Similarities Between Riots and Modern Internet Hacktivism
Monday, August 15, 2011
To what extent can understanding the dynamics of a mob in a riot shed light on the nature of modern Internet hacktivism?
While riots differ in many ways from online activities of decentralized groups such as LulzSec and Anonymous, some similarities warrant consideration.
When learning about riots and mobs, I came across two excellent references. One was an essay titled The Psychology of the Wilmington Riot, which summarized key points from Arnold P. Goldstein’s book The Psychology of Group Aggression.
Another insightful resource was David D. Haddock and Daniel D. Polsby’s paper Understanding Riots.
De-individuation of The Mob's Participants
The mob, as defined in J.P. Chaplin's book Dictionary of Psychology, is a "crowd acting under strong emotional conditions that often lead to violence or illegal acts." Participating in illegal acts as part of a mob offers a degree of impunity, because the authorities are unlikely to have the capacity to identify and arrest a significant portion of the crowd.
The feeling of impunity is encompassed by de-individuation, which Goldstein defines as "the process of losing one's sense of individuality or separateness from others and becoming submerged in a group." Such groupthink leads to uninhibited behavior and also allows the mob to behave as a unified organism, even when it does not have formal leaders that coordinate the crowd's actions.
The Importance of Instigating Events
In the book The Origins of Genocide and Collective Violence Ervin Staub points out that the majority of riots can be traced to apparent precipitating events that acted as the trigger for the crowd. For instance, shocking events allow crowds to assemble without a single entity recruiting them.
Such instigating incidents act as signals to the mob, telling its participants "what other people will probably do," according to Haddock and Polsby. As the result,
"Each member of the crowd will know more about the intentions of fellow crowd members than people usually know about the intentions of strangers."
Moreover, for the crowd to become riotous,
"There has to be a critical mass of people in the crowd who are making accurate judgments, not about their own desires and intentions, but about the riotous desires and intentions of other members of the crowd."
The mob's challenge is to act in unison without overt leadership. This involves identifying a common signal that makes each rioter confident that if he starts rioting, he will not be acting alone. Instigating events help in assembling the crowd and also in providing the context for interpreting other signals that guide the mob's actions.
The Role of an "Entrepreneur" in Starting a Chain Reaction
How does the assembled mob, while still in the state of anticipation and potential uncertainty, know when to begin rioting? Haddock and Polsby point out the importance of having one member of the crowd take the first riotous action.
The initial perpetrator, "serves as a catalyst--a sort of entrepreneur to get things going." This person places himself at risk; if the mob doesn't follow his actions, the authorities are likely to capture and punish him. Haddock and Polsby stipulate that:
"The entrepreneur will throw the first stone when he calculates that the risk that he will be apprehended for doing so has diminished to an acceptable level."
The "entrepreneur" pays attention to other signals to determine when to take action with the expectation that the mob will follow suit.
Stopping a Riot
The riot's participants benefit from safety in numbers. Haddock and Polsby point out that rioting continues until the "authorities muster enough force to make the rioters believe that they once again face a realistic prospect of arrest." According to Goldstein, the authorities can accomplish this through "distractions, re-individuation, dispersion, isolation" of the mob's participants.
Authorities can eventually overwhelm rioters in numbers and force. However, assembling the sufficiently large team usually takes days. The budgetary facts of life "guarantee that modern urban police forces will always be staffed well below peak load demand levels," note Haddock and Polsby.
They suggest that a more effective approach might be to focus on the "entrepreneur's" trigger activities that, if suppressed quickly, might prevent the chain reaction of a riot from starting at all.
Relevance to Internet Hacktivism
As we look to better understand activities and motivations of decentralized hacking groups, such as LulzSec and Anonymous, we might notice some similarities between the dynamics of their online hacking activities and those of riots:
- These groups benefit from the relative anonymity provided by the Internet and also by the number of attacks conducted under a common banner.
- The shared brand (e.g. "Anonymous") that may be taken by any participant without the approval of a central authority reinforces the groupthink frame of mind.
- The number of hacktivism participants and the frequency of incidents seems to exceed the ability of law enforcement to curtail these activities.
- Many of the hacking incidents and, to some extent, the groups' origins can be traced to some instigating events.
- Some members of the groups act as informal leaders, acting as focal points for the participants and also taking the role of "entrepreneurs" by taking on a greater risk to kick-start hacking activities.
To understand riots, consider the importance of de-individuation of the mob's participants, the importance of instigating events and the role of the "entrepreneur" in starting the chain reaction of a riot. There are parallels to the dynamics of modern Internet hacktivism.
Further exploring how rioting mobs operate and what can be done to disperse a riot may have relevance to curtailing Internet hacktivism activities on a large scale, rather than solely dealing with incidents and their perpetrators on individual basis.
Cross-posted from Lenny Zeltser's security blog. Lenny Zeltser focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how to analyze and combat malware at SANS Institute.
Photo credit: looking4poetry