Menu

TECH

We Want YOU, Say Hacktivists … but Is It Legal?

A screenshot from a proganda video released by the anonymous group that attacked the websites of MasterCard, Visa and other sites.

Cyberactivism -- call it "hactivism" -- is sweeping the web. But legal experts put a starker label on it: criminal.

To show support for WikiLeaks and its controversial head Julian Assange, an anonymous group calling itself Operation: Payback has disabled numerous websites and targeted others over the past few days. The group offers free software to let anyone help takedown websites they believe are the "enemies" of WikiLeaks, targeting MasterCard, Visa, PayPal, Amazon and others. 

But is it legal? Experts told FoxNews.com that several international laws ban just this sort of activity.

In the U.K., Laws combating what is called "distributed denial of service," or DDoS, "have been in place since 2006 and could result in you being sent to jail for up to ten years. Similar laws have also been present in Sweden since 2007," wrote Graham Cluley, senior technology consultant for security firm Sophos, in a blog post on his site. 

"It's the same story in the USA, where they take a tough line on those who engage in denial-of-service attacks against websites. For instance, last year saw the jailing of a man who launched a DDoS attack against the Scientology website," he added.

Attorney General Eric Holder said Thursday that authorities were investigating the cyberattacks. "We are aware of the incidents ... and I'll simply say we're looking into them," Holder told reporters after meeting European Union officials on a range of issues, including terrorism, airline security, cybersecurity and privacy.

The anonymous group behind Operation: Payback released a video Thursday defending its actions, describing the efforts to bring down a variety of websites as "a peaceful campaign."

"We have decided to write to you, the media, and all citizens of the free world to inform you of our intentions, potential targets, and our ongoing peaceful campaign for Freedom of Expression. Anonymous is peacefully campaigning for Freedom of Expression everywhere, in all forms, for all platforms."

It may be peaceful, but it sure isn't legal, Daliah Saper, a principal with Saper Law Offices, told FoxNews.com.. 

"The most obvious question is what laws are these hackers violating? In America, there are probably several but the one that stands out from a civil perspective is the Computer Fraud and Abuse Act. This Act provides both criminal and civil penalties for accessing a computer network without authorization."

But as Cluley pointed out, what's legal in cyberspace depends on your location in, well, meatspace, or the physical world. 

"To the extent these hackers reside outside the United States, the enforcement of the act, and ones like it, becomes very difficult. International cooperation would be necessary to ensure the hackers are appropriately reprimanded."

How it Works

The weapon of choice is a piece of software named a "Low Orbit Ion Cannon" (LOIC) which was developed to help Internet security experts test the vulnerability of a website to these assaults, the distributed denial of service attacks. The LOIC is readily and easily available for download on the Internet.

The LOIC can be controlled centrally by an administrator in an Internet Relay Chat (IRC) channel, a type of computer chat room; it can seize control of a network of computers and use their combined power in a DDoS attack. The attack is aimed at the target website and when the LOICs are activated they flood the website with a deluge of data requests at the same time.

The DDoS attack prevents the overloaded server from responding to legitimate requests and slows down the website to a crawl -- or shuts it down totally. The attacks are coordinated in the IRC channel, and on Thursday, around 3,000 people were active on the Operation: Payback channel at one stage.

First Arrests

While U.S. law seems clear, international law is more complicated, Saper explained. It's unclear whether the international pressure on websites to cut off WikiLeaks could violate the site's right to freedom of expression, she told FoxNews.com. 

"This question requires an interesting legal analysis of the public policy arguments for and against WikiLeaks' distribution of private or classified information."

Dutch police Thursday made the first arrest in connection with the cyber attacks. According to a report in Dutch newspaper De Telegraaf, a 16-year-old boy was arrested in the Netherlands, and Dutch authorities have not ruled out further arrests, the newspaper said.

While Holder investigates, it may only be a matter of time until legal action is taken in the U.S. Chester Wisniewski, a senior security advisor with Sophos, confirmed that hack assaults using the LOIC tool appear to be a violation of U.S. law.

"In the United States, yes, it would be a breach of the Computer Fraud and Abuse Act to intentionally attack a website in the U.S. with the intent of denying service," Wisniewski told FoxNews.com

Operation: Payback seems unconcerned with the legality of its actions, comparing the online activism to other acts of civil disobedience in U.S. history.

"During the Civil Rights Movement in the United States in the 1960s access to many businesses were blocked as a peaceful protest against segregation. In their efforts, the protesters of the time managed to make drastic changes to police and governments by refusing to be silenced."

"In the spirit and memory of that movement and many others we will refuse to be silenced. We will protest!"

Reuters contributed to this report.

Jeremy A. Kaplan is Science and Technology editor at FoxNews.com, where he heads up coverage of gadgets, the online world, space travel, nature, the environment, and more. Prior to joining Fox, he was executive editor of PC Magazine, co-host of the Fastest Geek competition, and a founding editor of GoodCleanTech.