, p. 12). Most of these countries, of course, are traditional adversaries or antagonists of the United States. Therefore, it should not be surprising if we soon learn from the media that the government found evidence that rogue states, such as Iraq or Afghanistan or even Somalia, are developing serious cyberwarfare capabilities.

In reality, cyberterrorism is still a thing of the future. The Naval Graduate School has observed in a classified report that currently only simple hack attacks can be carried out with available tools (simple-unstructured). It will take two to four years to develop more sophisticated attacks against multiple networks (advanced-structured), while coordinated attacks causing mass disruption against integrated, heterogeneous systems are not likely to occur before six to ten years from now (complex-coordinated). They concluded that the present entry barrier to advanced cyberterrorism is high, and the terrorists generally lack the wherewithal and human capital to carry out these attacks (cited in Denning, 2001). In a related conference, the participants also found that IT is not yet used to cause mass disruption, and not yet integrated into terrorist strategies and tactics; however, the possibility of mass cyberattacks is certainly attractive to terrorists (Denning, 2001).

It is also important to point out that even among the allegedly numerous cyberattacks against U.S. servers so far there has been no hard evidence of any foreign government involvement. When directly queried about this assumption, one military leader of the U.S. cyberdefense force, U.S. Army Major General Dave Bryan, Commander, Joint Task Force - Computer Network Operations (JTF-CNO), responded negatively:

"No, we do not have any hard evidence that we have been subjected to any attacks by nation-state organizations. We do have hard evidence that computer-related education and training courses conducted by nation-state sponsored organizations are being attended by those who go on to act independently; however, at a very sensitive level, some of us have strong suspicions that there is occasionally some foreknowledge by those actually conducting the training that that is why the training was being pursued by certain individuals. Most of the hacking, intrusion, and virus/worm activity that we have seen to date has been perpetrated by hackers, "hacktivists" (political sympathizers and supporters), and criminals. But because of the seriousness of the consequences, we never discount and remain very vigilant to, the possibility of foreign intelligence exploitation by nation-states whom we know have the capability to conduct such activities" (Bryan, 2001).

According to Major General Bryan, the malicious cyberattacks against DoD computers have been increasing from 225 in 1994 to more than 40,000 in 2001 (Denning, 2001). For the same year, Carnegie Mellon University's CERT Coordination Center reported 52,658 security breaches. To illustrate the volatility of these data, the Internet security firm Riptech claims it verified at least 128,678 cyberattacks just between July and December 2001 and only among its roughly 300 worldwide clients (Merle, 2002). Indicating tendencies rather than numbers, another survey carried out by Information Security magazine found that nearly 50 percent of the companies surveyed experienced attacks against their Web servers from external sources, up from 24 percent the year before. Nearly 90 percent of them were hit with worms, viruses or Trojan horses; almost 40 percent suffered denial of service attacks, and a third faced buffer overflow attacks (Costello, 2001).

However, it is unclear whether these numbers include only successful penetrations, or also failed attempts as well as probes. Furthermore, these numbers say little about the actual number of hackers involved, let alone their origins and intent. It is also unclear how maliciousness is determined. Furthermore, it is not known whether those servers were specifically and intentionally targeted, or just fell victim to an automated port scan. Yet, the current volume and tendency certainly sounds threatening.

In sum, Brock's testimony and other similar official publications are good examples of how simplistic and speculative language can lead to hasty government legislation and public overreaction.



The media's role

It has been a rocky road from the positive image of Subcomandante Marcos in the middle of the South Mexican jungle communicating over the Internet to his followers on his laptop with satellite connection, to the negative image of bin Laden doing the same from the Afghan desert. In both cases, leaders of a paramilitary group are allegedly using laptop computers, wireless connections, and the Internet to advance their causes. The causes, however, make the difference. From the American standpoint, Marcos is fighting a just war on the side of the oppressed natives of Chiapas, Mexico, while bin Laden is in battle to destroy the United States. Consequently, the American newspapers are displaying a different attitude toward the same technology used in both cases.

During 1995, there were scores of articles published in major U.S. newspapers about how Subcomandante Marcos and his Zapatista rebel movement used laptop computers and the Internet to spread their propaganda all over the world. The underlying image in most pieces was the struggle of the poor people of Chiapas against the all-too-powerful army of the Mexican government. Words against weapons was the strategy of the rebels; successfully utilizing online communication to distribute widely the regular communiqués written by their leader.

