Can a DDoS attack on Whitehouse.gov be a valid protest?
- 18 January, 2017 11:11
When Donald Trump is inaugurated as the U.S. President on Friday, Juan Soberanis intends to protest the event -- digitally.
His San Francisco-based protest platform is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service attack, an illegal act under federal law. But Soberanis doesn’t see it that way.
“It’s the equivalent of someone marching on Washington, D.C,” he said on Monday. “Civil disobedience has been part of the American democratic process.”
Soberanis’s call to action is raising eyebrows and highlights the isssue of whether DDoS attacks should be made a legitimate form of protest. Under the Computer Fraud and Abuse Act, sending a command to a protected computer with the intent to cause damage can be judged a criminal offense. But that hasn’t stopped hacktivists and cyber criminals from using DDoS attacks to force websites offline.
In 2013, the U.S. charged 13 people affiliated with the hacktivist group Anonymous for launching DDoS attacks on government entities, trade groups and law firms.
Typically, hackers launch such attacks by using several servers, or huge numbers of infected PCs called botnets, to flood their targets with an overwhelming amount of traffic.
Soberanis's protest effort is simpler. He’s hoping that millions of individuals join his protest by visiting Whitehouse.gov and continually refreshing the page.
“There’s nothing illegal,” he said. “We are just a large group of people, making a GET request,” he said, referring to the HTTP request method to access a web page.
Soberanis, who works as a software engineer, created his Protester.io platform about a month ago to encourage activism. It currently has no funding, but the site managed to gain a bit of buzz last week. The PR Newswire public-relations service circulated a press release from Protestor.io, only to retract it later after realizing the release was calling for a “take down” of Whitehouse.gov.
“There’s also been some detractors,” he said. “They support Trump and have a very different viewpoint.”
Soberanis isn’t the first to argue that DDoSing can be a form of legitimate protest. Briefly in 2013, a failed online petition was posted on the White House’s website about the same subject. It argued that DDoSing a website was not a form of hacking, but a new way for protesting.
“Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website,” the petition said.
Some agree and think that DDoS attacks, in certain scenarios, can work as a valid form of protest.
Laws like the Computer Fraud and Abuse Act are “over broad” and “chilling” political speech, said Molly Sauter, author of The Coming Swarm, a book that examines DDoS attacks used in activism.
A DDoS attack on Whitehouse.gov -- a site designed more for public relations than for operations – also wouldn’t disrupt any major government activities, Sauter said. Taking it down could be seen as “more or less like protesting outside on the street,” she said.
“Now, is that going to be successful?” she asked. “Frankly, it’s not likely that the Whitehouse.gov site wouldn’t have DDoS protection.”
But others think a DDoS attack on the Whitehouse.gov is still a crime. Making it legal would open a can of worms, they say.
“If they can do this to Whitehouse.gov with impunity now, can they also do it to Exxon without worry of legal troubles?” said Mark Sauter (no relation to Molly Sauter), a former U.S. Army officer who consults security and tech companies.
He questions why protestors like Soberanis are resorting to DDoS attacks when they can publish their own websites or speech against Trump.