Search
1000 results for “message_in_a_bottle”
-
DATE: May 15, 2026 at 08:00AM
SOURCE: PSYPOST.ORG** Research quality varies widely from fantastic to small exploratory studies. Please check research methods when conclusions are very important to you. **
-------------------------------------------------TITLE: Scientists just revealed a strange quirk in how we exit train stations
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
An analysis of data collected by a pedestrian tracking system at the Eindhoven Centraal Railway Station in the Netherlands found that, after exiting a train, individuals tend to follow the same walking path as the person directly in front of them. This happens even when they do not know that person and even when such a choice leads to a longer travel time. The research was published in the *Proceedings of the National Academy of Sciences*.
When walking in crowded spaces such as busy streets, train or bus stations, airports, or mass gatherings, people generally try to reach their destination while avoiding obstacles, delays, collisions, and discomfort. Their route is shaped by physical features such as walls, doors, stairs, kiosks, corridors, signs, and bottlenecks. They also respond to crowd density, often avoiding areas that look too congested or slow.
Walking paths are likely influenced by perceived travel time, not only by actual distance, because a shorter route may feel worse if it is crowded. Also, being in a crowd forces people to continuously adjust their speed and direction in response to others moving around them. In such situations, they often follow visible flows of pedestrians because other people’s movement gives information about where a usable path may be. Social groups, such as friends or family members, also shape walking paths because members tend to stay together and follow the same route.
Study author Ziqi Wang and his colleagues used a large-scale, high-resolution dataset of pedestrian paths collected at tracks 3 and 4 of Eindhoven Centraal Railway Station using an advanced overhead pedestrian tracking system based on 3D stereoscopic imaging.
These sensors covered about 1400 m2 of the station, capturing data at 10 frames per second using overhead depth sensing without recording identifiable images of pedestrians. The system also provided very high spatial resolution, being able to detect changes of around 1 millimeter. In total, between March 2021 and March 2024, the system captured over 30 million pedestrian movement trajectories. This included people disembarking from the trains and the people already present on the platform.
In this analysis, the study authors focused on a subset of pedestrian trajectories where individuals, after getting off a train, had to choose between taking a direct, shorter path to the exit and a longer path that involved circumventing a kiosk in the middle of the platform. The authors analyzed the paths of passengers who exited the train from three specific door zones, including approximately 100,000 passengers.
To ensure they were studying the interactions between strangers rather than people traveling together, the researchers developed a mathematical algorithm to detect social groups. This system analyzed how close people were to each other, how much they matched each other’s speed, and if they moved in the same direction. Once these groups were identified and filtered out, the researchers could focus solely on independent pedestrians.
For each passenger included in the analysis, the study authors recorded their choice of route after exiting the train and the relative order in which they exited. This allowed them to study how individuals and crowds decide what path to take in the presence of congestion, differences in how the space is organized, and how local social dynamics—especially among strangers—affect those choices.
The results showed that, after exiting the train, passengers demonstrated a strong tendency to follow the same path as the person directly in front of them. This “stranger-following effect” happened even in the absence of any social ties, and even when following the stranger led to a longer travel time.
The study authors note that this tendency creates “avalanches” of choices, where sequences of people make identical decisions about their walking paths in succession, leading to strong patterns in collective movement.
To confirm these findings, the researchers built a theoretical routing model to simulate pedestrian behavior. They tested various factors, such as the natural randomness of walking speeds and the tendency of people to follow the majority (herding). However, they found that only by including the “stranger-following effect” could the model accurately reproduce the real-world patterns observed at the station. This indicates that local imitation behavior is the dominant driver of collective route choices in this scenario.
“These findings highlight how brief, low-level interactions between strangers can scale up to influence large-scale pedestrian movement, with strong implications for crowd management, urban design, and the broader understanding of social behavior in public spaces,” the study authors concluded.
The study contributes to the scientific understanding of how people choose their paths in crowded areas. However, it should be noted that the study was based on data concerning the movements of passengers exiting trains at three relatively fixed positions and moving towards the station exit. This situation greatly simplified and constrained the routing choices people could make. Results in environments with wider routing and end-goal options might differ.
The paper, “Avalanches of choice: how stranger-to-stranger interactions shape crowd dynamics,” was authored by Ziqi Wang, Alessandro Gabbana, and Federico Toschi.
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
-------------------------------------------------
DAILY EMAIL DIGEST: Email [email protected] -- no subject or message needed.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Unofficial Psychology Today Xitter to toot feed at Psych Today Unofficial Bot @PTUnofficialBot
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
-------------------------------------------------
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #psychiatry #healthcare #depression #psychotherapist #StrangerFollowing #PedestrianDynamics #CrowdBehavior #UrbanMobility #CrowdManagement #PedestrianTraffic #AvalanchesOfChoice #SocialImitation #InstituteOfScience #PublicSpaceDesign
-
DATE: May 15, 2026 at 08:00AM
SOURCE: PSYPOST.ORG** Research quality varies widely from fantastic to small exploratory studies. Please check research methods when conclusions are very important to you. **
-------------------------------------------------TITLE: Scientists just revealed a strange quirk in how we exit train stations
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
An analysis of data collected by a pedestrian tracking system at the Eindhoven Centraal Railway Station in the Netherlands found that, after exiting a train, individuals tend to follow the same walking path as the person directly in front of them. This happens even when they do not know that person and even when such a choice leads to a longer travel time. The research was published in the *Proceedings of the National Academy of Sciences*.
When walking in crowded spaces such as busy streets, train or bus stations, airports, or mass gatherings, people generally try to reach their destination while avoiding obstacles, delays, collisions, and discomfort. Their route is shaped by physical features such as walls, doors, stairs, kiosks, corridors, signs, and bottlenecks. They also respond to crowd density, often avoiding areas that look too congested or slow.
Walking paths are likely influenced by perceived travel time, not only by actual distance, because a shorter route may feel worse if it is crowded. Also, being in a crowd forces people to continuously adjust their speed and direction in response to others moving around them. In such situations, they often follow visible flows of pedestrians because other people’s movement gives information about where a usable path may be. Social groups, such as friends or family members, also shape walking paths because members tend to stay together and follow the same route.
Study author Ziqi Wang and his colleagues used a large-scale, high-resolution dataset of pedestrian paths collected at tracks 3 and 4 of Eindhoven Centraal Railway Station using an advanced overhead pedestrian tracking system based on 3D stereoscopic imaging.
These sensors covered about 1400 m2 of the station, capturing data at 10 frames per second using overhead depth sensing without recording identifiable images of pedestrians. The system also provided very high spatial resolution, being able to detect changes of around 1 millimeter. In total, between March 2021 and March 2024, the system captured over 30 million pedestrian movement trajectories. This included people disembarking from the trains and the people already present on the platform.
In this analysis, the study authors focused on a subset of pedestrian trajectories where individuals, after getting off a train, had to choose between taking a direct, shorter path to the exit and a longer path that involved circumventing a kiosk in the middle of the platform. The authors analyzed the paths of passengers who exited the train from three specific door zones, including approximately 100,000 passengers.
To ensure they were studying the interactions between strangers rather than people traveling together, the researchers developed a mathematical algorithm to detect social groups. This system analyzed how close people were to each other, how much they matched each other’s speed, and if they moved in the same direction. Once these groups were identified and filtered out, the researchers could focus solely on independent pedestrians.
For each passenger included in the analysis, the study authors recorded their choice of route after exiting the train and the relative order in which they exited. This allowed them to study how individuals and crowds decide what path to take in the presence of congestion, differences in how the space is organized, and how local social dynamics—especially among strangers—affect those choices.
The results showed that, after exiting the train, passengers demonstrated a strong tendency to follow the same path as the person directly in front of them. This “stranger-following effect” happened even in the absence of any social ties, and even when following the stranger led to a longer travel time.
The study authors note that this tendency creates “avalanches” of choices, where sequences of people make identical decisions about their walking paths in succession, leading to strong patterns in collective movement.
To confirm these findings, the researchers built a theoretical routing model to simulate pedestrian behavior. They tested various factors, such as the natural randomness of walking speeds and the tendency of people to follow the majority (herding). However, they found that only by including the “stranger-following effect” could the model accurately reproduce the real-world patterns observed at the station. This indicates that local imitation behavior is the dominant driver of collective route choices in this scenario.
“These findings highlight how brief, low-level interactions between strangers can scale up to influence large-scale pedestrian movement, with strong implications for crowd management, urban design, and the broader understanding of social behavior in public spaces,” the study authors concluded.
The study contributes to the scientific understanding of how people choose their paths in crowded areas. However, it should be noted that the study was based on data concerning the movements of passengers exiting trains at three relatively fixed positions and moving towards the station exit. This situation greatly simplified and constrained the routing choices people could make. Results in environments with wider routing and end-goal options might differ.
The paper, “Avalanches of choice: how stranger-to-stranger interactions shape crowd dynamics,” was authored by Ziqi Wang, Alessandro Gabbana, and Federico Toschi.
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
-------------------------------------------------
DAILY EMAIL DIGEST: Email [email protected] -- no subject or message needed.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Unofficial Psychology Today Xitter to toot feed at Psych Today Unofficial Bot @PTUnofficialBot
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
-------------------------------------------------
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #psychiatry #healthcare #depression #psychotherapist #StrangerFollowing #PedestrianDynamics #CrowdBehavior #UrbanMobility #CrowdManagement #PedestrianTraffic #AvalanchesOfChoice #SocialImitation #InstituteOfScience #PublicSpaceDesign
-
DATE: May 15, 2026 at 08:00AM
SOURCE: PSYPOST.ORG** Research quality varies widely from fantastic to small exploratory studies. Please check research methods when conclusions are very important to you. **
-------------------------------------------------TITLE: Scientists just revealed a strange quirk in how we exit train stations
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
An analysis of data collected by a pedestrian tracking system at the Eindhoven Centraal Railway Station in the Netherlands found that, after exiting a train, individuals tend to follow the same walking path as the person directly in front of them. This happens even when they do not know that person and even when such a choice leads to a longer travel time. The research was published in the *Proceedings of the National Academy of Sciences*.
When walking in crowded spaces such as busy streets, train or bus stations, airports, or mass gatherings, people generally try to reach their destination while avoiding obstacles, delays, collisions, and discomfort. Their route is shaped by physical features such as walls, doors, stairs, kiosks, corridors, signs, and bottlenecks. They also respond to crowd density, often avoiding areas that look too congested or slow.
Walking paths are likely influenced by perceived travel time, not only by actual distance, because a shorter route may feel worse if it is crowded. Also, being in a crowd forces people to continuously adjust their speed and direction in response to others moving around them. In such situations, they often follow visible flows of pedestrians because other people’s movement gives information about where a usable path may be. Social groups, such as friends or family members, also shape walking paths because members tend to stay together and follow the same route.
Study author Ziqi Wang and his colleagues used a large-scale, high-resolution dataset of pedestrian paths collected at tracks 3 and 4 of Eindhoven Centraal Railway Station using an advanced overhead pedestrian tracking system based on 3D stereoscopic imaging.
These sensors covered about 1400 m2 of the station, capturing data at 10 frames per second using overhead depth sensing without recording identifiable images of pedestrians. The system also provided very high spatial resolution, being able to detect changes of around 1 millimeter. In total, between March 2021 and March 2024, the system captured over 30 million pedestrian movement trajectories. This included people disembarking from the trains and the people already present on the platform.
In this analysis, the study authors focused on a subset of pedestrian trajectories where individuals, after getting off a train, had to choose between taking a direct, shorter path to the exit and a longer path that involved circumventing a kiosk in the middle of the platform. The authors analyzed the paths of passengers who exited the train from three specific door zones, including approximately 100,000 passengers.
To ensure they were studying the interactions between strangers rather than people traveling together, the researchers developed a mathematical algorithm to detect social groups. This system analyzed how close people were to each other, how much they matched each other’s speed, and if they moved in the same direction. Once these groups were identified and filtered out, the researchers could focus solely on independent pedestrians.
For each passenger included in the analysis, the study authors recorded their choice of route after exiting the train and the relative order in which they exited. This allowed them to study how individuals and crowds decide what path to take in the presence of congestion, differences in how the space is organized, and how local social dynamics—especially among strangers—affect those choices.
The results showed that, after exiting the train, passengers demonstrated a strong tendency to follow the same path as the person directly in front of them. This “stranger-following effect” happened even in the absence of any social ties, and even when following the stranger led to a longer travel time.
The study authors note that this tendency creates “avalanches” of choices, where sequences of people make identical decisions about their walking paths in succession, leading to strong patterns in collective movement.
To confirm these findings, the researchers built a theoretical routing model to simulate pedestrian behavior. They tested various factors, such as the natural randomness of walking speeds and the tendency of people to follow the majority (herding). However, they found that only by including the “stranger-following effect” could the model accurately reproduce the real-world patterns observed at the station. This indicates that local imitation behavior is the dominant driver of collective route choices in this scenario.
“These findings highlight how brief, low-level interactions between strangers can scale up to influence large-scale pedestrian movement, with strong implications for crowd management, urban design, and the broader understanding of social behavior in public spaces,” the study authors concluded.
The study contributes to the scientific understanding of how people choose their paths in crowded areas. However, it should be noted that the study was based on data concerning the movements of passengers exiting trains at three relatively fixed positions and moving towards the station exit. This situation greatly simplified and constrained the routing choices people could make. Results in environments with wider routing and end-goal options might differ.
The paper, “Avalanches of choice: how stranger-to-stranger interactions shape crowd dynamics,” was authored by Ziqi Wang, Alessandro Gabbana, and Federico Toschi.
URL: https://www.psypost.org/scientists-just-revealed-a-strange-quirk-in-how-we-exit-train-stations/
-------------------------------------------------
DAILY EMAIL DIGEST: Email [email protected] -- no subject or message needed.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Unofficial Psychology Today Xitter to toot feed at Psych Today Unofficial Bot @PTUnofficialBot
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
-------------------------------------------------
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #psychiatry #healthcare #depression #psychotherapist #StrangerFollowing #PedestrianDynamics #CrowdBehavior #UrbanMobility #CrowdManagement #PedestrianTraffic #AvalanchesOfChoice #SocialImitation #InstituteOfScience #PublicSpaceDesign
-
Wednesday Reads: Everything is Awful and Stupid.
Good Day!!
I’ve been getting more sleep than usual lately, but my chronic insomnia kicked in last night. I got almost no sleep. I’m really not ready to face another day with Trump and his antics, but I’ll do the best I can.
This news just broke from the Supreme Court:
The Washington Post (gift link): Supreme Court limits key provision of the landmark Voting Rights Act.
The Supreme Court on Wednesday sharply weakened a key provision of the landmark Voting Rights Act, a ruling that limits the consideration of race in drawing voting maps and could usher in Republican gains in the House.
The decision could touch off a scramble by Republicans to redraw minority-majority districts, especially in the South. New districts could shiftthe balance of power in Congress by imperiling the reelection prospects of some Black Democrats, possibly as soon as November’s midterms in some instances.
Samuel Alito (with Neil Gorsuch in the background on the left.)
The ruling also carries significant symbolic weight, effectively scaling backthe last major pillar of a 60-year-old law long considered one of the marquee achievements of the civil rights era. The Voting Rights Act bans discriminatory voting practices such as literacy tests and poll taxes, and has helped greatly increase minority representation in state and federal offices.
The ruling also carries significant symbolic weight, effectively scaling backthe last major pillar of a 60-year-old law long considered one of the marquee achievements of the civil rights era. The Voting Rights Act bans discriminatory voting practices such as literacy tests and poll taxes, and has helped greatly increase minority representation in state and federal offices.
In an ideologically divided 6-3 ruling, the conservative justices created a higher bar for the law’s powerful provision that allows states to use race to draw maps that help minority communities elect candidates of their choice. Section 2, as it is known, is aimed at combating discriminatory gerrymandering that weakens the power of Black, Latino, Native American and Asian voters.
States must walk a careful line when drawing maps for voting districts. The Voting Rights Act directsstates to consider race to some degreewhen redistricting to ensure that racial minority groups have an opportunity to elect representatives who reflect their priorities. Maps explicitly drawn along racial lines, however, violate the equal-protection clause of the 14th Amendment and the 15th Amendment’s ban on racial discrimination in voting practices.
Specifically:
The court’s conservative majority found Louisiana unlawfully discriminated by race when it created a second majority-Black congressional district to comply with the VRA. Justice Samuel A. Alito Jr. wrote the opinion for the majority.
“Section 2 of the Voting Rights Act … was designed to enforce the Constitution — not collide with it,” Alito wrote. “Unfortunately, lower courts have sometimes applied this Court’s [Section] 2 precedents in a way that forces States to engage in the very race-based discrimination that the Constitution forbids.”
The decision came over the sharp objections of the court’s three liberals. Justice Elena Kagan delivered the dissent from the bench, signaling strong disagreement.
“Under the Court’s new view of Section 2, a State can, without legal consequence, systematically dilute minority citizens’ voting power,” Kagan wrote in the dissent.
Kate Riga at Talking Points Memo: Alito Pens Decision That ‘Eviscerates’ The Voting Rights Act.
The Roberts Court finally achieved its years-long goal of killing the Voting Rights Act Wednesday, publishing a ruling that, the liberal justices say, will make proving racial discrimination in redistricting virtually impossible.
“Under the Court’s new view of Section 2, a State can, without legal consequence, systematically dilute minority citizens’ voting power,” wrote Justice Elena Kagan in her dissent.
“Of course, the majority does not announce today’s holding that way. Its opinion is understated, even antiseptic,” she continued. “The majority claims only to be “updat[ing]” our Section 2 law, as though through a few technical tweaks. But in fact, those ‘updates’ eviscerate the law…”
Justice Samuel Alito wrote the majority opinion, joined by all five other justices inthe bench’s right wing. Kagan was joined in her dissent by Justices Sonia Sotomayor and Ketanji Brown Jackson. Justice Clarence Thomas also wrote a concurrence joined by Justice Neil Gorsuch.
Alito defangs the law by unilaterally cancelling out congressional fixes to it — primarily, that plaintiffs bringing claims of racial vote dilution no longer have to prove that the legislators drawing the maps did so to purposefully discriminate. This bar had proved so difficult to overcome, especially as legislators became more adept at using facially neutral language, that Congress adopted amendments to the VRA asserting that if the maps have a discriminatory effect, that’s enough. Chief Justice John Roberts, then working in the Reagan administration, spearheaded the unsuccessful effort to doom the passage of those amendments.
Alito hand waves this history away, in part, by echoing Roberts’ reasoning in an earlier decision that eviscerated the VRA’s preclearance requirement, which required jurisdictions with histories of racial discrimination in voting to submit changes in election laws to the federal government for clearance before they could take effect. Roberts, in Shelby County v. Holder, said that the country had made such great strides in racial equality that the preventative measure was no longer necessary — ushering in a flood of new voter restrictions, particularly in the states that comprised the old Confederacy.
Read the rest at TPM.
Trump has insomnia too, it seems. He posted an idiotic message to Iran at an ungodly hour:
Trump posted this insanity at 4 in the morning
He is such an embarrassment! Of course the corporate media report this as if it’s perfectly normal. Here’s the latest on the Iran situation:
NBC News: Trump warns Iran ‘better get smart soon’ as he weighs military options over Strait of Hormuz.
President Donald Trump warned Iran “better get smart soon” Wednesday, as he weighed military options for the Strait of Hormuz with peace talks at an impasse.
Members of Trump’s national security team presented him with multiple options this week for how to handle the continuing bottleneck in the strait after negotiations failed to reopen the critical waterway, a U.S. official and a person familiar with the meeting told NBC News.
The standoff between Washington and Tehran, including the continued U.S. naval blockade, means the key trade route has been effectively blocked for two months.
The threat of prolonged disruption to the global economy has sent energy prices soaring — gas price averages in the U.S. reached $4.23 a gallon,the highest level in nearly four years, while the international benchmark price for oil, Brent crude, surged to $115 a barrel early Wednesday.
Meanwhile, Iran’s national rial currency hit a record low against the dollar, as Tehran’s economy also showed growing signs of strain.
The options discussed during Monday’s meeting in the Situation Room included whether the U.S. military presence in the strait should change — either increase or decrease — and whether the military should become more aggressive in conducting operations there, the U.S. official said.
Trump has not made any decisions about the way forward, the sources said, and it’s not clear when he might make a decision.
They don’t even note that the warning from Trump came in an idiotic Truth Social post until paragraph 11!
Trump and other top administration officials met with a group of energy industry executives on Tuesday, discussing possible next steps in continuing the blockade of Iran’s ports “for months if needed” and how to minimize impacts on American consumers, a White House official told NBC News.
The meeting was hosted by Treasury Secretary Scott Bessent included executives from Chevron, Trafi, Vitol and Mecuria, among other companies.
The U.S. showed little immediate enthusiasm for a new Iranian proposal that would end the war and reopen the strait without resolving the impasse over the Islamic Republic’s nuclear program — a key stumbling block in the stalled peace talks.
