BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Wednesday, 20 June, 2001, 13:07 GMT 14:07 UK
World Bank risks attack from net protesters
World Bank protests in Prague
Those who protest online can be much harder to silence
By BBC News Online technology correspondent Mark Ward

Plans by the World Bank to avoid protests by moving a controversial conference on to the internet could backfire.

The net-based conference is likely to draw the attention of computer savvy activists and could encourage far more people to join the protests than could make it to Barcelona in person.

Widely known techniques for bombarding sites with bogus data could be used to disrupt the conference and scupper plans to hold e-mail debates on the speeches being webcast.

In the past the World Bank has been targetted by web-based activists who tried to swamp its site with e-mails protesting about its policies.

Net protest

This week the World Bank announced that a conference due to be held next week in Barcelona is being moved to cyberspace to head off protests.

Thousands of activists were threatening to turn up and disrupt the event. The Barcelona authorities were planning a heavy police presence to stop protests getting out of hand.

"To have 200 academics protected by 4,000 police would have been absurd," said a spokeswoman for the World Bank. Now the World Bank's Third Annual Conference on Development Economics will go ahead online.

During the two-day conference, presentations will be webcast and questions will be put to the speakers via e-mail.

However, moving the conference to the web might make it much easier for protesters to disrupt the meeting.

Already many of the groups previously planning street protests in Barcelona are circulating registration details for the conference and encouraging people to sign up and put difficult questions to the speakers.

Unwelcome guests

But activists could find it much easier to take a more direct way of making their views felt.

Tools to set up so-called denial-of-service attacks are widely available on the net that make it possible to effectively sever a websites links with the web by bombarding it with bogus packets of data. The hard part of setting up such an attack is compromising enough otherwise innocent PCs to launch the bogus packets on behalf of the protester or malicious hacker.

In the past some groups protesting about the World Bank's activities have simply bombarded the institution with thousands of requests for information.

In May 2000 a French activist group called the Federation of Random Action created a chat program that fired off a mail request to the World Bank every time those chatting with the software typed words such as "poverty", "finance", and "investment".

Embedded in the bogus requests were phrases such as "Our life is not for sale", "Please crush us too!" and "Do you sell sheep shavers?".

Hack attack

Far larger protests have been organised by electronic activist groups such as Electrohippies which reportedly managed to draft over 400,000 people into deluging the website of the World Trade Organisation with messages.

But there could be an even easier way for computer-literate protesters to disrupt the online conference. Both the World Bank website and the site is hosting the conference, run the Microsoft IIS web server that has many widely publicised security holes.

Only this week the Computer Emergency Response Team issued an alert about the versions of Microsoft's IIS server being used by both the World Bank and Canalweb.

Detailed information about which versions of software are being run on particular websites, when they were last rebooted and which other sites reside on the same machines are easy to find online.

Malicious hackers often use this information and sniffing tools that look for well-known vulnerabilities when preparing to attack.

Older versions of the same software are used by many of the other servers run by both organisations. Malicious hackers often find a backdoor route into a site by exploiting vulnerabilities in old releases of software that have not been properly patched up.

Search BBC News Online

Advanced search options
Launch console

Direct action
Is violent protest ever justified?
See also:

19 Oct 00 | Sci/Tech
Cybercrime threat 'real and growing'
29 Apr 01 | Business
World Bank's plea for poorest
30 May 01 | Business
African bank hit by protests
27 Apr 01 | Business
Suburbans boycott World Bank
01 May 01 | Europe
Europe marks May Day with protest
Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories