back to article Anonymous wants DDoS attacks recognized as speech

The loosely organized hackers of Anonymous don't just launch distributed denial-of-service attacks for the lulz. They do it to send a message, which is why they've petitioned the Obama administration to recognize DDoS as a legal form of protest. The petition, which was filed on the White House's We the People website, argues …

COMMENTS

This topic is closed for new posts.
  1. frank ly

    Find out who signed the petition ......

    ... then go and ring their doorbell repeatedly and continuously. They'll understand and respect your position.

    1. dotdavid
      Facepalm

      Re: Find out who signed the petition ......

      "Your honour, I was only expressing my right to free speech through the medium of hitting 'im repeatedly with my fist. I have always found that knocking people down is a good way of making sure my points are heard"

      1. Wize

        @dotdavid

        I thought it would be better to convey your free speech through the line "Stop hitting yourself"

    2. Anonymous Coward
      Anonymous Coward

      Re: Find out who signed the petition ......

      "... then go and ring their doorbell repeatedly and continuously. They'll understand and respect your position."

      Nah , it'll just piss off his parents.

  2. Anonymous Coward
    Anonymous Coward

    One essential flaw with this reasoning...

    A protest, done decently, is based on a two way communication; the protest group makes their opinion heard (which obviously opposes another opinion) but normally (should) always allows the opposition to make their voice heard as well. When done right a protest may end in a debate which might eventually help to bring both parties together.

    DDoS on the other hand does not allow for such situations considering how it totally renders the website of the opposition useless. In my opinion its hardly a form of protest but instead takes more the form of total oppression: "We don't like what your website has to say so we're taking it out completely".

    It doesn't matter on which "side" you are; fact remains that one party totally takes away the voice (or online capabilities) of the other.

    And although I agree that it may fall within the definition of a protest ("A statement or action expressing disapproval of or objection to something.") one should have at least a some bit of common sense to realize that you can't use that to justify every take of action; there are limits.

    1. Anonymous Coward
      Go

      Re: One essential flaw with this reasoning...

      Pretty much what I would have put about this one. The other difference between a protest, assuming it was immediately outside the disputed organisation, is that it doesn't stop the on-going business of that organisation. Where protestors do attempt to stop BAU they are arrested and prosecuted... pretty well what seems to happen to anonymous.

      In summary they aren't asking for Freedom of speech, more Freedom of Censorship.

    2. Anonymous Coward
      Anonymous Coward

      Re: hardly a form of protest but instead takes more the form of total oppression

      So, exactly like the Occupy Protests then!

    3. Tom 79

      Re: One essential flaw with this reasoning...

      Not only that, a DDoS attack is 1 person using thousands of other people's computers to talk for him. It's not 1000s of people protesting. It's not totally different from the 3/5th law we had in the US during our slavery period.

  3. Katie Saucey
    Thumb Down

    Here's some free speach

    Fuck off

    1. Anonymous Coward
      Anonymous Coward

      Re: Here's some free speach

      Indeed. If you've been on the receiving end of their "free speech" recently, you quickly lose any sympathy with their supposed causes.

      Anon...for the irony.

      1. g e
        Holmes

        Re: Here's some free speach

        Even if it's bombed into you via several tons of democracy TNT ?

  4. Steven Roper
    Flame

    Let me get this straight

    What Anonymous wants, in essence, is the right to take down my websites, destroy my business and my livelihood resulting in me having to lay off my staff, whose own livelihoods are then ruined, with absolutely no recourse for myself to prosecute those responsible.

    And all on the say-so of some shitbrained little internet vigilante who might mistake my business for some other arsehole's scam, with no trial, no evidence, just hearsay on some Twitter feed?

    You can fuck that idea off right bloody now.

    1. Oninoshiko
      Stop

      Re: Let me get this straight

      You forgot the part where the expressed goal it to prevent you from exercising your free speech because it's an inconveniently contrary idea from their's.

      Anyone who thinks DDOS is a form of speech is a hypocrite of the highest order.

  5. Anonymous Coward
    Stop

    If DDoS is freedom of speech, then email spam must be too.

    And I have the right to set a bulldozer in your driveway in the morning, so you can't get out of the garage and go to work!!

    On second thought, I think Anonymous is full of crap....

    1. Anonymous Coward
      Anonymous Coward

      Re: If DDoS is freedom of speech, then email spam must be too.

