Framing digital activism: The spectre of cyberterrorism
First Monday

Framing digital activism: The spectre of cyberterrorism by Fidele Vlavo

For the past 20 years, the word ’cyberterrorism’ has been used to describe online practices considered to be acts of terror. Yet, so far, experts and lawmakers have been unable to recognise and agree on what actually constitutes cyberterror. This paper retraces the origin of the term to show that the label of cyberterrorism is part of a discursive framework that aims to deter the development of cyberprotest and cyberactivism. The main argument is that while socio-political protest occurs in the digital sphere, cyberterrorism does not, and will not, happen in the near future. As such, it is critical that the word be excluded from contemporary debates about activism and digital networks.


Resistance in cyberspace
Terror in cyberspace
Framing digital activism




In November 2013, computer hacker and Anonymous member, Jeremy Hammond, was sentenced to 10 years in jail for his involvement in the hack against the U.S. private intelligence firm Stratfor [1]. For leaking confidential information, Hammond was prosecuted under the Computer Fraud and Abuse Act (CFAA) and found guilty. As part of his sentencing statement, He described his action against Stratfor as an act of civil disobedience. Explaining his disappointment with traditional means of protest, Hammond (2013) declared, “the hypocrisy of ‘law and order’ and the injustices caused by capitalism cannot be cured by institutional reform but through civil disobedience and direct action.” Despite this political stand, Hammond’s hacking practices were not recognised as activism or civil disobedience and he received the maximum sentence for his actions. This illustrates that to this day there is little recognition of the use of hacking for activist purposes, that is, hacktivism. This is partly due to the lack of knowledge and scholarship on the development of online direct action. In the case of Hammond, the presumption that the court would associate his hack against Stratfor with civil disobedience was futile. Instead, Hammond was caught up in the effects of the discourse of cyberterrorism and, as will be argued in this paper, his utilitarian sentencing is the result of a long-programmed framing of digital activism.

This paper provides a critical and historical account of the concept of cyberterrorism. Counter to most assumptions, I argue that for the past two decades the discourse of cyberterror has mainly served to deter the development of cyberprotest and hacktivism. This argument is threefold. I first I examine cyberprotest and explain how the concept was articulated to counter accusations of cyberterror and cybercriminality. The discussion focuses on the discourses developed by early activists and artists such as the Critical Art Ensemble, Electronic Disturbance Theater and the Electrohippies. Second, I retrace the origins of the term ‘cyberterrorism’ and its relationship to terrorism in order to establish the context within which it began to circulate. I raise questions regarding the use of the label ‘cyberterrorism’ despite its ambiguity, and also despite the persistent lack of expert knowledge and legal agreement on what actually constitutes cyberterror. I finally suggest that, not unlike a spectre, the rhetoric of cyberterrorism has mainly restrained the development of cyberprotest. The term is used to frame online direct action as a new form of terror and, in the absence of specific definitions and consensus, it only facilitates the spreading of technological fear and the relentless prosecution and condemnation of online activists.



Resistance in cyberspace

In 1994, the U.S. group of artists and activists Critical Art Ensemble introduced the concept of electronic civil disobedience, a new form of political activism based on the Internet. The idea behind electronic civil disobedience (ECD) is to practice socio-political resistance within digital networks. Originally written for an installation art show, the essay entitled ‘Electronic civil disobedience’ was published in 1996, along with five additional texts, under the title Electronic civil disobedience and other unpopular ideas. A first book, The electronic disturbance, was published in 1994 and discusses the use of computer hacking for the purpose of political activism. Together with a third publication, Digital resistance, these books constitute Critical Art Ensemble’s theorisation of online activism.

The argument put forward by the Critical Art Ensemble is that traditional forms of resistance, such as strikes and street demonstrations, no longer seem to function within the digital era. Since economic and power values appear to have relocated into the digital sphere, contestation and resistance should also become virtual. The Critical Art Ensemble’s new notion of socio-political dissent immediately appealed to artists, activists and media theorists and by the late 1990s several electronic protests were organised worldwide.

One of these electronic protests was organised by the Electronic Disturbance Theater (EDT), another group of activists and artists from the U.S. This digital intervention, known as the Swarm Project, was staged as part of the Ars Electronica festival in 1998. Ricardo Dominguez, lead member of the Electronic Disturbance Theater, conceived the project along with computer programmers Carmin Karasic and Brett Stalbaum and media activist Stefan Wray. As Dominguez describes, the Swarm project aimed to replicate the methods of civil disobedience used in the 1960s during the U.S. anti-war and civil rights movements (Vlavo, 2014). The idea was to create a form of resistance and disruption by temporarily limiting or interfering with the digital flow of information.

For this project, the artists-activists developed FloodNet, a software application designed to temporarily block access to specific Web sites. In the same way that activists physically blocked access to buildings, FloodNet enabled the performance of virtual sit-ins on the Internet, and on 9 September, during the art festival, the Electronic Disturbance Theater launched its virtual protest against the sites of the Mexican president, U.S. Pentagon and Frankfurt Stock Exchange. The event was organised in support of the Zapatista uprising movement in Chiapas, Mexico. As part of the performance, participants were invited to download the automated software and reload the pages of the targeted Web sites. Through the technique of denial-of-service (DoS), FloodNet was configured to request and download pages from the sites every three seconds for the duration of the event resulting in a slowdown of hosting servers.