As a matter of fact, there has been no hard evidence presented that Marcos did actually ever use a laptop, not to mention his satellite connection to the Internet from the Mexican jungle (see also Iturriaga, 1996). The real power lies in the image of the Zapatista leader using high-tech equipment in a low-tech world, not in the actual fact whether he himself writes the communiqués on a laptop and sends them out over a satellite connection, or someone else types it up for him and distributes it. The high-tech/low-tech imagery in the newspapers was further colored by repeatedly mentioning Marcos' backpack and pickup truck: "According to federal legislator Adolfo Aguilar Zinser, who met with Marcos at a jungle hideout last year, the rebel leader typically would write his voluminous communiqués on a laptop computer, which he carried in a backpack and plugged into a lighter socket of an old pickup truck" (Robberson, 1995).

At times, the articles expanded the high-tech arsenal to other communicational technologies, for example, playing upon the perceived power of fax machines that are capable of circumventing state censorship and bringing about revolutions: "When the federal soldiers reached the insurgent stronghold at Guadalupe Tepeyac, the guerrillas melted into the jungle, leaving behind a few trucks but taking with them their most valuable equipment - fax machines and laptop computers" (Watson et al., 1995). Of course, a sarcastic mind would wonder what they did with fax machines in the middle of a jungle with no telephone lines, but it is beside the point. What must be noted is the growing power of the myth - with all the necessary elements - of a leader hiding in a secret location, communicating with advanced technologies under very simple conditions. Note, for example, Chapman's personal account of a dialogue among his Mexican friends: "'[Subcomandante] Marcos has a laptop in the jungle, with a wireless or a satellite connection to the Internet,' said one. 'That's nonsense!' another retorted. 'There are many myths about Marcos,' someone else observed, smiling. 'Myths that we enjoy. But he doesn't have an Internet connection'" (Chapman, 1996).

The exemplary status of the rebel leader of an oppressed people fighting with a laptop is so popular with newspapers that Daniel Brandt ironically notes: "To fan the flames of incipient Internet repression, it is always useful to run a front-page story about Subcomandante Marcos and his laptop" (Brandt, 1995).

The sole power of the Subcomandante equipped with his laptop notwithstanding, academic writings on the subject later emphasized that the Zapatista movement depended on a global network of wired supporters, those who distributed their messages and protested for their cause (e.g., Cleaver, 1998a; Cleaver, 1998b; Cleaver, 1998c; Wray, 1998; Cleaver, 1999; Ronfeldt et al., 1999).

Most reports on the intersection of Osama bin Laden and information technologies are, however, delivered in the form of possible threats - what sorts of attacks bin Laden and Al Qaeda could carry out with computers and how they organize themselves using these modern communication channels.

"Senior U.S. counter-terrorism officials have learned that Saudi dissident Osama bin Laden relies upon computer technology to communicate with members of his Al Qaeda terror network around the world in planning attacks" (Bin Laden Network, 1999).

Since most of these articles lack a factual basis, newspapers often resort to a sensationalist tone in their language. The use of negative words and references to the magnitude of possible adverse actions spectacularly dominate the sentences; thus, they overshadow the frequent use of the conditional tense.

"American officials said the new communications traffic was a serious concern because they feared that Al Qaeda, Osama bin Laden's network, could use its sophisticated Internet ability to launch new terror attacks against the United States" [emphasis mine] (Risen and Johnston, 2002).

Either because there is no source behind them or it is withheld by the authorities (classified information or simply disinformation, as part of a PR campaign or Government agenda), many claims in these articles are vacuously credited to "official" sources.

"An obscure report issued Dec. 21 by the Canadian Office of Critical Infrastructure Protection and Emergency Services raises the specter of a possible future cyberattack by agents or sympathizers of Osama bin Laden's al-Qaeda terrorist organization" (Verton, 2002).

The sources become even more distorted when newspapers base their reports on other papers with already obscure sources. Note, for example, the NewsFactor Network piece (Micek, 2001), leading in with "an extensive investigation revealed...", while the quoted report only mentioned "U.S. officials" as its source.

When discussing the place, time, or nature of these cyberattacks, newspapers usually employ a highly vague language. Whether the reading public fully comprehends the conditional tense is arguable.

"If true, that statement suggests that bin Laden may have been planning cyberattacks against the West at some point in the future, the Canadian study concludes" [emphasis mine] (Verton, 2002).

"The FBI said al-Qaeda terrorists may have been studying American dams and water-supply systems in preparation for new attacks and [may have] sought information on the Internet about insecticides and pest-control products" [emphasis mine] (AP, 2002b).

However, when it comes to the range of possible targets, the list becomes more specific and elaborated. By citing particular examples of large-scale vulnerable systems of national importance, the "threat factor" radically increases.