      I think this sort of thing means freedom can never be complete, because sometimes the exercise of that freedom will impinge on another's freedom. You might be left with something resembling the Wiccan Rede "An it harm none, do what thou wilt"... except that if a protest really does harm none, it is easily ignored.

    2. Tom 13

      Re: If DDoS is freedom of speech, then email spam must be too.

      Actually you can make a better argument that SPAM is a form of free speech than that DDOS is.

      SPAM at least meets the criteria that it is communicating. Where it falls down is that it forces the recipient to pay for the speech, which is not permissible under classical property rights concepts. And if you throw out the private property rights it still falls under the problem of the free commons.

  6. Moosey
    Alien

    Legal protest or Zombie Apocalypse?

    Being that most of the owners (the people that actually bought the hardware, not the l337 h4x0rs that hijacked them) of the machines that at "sitting in" are unaware that they're doing it.

    This is less like and organised group of people occupying a location, and more like the the evil wizard sending his army of minions to attack.

    1. Ben Tasker

      Re: Legal protest or Zombie Apocalypse?

      Yeah pretty much my first thought:

      argues that DDoS "is not a form of hacking in any way" and that it's really not much different than repeatedly hitting the refresh button in your web browser, albeit on a much larger scale

      Not hackng in any way - true - but definitely different to hitting the refresh button in your browser, especially if some of the participants are part of a botnet, or are compromised servers.

      What they're saying could - almost - be a fair point, if every participant was sat at their own machine, using their own machines resources. That's not what happens though, and it also fails to address the points others have made, like the inability to have a two-way conversation with the protestors.

  7. Anonymous Coward
    Black Helicopters

    You can protest outside the local grocery store.

    But you're going to jail if you drive your truck through the store's front door as a means of keeping the shoppers out. And in fact, many members of Anonymous have gone to jail recently for doing exactly that with their ion cannons. Guess it all sort of works itself out in the end.

    1. Keep Refrigerated
      Trollface

      Re: You can protest outside the local grocery store.

      Except for the internet is not a big truck...

      1. Zaphod.Beeblebrox
        Trollface

        Re: Except for the internet is not a big truck...

        Of course not, as any fule no, th internet is a series of tubes...

  8. Adam 1

    should be allowed

    Continuously pressing F5 while visiting a website I mean. Heck, even tee up a time with your friends after school and have an F5 party

    Using an automated tool to send malformed packets in short time is not free speech. It is simply the denial of someone else's, even if they are sick bastards protesting at childrens' funerals.

    1. Silverburn
      Windows

      F5 parties

      ..should I bring wine?

      1. DavCrav

        Re: F5 parties

        "..should I bring wine?"

        A nice crisp white? That would be refreshing.

      2. Tom 13

        Re: should I bring wine?

        No, cheese. There will be plenty of whine already.

      3. Adam 1

        Re: F5 parties

        "should I bring wine?"

        You could if you really need IE. I would just use Firefox personally. Then you don't need it.

    2. Anonymous Coward
      Anonymous Coward

      Re: should be allowed

      One is a form of protest, the other is the equivalent of hiring a load of cheap labour to protest on your behalf. One placard vs 100 being waved by mexicans earning $1 per hour.

  9. Anonymous Coward
    Anonymous Coward

    Having spent...

    ...a significant amount of time and money blocking one of their DDoS attacks last year, then respectfully, no.

    1. Anonymous Coward
      Anonymous Coward

      Re: Having spent...

      Yeah I always feel particularly aggrieved when I have to deal with a DDoS, it's just so damn sophisticated. It's like wanting to play chess but finding the opponent only has the capacity to flick tiddliwinks.

      It's as depressing as finding a web-based backdoor has been installed on a system, a sophisticated attacker could have (potentially) used it to compromise the system, but the thick-as-two-planks attacker clearly didn't know how and has simply defaced a page instead.

      Don't get me wrong, I don't want our customer's servers to get hacked, but a complete lack of sophistication does say bad things about the technical understanding of today's spotty oiks.

      1. Anonymous Coward 15

        Re: Having spent...

        Defacing rather than doing more serious damage could simply mean "we want to let you know your system is insecure, but we don't want to kill you."

    2. Tom 13

      Re: Having spent...

      Honestly,

      you owe them no respect.