Prior to the performance, the Electronic Disturbance Theater set up a Web site to provide information about the event and invite Internet users to participate. The group issued an explicit notice about the risks of virtual protest. As they downloaded FloodNet, participants were directed towards an explicit disclaimer: “WARNING: This is a protest, it is not a game, it may have personal consequences as in any off-line political manifestation on the street” (Electronic Disturbance Theater, 1998a). The activists also included a detailed list of the potential risks for those participating in virtual protest which included the following statements:

  1. Your IP address will be harvested by the government during any FloodNet action. When you click and enter FloodNet your name and political position will be made known to the authorities. (Similar to having your picture taken during a protest action on the street.)
  2. Possible damage to your machine may occur because of your participation in the FloodNet action. (Just as in a street action — the police may come and hurt you.) (Electronic Disturbance Theater, 1998a)

In addition, the homepage contained the full details and schedules of the Swarm protest including a brief statement on the purpose of the event.

The activists justified the project as a way to “demonstrate our capacity for simultaneous global electronic actions and to emphasize the multiple nature of our opponents, FloodNet will target three Web sites in Mexico, the United States, and Europe representing three important sectors: government, military, and financial” (Electronic Disturbance Theater, 1998b). While it was suggested that the Mexican government Web site had experienced a reduction of its activity during the protest, there was no evidence that the servers were ever at risk of shutting down, mostly because the targeted organisations had been informed in advance and also because their network infrastructure are design to support large numbers of online visits (Vlavo, 2014).

Accordingly, the Electronic Disturbance Theater defended that electronic civil disobedience was an artistic as well as an activist project. The FloodNet application was used to create a potential threat rather than engender technological damage. As Dominguez explains, denial-of-service attacks are clearly inefficient as a means to shut down a specific corporate Web site, however

our approach was that we wanted to create a platform where one didn’t have to be a hacker or a cracker or a cyborg, that one could understand the most rudimentary language, HTML, and understand that there’s this little button on the refresh, reload; all that this FloodNet did was count you and then how many people. (Vlavo, 2014)

Another member of the Electronic Disturbance Theater, Stefan Wray (1998), argued that electronic civil disobedience constituted the first level of transgression which realised the Internet infrastructure as a site for direct political action. For him, electronic civil disobedience could only be conceived as a symbolic gesture which established a clear distinction between symbolic electronic civil disobedience and computer cracking. As such, the foundations of online activism were routed in, and built upon, the legacies of past activist movements and practices.

Similar online actions were staged during the Seattle protests against the World Trade Organisation, this time organised by the Electrohippies, a U.K.-based activist group. In November 1999, the Electrohippies organised a virtual sit-in against the World Trade Organisation Web site along side thousands of alter-globalisation demonstrators marching down the streets of Seattle. Like the Electronic Disturbance Theater and Critical Art Ensemble, the Electrohippies considered electronic civil disobedience as a legitimate tactic of socio-political activism.

In response to the claim that the group was engaging in cyberterrorism, lead member Paul Mobbs explained his conceptualisation and use of denial-of-service as a protest tactic. Mobbs argued that a clear distinction should be made between computer hacking and cracking. On the one hand, hacking is undertaken for the main purpose of sharing knowledge and information, which is based on the belief that all data should be made free. Cracking, on the other hand, is performed by malicious computer users mostly with criminal intents (Mobbs and the Electrohippies Collective, 2001). The illegal access to computer systems for criminal purposes should be condemned and prevented, but it should not be conflated with hackers’ legitimate use of the Internet for political activism (Mobbs and the Electrohippies Collective, 2001). For Mobbs, the Internet is a structure originally created for public interaction and, therefore, the re-appropriation of the digital network by major corporations for economic and financial gain justifies online activism as a means to protect the digital public space. As he declares, “there is no practical difference between cyberspace and the street in terms of how people use the ’Net” [2].

To prove their democratic and legitimate engagement and to counter accusations of cyberterror, digital activists, such as the Electrohippies and Electronic Disturbance Theater, have adopted a strict approach to the organisation of virtual sits-ins. First, online activists have to formally identify themselves (with a group name and/or a Web site) to avoid anonymity. Second, they have to provide full details of their actions and the motivation for staging the online protest. These should ideally be part of off-line events or mobilisation movements. Third, no anonymous denial-of-service action should be authorised and all target institutions should be notified of the strikes in advance; the rationale being that law enforcement authorities should be able to “track us down in a few hours” [3].

With these procedures, activists emphasise their commitment to non-encrypted communication and the full disclosure of their protest activities. Mobbs further argues that since covert or anonymous computer cracking cannot be used as a democratic tactic for protest, activist groups should use mass participation and public announcement in order to validate online activism, “if the ’Net is to be used as a valid tool for protest and dissent then we must develop it in a manner that makes it hard for the State and law enforcement authorities to challenge the validity of the tactics” [4].

The Electrohippies’ digital actions, but also those of the Electronic Disturbance Theater, are primary examples of what Tim Jordan and Paul Taylor term hacktivism; that is “activism gone electronic” or “a combination of grassroots political protest with computer hacking” [5]. In their analysis, Jordan and Taylor provide an in-depth and sophisticated account of hacktivism, arguing that this emerging practice is a specific social and cultural phenomenon that should be considered as part of the history of social movements and popular protest. While they consider the early developments of electronic civil disobedience as “the most direct attempts to turn ‘traditional’ forms of radical protest, such as street demonstrations, into forms of cyberspatial protest”, they also anticipate that through these actions, hacktivists will become easy targets of governments and media through the image of the cyberterrorist [6].

Yet, some of the limitations of hacktivism, or mass virtual direct action, clearly highlight the absence of malicious or criminal intent. In order to develop civil disobedience in cyberspace, a compromise between the physical and the virtual realms is necessary, and in many ways the practice of resistance against targeted Web sites was mostly metaphorical and symbolic. Indeed, the type of online protests staged by the Electronic Disturbance Theater and the Electrohippies (and most online activists) did not require mass participation.