"Despite bin Laden's use of telecommunications-deprived Afghanistan as his base of operations, the Canadian study doesn't rule out the possibility of al-Qaeda agents or sympathizers in other countries carrying out sophisticated and coordinated cyberattacks against critical infrastructure facilities, such as the U.S. telecommunications grid, electric power facilities and oil and natural gas pipelines" (Verton, 2002).

This manifest list of possible targets is shared among many threat articles. In a recent threat article asserting that the government is now prepared to respond militarily to any cyber attack, the author cites the usual list: "Terrorists could gain access to the digital controls for the nation's utilities, power grids, air traffic control systems and nuclear power plants" (AP, 2002a). Even more recently, a Washington Post reporter wrote that the U.S. indeed found evidence to a potential cyberattack in the planning: "Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors who cased Bay Area computers studied emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities" (Gellman, 2002). Most of these scenarios are derived from a 1997 article by Collin titled "The Future of Cyberterrorism." In response to Collin's claims about the vulnerability of the U.S. computer-controlled systems (from air traffic control systems to cereal production lines), Pollitt (1997) disputed these cyberterrorist scenarios, and argued that information systems can be best defended if sufficient human intervention is retained, or if their physical capabilities are limited. Among his examples, if the air traffic control computers were overtaken pilots could switch to manual operation, or if the iron level were increased to poisonous levels in cereals they would notice the change in taste.

So called "threat" articles may well have been part of American journalism a long time before the extremist Islamic terrorist attacks against U.S. interests worldwide; however, they recently became very frequent and conspicuous. Whether it is presented in print media according to government agenda, or simply driven by sensationalism, we may never know. But taking a closer look at news articles that report some sort of a threat (these days mostly by terrorists, as the new number one enemy) that is connected to the Internet reveals many commonalities in these articles, including the language, the structure, and the types, targets, or perpetrators of these attacks.

The "blame" deserves some more attention. There is a list of technologies made possible by the Internet that causes more and more headaches to the authorities, as well as the corporations. On the one hand, these technologies contain the possibility of freely expressing political dissent, directly assisting political subversion, or simply stand against the information monopoly of the dominant group. On the other hand, they also contain the possibility of online activities that deprive corporations of profits they would otherwise make had these technologies been controlled. These include online communication technologies, such as e-mail or chat rooms (see the increasing effort to monitor or ban some of them); encryption, especially the freely available Pretty Good Privacy, simply known as PGP (see how its creator Paul Zimmermann was treated when it was suggested that some of the 9-11 hijackers may have used it to communicate secretly); peer-to-peer networks, like Napster, that enable individual users to swap software or music directly without paying license fees, royalties, or commissions (these initiatives are constantly bombarded with lawsuits by the corporate owners of those licenses); wireless networking, especially the so-called 802.11b protocol that allows for access to any enabled access points (there is a whole movement forming around this protocol, whereas individuals set up open access points to which others can freely connect).

Interestingly, these technologies are really a double-edged sword for U.S. authorities. Before September 11 and the terrorist threat from extreme Islamists, there was some balancing between encouraging these "liberating" technologies among people in oppressive or non-democratic regimes and containing them domestically for political or commercial reasons. It was imagined, for example, that e-mail and online chat rooms, encryption, or peer-to-peer networks would help bring about political change in communist China, mainly to democratize the country, to control its regional political influence, and to access its huge market. But China is occupied with its own balancing game between taking advantage of the commercial benefits the Internet offers and controlling domestic resistance. At the same time, even the U.S. government leaned toward protecting free speech, privacy, and other civil liberties the Constitution prescribed. But then came a corporate-friendly Bush administration and the events of September 11, and this balance was radically upset. In the name of national security, the government now openly supports the control and containment of these liberating technologies, even at the price of curtailing the constitutional civil liberties it had so proudly protected. It is now claimed, through news media reports, that terrorists use the Internet, communicate via e-mail, meet in online chat rooms, use PGP encryption, and plan to carry out cyberattacks - using, for example, wireless technology - that will cripple the U.S. economy. All these technologies mentioned above are now fully vilified in the war against terrorism.

One of the most spectacular and edifying examples of threat reporting is USA Today's offensive against the free use of online encryption. In a multi-version article published on 19 June 2001, USA Today reporter Jack Kelley (Kelley, 2001a, 2001b, 2001c) launched a sensationalist attack against the Internet, claiming that terrorist organizations were hiding plans of attacks against the U.S. online. Kelley claims that terrorists are embedding secret messages in images, using a method called steganography. First, consider the three versions of titles, one establishing the connection between terrorism (the threat) and the Internet, the other invoking encryption (the blame), and the third lending credibility by invoking "experts" (the legitimizer):

Terrorist instructions hidden online
Terror group hide behind Web encryption
Experts say terrorists hiding message on Web

Now consider the opening paragraphs, with particular attention to the threat, the mode, and the source.

