What's with this latest fetish where some wannabe author tries to make a name for himself by publishing detailed instructions for vandalism/theft or otherwise generalized mayhem? And even going to the lengths of TRYING IT OUT? How irresponsible is this?

Proud of yourself for sharing this so broadly? Made your deadline? Protesting that "anyone who wanted to launch an attack could have done the same thing?"

You could have written the same article and made the same points without the how-to and without the gratuitous vandalism (I can only hope you were lying/exaggerating about actually trying these attacks).

I have a simple recommendation to help illustrate the danger of what you've done. To all hackers out there, experienced or wannabe, why not test these techniques out on slate.com?

Not so clever now, eh?

Not that I disagree with your sentiment, but the pages he links to are in Russian; and I suspect that anyone who wanted to find out how to take these steps could find them just as easily in their native language.

Not to be harsh, but the entire point of this article was to show how easy it is for anybody who is interested in becoming an "online soldier." Anybody with an Internet connection and 30 minutes of spare time can Google much more detailed "instructions" on how to do everything listed in this article - and it's in English to boot!

He's not sharing state secrets or uploading blueprints to a nuclear bomb (though aren't those already on the net?) This is readily available information and the author is simply trying to show just how available it is. There's something to be said for making people aware of what type of information is floating around out there.

Yeah, I get it guys. Of course I know it's out there. But two points:

1. It wasn't here. You'd have to look for it. This makes it that much easier. It's on Slate for crying out loud. And moreover, he could have written the same article making the same points without the breathless joy of discovery and blow-by-blow instructions and LINKS. I just really hate the hypocritical nonsense espoused by those who do harm to others for others' "own good" while all the while benefiting themselves. It's BS and the author knows it. This isn't a public service. It's juvenile boasting. Nothing more nothing less.

2. He claims he DID it. (Again, I hope he's kidding and/or these techniques are ineffectual if he actually did do it.) How the heck is that journalism? That's just putting your tag all over town and then writing an article about how folks need better security around their homes and businesses. Or like breaking into homes through people's open windows, robbing em, and then writing an article about how we need window bars. You don't get credit for that. You don't get to be part of the problem and then try to act like you're just a samaritan. It just makes you two whole different kinds of d*ck at once.

Would serve Slate right if someone did take em down as a result of the info in this piece though. Would remind us that in a world of coulda, shoulda on occasion also still be a topic of reflection.

Anyway. Maybe I'm just getting old.

You're not just getting old - good points, well made.

Totally agree, garkon38, all 'cept for the part where you hedged your argument by wondering if you disagreed with the idiot's tact because you are "too old".

Okay, as someone familiar with the first two techniques he mentioned, I would say making that knowledge available is not totally irresponsible. They are literally the oldest methods in the book of bringing down a server - the first is just to load the webpage and constantly refresh it; the second is to ping it constantly, which any computer connected to the internet can do. The capability exists for anyone to do these things. The key caveat is that you personally, acting alone, cannot accomplish anything by doing them; if you alone were to refresh Slate every second, or ping slate.com every second, nothing would happen. These methods only work when thousands or millions of people effect them; that's called a distributed denial of service attack, and that's how the Georgian websites are going down.

Is the author being irresponsible by telling the public how to do something they can already do, and something which has no ill effect without tens of thousands of others joining in? Maybe, but not by much. Try these methods on any website not already targeted by hackers and you will accomplish nothing at all.

The third technique he mentioned is a lot more questionable because it involves special software, which suggests it's doing something your computer can't already do. It could potentially be a lot more malicious and more powerful; maybe it'd even have an effect if you act alone. But I think it is useful to underscore how easy it is to carry out a distributed denial of service attack if enough people share your goals.

Maybe it's just my background in computing, where people naturally shun "security by obscurity", but I don't see much use in making this kind of information scarce, simply because that's no longer possible in the age of the internet. Any script kiddie who wants to pull this stunt can use Google to find even more detailed instructions in the blink of an eye, in any language he or she prefers. And the information given in this article is largely useless to anyone who wants to attack sites which are not already under attack; those who hate Georgie enough to want to attack it would already find this information elsewhere, and everyone else would find the information useless for mounting an attack on other websites.

John,

appreciate the note and thoughts. Know next to nothing about computing and software but have many principled friends in the field who take more or less your position.

Think on some level, we're almost having different conversations, which makes this tough. You rightly point out availability of software, ease of implementation, and the risks of "security by obscurity" to say effectively, let's let it all in/little can be truly irresponsible in such a world. I don't disagree with any of these -- in principle -- but focus on a weighing of motives and benefits. If the piece is likely to do more good than harm, then I do recognize the value of exposing security flaws. Note this is not a carte blanche -- if industry can effectively have this conversation internally, and respond to flaws, the need/desirability of public exposure is limited.

That said, I'll sharpen my point to maybe bring us closer to the same set of issues. Under the balancing test described above, my view is that this author clearly fails. If he wanted to make the point that one should not view the cyber-attacks on Georgian websites as necessarily Russia government-driven, the point is easy to make. You practically wrote the piece for him by pointing out that malicious hackers in small groups can likely do as much if not more than more stodgy government hacks to launch effective denial of service attacks. I note that you did so without links, without instructions, and without a sense of glee at how easy this is. A more mature tone over-all, which probably would do little to get your column read, but which would address the issue dead on.

That's not what the author did. He took the Springer route (as in "Jerry") -- he covered himself in the mantle of justice in order to do a little damage of his own (he claims) and then provided the instructions for third parties. He took the risk for little to no benefit to anyone but himself (and maybe Slate). In my view, it's not informative, it's not helpful, it's not enlightening. It's a cheap stunt, pure and simple, and that's what makes it irresponsible.

BTW, none of this touches on the merits of the author's arguments -- that it is as likely that zealous flag-waving Russian hackers attacked Georgian websites as the conflict began in a fit of nationalistic exuberance. While it may be true that hackers could do this, to believe that they actually did, strikes me as a bit goofy. Don't know what the hacker sub-culture is like in Russia, but nationalistic enterprises and going out of their way to help government operations strikes me as startlingly civic-minded for this group.

That's my gentle way of saying that this author is full of it regardless of which way you look at it. Still, thanks for the response.