There’s quite a bit more information at the link.
Raw Story: Trump quietly telling insiders to prepare for ‘extended’ blockade of Iran: report.
President Donald Trump is quietly telling administration insiders to prepare for an “extended” blockade of Iran as negotiations to end the war with the regime drag on.
On Tuesday, the Wall Street Journal reported, citing “U.S. officials,” that Trump has told his aides that the blockade of Iran will continue, as the two sides remain far apart on Trump’s stated goal of getting the regime to give up its nuclear arms capabilities altogether. The report followed a meeting in the Situation Room on Monday, where Trump administration officials reviewed an offer to end the war from the Iranian regime that included reopening the Strait of Hormuz in exchange for delaying talks about nuclear weapons.
The report also suggests that Trump appears to be digging in and trying to tighten the screws on Iran’s economy.
“In recent meetings, including a Monday discussion in the Situation Room, Trump opted to continue squeezing Iran’s economy and oil exports by preventing shipping to and from its ports,” according to the report. “He assessed that his other options—resume bombing or walk away from the conflict—carried more risk than maintaining the blockade, officials said.”
“Yet continuing the blockade also prolongs a conflict that has driven up gas prices, hurt Trump’s poll numbers and further darkened Republicans’ prospects in the midterm elections,” it continued. “It has also caused the lowest number of transits through the Strait of Hormuz since the war began.”
In other Middle East news, the UAE is leaving OPEC. AP: The UAE’s departure from OPEC shakes up the alliance that influences oil prices worldwide.
The decision by the United Arab Emirates to leave the OPEC oil cartel shook up the 65-year-old alliance that produces some 40% of the world’s crude oil and exerts major influence over the price of energy around the globe.
OPEC countries
The UAE said in the announcement Tuesday that when it leaves OPEC this Friday, it plans to carry on with its long-held goal of increasing crude production “in a gradual and measured manner, aligned with demand and market conditions.”
Right now, that’s academic as far as oil prices go, since Iran is still blocking the Strait of Hormuz, which means much of the oil from Persian Gulf producers such as the UAE cannot be exported. But the departure could have long-term effects on oil prices….
The Organization of the Petroleum Exporting Countries was formed in Baghdad in September 1960 by Iran, Iraq, Kuwait, Saudi Arabia and Venezuela. It has 12 members — counting the UAE — that hold more than 80% of the world’s proven oil reserves. Other members are Algeria, Equatorial Guinea, Gabon, Libya, Nigeria and the Republic of the Congo….
The group, headquartered in Vienna, aims to regulate oil prices by coordinating increases or decreases in production.
The goal has been to keep prices high enough so member governments can balance their budgets and reap the benefits of their natural resources — but not so high as to cause a recession in consuming countries or to halt energy-consuming activity, a phenomenon known as demand destruction.
Trump has really screwed us and the rest of the world with his illegal Iran war. Analysis by Andrew Roth at The Guardian: Trump in tough spot as he tries to avoid deal that highlights US failures in Iran.
Donald Trump is learning first-hand about the perils of mission creep.
The US-Israel war in Iran has just passed its eighth week – twice as long as the president predicted it would take when US warplanes launched their joint attack with Israeli forces to decapitate the Iranian leadership and paralyse its military. The military attacks were successful. The predictions about the political cause-and-effect to follow were not.
Iran has survived the initial strikes and remains defiant, closing the strait of Hormuz in a move that has blocked off a fifth of the global oil trade. The US has responded with its own blockade to lock in Iranian oil, inflicting losses of an estimated $500m daily on Tehran and threatening the country’s long-term energy production – but negotiations have stalled and it is not clear if the White House is willing to withstand the pain of a sustained economic war or the risk of a military operation to open the strait.
“This has gone from being a war of choice to a war of necessity,” said Aaron David Miller, an analyst at the Carnegie Endowment and a former US diplomat and Middle East negotiator.
The war had transformed from a conflict involving Iran, the US and Israel to a “global economic crisis which shows no signs of abating”. Just this week, petrol prices in the US approached a four-year high, and they are expected to continue to rise before a crucial midterm election that could allow the Democrats to retake congress.
“The status quo is not tolerable … there has to be a fix to it,” Miller said. “It strikes me that the administration is in a very tough spot.”
But the solution remains elusive. One option would be to negotiate a temporary reopening of the strait of Hormuz but to delay nuclear talks on the fate of the more than 400kg of highly enriched uranium (HEU) – as well as the country’s right to enrich uranium in the future.
Read the rest at The Guardian.
Yesterday the “Justice” Department indicted James Comey for the second time. The indictment is unbelievably stupid. He is accused of threatening to assassinate Trump because he posted on social media a photo of some seashells spelling “86 47.”
This Comey indictment should be in Comic Sans
— Tim Dickinson (@timdickinson.bsky.social) 2026-04-28T21:09:18.050Z
Attorney Ken White AKA Popehat wrote about it at The Popehat Report: The Comey Threat Indictment Is A Grave Embarrassment To The United States Department of Justice And The Rule of Law.
I wrote up the Comey indictment.https://www.popehat.com/p/the-comey-…
On April 28, 2026, the United States Department of Justice indicted former FBI Director James Comey over a mildly sassy arrangement of seashells. The charge is preposterous and no competent or honest prosecutor would bring it. It represents a betrayal of the professional and ethical obligations of every U.S. Department of Justice attorney involved, and reflects the complete collapse of the Department’s credibility and independence in favor of a cultish and cretinous devotion to Donald Trump.
The indictment concerns James Comey’s May 25, 2025 post to his Instagram account remarking “Cool shell formation on my beach walk” and showing shells arranged to spell out “86 47.” [….]
47 is Donald Trump, the 47th President of the United States, and “86” is slang for ditch, get rid of, or discard.
Based on this, the United States Attorney’s Office for the Eastern District of North Carolina — the venue of the sassy beach stroll — secured an indictment against Comey for two federal felonies: threatening the President of the United States in violation of Title 18, United States Code, Section 871 and transmitting a threat in interstate commerce in violation of Title 18, United States Code, 875(c). In both counts, the government asserts that “a reasonable recipient who is familiar with the circumstances would interpret as a serious expression of intent to do harm.” That is, of course, a preposterous lie….
Let’s look at what the government would have to prove to convict Comey of these offenses, using cases from the Fourth Circuit, which governs this district. To prove a threat against the President in violation of Section 871, the prosecution must offer “(1) the proof of “a true threat” and (2) that the threat is made “knowingly and willfully.”“ United States v. Lockhart, 382 F.3d 447, 449-450 (4th Cir. 2004). To prove a threat in interstate commerce in violation of Section 875(c), the government must prove that “(1) that the defendant knowingly transmitted a communication in interstate or foreign commerce; (2) that the defendant subjectively intended the communication as a threat; and (3) that the content of the communication contained a “true threat” to kidnap or injure.” United States v. White, 810 F.3d 212, 220-21 (4th Cir. 2016). For purposes of both statutes, a “true threat” is a statement which an “ordinary, reasonable recipient who is familiar with the context in which the statement is made would interpret it as a serious expression of an intent to do harm.” White, 810 F.3d at 221.