  10. Another User

    Luckily 25,000 signatures required

    So far 841 have signed this petition. This explains why such a high threshold is set to weed out such blatant nonsense.

    1. Anonymous Coward
      Anonymous Coward

      Re: Luckily 25,000 signatures required

      "Anonymous we are legion" - actually it appears not, a (Roman) Legion was about 6000 men, but it appears to be only 830 of Anonymous according to this petition.

      Its probably a fairly accurate figure too - I mean a group that can get thousands of idiots to become a willing botnet must also be using the same jedi mind control techniques to get votes for this petition.

      As myth busters say.... busted!

      Anon because as others have pointed out, just for the lolz

    2. Franklin
      Happy

      Re: Luckily 25,000 signatures required

      Not to worry. I'm sure someone will release a tool soon enough that lets Anonymous use a bonnet to sign the petition tens of thousands of times per second from large numbers of different IP addresses...

  11. jake Silver badge

    I suspect that the anonytwat's perception of freedom of speech ...

    ... ends roughly when someone anonymously smack them personally in the gob.

    Tearing down infrastructure not owned personally, by you, is not freedom of speech. It is vandalism. And the 99% are getting really, really sick of you 1 percenters vandalizing our IntraWebTubes space.

    1. Anonymous Coward
      Anonymous Coward

      Re: I suspect that the anonytwat's perception of freedom of speech ...

      Were in not for the rest of the damage it would do to society, it might be interesting to pass their petition.

      And then watch with the popcorn bowl as all the major corporations began coordinated DDOS attacks on Anon resources across the globe. Because revenge is a dish best served with a buttered popcorn.

  12. g e
    FAIL

    Now, I agree in principle if...

    Every machine contributing to the DDOS actively chose to via its owner clicking 'Join in the DDOS' which is what LOIC does IIRC...

    A zombie botnet used for DDOS does not have the explicit consent of its owner to contribute to the attack, therefore it's akin to someone stealing their voting slip and voting on their behalf in a way they would not choose to.

    Therefore not free speech, a rigged vote. Which is illegal.

  13. Anonymous Coward
    Devil

    DDOS attacks....

    Yeah it has SOME merit, sometimes, but overall, aside from attacking relevant causes, and knocking spammers offline etc., it generally is little more than an a brief annoyance.

    "Oh Oh Oh we jammed a christmas cake up the FBI's arse! Golly Gosh!"

    I hear the ways to bypass a DDOS attack are pretty easy though.

    1. Silverburn

      Re: DDOS attacks....

      Easy...yes.

      Cheap...no. If it's done right.

      You need to pay for the upstream filtering at the ISP, configure the rule scenarios and then there's the DNS re-direction and hosting to consider. The things you can do locally (rule-based request filtering, window resizing, run site in no graphics/maintenance mode, etc) only take you so far. They won't protect you from 50gbits of layer 2/3 traffic - 100,000 SYN-ACK/ACK's (or RST's) per second still adds up, and chances are the CLOSE_WAITS alone will kill your server.

  14. alain williams Silver badge

    Their analogy is flawed

    I support the right to protest: to go somewhere, be noisy and make your point of view as one of a group. If you believe something - stand up, be seen, be heard and be counted.

    DDOS: let me see...

    Do we know who is behind the protest ? No: the DDOSers have typically hijacked others' machines.

    Do I (as a visitor to the web site) know what it is about ? No: all that I know is that the site is slow.

    Can we count the protestors ? No: they aren't using their machines, we do not know who they are.

    Having an analogue of a street protest is difficult in cyberspace, most people who visit the site just won't know. So what can we do:

    * Insist that all web sites have a link to whoever wants to say something about them ? Not practical; Apple knows how to avoid this (until the court finally kicked them hard enough).

    * Permit sites with domains like XxxSucks.org that will show up in google. Yes - that is as close as I can think, these must be protected from being taken down by Xxx.

    1. Robert Helpmann??
      Childcatcher

      Re: Their analogy is flawed

      I agree that their argument is flawed, but not for the reasons you give. Having to physically be somewhere to exercise your right to free speech, which is what your point concerning protest actually goes to, would restrict the exercise of free speech more than it already is (or should be). The argument should not be whether or not a DDoS is a valid form of protest. Rather, it should be if it constitutes an exercise of free speech. Should anonymous (small A) speech be protected? The answer, I feel, is not an absolute Yes or No, but more depends on the situation.

      At first blush, while I do not like the idea of a DDoS, I can see that it might be viewed as an exercise in free speech with the caveat that it cannot be implemented with hijacked machines. Proving this is not the case... I am glad I am not writing the legislation on this.

      Finally, the potential for abuse by a competitor is problematic. Even if a DDoS is deemed a valid exercise of free speech, this possibility seems an obvious outcome of legalizing the practice as a form of protest.

  15. Adam Foxton
    Pint

    How about a halfway point?

    DDOS is legal, so long as youre only using people at a keyboard hitting refresh. Want to take down a company? Use an army of people so youre showing a significant number of dedicated protesters.

    Using software dedicated to doing this is more akin to building a wall around a building- it'll stay up forever and the people can wander off so arent actively taking part of the protest- which would be illegal.

  16. Nameless Faceless Computer User
    Joke

    This is why we can't have nice things!

  17. weekend

    I'm for it..

    Assuming each IP == 1 person intentionally taking part than I am totally for this type of thing. Even if its automated.

    To me automating it is the same as bringing a chair to a sit in. Even while protesting there is no reason you can't be comfortable. I also think that in most cases it is okay to totally disrupt a place of business. When you go on strike do you allow anyone to enter your factory?(although I'm sure many of you will disagree)

    Using a botnet however would be very wrong, and is in itself illegal even if the botnet isn't used for ddos.(breaking into computers and all that)

    Just as with normal strikes I imagine that if this ware to ever become law there would of course be some constraints. For instance: blocking a hospital(or its online equivalent of ddosing emergency services) is generally frowned upon.

    Its probably also worth mentioning that pre 2000 this was totally legal (or at the very least never went to court, floodnet comes to mind. The old documentary "hackers in wonderland" makes some nice references to it.)

    Full disclosure: My datacenter gets hit with a 20Gbit ddos pretty much every day all day. About once a month it peaks to 60Gbit for a short while and I'll have some connectivity problems but that never lasts very long. But this is from one or two individuals with a botnet, not a protest. So despite feeling the effects of this sort of thing on a daily basis I still approve of ddos as a form of protest.

  18. Law
    Paris Hilton

    But normally the protesters WANT to protest...

    ... whereas DDOS attacks are normally done through compromised machines against the will of the owner of that machine - at the will of a handful of eejits these "protesters" are being included in a protest they know nothing about.

    Basically... doing Occupy their way would involve 3 or 4 people deciding they needed to protest against something - then in masks going out and rounding up grannys, kids and dumb people from around the world - transporting them to the company at no cost to them, while the victims (grannys, kids etc) thrashed about confused as to what was going on.

    Once at the building, they use multiple trebuchets to launch these people at the front door until nobody else can get past them or security opens another entrance or two.

    1. weekend
      Joke

      Re: But normally the protesters WANT to protest...

      I would be willing to pay a small amount of money to see a flash animation depicting exactly this.

      It is worth pointing out that some of the highest profile anonymous attacks ware mostly individuals and not botnets. Those that got arrested and convicted for their participation in a ddos attack ware the ones that did it from their home network where 1 IP was 1 individual.

      There was very little chance of catching those that used a botnet, so if this becomes a law or not it will never stop botnets.

      But it will in my opinion give a voice to those that are generally upset about something without going to jail instead of only giving a voice to those that are willing to get arrested or those smart enough to cheat.

  19. Synonymous Shepherd
    Facepalm

    Anonymous?

    CREATOR OF PETITION

    Dylan K

    Eagle, WI

    January 07, 2013

    Signature # 1

    D0x, Mentlegen.

    Sincerely, a cow herd.

  20. Keep Refrigerated
    Stop

    Rather than making it legal...

    I'm for downgrading it to a petty crime - one that gets a warning, then a fine or community order. Currently the upper level of punishment is higher than someone caught driving without a license, drink driving, drug possession, common assault, public indecency, petty theft, shoplifting, disorderly conduct etc...

    All those lesser crimes actually affect real people and can cause significant injury, loss and pain. A DDOS in contrast may affect a business (if it's primary income is web-based), but no more than a common IT glitch would - well run businesses, particularly corporations, design for fault-tolerance and make fail-over plans for that.