"Osama bin Laden and other Muslim extremists are posting encrypted, or scrambled, photographs and messages on popular Web sites and using them to plan terrorist activities against the United States and its allies, U.S. officials say" (Kelley, 2001c).

Once the threat is specified as all Muslim extremists, the next version expands the target list to U.S.-friendly nations, and invokes another online vice, pornography.

"Hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies" (Kelley, 2001b).

Later in the second article, Kelley names a number of locations for online terrorist activities, among them regions with no or minimal public Internet access:

"... encryption has become the everyday tool of Muslim extremists in Afghanistan, Albania, Britain, Kashmir, Kosovo, the Philippines, Syria, the USA, the West Bank and Gaza and Yemen, U.S. officials say" (Kelley, 2001b).

Furthermore, he makes online encryption technology a required course for terrorist in the middle of the Afghan and Sudanese deserts:

"Muslim extremists are teaching it at their camps in Afghanistan and Sudan, they add" (Kelley, 2001b).

Objectivity suffers the coup de grâce when Kelley quotes the director of an Israeli think tank as his source for the verdict on the Internet as an Islamist-terrorist propaganda tool.

"'All the Islamists and terrorist groups are now using the Internet to spread their messages,' says Reuven Paz, academic director of the Institute for Counter-Terrorism, and independent Israeli think tank. [...] The Internet has proven to be a boon for terrorists" (Kelley, 2001b).

The blame is then indirectly laid on the privacy advocacy groups who posted the encryption programs allegedly used by these terrorist groups.

"Officials and experts say the messages are scrambled using free encryption programs set up by groups that advocate privacy on the Internet" (Kelley, 2001c).

In order to overcome the apparent paradox of advanced communicational technologies and the underdeveloped infrastructural conditions of the remote deserts, some reports play upon the low-tech vs. high-tech imagery similar to the Zapatista stories, and combine high-tech production with low-tech versions of delivery.

"The primary means of communication is relatively low-tech: the floppy disk" (Bin Laden Network, 1999).

"For example, he employs couriers to carry computer disks downloaded from laptops - his operation prefers Toshibas [2] - with specific orders. He augments them with Internet-based e-mail" (Bin Laden Uses, 1999).

MSNBC further emphasizes the mixed ICT strategy bin Laden is believed to rely on.

"In a sophisticated effort to avoid detection, the alleged terrorist network of Saudi exile Osama bin Laden is using floppy discs, satellite phone e-mail, and Internet messaging to plan its moves, senior U.S. counter-terrorism officials told NBC News" (Bin Laden Uses, 1999).

The use of satellite phones, however, is refuted soon afterwards in the same article, saying that, "In an interview last month, bin Laden told a Time magazine journalist that he no longer uses his phone out of fear the National Security Agency will be able to track the signal and target him for assassination" (Bin Laden Uses, 1999). Understandably so, since the GPS data from his satellite phone was used in 1998 in a missile attack authorized by U.S. President Bill Clinton intended to kill him.

The process of reconciliation of the high-tech vs. low-tech paradox was spectacularly demonstrated by a New York Times report about the Al Qaeda's regrouping efforts using the Internet. The article mentions that, "some of the activity appeared to come from villages in the Pakistani province of Baluchistan, along the Afghan border, a remote and sometimes lawless region" (Risen and Johnston, 2002). One Hungarian newspaper reporting the New York Times story, for example, realized the apparent paradox in having "sophisticated Internet capability" and easy access from cybercafes, airport lounges, public libraries, and Kinko's in a remote and underdeveloped desert region, so the author parenthesized that, "there are obviously no cybercafes operating there, but today it was certainly easy to acquire portable computers with Internet access via mobile phones" (MTI, 2002), without realizing his desperate effort to justify a controversial news item taken at face value, falling into the same paradoxical trap.

