Wednesday, January 7, 2009

Domestic cyber war finally arrives

[h/t Delawareliberal via the Kos]

So the Soapbox blog platform has been hacked, cracked, and dropped. If reports today are correct, the folks at Soapbox have no intention of staying in business. Overwhelmingly (I trust DelDem for this) Soapbox has been a host for liberal/progressive blogs, and so the chatter is about some sort of Conservative/GOPer attack.

None of this is new, even though the intensity has increased. For example, at least two political blogs I check fairly frequently (Independent Political Report and Libertarian Republican) have been attacked and taken down for as much as a day or two within recent memory.

Bruce Sterling, father of SF cyberpunk, must be bemused to see this happening.

You may recall that in the mid-1990s when we were bombing the shit out of the Serbians over Kossovo, Serbia tried to hack both NATO and US sites; groups reportedly associated with Al Qaeda or other Islamist movements have attempted cracking over the past few years, and it used to be that when you visited Al Qaeda's original website this Eagle jumped out at you with a message something like This site hacked, cracked, and jacked by the FBI.

I'm probably (make that certainly) on a list somewhere for knowing that, and for admitting to visiting the Al Qaeda website.

Friends in other places suggest to me that, aside from targeting cell phone towers, keeping reporters out of Gaza, and starting its own YouTube channel, the Israeli Defense Force also has an active presence hacking and cracking Palestinian blogs and websites. I don't visit any of them often enough to know.

There is also at least one story (just a hair above the urban legend category) that about six years ago somebody made a serious run at hacking and cracking the control software for one of Gazprom's major refinery sites in Russia, and actually caused some major problems that ended just short of a disastrous shutdown. Russia's never really admitted to it, but friends with the right connections tell me there is something to the story.

Obviously, corporate security concerns have been rising in this area for the past decade as well.

But it had to be only a matter of time before blogging--that most egalitarian form of the new media fell prey to this, primarily because of the platform bottleneck effect. If I put up a political website (like or something), then that site has to be individually hacked and cracked, and even success won't take down anybody else. But most of the tens of thousands of blogs out there now depend on a relative handful of common platforms.

Sink Soapbox and you sink a lot of liberal/progressive blogs (along with, I'm sure, a lot of nice people blogging about their gardens, or adoption, or investment strategieis--we sometimes tend to forget that the political blogosphere is only a sub-set of the whole).

The immediate take, of course, is split between an ideologically motivated attack (70% of the comments I've seen) and the old hackers will hack anything that looks vulnerable (30%).

I have a different take. I think there is a very real possibility that the authors of this attack picked their victim carefully, but with more interest in market-share than ideology, and more interest in advertising their capabilities than shutting down liberal/progressive voices.

Consider: as the number of blogging platforms has begun to increase, the smaller, almost boutique platforms have tended to do something that Blogger and Wordpress didn't do: attract specific, distinct market segments. I'd guess that some of their features were even designed to appeal to political or-even more specifically--progressive political bloggers. With a good market share of a distinct genre, replete with successful branding, this has the unintended consequence of also making specific market segments more vulnerable to a sector attack.

This development, quite frankly, is only to be expected. Information war is often mistakenly regarded as some sort of cyberpunk concept, but it has existed in different guises for centuries--at the very least since the explosion of capitalist economic activity in Western Europe in the 1500s.

And you can be pretty sure that the new battlefield is going to be dominated by three or four specific types:

1) The Hired Guns: people who will hack and crack anybody on any side at any time ... for a price.

2) The Zealots: people committed to an ideology and committed to shutting down the opponent's voice ... by any means necessary (sorry, Malcolm).

3) The Defenders: people who will make a living selling a sense of security to fear-filled bloggers ... as opposed to selling them real security. That age is pretty much over.

4) The Regulators: people who will inevitably argue that this despicable behavior calls for more government regulation and control of the blogosphere (and the whole Internet for that matter). If you think I'm full of shit here, read about what's currently happening in Australia, Great Britain, and even in the so-called Net Neutrality movement.

The new reality is this: you have no inherent right for your speech on the internet to be protected by anyone except for people you pay to do that job. And--at this point--it is arguable exactly what kind of crime the hackers and crackers who took down Soapbox have committed. At best, a crime against Soapbox; the company's clients will not have (and should not have) any recourse against the people who attacked Soapbox, which means you'd best select your blogging platform very carefully.


Delaware Watch said...

I'm sure you don't mean it this way but this sounds like you are making a distinction between liberal/progressive bloggers and "nice people":

"Sink Soapbox and you sink a lot of liberal/progressive blogs (along with, I'm sure, a lot of nice people blogging about their gardens, or adoption, or investment strategieis....)

Steven H. Newton said...

I actually meant to draw that distinction between ALL political bloggers and those other nice people....

But you're right--I structured the sentence poorly