Similarly, the Swarm project did not need to be presented as a creative performance during a prestigious digital art festival. The actions could have remained anonymous and be technically and logistically performed by one individual or a small group, as could be expected of so-called cyberterror attacks. However, the aim of these electronic protests was not to inflict actual damage but to bring public awareness. This is the reason why all digital activists arranged for collaborative and highly publicised events. Electronic civil disobedience actions were performed online in concurrence with street demonstrations, and in several cases, targeted institutions, such as the World Trade Organisation had received official and advance warnings about the virtual sit-ins. The central aim was therefore to use technologies that are “inefficient in cyberspatial terms but are efficient in political terms” [7].

This relentless attention to questions of legitimacy and recognition shows the concern of digital activists with potential accusations of criminality and terrorism. These have been the key preoccupations of online resistance from the start. It is also why most digital activists have been determined to dissociate online direct action from the labels of cyberterror and cybercrime through their practices and publications. However, government officials have disregarded these efforts and have chosen, instead, to frame online protest as national threats.

In 2002, the National Infrastructure Protection Center (NIPC, the U.S. agency responsible for the safeguarding of infrastructure networks and systems against hacking and viruses) issued a notice to the attention of the International Monetary Fund and the World Bank. The document was a warning regarding the potential threat of virtual attacks against international organisations. As part of their assessment, the NIPC experts gave a precise account of what they considered to be criminal actions:

Hacktivism describes the convergence of political activism and computer attacks and hacking, where “hacking” refers to illegal or unauthorized access to, and manipulation of computer systems and networks. The use of hacktivism has been noted in protest activities since the Electronic Disturbance Theater endorsed a series of so-called network-direct actions against Web sites of the Mexican government in 1998. Although there has been no direct cyber threat against the International Monetary Fund (IMF) and World Bank meetings during the week of September 23, 2002, several hacker groups may attempt to conduct cyber protests during the meetings. (NIPC, 2002)

The reference to Ricardo Dominguez’s here is unequivocal. For U.S. authorities, and the Federal Bureau of Investigation, what the Electronic Disturbance Theater and the Electrohippies considered to be symbolic and creative forms of protest were illegal online activities that should be monitored and prevented. Certainly, the term ‘cyberterrorism’ is not explicitly used, but the framing of digital direct action as a criminal activity is undeniable.



Terror in cyberspace

Searching for an authoritative definition of cyberterrorism instantly reveals a key fact: no national government has explicitly incorporated the word ‘cyberterrorism’ in any official or legal documents. The U.K. has issued no formal definition and the U.S. has framed its understanding of ‘cyberterrorism’ using terms such as ‘cyber attack’, ‘cybercrime’ and ‘cyber security’. As such, it is mostly scholars and journalists who have been using the term, referring to contentious online activities as actual, or potential, cyberterror. This absence of official definition is only contrasted by the plethora of academic accounts that seek to explain cyberterrorism. As early as 1998, Mark Pollitt defined cyberterrorism as “the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents” [8].

Many other definitions elaborate on this but like Pollitt’s account none of them refer to existing examples or cases. Instead, most rely on hypothetical and catastrophic scenarios to describe the possible consequences of terrorists’ access to the Internet. Brian Foltz’s [9] statement that “the threat of cyberterrorism exists, even if no acts of cyberterrorism have ever been committed” is a clear illustration of this tendency. Yet, this is the main issue regarding existing research on cyberterrorism. So far, there has been no study that convincingly distinguishes online actions as cyberterror.

For critics that attempt to define cyberterrorism, Dorothy Denning is often the key reference. In 2000, as part of her function as information security expert, she provided a testimony on cyberterrorism before the U.S. House of Representatives. In her statement, Denning defined cyberterrorism as

the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein as well as in when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. (Denning, 2000)

During this official hearing, Denning acknowledged the potential threat of cyberterrorism but also recognised that no such event had ever taken place. Yet, this part of the testimony is often ignored, along with the explicit link she makes between terrorism and cyberterrorism.

Nelson, Choi, Lacobucci, Mitchell, and Gagnon, all from the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School, also insisted in their study that “cyberterrorism must qualify as a subset of terrorism” [10]. In other words, any action considered to be cyberterrorism should also be qualified as terrorism when occurring off-line. The report also confirmed to the U.S. government that cyberterrorism was not a threat to the country. The reason was that terrorists did not possess the adequate expertise and capital to undertake serious attacks; “cyberterror is not a threat. At least not yet, and not for a while” [11]. Up until now, little evidence has been brought forward to overturn these conclusions.

This tension surrounding the discourse of cyberterrorism is very similar to the question of cyberwar. Thomas Rid provides a very useful analysis of the topic, arguing that cyberwar has never taken place and will not do so in the near future. Using Clausewitz’s definition of war, Rid explains that “an offensive act has to meet certain criteria in order to qualify as an act of war. Any act of war has to have the potential to be lethal; it has to be instrumental; and it has to be political” [12].

Rid’s dismissal of the term cyberwar is based on the fact that no single case of cyber-offense has ever caused the loss of human life or even damaged a building. Instead, he argues that all recorded cyber attacks can be classified as updated versions of old warfare activities that are known as subversion, espionage, and sabotage. These include cases of the so-called cyber war against Estonia in 2007, cyber-attacks against Georgia in 2008 and the Stuxnet worm attack which targeted Iran’s nuclear programme in 2009. Incidentally, these examples reappear in many discussions about cyberterror despite strong claims that these cyber-attacks were carried out by national governments [13].

Considering these arguments and the necessary relationship between cyberterrorism and terrorism, the challenge of defining the former becomes evident. Experts that seek to define ‘terrorism’ consent that there is no agreement about definitions, and despite decades of research and debates on the subject, governments and official institutions, including the United Nations, have been unable to reach a consensus [14]. However, one agreed element is that terrorism is almost always associated with acts of physical violence, death, and serious bodily harm to civilians and populations.

Yet, Bruce Hoffman also argues that the word ‘terrorism’ is first and foremost a political statement. It is an antagonistic term generally applied to one’s enemy. In addition, Hoffman contends that over time the meaning and usage of the word have changed to “accommodate the political vernacular and discourse of each successive era” and that “terrorism has proved increasingly elusive in the face of attempts to construct one consistent definition” [15]. It becomes clear then that the term cyberterrorism carries out a similar function; it is equally an afflicted and elusive term assigned to state’s enemies. This is evidenced by the general absence of references to acts of cyberterror but also by the tendency to produce definitions that are fluid and all-encompassing. Questions should be raised regarding this inclination to aggregate and conflate any possible definitions so that the term cyberterrorism becomes all inclusive.

More importantly though, the logic which conflates terrorism and cyberterrorism is flawed because so far there is no means to inflict direct physical injury or death with computers. As Pollitt states, “short of electrocuting one’s self with the power supply or being so unfortunate as to walk under a falling machine, we cannot, directly be killed or injured by a computer” [16]. This argument is very often contested by advocates of cyberterror and Pollitt himself suggests that computer should be referred to as indirect ‘weapons’.

Others create quick analogies to justify this position. Desouza and Hensgen, for example, refer to the use of firearms and argue that “it is not guns that kill people, it’s the people who use guns that kill people”, and therefore, “the sole consideration in cyberterrorism should be the intention of the actor, not their choice of weapon or method of conveyance” [17]. If we exclude the fact that, unlike computers, the very purpose of firearms is to inflict physical injury, this reasoning implies that any potential weapons should be considered as an instrument of terrorism. In this logic, we should be using terms such as ‘vehicle-terrorism”, “body-terrorism”, or even “saucepan-terrorism” but clearly, we do not [18]. Cyber-terrorism, on the other hand, has been rapidly adopted and that is because the term has a much more powerful and instrumental appeal.

The term cyberterrorism has become very popular partly because of the anxiety it produces. As Weimann explains, “psychological, political, and economic forces have combined to promote the fear of cyberterrorism [and] the fear of random, violent victimization segues well with the distrust and outright fear of computer technology” [19]. Furthermore, this fear of technology has been stimulated by the mass media. It has been welcomed by law enforcement and security consultants and politicians have strategically use it to push their agenda.

It was after the events of September 11 that the Bush administration created the Office of Cybersecurity and Communications within the U.S. Department of Homeland Security [20]. In the U.K., the Office of Cyber Security was formed in 2009, before becoming the Office of Cyber Security and Information Assurance, with the mission to keep the country safe in cyber space. In addition, and although it has no legislative or executive powers, The Council of Europe also tackled the issue of cybersecurity by adopting a Cybercrime Convention and a Convention on the Prevention of Terrorism. Note that none these institutions make explicit use of the word cyberterrorism.

Several critics have challenged the concept of cyberterrorism. Maura Conway (2011, 2002) not only argues that cyberterrorism has not, and will never occurred, but also explains why the term is not adequate. Looking at a wide range of media discourses, she contends that what is commonly referred to as ‘cyberterrorism’ is the use that terrorist groups make of the Internet. She recognises the increasing and varied applications of networked technologies in relation to terrorism but still defends that these cases cannot be considered cyberterrorism because the Internet is used there as a tool for communication. Similarly, Joshua Green (2002) argues that the emergence of the ‘myth of cyberterrorism’ demonstrates that “Americans have had a latent fear of catastrophic computer attack ever since a teenage Matthew Broderick hacked into the Pentagon’s nuclear weapons system and nearly launched World War III in the 1983 movie WarGames.’ Green also suggests that the increasing hype and speculation around cyberterrorism has been encouraged by IT security stakeholders as well as hidden political agendas. An example of this was the proposition from the Clinton administration, months before the events of September 11, to allocate US$2 billion of its budget to “continue to fight the threat of cyber-terrorism” [21].

Considering the complexity and contradictions surrounding the term ‘cyberterrorism’, it is surprising to find that little has been said about the historical context within which the word first appeared. Barry Collin, a researcher at the Institute for Security and Intelligence (which closed in 2000), is often cited as the one who coined the term. Many studies mention that he first used the word cyberterrorism around the 1980s, however, there is no trace or evidence that cyberterrorism was used this far back in time. Instead, Collin’s original statement first appeared in 1997, a few years after the publications of the Critical Art Ensemble on electronic civil disobedience, in a paper presented at the Eleventh Annual International Symposium on Criminal Justice Issues. This is important because, as evidenced by the extract below, the definitions that Collin proposes in his paper, ‘The Future of CyberTerrorism’, are based on a series of hypothetical accounts that make no references to existing cyberterror attacks:

A CyberTerrorist will remotely access the processing control systems of a cereal manufacturer, change the levels of iron supplement, and sicken and kill the children of a nation enjoying their food. That CyberTerrorist will then perform similar remote alterations at a processor of infant formula.

A CyberTerrorist will place a number of computerized bombs around a city, all simultaneously transmitting unique numeric patterns, each bomb receiving each other’s pattern.

A CyberTerrorist will disrupt the banks, the international financial transactions, the stock exchanges.

A CyberTerrorist will attack the next generation of air traffic control systems, and collide two large civilian aircraft.

A CyberTerrorist will remotely alter the formulas of medication at pharmaceutical manufacturers. The potential loss of life is unfathomable.

The CyberTerrorist may then decide to remotely change the pressure in the gas lines, causing a valve failure, and a block of a sleepy suburb detonates and burns. (Collin, 1997)

This listing of potential cyberterrorist acts is the type of fictional scenario that elicits Conway’s criticism. The examples refer to the ways in which terrorists could use the Internet as a tool for destruction, in the same way that other telecommunication or devices can be used. The one notable exception is Collin’s reference to the potential disruption of banks, financial transactions and stock exchanges. This would certainly fit in with Denning’s [22] updated definition of cyberterrorism as an “act of destruction and disruption against digital property”, however, it would still conflict with the principle that to be considered cyberterrorism (or terrorism) an act should induce a threat of physical violence, death, or serious bodily harm. Without this, it seems difficult to maintain that any form of digital disruption per se is terror, let alone cyberterrorism.

These points may seem anecdotal but they are actually key to the argument developed here. Collin was writing about cyberterrorism only few years after activists began to write about digital activism and online resistance. Similarly, governmental reports were being produced at the same time that activists and artists were experimenting with online protest, and although the level of Internet penetration was low at the time, several cyberprotests had already taken place by the late 1990s. It is more likely then that the speculative and futuristic visions described by Collin, and others, as ‘cyberterrorism’ emerged from the perceived threat of socio-political activists and their radical use of the Internet rather than from international cyberterrorists.



Framing digital activism

Most supporters and performers of cyberprotest have been aware of the threat of the terrorist label. Early on, artists and activists from the Critical Art Ensemble warned that governments would refer to terrorism in order to halt virtual protest. In Digital Resistance, they described how the U.S. punished trespass or blockage in cyberspace with jail sentences on the first offence. The group also identified the conflation of electronic disturbance and cyberterrorism as a strategy from the U.S. government to deny the “right for people to use cyberspace as a location for political objection” [23].

For this reason, Critical Art Ensemble often encouraged activists to argue that cyberprotest and virtual sit-ins were acts of civil disobedience and “that a distinction [should] be made between trespass with political intent and trespass with criminal intent” [24]. Since the term ‘cyberterrorism’ was not part of the mainstream discourse at the time of the first online protests, it is evident that cyberprotest and cyberterror have been articulated to counter one another. Cyberprotest was developed to disassociate online-based protest from terrorism, and cyberterror was articulated to frame online direct action as a criminal activity.

Since the mid 1990s, U.S. authorities have steadily developed a new discourse of cyberterrorism by publishing reports and statistics regarding cyberattacks (mostly from its political enemies China, Cuba, North Korea and Libya) and their alleged financial damage to the Department of Defense (Vegh, 2002). Sandor Vegh argues that because cyberprotest and hacking can adopt similar modes of practice, critics, including scholars and technology experts, have been inclined to link activism to computer cracking and to classify online activism as a form of cyberterrorism. As a result, cyberprotest actions are more often than not examined as criminal acts and their political engagements are mostly ignored.

In contrast, Mark Manion and Abby Goodrum draw from the theoretical legacy of civil disobedience to provide a legitimate framework for political hacking. They include the performance of the Electronic Disturbance Theater as a key example, but also the case of Eugene Kashpureff, a computer hacker who publicly seized online traffic from InterNIC to protest against domain name policy, and who was subsequently jailed for this action [25]. Manion and Goodrum also denounce the persistent conflation of hacktivism and cyberterrorism as a tactic aimed to increase governmental and corporate control. For them, this is used by power elites to rewrite the laws and rulings of private property, which “ultimately served to protect the immediate financial interests of the corporate techno-elite, and directed the state to protect the profit potential of telecommunications industries, financial investors and entrepreneurs capitalizing on the Internet” [26].

It is worth examining the context within which the main tool used for electronic civil disobedience and cyberprotest was made illegal. In November 2006, the U.K. legal system made the use of denial-of-service a criminal offence. The new legislation came into action after 18-year-old David Lennon was brought to court for his alleged breach of the Computer Misuse Act of 1990. Following a dispute with his former employer, Lennon resolved to overflowing the company’s server by sending several million e-mail messages (Kirk, 2006).

The important element is that Lennon faced trial twice. In the first instance, his lawyers successfully argued that the accusation of unauthorized modification of the contents of any computer under Section 3 of the Computer Misuses Act was not applicable to the case. Their argument was that sending and receiving e-mail messages was the very purpose of a server and as such “sending a flood of unsolicited emails would not cause unauthorised access or modification” (Espiner, 2005). The court consequently decided that denial-of-service actions could not be prosecuted under the Computer Misuse Act and Lennon was found not guilty. Later on, however, the prosecutors appealed against the decision and Lennon was retried. In between that time, the British Parliament had passed a new Police and Justice Act which condemns “unauthorised acts with intent to impair operation of computer” [27]. With this new act in place, the court was able to find Lennon guilty. Through this process, the use of denial-of-service was officially criminalised. In addition, the maximum sentence for carrying out denial-of-service actions was increased from 5 to 10 years of imprisonment.

It seems rather difficult to believe that the Police and Justice Act 2006 was decreed independently of the fact that, for the past decade, denial-of-service had been the main form of electronic protest for digital activists, including the Electronic Disturbance Theater, the Electrohippies, and more recently, Anonymous. The British Police have made, since then, a series of arrests related to the use of denial-of-service, including members of the Lulz Security group.

In her analysis of DoS actions, hacktivism and civil disobedience, Molly Sauter (2014) refers to the numerous cases of U.S. activists that have been prosecuted and are facing serious criminal accusation and sentencing. She recounts the cases of members of the hacktivist group Anonymous who have been jailed and ordered to pay thousands of dollars in restitution for their action against the Church of Scientology.

Several online activists have also been charged and convicted in relation to Operation Payback against PayPal and in defence of Wikileaks. In most cases, the activists pleaded guilty to charges of misdemeanour counts of access or damage to protected computer. In addition, the plaintiffs (who usually were major multinational corporations) could claim unspecific damage and loss of income from the protests. In these cases, the main issue was the application of the Computer Fraud and Abuse Act (CFAA) which allows claimants to request financial restitution from the defendants. This resulted in highly disproportionate sanctions that did not take into consideration the activist framework of these actions. As Sauter clearly describes

When used to prosecute activist DDoS actions, the CFAA directly gives the targets of protest the ability to extort payments from activists for their dissent and disruption. When coupled with the innovative reality of online activism, the CFAA literally renders the Internet a space where you can be charged hundreds of thousands of dollars for participating in a collective protest. [28]

There is one exception, however. In 2001, as part of the Deportation Class action movement, a German activist group, known as Libertarian, staged an online disruption of the Lufthansa airline Web site to protest against the role of the airline in the deportation of asylum seekers. According to the activists over 13,000 Internet users took part in the online action. As a result, Andreas-Thomas Vogel, the main leader of the movement was prosecuted. It took over five years for the Criminal Chamber of the Frankfurt Appelate Court to deliberate and eventually rule that the cyberprotest was not illegal.

Incidentally, the case of Vogel mirrors that of Lennon but in reverse. Initially, the online protest against Lufthansa was condemned by a lower justice court who ruled that Vogel’s online blockades had caused damage to the airline and was illegal. Vogel was found guilty and ordered to pay a fine equivalent to 90 days of detention. However, Vogel appealed the decision and was later cleared of all charges. For the Higher German court, the demonstration against Lufthansa was not violent and did not involve any forms of coercion. Instead, the demonstration aimed to influence public opinion which not illegal (Bendrath, 2006).

Lennon and Vogel cases clearly demonstrate the lack of consensus regarding online protest. While the U.K. legal system chose to favour economic interests, the German court opted for human civil rights. Many activists believed, at the time, that the German verdict was an important step and that Vogel’s case would become jurisprudence. Indeed, they had achieved what activists such as the Electronic Disturbance Theater and the Electrohippies had been campaigning for for years. However, the recognition of online protest as a legitimate form of activism has not occurred and with the emergence of the discourses of global terrorism and war against terrorism, very few states have shown understanding or lenience towards online direct action.

Many discussions have attempted to resolve the definitional problems of cyberterrorism but overall they have been unsuccessful at presenting convincing evidence. At the same time critics are also very reluctant to disuse the word. The main issue is that cyberterrorism is as a problematic to define as the term terrorism. Yet the link between the two terms simply cannot be dismissed. The tendency to provide widely malleable definitions in order to encompass all possible electronic events is also perverse. As such, awareness should be raised regarding the proliferation of a concept that seem to meet very specific political and economic ends.

In her analysis of the counter-terrorism technology market, Anna Feigenbaum suggests that while techno-companies have relied on the terrorist discourse to develop the market of electronic protection and digital security, the inclusion of the cyberterror discourse provides new opportunities for cybersecurity solutions. Feigenbaum also argues that “the conflation of cybercriminals and cyberterrorists works to legitimate forms of surveillance, policing and prosecution that infringe individuals’ civil liberties and apply terrorism legislation against a wide range of the population, particularly political protesters” [29]. Indeed, with the criminalisation of denial-of-service actions, national governments have become much more successful in constructing online direct action as an illegal practice and in prosecuting activists.

Clearly, recent legislations, such as the Computer Fraud and Abuse Act in the U.S. or the Police and Justice Act 2006 in the U.K., serve this function. What occurs is a gradual, but steady, shift from the discourse of cyberterrorism (which has remained legally unproductive) to the discourse of cybercriminality in relation to online protest. It does not mean, however, that the label of cyberterrorism becomes obsolete. Quite the contrary, just like a spectre, the rhetoric of cyberterrorism has become today omnipresent, shaping our social, political and economic relations to the digital space.




In her testimony before the U.S. House of Representatives Denning made explicit references to the practice of the Electronic Disturbance Theater and the Electrohippies. While she admitted that their actions were not to be considered as cyberterrorism due to their symbolic forms, she still suggested that they were “something to watch and take reasonable precautions against” (Denning, 2000). In many ways, her comment was detrimental since it unwittingly associated electronic civil disobedience with cyberterrorism. As Mathias Klang rightly states there is little ambiguity about this type of this conflation:

When invoking the spectre of terrorism it is important to remember that today the relevance of the correct label in this case is far from academic. If the action of DoS is seen to be disobedience the courts may show tolerance; if it is seen to be criminal the courts will punish it; but if it is seen as terrorism then society will neither tolerate the actions nor forgive the proponents. [30]

Over a decade later, a multidisciplinary research project was established about cyberterrorism. As part of the programme, Lee Jarvis, Stuart Mcdonald and Lella Nouri (2014) produced a report that surveyed over 100 researchers about their perceptions of the threat of cyberterrorism. The study revealed that 58 percent of the respondents consider cyberterrorism as a significant threat. Yet, when asked if cyberterrorism had ever taken place, only half of the respondents answered positively. This suggests that the idea that cyberterror will occur in the future, remains powerful.

This paper, however, has provided evidence of the construction of the myth, and spectre, of cyberterrorism. My aim was to demonstrate that the reason why cyberterrorism has been, and still is today, so problematic to define is that the term was articulated in response to the concept of cyberprotest. It emerged during the same period that the Critical Art Ensemble was writing about digital resistance and that the Electronic Disturbance Theater was performing online protest. The term cyberprotest itself was formulated to counter the label of cyberterrorism and legitimise online direct action. Activists and artists realised early on that their practice could be framed as terrorism in attempts to prevent further developments.