The events of September 11 gave a renewed interest in the use of steganography and other encryption technologies online by terrorist organizations. On September 25, an ABC News article points the finger directly at encryption, which allegedly prevented NSA from continuing its eavesdropping on Osama bin Laden. More importantly, the article singles out the freely available Pretty Good Privacy as the greatest concern for law enforcement: "The FBI is particularly concerned about a free encryption key named Pretty Good Privacy (PGP)" (Staff, 2001). This is particularly interesting since another article - in an apparent attempt to step up the threat factor - refers to at least 100 free steganography (just one of the many available types of encryption) programs on the Internet (Kolata, 2001). Furthermore, this article follows a Washington Post report four days earlier about the overwhelming grief of Phil Zimmermann, the programmer who wrote and made PGP freely available, for having put this powerful technology into the hands of the terrorists (Cha, 2001). Zimmermann later stated that he was grossly misquoted in the article and he never regretted PGP. Moreover, there was still no proof presented that PGP was actually used by the 9/11 terrorists. Again, the Post published a report that twisted the story toward supporting an agenda the administration was pushing, namely, a ban on encryption, or a backdoor built in the programs that would enable law enforcement to unlock the code if needed.

Only days later, the New York Times published its version of the threat by steganography in the hands of terrorists. To date, this is the only report that mentions an actual use of steganography, namely by a Jamal Beghal, a terrorist apprehended in France and charged with planning to blow up the U.S. Embassy in Paris. The incident is hitherto the most specific, albeit the credited source is in concert with the familiar pattern, in this case a "former French defense ministry official." The article goes on to explain the detection of steganography, citing three experts who unanimously say that "quite an alarming number of images appear to have steganography in them" (Kolata, 2001). Perhaps unsurprisingly by now, two of them are financed by the Air Force, while the third one by "law enforcement," most likely the FBI. The only one source saying that he found no evidence of hidden messages was a graduate student - whose research was quickly discredited by pointing out that he was unable to detect a short message in a photograph that was sent to him, although he was even told beforehand that there was an unencrypted message inserted (Kolata, 2001).

In fact, his detection software was the basis of a research study at the University of Michigan, which forced USA Today to back off from its claims nine months after the Kelley articles about the terrorists' use of steganography were published. In this comprehensive study, researchers found no evidence of any steganography on the Net: "... U.S. scientists said they have found no signs that Osama bin Laden and his al-Qa'eda network have used technology to hide secret messages on the Internet" (USAToday, 2001). This USA Today report was based on a Reuters wire clarifying that the researchers "began their search following a report in USA Today in February that cited unidentified U.S. officials and experts saying bin Laden's associates were using a masking method called 'steganography' to hide secret messages on their activities inside innocent-looking photos on the Web."

Since it was U.S. Government officials on whom the original story was based, one plausible explanation is that the newspaper was just a vehicle for a strategically placed government disinformation. Regardless, it is a fine example of how academia can challenge unfounded and speculative media reports. In this case, as seems likely, by proving the article's claims wrong, they might actually have exposed one piece of an elaborate government disinformation campaign aimed at vilifying encryption, in particular, and the Internet, in general, in order to gain public consent for its control.

Concerning the September 11 terrorist attacks and the encryption debate, Campbell (2001) points out the lack of evidence about Al Qaeda's use of online encryption and the media's disregard for this fact:

"In two successive briefings, senior FBI officials have stated that the agency has as yet found no evidence that the hijackers who attacked America used electronic encryption methods to communicate on the internet. But this has not prevented politicians and journalists repeating lurid rumours that the coded orders for the attack were secretly hidden inside pornographic web images, or from making claiming [sic] that the hijacks could have been prevented if only western governments had been given the power to prevent internet users from using secret codes" (Campbell, 2001).

Quite incredibly, even after these two FBI statements the Los Angeles Times states the complete opposite: "The FBI says that Osama bin Laden - accused mastermind of the attacks on the World Trade Center and the Pentagon - and other terrorist groups routinely encrypt communications" (Piller and Wilson, 2001).

In an instructive summary of the steganography debate, Benton Foundation researcher Andy Carvin (2001) concludes that, "the media hype surrounding bin Laden, steganography and pornography make for enticing copy - but the stories published to date simply don't add up to actual proof, let alone successfully demonstrate that changing the law to curtail steganography would actually accomplish much in the war on terrorism."

Wired magazine's contribution to the terrorism and steganography debate is more balanced than that of the daily newspapers. In an article dated 7 February 2001, Declan McCullagh (2001) actually refers to suggestions that the discourse is indeed fueled by the government for a specific agenda: "Some administration critics think that the FBI and CIA are using potential terrorist attacks as an attempt to justify expensive new proposals such as the National Homeland Security Agency - or further restrictions on encryption and steganography programs."