Prosecutions for threats against the President played a substantial role in developing the First Amendment doctrine of “true threats,” which separates bluster and rhetoric from actual threats to do harm. In Watts v. United States, 394 U.S. 705 (1969), the United States Supreme Court took up the conviction of an 18-year-old man who said this during an anti-draft protest during Vietnam: “They always holler at us to get an education. And now I have already received my draft classification as 1-A and I have got to report for my physical this Monday coming. I am not going. If they ever make me carry a rifle the first man I want to get in my sights is L. B. J. . . . . They are not going to make me kill my black brothers.” The Court articulated the core of the “true threat” doctrine, noting that political rhetoric, hyperbole, and robust debate that does not convey an intent to do harm is protected by the First Amendment:
“But whatever the “willfullness” requirement implies, the statute initially requires the Government to prove a true threat. We do not believe that the kind of political hyperbole indulged in by petitioner fits within that statutory term. For we must interpret the language Congress chose “against the background of a profound national commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open, and that it may well include vehement, caustic, and sometimes unpleasantly sharp attacks on government and public officials.” New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964). The language [**1402] of the political arena, like the language used in labor disputes, see Linn v. United Plant Guard Workers of America, 383 U.S. 53, 58 (1966), is often vituperative, abusive, and inexact. We agree with petitioner that his only offense here was “a kind of very crude offensive method of stating a political opposition to the President.” Taken in context, and regarding the expressly conditional nature of the statement and the reaction of the listeners, we do not see how it could be interpreted otherwise. Watts, 394 U.S. at 708.”
No minimally rationally person could possibly conclude, seeing James Comey’s beachside dad joke, that he was expressing a sincere intent to harm the President. Nobody could look at it and conclude that Comey intended to convey that message. In evaluating whether a threat is “true,” the trier of fact must consider the context. Here the context is seashells. The context is the former Director of the FBI, a lifetime member of law enforcement, who is a well-known critic of the President and a target of the President’s wrath, using a campy mechanism to express opposition to the President, using slang for “ditch” or “eject” or “get rid of.” No rational person could see that and say “the former director of the FBI is saying he’s going to kill the President”!”
I could now cite to you a legion of cases for that proposition, finding rhetoric far more concerning than this protected by the First Amendment, analyzing language and context to show this is protected. But it wouldn’t matter, would it? If you are a minimally rational person, you don’t need to see the precedent, and if you’re a cultist, no amount of precedent matters to you.
He does go on; read the rest at the link above.
From Blanche’s press conference yesterday:
Q: Should we expect more indictments of this sort? For example, in 2020 Gretchen Whitmer did a TV hit with "8645" in the background." Would you pursue that?BLANCHE: As far as other instances of threats against the president — those will be investigated
I hope Blanche doesn’t have plans to continue legal work in the future. I don’t think he’s going to have a license. The same goes for the lawyers who prosecute this case.
One more from The Washington Post: Prosecutions of Trump’s foes add to GOP’s headaches in midterms.
Republicans hoping their party’s standard-bearer will stay focused on voters’ priorities heading into the November midterms caught no relief on Tuesday as the Trump administration announced charges against former FBI director James B. Comey and an aide to former chief medical adviser Anthony S. Fauci, as well as a review of Disney’s broadcast licenses.
The latest instances of turning government power against President Donald Trump’s critics and pursuing years-old grievances added to frustrations felt by Republicans who say the president isn’t doing enough to address the signature issues that won him a second term.
Two-thirds of Americans said Trump hasn’t paid enough attention to the country’s most important problems in a CNN survey conducted late last month, up from 52 percent in February 2025 and higher than at any point in his first term.
“No Republican wants to run on ‘I stand with Donald Trump’s retribution tour’” while gas prices are so high, said Barrett Marson, a GOP strategist in Arizona. “There is no doubt that the vast majority of non-MAGA voters want Trump to focus on anything but his personal animus toward a wide variety of people.”
The White House said the Comey prosecution has no bearing on Trump’s efforts to bring down costs — moves that include signing a tax-cut bill, adding discounted drugs to a government-run portal, expanding domestic beef production, releasing oil reserves and easing restrictions on tankers moving fuel between U.S. ports.
“The idea that President Trump and his Cabinet agencies cannot execute multiple actions simultaneously is so laughably false,” spokeswoman Abigail Jackson said. “The insinuation that a grand jury returning an indictment is mutually exclusive with the administration’s strong efforts on the economy is objectively false.”
Other Republicans, however, asked about the administration’s priorities. Sen. Thom Tillis (R-North Carolina), a member of the Senate Judiciary Committee, questioned whether the Comey case was the best use of time and resources for the acting U.S. attorney from his state who brought the charges, W. Ellis Boyle. Trump renominated Boyle to the position in January after the Senate took no action on his nomination last year.
This is just who Trump is. We can only hope the Democrats will win the House and Senate and impeach him.
That’s it for me today. What’s on your mind?
#8647 #DonaldTrump #IranWar #JamesComeyIndictedAgain #JusticeDepartment #KenWhite #OPEC #Popehat #RobertsCourt #SamuelAlito #SCOTUS #ToddBlanche #UAE #VotingRightsAct -
Wednesday Reads: Everything is Awful and Stupid.
Good Day!!
I’ve been getting more sleep than usual lately, but my chronic insomnia kicked in last night. I got almost no sleep. I’m really not ready to face another day with Trump and his antics, but I’ll do the best I can.
This news just broke from the Supreme Court:
The Washington Post (gift link): Supreme Court limits key provision of the landmark Voting Rights Act.
The Supreme Court on Wednesday sharply weakened a key provision of the landmark Voting Rights Act, a ruling that limits the consideration of race in drawing voting maps and could usher in Republican gains in the House.
The decision could touch off a scramble by Republicans to redraw minority-majority districts, especially in the South. New districts could shiftthe balance of power in Congress by imperiling the reelection prospects of some Black Democrats, possibly as soon as November’s midterms in some instances.
Samuel Alito (with Neil Gorsuch in the background on the left.)
The ruling also carries significant symbolic weight, effectively scaling backthe last major pillar of a 60-year-old law long considered one of the marquee achievements of the civil rights era. The Voting Rights Act bans discriminatory voting practices such as literacy tests and poll taxes, and has helped greatly increase minority representation in state and federal offices.
The ruling also carries significant symbolic weight, effectively scaling backthe last major pillar of a 60-year-old law long considered one of the marquee achievements of the civil rights era. The Voting Rights Act bans discriminatory voting practices such as literacy tests and poll taxes, and has helped greatly increase minority representation in state and federal offices.
In an ideologically divided 6-3 ruling, the conservative justices created a higher bar for the law’s powerful provision that allows states to use race to draw maps that help minority communities elect candidates of their choice. Section 2, as it is known, is aimed at combating discriminatory gerrymandering that weakens the power of Black, Latino, Native American and Asian voters.