In other words, the terms cyberterrorism and cyberprotest have been formulated to counter one another and are part of a discursive claim for political and legal recognition. What is at stake here is, on the one side, an activist re-appropriation of digital technologies and, on the other side, governmental and corporate compulsion to fully control the networks.

The word cyberterrorism no longer appears in public and official government publications, and many researchers are becoming wary of using the terminology. I have argued that it still a dominant concept whose spectre frames our understanding and relation to digital technology. In particular, it facilitates the constitution or alteration of legislations to counter contentious digital activities, as in the cases of David Lennon and Andreas-Thomas Vogel. The current treatment of online activist practices shows that judgement is based on fictional rather than established outcomes.

A few months ago, several documents revealed that during its investigation, the FBI had placed Jeremy Hammond on a list of “possible terrorist organisation member” (Jarvis, et al., 2014). According to the Guardian, the document, which was leaked from the New York state division of criminal justice, was marked with the statements “destroy after use” and “do not advise this individual that they are on a terrorist watchlists” (Pilkington, 2015) No one needs to be an expert in terrorism and counterterrorism to consider that the accusation was nonsensical. Yet, it is equally difficult to believe that it had no part in Hammond’s disproportionate sentencing. As Hammond himself explains:

We are condemned as criminals without consciences, dismissed as anti-social teens without a cause, or hyped as cyber-terrorist to justify the expanding surveillance state. But hacktivism exists within the history of social justice movements. Hacktivism is still the future, and it’s good to see people still doing something about it. (Hammond, 2014)

This statement is even more salient if one considered the question of entrapment that was excluded from Hammond’s court case (Lennard, 2013). The important point is, however, that socio-political protest occurs in the digital sphere, and has done so for almost two decades. Cyberterrorism on the other hand, does not, and will not, happen in the near future. The administration and control of digital networks for the sole purposes of economic benefits and global surveillance will continue to be challenged. Within information politics, new subject of resistance and contestation will arise. The form and organisation of these future mobilisations remain open and will most likely required case-by-case evaluation. What is sure is that to be meaningful, these assessments will have to keep the spectre of cyberterrorism out of discussion. End of article


About the author

Fidele Vlavo works on digital activism, creative performance and hacking. Her current research examines the performativity of digital direct action. She is Research Associate in the Department of Culture, Media and Creative Industries at King’s College, London.
E-mail: fidele [dot] vlavo [at] kcl [dot] ac [dot] uk



This research received funding from the British Academy Grants.



1.For a detailed and compelling account of Hammond’s case see Coleman (2014).

2. Mobbs and the Electrohippies Collective, 2001, p. 269.

3. Mobbs and the Electrohippies Collective, 2001, p.272.

4. Mobbs and the Electrohippies Collective, 2001, p. 273.

5. Jordan and Taylor, 2004, p. 1.

6. Jordan and Taylor, 2004, p. 68.

7. Jordan and Taylor, 2004, p. 81.

8. Pollitt, 1998, p. 8.

9. Foltz, 2004, p. 156.

10. Nelson, et al., 1999, p. xi.

11. Nelson, et al., 1999, p. iv.

12. Rid, 2012, p. 6.

13. Rid, 2012, p. 12.

14. Badey, 1998, p. 90.

15. Hoffman, 2006, p. 20.

16. Pollitt, 1998, p. 9.

17. Desouza and Hensgen, 2003, p. 386.

18. On 3 September 1995, a device exploded in Paris, France, injuring four people. It was one of the several bombings that occurred in the country during the same year. This bomb was placed in a pressure cooker filled with nails and was left on the bench of a market place.

19. Weimann, 2005, p. 131.

20. Weimann, 2005, p. 145.

21. Sterlicchi, 2000, p. 6.

22. Denning, 2007, p. 124.

23. Critical Art Ensemble, 2001, p. 33.

24. Critical Art Ensemble, 2001, pp. 33–34.

25. Manion and Goodrum, 2000, p. 15.

26. Manion and Goodrum, 2000, p. 17.

27. United Kingdom. Parliament, 2006, p. 46.

28. Sauter, 2014, pp. 144–145.

29. Feigenbaum, 2012, p. 86.

30. Klang, 2005, p. 135.



Thomas J. Badey, 1998. “Defining international terrorism: A pragmatic approach,” Terrorism and Political Violence, volume 10, number 1, pp. 90–107.
doi:, accessed 1 October 2015.

Ralf Bendrath, 2006. “Frankfurt Appellate Court says online demonstration is not coercion,” EDRi (7 June), at, accessed 7 July 2015.

Gabriella Coleman, 2014. Hacker, hoaxer, whistleblower, spy: The many faces of Anonymous. New York: Verso.

Barry C. Collin, 1997. “The future of cyberterrorism: The physical and virtual worlds converge,” Crime and Justice International, volume 13, number 2, pp. 15–18; see also, accessed 1 October 2015.

Maura Conway, 2011. “Against cyberterrorism,” Communications of the ACM, number 54, number 2, pp. 26–28.
doi:, accessed 1 October 2015.

Maura Conway, 2002. “Reality bytes: Cyberterrorism and terrorist ‘use’ of the Internet,” First Monday, volume 7, number 11, at, accessed 1 October 2015.
doi:, accessed 1 October 2015.

Critical Art Ensemble, 2001. Digital resistance. New York: Autonomedia, at, accessed 1 October 2015.

Critical Art Ensemble, 1996. Electronic civil disobedience and other unpopular ideas. New York: Autonomedia, at, accessed 1 October 2015.

Critical Art Ensemble, 1994. The electronic disturbance. New York: Autonomedia, at, accessed 1 October 2015.

Dorothy Denning, 2007. “A view of cyberterrorism five years later,” In: Kenneth Himma (editor). Internet security: Hacking, counterhacking, and society. Sudbury, Mass.: Jones and Bartlett Publishers, pp. 123–140.