Yet, the number of articles in the print media that actually defends the Internet - and argues on the side of privacy and the protection of civil liberties against the building momentum to label it as a threat, a safe haven for terrorists - is scarce. Two are worth mentioning: one by privacy advocate Steven Levy in a Newsweek Web exclusive, wondering whether encryption did indeed empower these terrorists, and another one in the Washington Post by Jon Ippolito, a curator in the Guggenheim Museum, asking not to blame the Internet. In the latter one, the author points out that there is evidence that these terrorists were average in their use of the Internet. They communicated and organized online, just like "[the author's] mother from her farmhouse in the Midwest" (Ippolito, 2001). He goes on to point out that the same technology empowered, for example, Drazen Pantic of the B92 radio in Belgrade to overcome the censorship of the Milosevic Government.

Thus, the use of encrypted messaging on the Internet can empower oppressed people in authoritative regimes to evade their government's censorship and surveillance, just like it can assist al-Qaeda members to communicate in confidence. What must be realized is that the Internet is just like any other tool; it can be used for good as well as bad, just like the proverbial hammer. But it also has to be realized that it is in the interest of certain powers to present it in a light that best supports their current agendas. It is no surprise that the biggest government ally in this struggle is probably the mainstream mass media.




Especially put into the context of other types of terrorist alerts (e.g., against bridges, water supply facilities, nuclear reactors, airports, or embassies abroad), one is left wondering whether these alerts are strategically distributed according to a planned agenda, with the additional benefits of indirectly putting blame on countries or technologies that stand in the way of U.S. global political, economic, and cultural hegemony, by carefully injecting them into the text of these warnings.

Perhaps there is no government agenda. Yet, the majority of these articles are from wire service reports prompted by government-issued alerts and press briefings. Perhaps there is intelligence that specifically points to plans against U.S. cyberspace. Yet, the language and sources are extremely vague, making it look like an attempt to issue warnings about all imaginable scenarios; just in case any of them happens, the government can always say they did warn the public. Perhaps consequent legislation was only meant to serve the protection of the American people. Yet, it also protects the government from any other political dissent, or at least gives them the power to monitor their citizens, as well as it protects businesses from loss revenue from "copyleft," "peer-to-peer," and "open source" initiatives. Perhaps it is only sensationalist reporting by newspapers to sell more copies. Yet, it influences public opinion, creates a negative image of hacking, online political activism, free software and other counter-corporate-cultural movements, blurs the boundaries of cyberactivism and cyberterrorism, and consequently prompts unwarranted restrictive legislation, induces misguided policy-making, and causes the curtailment of civil liberties. End of article


About the Author

Sandor Vegh is a Ph.D. candidate at the Department of American Studies, University of Maryland. His dissertation deals with the Internet's impact on democracy and democratization, control and resistance power struggle in cyberspace; more specifically online political activism (hacktivism), and the mass media's role in the process.
E-mail: veghs@otal.umd.edu



1. According to the United Nations, there are 34 developed countries; the rest are considered developing.

2. This is most likely a reference to the one Toshiba laptop seized from terrorist Ramzi Yousef in 1995 by Philippines authorities, although why the author feels important to mention this fact is unclear.



J. Adams, 2001. "Virtual defense," Foreign Affairs, volume 80, number 3 (May-June), pp. 98-112. http://dx.doi.org/10.2307/20050154

Associated Press (AP) 2002a. "Cyberattack could result in military response," USA Today (14 February), at http://www.usatoday.com/life/cyber/tech/2002/02/14/cyberterrorism.htm, accessed 24 September 2002.

AP, 2002b. "FBI: Terrorists scouted out more targets online," USA Today (31 January), at http://www.usatoday.com/news/attack/2002/01/31/terrorists-net.htm, accessed 24 September 2002.

Bin Laden Network, 1999. "Bin Laden Network uses computer technology to plan attacks," Middle Eastern Intelligence Bulletin, published by the United States Committee for a Free Lebanon, volume 1, issue 1 (January), at http://www.meib.org, accessed 24 September 2002.

Bin Laden Uses, 1999. "Bin Laden uses Net to plot moves," (15 January), MSNBC.

D. Brandt, 1995. "InfoWar and disinformation: From the Pentagon to the Net," NameBase NewsLine, number 11 (October-December), at http://www.pir.org/news11.html, accessed 24 September 2002.

J.L. Brock, 1996. "Information security: Computer attacks at Department of Defense pose increasing risks," Testimony before the Permanent Subcommittee on Investigations, Committee on Government Affairs, U.S. Senate. Washington, D.C. (22 May); also at http://www.fas.org/irp/gao/aim96084.htm, accessed 24 September 2002.

D. Bryan, 2001. Personal correspondence with author (21 November).

D. Campbell, 2001. "How the terror trail went unseen," Telepolis, at http://www.heise.de/tp/english/inhalt/te/9751/1.html, accessed 11 November 2001, verified 24 September 2002.

