'Hack-tivist' threats on the rise

WASHINGTON -- "The methods they are using are in their infancy," said Kent Anderson of Control Risks Group, an international business risk consultancy.

The political cyberthreat was highlighted along with those on the ground at a rollout of the British-based company's "Risk Map 2001," an annual survey of perceived dangers to corporate clients.

Anderson traced "hacktivism" to the 1994 Zapatista guerrilla uprising for greater democracy and Indian rights in the southern Mexican state of Chiapas.

The Internet-era activism brings the methods of guerrilla theater, grass-roots organizing and graffiti to cyberspace. Operations include espionage, Web page defacements, "denial-of-service" attacks to swamp the target, and virus infections.

"We're going to start seeing this sort of thing for a whole range of issues," including animal rights and other fringe causes, said Anderson, a data security expert whose resume includes consulting jobs for the FBI and its counterparts in Britain, Russia, Germany, Norway, Denmark, and Switzerland.

Hacktivists are increasingly focusing on companies rather than governments, he told a press conference. Calling it a "gray area" for law enforcers, Anderson said in some ways the phenomenon was not unlike old-fashioned picketing.

The survey listed 12 countries or parts of countries as representing "extreme" political and security risks to multinational companies, up from five in 1997, when Control Risk introduced its current ratings scale.

Those countries are Afghanistan, Burundi, Chad, Congo (Brazzaville and Democratic Republic of Congo), Eritrea, Theiopia, Liberia, Russia (Chechnya), Sierra Leone, Somalia, Sri Lanka (north and northeast), and Sudan.