Will the democratization of cyber-attacks kill freedom of expression?

Speaking at a recent technology gathering in Boston, Jose Nazario (of Arbor Networks), one of the world’s foremost experts on network security, made an interesting observation about the much-feared denial-of-service (or DDoS) attacks. Nazario pointed out that they are becoming rapidly democratized, moving away from the domain of trained hackers and getting more accessible to ordinary Internet users. One direct consequence of such democratization is that cyber-attacks are emerging as powerful tools of protest and even of political speech. After all, why clutter the inbox of your least favorite congressmen with angry letters you could simply rent a botnet to take down their email altogether? Given how inexpensive it is to compromise most computer systems, this may option may seem very appealing. A recent column in The Boston Globe puts things in perspective:

So what is the going rate for the guys who want to steal and sell your private information to other parties? Let’s see, 10,000 compromised PCs will run you $1,000. Bank account credentials start at $50. Malware installation on PCs costs 30 cents apiece in the United States and 10 cents in the United Kingdom. You can rent a kit to create your own bot application for $1 an hour, $5 for five hours. Bad guys will pay $250,000 for access to a big server with gaping security holes in it. Access to Mozilla – my Mozilla – goes for a mere $500.

If those are, indeed, the going rates for silencing your opponents, the next generation of protesters would prefer to invest in botnets – not t-shirts ! –  to make their political statements. Unfortunately, this doesn’t bode well for the freedom of expression on the Internet; some social and ethnic groups already find it hard to preserve their Web presence under the barrage of cyber-attacks launched by their enemies. For a taste of things to come, one could look at the plight of the LGBT community in Russia. Here is what Dancho Danchev, an independent security consultant, who follows the cyber threats emanating from Russia quite closely, recently posted on his blog:

A week long DDoS attack launched against Russia’s most popular commercial homosexual sites has finally ended. The simultaneous attack managed to successfully shut down the web servers of most of the sites, which responded with filtering of all traffic that is not coming from Russia. Ironically, the attack was in fact coming from Russian, courtesy from a botnet operated by a DDoS for hire service…Since the sites are commercial providers of homosexual multimedia content and are thereby bandwidth-consuming, the attacks were aiming to disrupt their business operations, and they managed to do so. Russia’s government is well known to have a rather violent take on homosexuality in general, and with overall availability of outsourced DDoS attack services offering anonymity and destructive bandwidth, the efforts to request such an attack remain minimal.

Given how hard it usually is to track most cyber-attacks, such developments are truly disturbing. As tools of cyber-attacks are becoming cheaper and available to anyone, we are poised to see more and more critical voices drowned in such attacks. Perhaps, democratization of cyber-attacks is not such a good thing, after all.