A. Carvin, 2001. "When a picture is worth a thousand secrets: The Debate over online steganography," Digital Beat (31 October), at http://www.benton.org/DigitalBeat/db103101.html, accessed 11 Novermber 2001, verified 24 September 2002.

A.E. Cha, 2001. "To attacks' toll add a programmer's grief," Washington Post (21 September), p. E01; see also http://www.detnews.com/2001/technews/0109/22/technology-300229.htm, accessed 24 September 2002.

G. Chapman, 1996. "Mexico: Window on technology and the poor," Los Angeles Times (28 October), p. D1; also at http://lib.nmsu.edu/subject/bord/laguia/netpoor.html, accessed 24 September 2002.

H.M. Cleaver, Jr., 1999. "Computer-linked social movements and the global threat to capitalism," at http://www.eco.utexas.edu/homepages/faculty/Cleaver/polnet.html, accessed 10 October 2000, verified 24 September 2002.

H.M. Cleaver, Jr., 1998a. "The Zapatista Effect: The Internet and the rise of an alternative political fabric," Journal of International Affairs, volume 26, number 2 (Spring), pp. 621-640.

H.M. Cleaver, Jr., 1998b. "The Zapatistas and the electronic fabric of struggle," In: J. Holloway and E. Pelaez (editors). Zapatista! Reinventing Revolution in Mexico. London: Pluto Press; see also http://www.eco.utexas.edu/faculty/Cleaver/zaps.html, accessed 24 September 2002.

H.M. Cleaver, Jr., 1998c. "The Zapatistas and the international circulation of struggle: Lessons suggested and problems raised," at http://www.eco.utexas.edu/faculty/Cleaver/lessons.html, accessed 10 October 2000, verified 24 September 2002.

S. Costello, 2001. "Survey: Web attacks doubled in past year," Computerworld (9 October), at http://www.computerworld.com/securitytopics/security/story/0,10801,64672,00.html, accessed 24 September 2002.

B. Cronin and H. Crawford, 1999. "Information warfare: Its Application in military and civilian contexts," Information Society, volume 15, pp. 257-263, at http://www.slis.indiana.edu/TIS/articles/cronin15(4).pdf, accessed 24 September 2002.

D.E. Denning, 2001. "Class notes and handouts," COSC 511: Cyberwarfare, Georgetown University (Fall).

M.G. Devost, B.K. Houghton, and N.A. Pollard 1998. "Information terrorism: Political violence in the information age," at http://www.terrorism.com/Denning.html, accessed 1 October 2001, verified 24 September 2002.

B. Gellman, 2002. "U.S. finds clues to potential cyber-attack," SiliconValley.com (27 June), at http://www.siliconvalley.com/mld/siliconvalley/3554402.htm, accessed July 8 2002, verified 24 September 2002.

Institute for Security Technology Studies, 2001. "Cyber attacks during the war on terorrism: A Predictive analysis," Institute for Security Technology Studies at Dartmouth College, Hanover, N.H., at http://www.ists.dartmouth.edu/ISTS/counterterrorism/cyber_a1.pdf, accessed 24 September 2002.

J. Ippolito, 2001. "Don't blame the Internet," Washington Post (29 September), p. A27; also at http://www.tjm.org/rebuildnyc/articles/2001-09-29_Jon-Ipplito_Dont-Blame-the-Internet.htm, accessed 24 September 2002.

M. Iturriaga, 1996. "The War of ink and Internet. Computer Science," Unpublished thesis, University of Tenessee, Knoxville, Tennessee, at http://www.cs.utk.edu/~miturria/project/, accessed 23 February 2001, verified 24 September 2002.

J. Kelley, 2001a. "Experts say terrorists hiding message on Web," USA Today (18 June), at http://www.usatoday.com/news/washdc/2001-02-05-ejihad.htm, accessed 24 September 2002.

J. Kelley, 2001b. "Terror groups hide behind Web encryption," USA Today (19 June), at http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm, accessed 24 September 2002.

J. Kelley, 2001c. "Terrorist instructions hidden online," USA Today (19 June), at http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen-side.htm, accessed 24 September 2002.

G. Kolata, 2001. "Veiled messages of terrorists may lurk in cyberspace," New York Times (30 October); see also http://www.gyre.org/news/cache/1318, accessed 24 September 2002.

D. Legard, 2001. "EFF: New law will treat hackers as terrorists," IDG News Service, Singapore Bureau (28 September), at http://www.idg.net/spc_701279_190_9-10025.html, accessed 24 September 2002.