    The problem is that law-makers still think computers are magical things from the 80's that enable teenagers to hack into government defence systems and launch nukes all over a simple modem. Those in the fear industry know that can strap "cyber-" onto the front of any threat to elevate it to a much worse situation than it actually is.

    This is why people are so confused when it comes to DDOS attacks, and sadly I see a few commentards here, under the impression that it involves hacking into a website and causing damage - when actually it's sending the equivelant of many multiples of 'visits' to the website - no intrusion needed.

    The actual real-life equivalent is not blocking an entrance to a business. It's sending 1000's of people to browse a store with no intention of buying, preventing genuine shoppers from physically getting in for a few hours.

    The real-life equivalent is a semi-malevolent flash-mob.

    1. Oninoshiko
      FAIL

      Re: Rather than making it legal...

      As a DDOSer you are not making a point, you are not conveying an idea, you are not trying to say anything. What you are doing is making sure they I cannot say what I have to say. THIS IS NOT SPEECH, it's sole purpose it to deny the victim speech.

      A flash mob may raise awareness. Normally someone will be explaining what it is all about, or have signs or some-such. A DDOS does not, because the users only see the site is slow. They do not understand your point BECAUSE YOU ARE NOT MAKING ONE.

      We are not saying you have "mad haxzoring skillz" we are saying you are being destructive and disruptive to other's speech rather then taking the proper approach and legitimately speaking out, arguing what is wrong with your victim.

      I have mitigated these types of attacks. The last one I did was not Anon, but the attack was much the same. It can be done, but it is expensive to do. Us in the real world are incurring costs because... well... I haven't figured out why. It's certainly not so you can speak your mind, because you aren't. If you wanted to you could put up a youtube video, or even your own web-site if you wanted.

      Your goal is not the message, it is to cause harm. To be honest, I think the punishment isn't severe enough. I take speech vary seriously, even for those who have things to say I don't like. I would never harm their ability to speak their mind. It's a shame the fascists in anonymous fail to understand that.

  21. Anonymous Coward
    Anonymous Coward

    Typical

    ASSnonymous needs to pull their heads outta their arses and get in touch with reality.

    Why not make all crimes "legal" so that those who can't live within the laws of society and who attack others and cost them monetary losses, are free to abuse all? Frigging idiots best describes ASSnonymous.

  22. Anonymous Coward
    Anonymous Coward

    How denying others people content/speech to be accessible with a DDOS attack can be in anyway "free speech"? Lol. It could be understood while facing the judge as an illegal method of protest rather than a plain criminal act operated to earn money, but that 's it.

  23. T Horse
    Megaphone

    We the E-People...

    ...demand equal rights to the Internet! In all seriousness, after reading the article I can't say I disagree with Anonymous' White House petition to decriminalize DDOS attacks, as they make a few good points. The problem is in the context of the situation. Obviously, we can't program a massive amount of computers to go protest in Wall Street now can we? Well in the world of the Internet you can "protest", as Anonymous describes it, an organization's web services by overloading their gateway servers from a variety of source addresses. The biggest difference is one person can orchestrate a DDOS attack that could shut down an entire business indefinitely, where in most cases it would take hundreds of people protesting outside the business' physical location to accomplish similar results. I believe that is the primary reason you can't say we have a "right" to perform DDOS attacks to intentionally harm an entity, one person could be infringing on many others' rights while performing this attack. Not to mention, the word attack is in the name; hence, Distributed Denial of Service attack. That being said, how does an organization prevent these kinds of attacks? Frankly, government organizations have been struggling with this issue for one simple reason; they need their dedicated services. The dilemma is who to offer these services to, because if the government says, "so and so's IP and MAC address cannot have access to this web service," then they could be the ones infringing on citizen's rights. Any public network is going to be susceptible to DDOS attacks, it must be accepted. I do believe we could call our Internet rights a civil liberty, ascertaining to what we do on the Internet (within legal bounds), so I think organizing an "old fashion" DDOS attack, where a group of friends all go to a website and hit the refresh button, is comparable, in modern times, to protesting in the streets outside of an organization, and thus acceptable by law. However, the massive automation and malicious technology that goes into the orchestration a DDOS attack comparable to something Anonymous has done in the past, in my mind, is not going to receive any "love" from our legislature.

This topic is closed for new posts.

Other stories you might like