Lycos has just launched a new screensaver that attempts to disrupt, but not disable, websites used by spammers to sell products. The goal is to slow down access to these sites by implementing a bandwidth attack – a client-side denial of service attack (DoS). Client-side DoS attacks differ from server-side DoS attacks because in order to be successful client-side DoS attacks require the participation of many thousands of individuals whereas server-side attacks usually involve a few individuals who break into computers and use them as zombies in order to conduct DoS attacks. Basically, each user that installs the screensaver receives a list from a central database of spam sites then issues a connection to each of the spam sites. If a large number of users begin making requests to the selected sites, the servers will become overloaded. Lycos argues that since these spam sites have to pay for their bandwidth �more requests means higher bills� for the spammers. Lycos has implemented a �health check� to ensure that no server is completely shutdown.
This is precisely the same technique used in past Electronic Civil Disobedience (ECD) campaigns. Though not as slick as the flash GUI that Lycos has the tools used in ECD campaigns ( Disturbance Developer Kit, e-hippie virtual sit-in tools) operate much the same way. Client-side DoS has been criticized by Oxblood Ruffin (of cDc/Hacktivismo) who describes it as “being pecked to death by a duck”.
The theoretical basis for ECD is found in two books by the Critical Art ensemble: The Electronic Disturbance and Electronic Civil Disobedience. The Critical Art Ensemble explains:
ECD is a nonviolent activity by its very nature, since the oppositional forces never physically confront one another. As in CD[civil disobedience], the primary tactics in ECD are trespass and blockage. Exits, entrances, conduits, and other key spaces must be occupied by the contestational force in order to bring pressure on legitimized institutions engaged in unethical or criminal actions. Blocking information conduits is analogous to blocking physical locations; however, electronic blockage can cause financial stress that physical blockage cannot, and it can be used beyond the local level.
The tactic of ECD has been widely deployed most notably in 1998 by the Electronic Disturbance Theater (against the Mexican Government in solidarity with the Zapatistas), in 1999 by the electrohippies (against the WTO in conjunction with the street demonstrations in Seattle) in 1999/2000 by RTMark/eToy (against eToys.com in support of eToy.com), in 2000 by Federation of Random Action (against the Worldbank in conjunction with the street demonstrations in Prague) in 2001 by the electrohippies (against the FTAA in conjunction with the street demonstrations in Quebec City) and in 2002 by the Electronic Disturbance Theater (against the WEF in conjunction with street demonstrations in Davos).
Lycos measures the effectiveness of their campaign by the amount of bandwidth consumed:
The basic operation fo the Lycos screensaver is simple:
After a few requests for xml files to update the flash world map, a request is made to acquire the targets:
GET /xml/[TRUNCATED]/CONFIG_73805892737406.xml HTTP/1.1
User-Agent: Shockwave Flash
HTTP/1.1 200 OK
Date: Sat, 27 Nov 2004 18:44:47 GMT
Content-Type: text/xml; charset=UTF-8
<?xml version=”1.0″ encoding=”UTF-8″?>
<target id=”TVRBd01EQXdNak16″ domain=”www.getpaid2.com”
bytes=”152462″ hits=”1733″ percentage=”100″
responsetime01=”849″ responsetime02=”0″ location=”US” />
<target id=”TmpBNU1BPT0;” domain=”fine.fineloan.org”
bytes=”4025925324″ hits=”28403679″ percentage=”100″
responsetime01=”951″ responsetime02=”672″ location=”KR” />
<key name=”source-xml” value=”http://backend.makelovenotspam.com/xml” />
<key name=”interval-diagram” value=”10000″ />
<key name=”post-data-length” value=”30″ />
<key name=”refresh-xml” value=”1200000″ />
<key name=”current-version” value=”1.0″ />
<key name=”spray-filter-count” value=”39″ />
<key name=”url-report” value=”http://backend.makelovenotspam.com/report” />
<key name=”average-percentage” value=”100.0″ />
<key name=”bytes” value=”105152118177″ />
<key name=”hits” value=”620835843″ />
<key name=”downloads” value=”9720″ />
<key name=”target-count” value=”456″ />
Then it sends a request to the spam server (not a properly formatted HTTP request) which generates a HTTP error:
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<TITLE>501 Method Not Implemented</TITLE>
<H1>Method Not Implemented</H1>
</makeLOVEnotSPAM> to /index.html not supported.
Invalid method in request <makeLOVEnotSPAM>