States must walk a careful line when drawing maps for voting districts. The Voting Rights Act directsstates to consider race to some degreewhen redistricting to ensure that racial minority groups have an opportunity to elect representatives who reflect their priorities. Maps explicitly drawn along racial lines, however, violate the equal-protection clause of the 14th Amendment and the 15th Amendment’s ban on racial discrimination in voting practices.
Specifically:
The court’s conservative majority found Louisiana unlawfully discriminated by race when it created a second majority-Black congressional district to comply with the VRA. Justice Samuel A. Alito Jr. wrote the opinion for the majority.
“Section 2 of the Voting Rights Act … was designed to enforce the Constitution — not collide with it,” Alito wrote. “Unfortunately, lower courts have sometimes applied this Court’s [Section] 2 precedents in a way that forces States to engage in the very race-based discrimination that the Constitution forbids.”
The decision came over the sharp objections of the court’s three liberals. Justice Elena Kagan delivered the dissent from the bench, signaling strong disagreement.
“Under the Court’s new view of Section 2, a State can, without legal consequence, systematically dilute minority citizens’ voting power,” Kagan wrote in the dissent.
Kate Riga at Talking Points Memo: Alito Pens Decision That ‘Eviscerates’ The Voting Rights Act.
The Roberts Court finally achieved its years-long goal of killing the Voting Rights Act Wednesday, publishing a ruling that, the liberal justices say, will make proving racial discrimination in redistricting virtually impossible.
“Under the Court’s new view of Section 2, a State can, without legal consequence, systematically dilute minority citizens’ voting power,” wrote Justice Elena Kagan in her dissent.
“Of course, the majority does not announce today’s holding that way. Its opinion is understated, even antiseptic,” she continued. “The majority claims only to be “updat[ing]” our Section 2 law, as though through a few technical tweaks. But in fact, those ‘updates’ eviscerate the law…”
Justice Samuel Alito wrote the majority opinion, joined by all five other justices inthe bench’s right wing. Kagan was joined in her dissent by Justices Sonia Sotomayor and Ketanji Brown Jackson. Justice Clarence Thomas also wrote a concurrence joined by Justice Neil Gorsuch.
Alito defangs the law by unilaterally cancelling out congressional fixes to it — primarily, that plaintiffs bringing claims of racial vote dilution no longer have to prove that the legislators drawing the maps did so to purposefully discriminate. This bar had proved so difficult to overcome, especially as legislators became more adept at using facially neutral language, that Congress adopted amendments to the VRA asserting that if the maps have a discriminatory effect, that’s enough. Chief Justice John Roberts, then working in the Reagan administration, spearheaded the unsuccessful effort to doom the passage of those amendments.
Alito hand waves this history away, in part, by echoing Roberts’ reasoning in an earlier decision that eviscerated the VRA’s preclearance requirement, which required jurisdictions with histories of racial discrimination in voting to submit changes in election laws to the federal government for clearance before they could take effect. Roberts, in Shelby County v. Holder, said that the country had made such great strides in racial equality that the preventative measure was no longer necessary — ushering in a flood of new voter restrictions, particularly in the states that comprised the old Confederacy.
Read the rest at TPM.
Trump has insomnia too, it seems. He posted an idiotic message to Iran at an ungodly hour:
Trump posted this insanity at 4 in the morning
He is such an embarrassment! Of course the corporate media report this as if it’s perfectly normal. Here’s the latest on the Iran situation:
NBC News: Trump warns Iran ‘better get smart soon’ as he weighs military options over Strait of Hormuz.
President Donald Trump warned Iran “better get smart soon” Wednesday, as he weighed military options for the Strait of Hormuz with peace talks at an impasse.
Members of Trump’s national security team presented him with multiple options this week for how to handle the continuing bottleneck in the strait after negotiations failed to reopen the critical waterway, a U.S. official and a person familiar with the meeting told NBC News.
The standoff between Washington and Tehran, including the continued U.S. naval blockade, means the key trade route has been effectively blocked for two months.
The threat of prolonged disruption to the global economy has sent energy prices soaring — gas price averages in the U.S. reached $4.23 a gallon,the highest level in nearly four years, while the international benchmark price for oil, Brent crude, surged to $115 a barrel early Wednesday.
Meanwhile, Iran’s national rial currency hit a record low against the dollar, as Tehran’s economy also showed growing signs of strain.
The options discussed during Monday’s meeting in the Situation Room included whether the U.S. military presence in the strait should change — either increase or decrease — and whether the military should become more aggressive in conducting operations there, the U.S. official said.
Trump has not made any decisions about the way forward, the sources said, and it’s not clear when he might make a decision.
They don’t even note that the warning from Trump came in an idiotic Truth Social post until paragraph 11!
Trump and other top administration officials met with a group of energy industry executives on Tuesday, discussing possible next steps in continuing the blockade of Iran’s ports “for months if needed” and how to minimize impacts on American consumers, a White House official told NBC News.
The meeting was hosted by Treasury Secretary Scott Bessent included executives from Chevron, Trafi, Vitol and Mecuria, among other companies.
The U.S. showed little immediate enthusiasm for a new Iranian proposal that would end the war and reopen the strait without resolving the impasse over the Islamic Republic’s nuclear program — a key stumbling block in the stalled peace talks.
There’s quite a bit more information at the link.
Raw Story: Trump quietly telling insiders to prepare for ‘extended’ blockade of Iran: report.
President Donald Trump is quietly telling administration insiders to prepare for an “extended” blockade of Iran as negotiations to end the war with the regime drag on.
On Tuesday, the Wall Street Journal reported, citing “U.S. officials,” that Trump has told his aides that the blockade of Iran will continue, as the two sides remain far apart on Trump’s stated goal of getting the regime to give up its nuclear arms capabilities altogether. The report followed a meeting in the Situation Room on Monday, where Trump administration officials reviewed an offer to end the war from the Iranian regime that included reopening the Strait of Hormuz in exchange for delaying talks about nuclear weapons.
The report also suggests that Trump appears to be digging in and trying to tighten the screws on Iran’s economy.
“In recent meetings, including a Monday discussion in the Situation Room, Trump opted to continue squeezing Iran’s economy and oil exports by preventing shipping to and from its ports,” according to the report. “He assessed that his other options—resume bombing or walk away from the conflict—carried more risk than maintaining the blockade, officials said.”
“Yet continuing the blockade also prolongs a conflict that has driven up gas prices, hurt Trump’s poll numbers and further darkened Republicans’ prospects in the midterm elections,” it continued. “It has also caused the lowest number of transits through the Strait of Hormuz since the war began.”
In other Middle East news, the UAE is leaving OPEC. AP: The UAE’s departure from OPEC shakes up the alliance that influences oil prices worldwide.
The decision by the United Arab Emirates to leave the OPEC oil cartel shook up the 65-year-old alliance that produces some 40% of the world’s crude oil and exerts major influence over the price of energy around the globe.
OPEC countries
The UAE said in the announcement Tuesday that when it leaves OPEC this Friday, it plans to carry on with its long-held goal of increasing crude production “in a gradual and measured manner, aligned with demand and market conditions.”
Right now, that’s academic as far as oil prices go, since Iran is still blocking the Strait of Hormuz, which means much of the oil from Persian Gulf producers such as the UAE cannot be exported. But the departure could have long-term effects on oil prices….
