Confusion Over 'Cyberwar'

by James Glave

updated 3:00 a.m. 30.Jan.99.PST

3:00 a.m. 12.Jan.99.PST

Members of an elite underground group implicated in attacks on Chinese government computer systems denied recent reports that they fomented a cyberwar, blaming the work on imposters.

"The statement that 'The Legions of the Underground wishes to declare war on China or Iraq's internal information networks in order to destroy, damage, or harm their computers, systems, or networks' is totally false," said a 7 January statement signed by 21 members of the group.

[From Glave's "Crackers Call Off 'War'" article, we see: "Citing its opposition to human rights violations, the 24-member Legions of the Underground called for a sustained attack against the computer networks of both countries on 29 December." Worse: "A Legions member supplied Wired News with a server log that purported to show attempted This means that Wired was supposedly in touch with them. Either Glave is wrong, didn't verify his sources, or is just catering to what sounds good.]

"The Legions of the Underground does not support the damaging of other nations' computers, networks, or systems in any way, nor will the [group] use their skills, abilities, or connections to take any actions against the systems, networks, or computers in China or Iraq which may damage or hinder in any way their operations."

On 30 December, during an online news conference, a cyberwar was declared on the nations of Iraq and China. Group member Steve Stakton -- who used his online name Optiklenz -- led the discussion that called for five days of concerted attacks to draw attention to human-rights abuses in both countries.

However, in an email to Wired News, Legions member Bronc Buster suggested the comments attributed to Stakton were made by someone posing as a member of the group.

[A good lesson in verifying sources.]

"[The] declaration of war was a statement issued by one member before he left and never came back," Bronc Buster wrote. He said that Stakton has been offline for two weeks.

An international coalition of hackers condemned the Legions war declaration with a strongly worded statement. And some members of that coalition speculated that the Legions of the Underground had retracted its call to arms to deflect unwanted attention.

"Whether the original IRC Press Conference was spoofed or not, [Legions] definitely has motivation at this time for saying it was," said Space Rogue, editor in chief of the Hacker News Network and a member of the Boston-based hacker group L0pht Heavy Industries.

"The China government is exerting some serious pressure to find these guys, according to some sources. This pressure is obviously finding its way down the chain, and these guys are scared," wrote Space Rogue. The dispute may never be resolved, but it highlights the challenges that face underground computer organizations and the media who report on them. Establishing positive identity of people whose actions skirt the law is a very difficult undertaking.

"While we have no proof that the [IRC] conference was legit, we also have no proof that it was spoofed," Space Rogue said in an email.

"I am getting the definite feeling now that a lot of them do not agree with that [declaration]," said Emmanuel Goldstein, editor of 2600: The Hacker Quarterly. Even if it was someone in the group, it doesn't seem to represent everyone in the group."

"It shows how easy it is for someone to be misrepresented on the Net," Goldstein said. "The purpose of the statement [condemning information warfare] was not to condemn Legions, but to condemn those statements."

Bronc Buster insisted that the cyberwar statements did not represent the views of the group, and that Wired News and other media groups were misled by false identities.

"With the size of [Legions], numbering some 20-plus members, and our loose organization, we realize it may be hard to verify if someone is in fact a member," Bronc Buster said in an email.