Dorothy Denning, 2000. “Cyberterrorism,” testimony before the Special Oversight Panel on Terrorism Committee on Armed Services, U.S. House of Representatives, at, accessed on 7 July 2015.

Kevin C. Desouza and Tobin Hensgen, 2003. “Semiotic emergent framework to address the reality of cyberterrorism,” Technological Forecasting and Social Change, volume 70, number 4, pp. 385–396.
doi:, accessed 1 October 2015.

Electronic Disturbance Theater, 1998a. “FloodNet warning,” at, accessed 7 July 2015.

Electronic Disturbance Theater, 1998b. “September 9 — Advance release,” at, accessed 7 July 2015.

Tom Espiner, 2005. “British teen cleared in ‘e-mail bomb’ case,” ZDNet (2 November),, accessed 7 July 2015.

Anna Feigenbaum, 2012. “Security for sale! The visual rhetoric of marketing counter-terrorism technologies,” The Poster, volume 2, number 1, pp. 75–92.
doi:, accessed 1 October 2015.

C. Bryan Foltz, 2004. “Cyberterrorism, computer crime, and reality,” Information Management & Computer Security, volume 12, number 2, pp. 154–166.
doi:, accessed 1 October 2015.

Joshua Green, 2002. “The myth of cyberterrorism,” Washington Monthly (November), at, accessed 7 July 2015.

Jeremy Hammond, 2014. “I’m an Anonymous hacker in prison, and I am not a crook. I’m an activist,” Guardian (18 December), at, accessed 7 July 2015.

Jeremy Hammond, 2013. “Sentencing statement,” Sparrow project (15 November), at, accessed 7 July 2015.

Bruce Hoffman, 2006. Inside terrorism. Revised and expanded edition. New York: Columbia University Press.

Lee Jarvis, Stuart Macdonald and Lella Nouri, 2014. “The cyberterrorism threat: Findings from a survey of researchers,” Studies in Conflict & Terrorism, number 37, number 1, pp. 68–90.
doi:, accessed 1 October 2015.

Tim Jordan and Paul Taylor, 2004. Hacktivism and cyberwars: Rebels with a cause? New York: Routledge.

Jeremy Kirk, 2006. “UK teen pleads guilty to DOS e-mailattack,” InfoWorld (24 August), at, accessed 7 July 2015.

Mathias Klang, 2005. “Virtual sit-ins, civil disobedience and cyberterrorism,” In: Mathias Klang and Andrew Murray (editors). Human rights in the digital age. London: GlassHouse Press, pp. 135–146.

Natasha Lennard, 2013. “Jeremy Hammond: Stung or entrapped?” Salon (18 November), at, accessed 7 July 2015.

Mark Manion and Abby Goodrum, 2000. “Terrorism or civil disobedience: Toward a hacktivist ethic,” ACM SIGCAS Computers and Society, volume 30, number 2, pp. 14–19.
doi:, accessed 1 October 2015.

Paul Mobbs and the Electrohippies Collective, 2001. “Client-side distributed denial-of-service: Valid campaign tactic or terrorist act?” Leonardo, volume 34, number 3, pp. 269–274.
doi:, accessed 1 October 2015.

National Infrastructure Protection Center (NIPC), 2002. “Activism in connection with protest events of September 2002” (23 September), at, accessed 7 July 2015.

Bill Nelson, Rodney Choi, Michael Lacobucci, Mark Mitchell and Greg Gagnon, 1999. “Cyberterror prospects and implications,” Center for the Study of Terrorism and Irregular Warfare, Naval Postgraduate School, at, accessed 7 July 2015.

Ed Pilkington, 2015. “FBI put Anonymous ‘hacktivist’ Jeremy Hammond on terrorism watchlist,” Guardian (2 February), at, accessed 7 July 2015.

Mark Pollitt, 1998. “Cyberterrorism — Fact or fancy?” Computer Fraud & Security, volume 1998, number 2, pp. 8–10.
doi:, accessed 1 October 2015.

Thomas Rid, 2012. “Cyber war will not take place,” Journal of Strategic Studies, volume 35, number 1, pp. 5–32.
doi:, accessed 1 October 2015.

Molly Sauter, 2014. The coming swarm: DDOS actions, hacktivism, and civil disobedience on the Internet. New York: Bloomsbury.

John Sterlicchi, 2000. “Clinton wants $2 billion to fight cyber-terrorism,” Computer Fraud & Security, volume 2000, number 2, p. 6.
doi:, accessed 1 October 2015.

United Kingdom. Parliament, 2006. “Police and Justice Act 2006,” at, accessed 1 October 2015.

Sandor Vegh, 2002. “Hacktivists or cyberterrorists? The changing media discourse on hacking,” First Monday volume 7, number 10, at, accessed 1 October 2015.
doi:, accessed 1 October 2015.

Fidele Vlavo, 2014. “The art of disturbance: Interview with Ricardo Dominguez” (unpublished).

Gabriel Weimann, 2005. “Cyberterrorism: The sum of all fears?” Studies in Conflict & Terrorism, volume 28, number 2, pp. 129–149.
doi:, accessed 1 October 2015.

Stefan Wray, 1998. “Electronic civil disobedience and the world wide web of activism: A mapping of extraparliamentarian direct action net politics,” Switch, volume 4, number 2,, accessed 7 July 2015.


Editorial history

Received 11 August 2015; accepted 4 September 2015.

Creative Commons License
This paper is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Framing digital activism: The spectre of cyberterrorism
by Fidele Vlavo.
First Monday, Volume 20, Number 10 - 5 October 2015

A Great Cities Initiative of the University of Illinois at Chicago University Library.

© First Monday, 1995-2019. ISSN 1396-0466.