The Organization of the Petroleum Exporting Countries was formed in Baghdad in September 1960 by Iran, Iraq, Kuwait, Saudi Arabia and Venezuela. It has 12 members — counting the UAE — that hold more than 80% of the world’s proven oil reserves. Other members are Algeria, Equatorial Guinea, Gabon, Libya, Nigeria and the Republic of the Congo….
The group, headquartered in Vienna, aims to regulate oil prices by coordinating increases or decreases in production.
The goal has been to keep prices high enough so member governments can balance their budgets and reap the benefits of their natural resources — but not so high as to cause a recession in consuming countries or to halt energy-consuming activity, a phenomenon known as demand destruction.
Trump has really screwed us and the rest of the world with his illegal Iran war. Analysis by Andrew Roth at The Guardian: Trump in tough spot as he tries to avoid deal that highlights US failures in Iran.
Donald Trump is learning first-hand about the perils of mission creep.
The US-Israel war in Iran has just passed its eighth week – twice as long as the president predicted it would take when US warplanes launched their joint attack with Israeli forces to decapitate the Iranian leadership and paralyse its military. The military attacks were successful. The predictions about the political cause-and-effect to follow were not.
Iran has survived the initial strikes and remains defiant, closing the strait of Hormuz in a move that has blocked off a fifth of the global oil trade. The US has responded with its own blockade to lock in Iranian oil, inflicting losses of an estimated $500m daily on Tehran and threatening the country’s long-term energy production – but negotiations have stalled and it is not clear if the White House is willing to withstand the pain of a sustained economic war or the risk of a military operation to open the strait.
“This has gone from being a war of choice to a war of necessity,” said Aaron David Miller, an analyst at the Carnegie Endowment and a former US diplomat and Middle East negotiator.
The war had transformed from a conflict involving Iran, the US and Israel to a “global economic crisis which shows no signs of abating”. Just this week, petrol prices in the US approached a four-year high, and they are expected to continue to rise before a crucial midterm election that could allow the Democrats to retake congress.
“The status quo is not tolerable … there has to be a fix to it,” Miller said. “It strikes me that the administration is in a very tough spot.”
But the solution remains elusive. One option would be to negotiate a temporary reopening of the strait of Hormuz but to delay nuclear talks on the fate of the more than 400kg of highly enriched uranium (HEU) – as well as the country’s right to enrich uranium in the future.
Read the rest at The Guardian.
Yesterday the “Justice” Department indicted James Comey for the second time. The indictment is unbelievably stupid. He is accused of threatening to assassinate Trump because he posted on social media a photo of some seashells spelling “86 47.”
This Comey indictment should be in Comic Sans
— Tim Dickinson (@timdickinson.bsky.social) 2026-04-28T21:09:18.050Z
Attorney Ken White AKA Popehat wrote about it at The Popehat Report: The Comey Threat Indictment Is A Grave Embarrassment To The United States Department of Justice And The Rule of Law.
I wrote up the Comey indictment.https://www.popehat.com/p/the-comey-…
On April 28, 2026, the United States Department of Justice indicted former FBI Director James Comey over a mildly sassy arrangement of seashells. The charge is preposterous and no competent or honest prosecutor would bring it. It represents a betrayal of the professional and ethical obligations of every U.S. Department of Justice attorney involved, and reflects the complete collapse of the Department’s credibility and independence in favor of a cultish and cretinous devotion to Donald Trump.
The indictment concerns James Comey’s May 25, 2025 post to his Instagram account remarking “Cool shell formation on my beach walk” and showing shells arranged to spell out “86 47.” [….]
47 is Donald Trump, the 47th President of the United States, and “86” is slang for ditch, get rid of, or discard.
Based on this, the United States Attorney’s Office for the Eastern District of North Carolina — the venue of the sassy beach stroll — secured an indictment against Comey for two federal felonies: threatening the President of the United States in violation of Title 18, United States Code, Section 871 and transmitting a threat in interstate commerce in violation of Title 18, United States Code, 875(c). In both counts, the government asserts that “a reasonable recipient who is familiar with the circumstances would interpret as a serious expression of intent to do harm.” That is, of course, a preposterous lie….
Let’s look at what the government would have to prove to convict Comey of these offenses, using cases from the Fourth Circuit, which governs this district. To prove a threat against the President in violation of Section 871, the prosecution must offer “(1) the proof of “a true threat” and (2) that the threat is made “knowingly and willfully.”“ United States v. Lockhart, 382 F.3d 447, 449-450 (4th Cir. 2004). To prove a threat in interstate commerce in violation of Section 875(c), the government must prove that “(1) that the defendant knowingly transmitted a communication in interstate or foreign commerce; (2) that the defendant subjectively intended the communication as a threat; and (3) that the content of the communication contained a “true threat” to kidnap or injure.” United States v. White, 810 F.3d 212, 220-21 (4th Cir. 2016). For purposes of both statutes, a “true threat” is a statement which an “ordinary, reasonable recipient who is familiar with the context in which the statement is made would interpret it as a serious expression of an intent to do harm.” White, 810 F.3d at 221.
Prosecutions for threats against the President played a substantial role in developing the First Amendment doctrine of “true threats,” which separates bluster and rhetoric from actual threats to do harm. In Watts v. United States, 394 U.S. 705 (1969), the United States Supreme Court took up the conviction of an 18-year-old man who said this during an anti-draft protest during Vietnam: “They always holler at us to get an education. And now I have already received my draft classification as 1-A and I have got to report for my physical this Monday coming. I am not going. If they ever make me carry a rifle the first man I want to get in my sights is L. B. J. . . . . They are not going to make me kill my black brothers.” The Court articulated the core of the “true threat” doctrine, noting that political rhetoric, hyperbole, and robust debate that does not convey an intent to do harm is protected by the First Amendment:
“But whatever the “willfullness” requirement implies, the statute initially requires the Government to prove a true threat. We do not believe that the kind of political hyperbole indulged in by petitioner fits within that statutory term. For we must interpret the language Congress chose “against the background of a profound national commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open, and that it may well include vehement, caustic, and sometimes unpleasantly sharp attacks on government and public officials.” New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964). The language [**1402] of the political arena, like the language used in labor disputes, see Linn v. United Plant Guard Workers of America, 383 U.S. 53, 58 (1966), is often vituperative, abusive, and inexact. We agree with petitioner that his only offense here was “a kind of very crude offensive method of stating a political opposition to the President.” Taken in context, and regarding the expressly conditional nature of the statement and the reaction of the listeners, we do not see how it could be interpreted otherwise. Watts, 394 U.S. at 708.”
No minimally rationally person could possibly conclude, seeing James Comey’s beachside dad joke, that he was expressing a sincere intent to harm the President. Nobody could look at it and conclude that Comey intended to convey that message. In evaluating whether a threat is “true,” the trier of fact must consider the context. Here the context is seashells. The context is the former Director of the FBI, a lifetime member of law enforcement, who is a well-known critic of the President and a target of the President’s wrath, using a campy mechanism to express opposition to the President, using slang for “ditch” or “eject” or “get rid of.” No rational person could see that and say “the former director of the FBI is saying he’s going to kill the President”!”