D. McCullagh, 2001. "Bin Laden: Steganography master?" Wired (7 February), at http://www.wired.com/news/politics/0,1283,41658,00.html, accessed 24 September 2002.

R. Merle, 2002. "Computer attacks on companies up sharply," Washington Post (28 January), p. A08; also at http://www.infowar.com/survey/02/survey_012802b_j.shtml, accessed 24 September 2002.

J.L. Micek, 2001. "Terrorists hide out in plain sight on the Net," NewsFactor Network (6 February), at http://www.newsfactor.com/perl/story/7274.html, accessed 24 September 2002.

MTI, 2002. "Internetes üzenetek az al-Kaidától," Magyar Nemzet Online (6 March).

National Infrastructure Protection Center (NIPC), 2001. "Cyber protests: The Threat to the U.S. information infrastructure," National Infrastructure Protection Center, Washington, D.C. (October), at http://www.nipc.gov/publications/nipcpub/cyberprotests.pdf, accessed 24 September 2002.

L. Paul, 2001. "When Cyber hacktivism meets cyberterrorism," SANS Institute (16 November), at http://www.sans.org/infosecFAQ/hackers/terrorism.htm, accessed 5 February 2002, verified 24 September 2002.

C. Piller and D. Wilson, 2001. "The Terrorists are winning the cyber war: Technology: U.S. spy shops' spending and resources, adversaries plague them at will with computers and Internet," Los Angeles Times (19 September); see also http://www.landfield.com/isn/mail-archive/2001/Sep/0089.html, accessed 24 September 2002.

M.M. Pollitt, 1997. "Cyberterrorism - fact or fancy?" at http://www.cs.georgetown.edu/~denning/infosec/pollitt.html, accessed 24 September 2002.

Reuters, 2001. "Researchers: No secret bin Laden messages on sites," USA Today (3 November), at http://www.usatoday.com/life/cyber/tech/2001/10/17/bin-laden-site.htm, accessed 24 September 2002.

J. Risen and D. Johnston, 2002. "Intercepted Al Qaeda e-mail is said to hint at regrouping," New York Times (6 March); also at http://www.c-squad.org/mpn/article.php?sid=50, accessed 24 September 2002.

T. Robberson, 1995. "Mexican rebels using a high-tech weapon: Internet helps rally support," Washington Post (20 February), pp. A1, A21.

D. Ronfeldt, J. Arquilla, G.E. Fuller, and M. Fulle. 1999. The Zapatista "social netwar" in Mexico. Santa Monica, Calif.: Rand.

T.L. Staff, 2001. "Secret codes: Authorities say bin Laden using encryption software," ABC News (25 September).

U.S. Defense Science Board Task Force, 2001. "Protecting the homeland: Report of the Defense Science Board Task Force on Defensive Information Operations," (March). Office of the Undersecretary of Defense for Acquisition, Technology and Logistics, U.S. Department of Defense, Washington, D.C.; also at http://cryptome.org/dio/dio.htm, accessed 24 September 2002.

S. Vegh, in progress. "Disrupting the status quo: Non-traditional uses of the Internet as a political force," Doctoral dissertation, Department of American Studies, University of Maryland.

D. Verton, 2002. "Report warns of al-Qaeda's potential cybercapabilities," Computerworld (4 January), at http://www.idg.net/spc_785367_190_9-10025.html, accessed 24 September 2002.

R. Watson, J. Barry, C. Dickey, and T. Padgett, 1995. "When words are the best weapon. Revolution: Information can undermine dictatorships, and the faster it flows, the more trouble they're in. How the Rebels use the Internet and satellite TV," Newsweek: Technology '95 (27 February), pp. 36-40.

S. Wray, 1998. "Electronic civil disobedience and the World Wide Web of hacktivism: A Mapping of extraparlamentarian direct action Net politics," The World Wide Web and Contemporary Cultural Theory, Drake University, at http://www.nyu.edu/projects/wray/wwwhack.html, accessed 23 February 2001, verified 24 September 2002.

Editorial history

Paper received 5 September 2002; accepted 19 September 2002.

Contents Index

Copyright ©2002, First Monday

Copyright ©2002, Sandor Vegh

Hacktivists or Cyberterrorists? The Changing Media Discourse on Hacking by Sandor Vegh
First Monday, volume 7, number 10 (October 2002),
URL: http://firstmonday.org/issues/issue7_10/vegh/index.html

A Great Cities Initiative of the University of Illinois at Chicago University Library.

© First Monday, 1995-2017. ISSN 1396-0466.