BEIRUT: Every now and then government websites become an unwilling platform for hacker activists to voice their concerns.
Users who logged onto the Parliament’s website on Feb. 23 were greeted with a photograph of Sheikh Ahmad Assir and a message, courtesy of the hacker collective Team Kuwaiti Hackers: “Hezbollah has always bullied Sunni Muslims and now it is doing the same with Syria. The President of Syria Bashar Assad is a sheep.”
The defaced site, however, was quickly restored and business went on as usual.
While similar cyberattacks have become more frequent, they remain sporadic and restricted to hacker collectives of just three or four people operating across the country, most between the ages of 15 and 18. Without coordination, these collectives have not yet developed into a bona fide electronic movement, which remains a pipedream among an eager few.
“The hacker community in Lebanon is small compared to other countries; it is composed of amateur hackers and they often meet online in hacking forums or social networking sites,” said the Lebanon-based hacker “M4D,” part of a group called the “Mad Hackerz Team.”
The group made headlines in March 2012 when it defaced a number of government and municipality sites. They claimed the cyberattacks were meant to be a “wake-up call directed at the Lebanese,” and a way to vent frustrations about social inequalities.
“What equality is there when our salaries are LL400,000 per month and an apartment costs at least $100,000?” they asked.
The peaceful electronic revolution the Mad Hackerz Team had envisioned never materialized, and M4D said he stopped hacking altogether.
“I consider my attacks on the Lebanese government websites an electronic revolution. I wanted to express my own opinion my way and claim my rights and the rights of the Lebanese people,” said M4D, adding that he wasn’t especially skilled in organizing demonstrations, and that “websites were the only and the best way to deliver my message.”
Government sites are very easy to penetrate for hackers like M4D, because their servers are often replete with security vulnerabilities that can be easily exploited.
Often, if hackers want to infiltrate a site, they will look for coding mistakes made by the programmer who initially built the site. These are found in the Web application code or the server hosting the site. The hacker then exploits the vulnerability in order to control the site. There are a number vulnerabilities in Lebanese Web applications that make a site susceptible to hacking, notably a method called bypass exploitation.
“This is a high-risk vulnerability because it can be exploited very easily. It allows hackers to assume the identity of another user within the application without needing to know the victim’s password,” M4D said.
Interested in everything technology-related since he was young, M4D grew accustomed to computers at an early age. He taught himself basic programming when he was 8 and “computers became my friends at all times, because I wasn’t interested in other activities, like sports, like most children at this age.”
Most computer hackers in Lebanon are self-taught and rarely meet face-to-face, but interact on forums online using virtual nicknames. As many pursue their studies in computer-related fields, the classroom is also a potential meeting place.
However, an educational system that fails to adequately address technological advancements was listed as one out of a number of reasons why an electronic movement has yet to take root.
“There aren’t very many technology conferences or events for us,” one hacker, who spoke on condition of anonymity, told The Daily Star.
Some hackers have chosen to employ their technical skills to further a career in “ethical hacking” or professional penetration testing.
“I began hacking as a way to gain some knowledge in the technical field. In my opinion, the best way to be a professional penetration tester is to learn black hacker methods [illegal computer hacking, such as defacing websites] in order to learn how to deter them,” said Ali, who did not provide his last name.
The influence of the Anonymous group, a loosely associated online community which began in 2003 but acquired its reputation for international hacktivism after 2008, was thought to have extended to Lebanon after the government sites were hacked. But members of the country’s small hacker community say the movement has yet to wield any significant influence.
“In principle [the movement lacks influence] in Lebanon because people are scared and those who did hack sites did not call for a protest or anything specific, they just sent a digital message to the government,” said “WhiteOne,” an ethical hacker, who works as a consultant.
“It’s very hard [to start a movement] here because the number of [regular] hackers is very low,” he said, “In Lebanon, most active hackers are only 13 to 18 years old and they work in small groups with no central organization.”
A 19-year-old from Tripoli, WhiteOne hacked his first email address when he was 13, then moved on to computers and websites until 2008, when he “realized hacking comes with responsibilities” and so reverted to ethical hacking.
He estimated that the hacking community numbers about 20 people between the ages of 13 and 18: “I know almost all of them, and others I’ve heard about.”
Despite the barriers, one group in the country claims to be loosely affiliated to the Anonymous movement. The Lebanon-based hacker group, Raise Your Voice, defaced 16 government sites last April.
The group established itself in the online community by forming a page on Facebook.
A member of the group said it has attempted to organize networking events, but suffered from consistently poor turnouts. “Most people in Lebanon follow their political leaders blindly, so organizing big protests are hard,” said “anonymous#0.”
The group has used computer hacking as a means to voice its concerns, but soon halted its hacking campaign because the “government doesn’t care if we hack their sites – it won’t change anything.” They began using the Internet as a tool to mobilize activists on the streets and raise awareness.
“Hackers in our country aren’t an actual threat to political stability,” anonymous#0 said. “The government doesn’t care too much about our attacks through the Internet.”