A federal grand jury in Alexandria, Virginia has indicted thirteen members of the hacktivist group, Anonymous, for their alleged participation in a “worldwide conspiracy” that involved “cyber attacks,” including “attacks” on companies that would not process donation to the media organization, WikiLeaks.
The indictment charges them with violating the Computer Fraud and Abuse Act by “knowingly” causing the “transmission of a program, information, code or command and, as a result of such conduct, intentionally” causing “damage without authorization, to a protected computer.” If convicted, they would each face a fine and the possibility of being imprisoned for up to ten years.
The indictment names all thirteen accused of involvement in the “attacks” between September 2010 and January 2011, a period when WikiLeaks came under increased targeting by the United States government for publishing the Iraq and Afghanistan War Logs and later US State Embassy cables.
It alleges the individuals “coordinated” a series of “cyber attacks against victim websites by flooding those websites with a huge volume of irrelevant internet traffic with the intent to make the resources on the websites unavailable to customers and users of those websites.” The “method of online attack is known as a Distributed Denial of Service (“DDoS”) attack.”
“A freely-available and downloadable network stress testing program known as the Low Orbit Ion Cannon (“LOIC”) was the “weapon of choice” and “in some cases” it was “publicized and distributed to other Anonymous members.”
The indictment accuses the thirteen individuals of launching “cyber attacks” on the Recording Industry Association of America (RIAA) in the Eastern District of Virginia, where the federal grand jury was based, the Motion Picture Association of America (“MPAA”), the United States Copyright Office of the Library of Congress, Visa, MasterCard and Bank of America (as well as other entities).
Overall, more than thirty “cyber attacks” are described in the indictment. In September 2010, Anonymous members were allegedly involved in launching DDoS “cyber attacks” on the RIAA and MPAA in support of The Pirate Bay. When the file sharing service, Limewire, was shut down, they allegedly attacked the RIAA again. It was all in protest of the organizations enforcement of copyright laws to target these services.
On December 3, 2010, the individuals indicted discussed targets that could be hit to show their support for WikiLeaks. They allegedly launched attacks on “websites of entities that were either critical of WikiLeaks or had refused to process payments for WikiLeaks, including Amazon and United States Senator Joseph Lieberman.”
The FBI previously arrested fourteen individuals associated with Anonymous, who were indicted by a federal grand jury for their alleged involvement in attacks on PayPal, on July 19, 2011. That case, United States v. Dennis Collins et. al., appears to still be pending, according to a page on the Justice Department’s website.
Two other individuals associated with Anonymous, Christopher Doyon and Joshua Covelli, were indicted by a federal grand jury in San Jose, California, for allegedly engaging in “conspiracy and causing intentional damage to the Santa Cruz County computer servers” when they launched a DDoS attack in December 2010 “in retaliation for the City of Santa Cruz enacting and enforcing an anti-camping statute against the homeless and disbanding protests related to the anti-camping statute.” Their case is still pending as well.
Each of the highlighted actions have a dimension of protest and were not launched to irreparably damage the infrastructure of the websites or defraud any of the entities.
Molly Sauter, who served as a fellow at the Berkman Center for Internet and Society at Harvard University from 2012-2013, argued in her thesis, “Those pursuing the direct action model are motivated by a desire to disrupt a process for the purpose of disrupting that process andpotentially provoking a cascade of responses, on technological, political, media, and social levels.”
Such action can also be used to “focus attention on an event or issue external to the DDoS itself. The challenge, as is the case with public, performative activism in the physical world, is getting media outlets to cover the issues that drive the activism, and not merely the spectacle of the activism itself or tactics used.” (This certainly would seem to apply to actions against those advancing the draconian enforcement of copyright law and those refusing to process payments to media organizations governments dislike.)
The entire thesis should be read, as it provides great context for the prosecution of these individuals, but here is a summary especially worth considering:
Today’s distributed denial of service actions are part of a history of denial of service actions. Actions like strikes, work slowdowns, blockades, occupations, and sit-ins all serve as ideological and theoretical antecedents to the digitally-based distributed denial of service action. Activist DDOS actions have undergone basic shifts in practice,purpose, and philosophy over the past two decades. Beginning as an exercise by experienced activists looking to stake out the internet as a new zone of activism, it isnow mainly practiced by transgressive, technologically-mediated subcultures, often focused on internet-centered issues, who consider the online space to be a primary zone of socialization, communication, and activism. This has had implications for the basic sets of motives behind actions, the technological affordances present in the tools used, and the specific contexts of the tactics’ deployment.
Also, as Gabriella Coleman has comprehensively explored in her work, DDoS action by Anonymous has positively influenced politics. When actions were launched against the Polish government for moving to adopt the Anti-Copyright Trade Agreement (ACTA) in January 2012. During the vote, members of Parliament were seen wearing Guy Fawkes masks and helped to legitimize the group.
Coleman has described actions by Anonymous as being conducted by people who “care deeply about free speech, censorship and intellectual property restrictions.”
Yet, there exists no distinction in US law between disruptive activism and malicious cyber attacks. The Computer Fraud and Abuse Act can be used to easily conflate the two. And that has made it possible for the US Justice Department to aggressively prosecute members of Anonymous for their role in DDoS actions.