I could now cite to you a legion of cases for that proposition, finding rhetoric far more concerning than this protected by the First Amendment, analyzing language and context to show this is protected. But it wouldn’t matter, would it? If you are a minimally rational person, you don’t need to see the precedent, and if you’re a cultist, no amount of precedent matters to you.
He does go on; read the rest at the link above.
From Blanche’s press conference yesterday:
Q: Should we expect more indictments of this sort? For example, in 2020 Gretchen Whitmer did a TV hit with "8645" in the background." Would you pursue that?BLANCHE: As far as other instances of threats against the president — those will be investigated
I hope Blanche doesn’t have plans to continue legal work in the future. I don’t think he’s going to have a license. The same goes for the lawyers who prosecute this case.
One more from The Washington Post: Prosecutions of Trump’s foes add to GOP’s headaches in midterms.
Republicans hoping their party’s standard-bearer will stay focused on voters’ priorities heading into the November midterms caught no relief on Tuesday as the Trump administration announced charges against former FBI director James B. Comey and an aide to former chief medical adviser Anthony S. Fauci, as well as a review of Disney’s broadcast licenses.
The latest instances of turning government power against President Donald Trump’s critics and pursuing years-old grievances added to frustrations felt by Republicans who say the president isn’t doing enough to address the signature issues that won him a second term.
Two-thirds of Americans said Trump hasn’t paid enough attention to the country’s most important problems in a CNN survey conducted late last month, up from 52 percent in February 2025 and higher than at any point in his first term.
“No Republican wants to run on ‘I stand with Donald Trump’s retribution tour’” while gas prices are so high, said Barrett Marson, a GOP strategist in Arizona. “There is no doubt that the vast majority of non-MAGA voters want Trump to focus on anything but his personal animus toward a wide variety of people.”
The White House said the Comey prosecution has no bearing on Trump’s efforts to bring down costs — moves that include signing a tax-cut bill, adding discounted drugs to a government-run portal, expanding domestic beef production, releasing oil reserves and easing restrictions on tankers moving fuel between U.S. ports.
“The idea that President Trump and his Cabinet agencies cannot execute multiple actions simultaneously is so laughably false,” spokeswoman Abigail Jackson said. “The insinuation that a grand jury returning an indictment is mutually exclusive with the administration’s strong efforts on the economy is objectively false.”
Other Republicans, however, asked about the administration’s priorities. Sen. Thom Tillis (R-North Carolina), a member of the Senate Judiciary Committee, questioned whether the Comey case was the best use of time and resources for the acting U.S. attorney from his state who brought the charges, W. Ellis Boyle. Trump renominated Boyle to the position in January after the Senate took no action on his nomination last year.
This is just who Trump is. We can only hope the Democrats will win the House and Senate and impeach him.
That’s it for me today. What’s on your mind?
#8647 #DonaldTrump #IranWar #JamesComeyIndictedAgain #JusticeDepartment #KenWhite #OPEC #Popehat #RobertsCourt #SamuelAlito #SCOTUS #ToddBlanche #UAE #VotingRightsAct -
superbowl jesus ad, part 3: some notes, and more images
Welcome to the third post of this series analysing the imagery from the billion-dollar “He Gets Us” propaganda campaign to recruit people into fundamentalist evangelism, focusing specifically on the ad run during the 2024 Superbowl.
I strongly urge you to read the first section of Part 1 before continuing, if you have not already done so. That first section explains the overall theological structure of the ad. Without understanding that structure, the terms “Sinner” and “Saviour” as used in this series will not make sense, but I don’t want to have to paste that explanation back in to each of these posts.
Back already? Good job.
Before we return to the images, I want to address a couple of issues which have been brought to me, and highlight a comment made elsewhere.
First, I want to be very clear: this is an analysis of propaganda more than of theology. In the case of a deeply religious political movement, the two certainly do blur together! But I am not engaging in a theological critique. I am reporting upon how these propaganda images are intended to be read by their own, by their co-religionists, and – naturally – what that says about the thoughts and goals of their movement. While some of those meanings are in part theological, they are also political and must be read as such.
Secondly, pointing out a relevant meaning – particularly a politically relevant meaning – does not imply that other meanings do not or cannot exist. The washing of the feet, for example, has other meanings in addition to the one I mentioned, even for them. But where those are either strictly theological or do not contradict the top-line message they do not believe in but are trying to sell, I don’t bother discussing them.
To give one example, however – and this ties directly into the washing of the feet – I had a commenter elsewhere ask what it meant that both the washer (Saviour) and the wash-ee (Sinner) had bare feet. This ties back to the more mainline Christian theological interpretation of the footwashing event, a statement of a kind of equality, where Jesus, the leader, is serving his apostles, and in doing so, saying that in some ways we are all equal in this.
That’s also what everyone having their shoes off means here – though in their case they would frame it less as “we are all equals in this” and more “we are all sinners in the eyes of (an angry) god.” That “angry” part’s important, though I don’t want to get into it here – but when they say “god-fearing Christian,” they absolutely mean that part about the fear.
Regardless, even in that more antagonistic framing it is an equalising message and they do mean it to some degree. But since it’s not in contradiction to the topline political framing of reconciliation, I hadn’t discussed it.
There are other examples, which you may choose to discover on your own.
Finally, Part I of this series got shared around a little on Facebook, which was nice. The first comment I saw was from a former evangelical, who was kind enough to say that as an ex-fundamentalist, everything I said in Part I was extremely obvious to her.
I like to hear things like that, because every so often, I get pushback on this sort of analysis when I post it, always from people not of that particular community. And every time that’s happened so far, an exvangelical or other former fundamentalist has come in and said “No, she’s right,” in one form or another.
I’m not saying that will happen every time or that I can’t be wrong, because of course I can. But it is nice to get that validation, and Part 1 received that explicitly.
Now, where were we? Ah yes, slide six. Here’s a partial:
I also like the floating bananas and the empty two-part salad-dressing bottleAnd they say this commercial wasn’t made with AI. Hilarious.
I don’t see a lot here that isn’t obvious, frankly – including all the obvious AI usage. You have Shower Valves of Mystery, you have floating bananas and a CRT television that can’t’ve received a picture in decades and isn’t actually a television but is a computer monitor, you have a row of cabinets built to be above either a sink or maybe an oven which is above neither a sink nor an oven but does have a doormat labelled… is it NICE or is it NICK? I read it as NICK. Is Nick her husband? Is he a doormat? Is that part of the message, that she lacked a sufficiently strong man at home and thus fell into…
Oh surely not. It must be NICE. But if not… if it really is NICK… is that the core message? Is that the second level under “She’s a prescription drug addict and an alcoholic and also a smoker so needs Jesus to get out of it?” I mean, that’s Alcoholics Anonymous version 1.0 since forever, and they absolutely do assert that this is basically what happens with basically every single mom and that every marriage not dominated by a strong man is doomed to collapse and ruin. So is that the subtext here?
That’s a lot to hang on a doormat hung on a wall over where either a sink or a stove should be, so I’m not going to leap to that with assurance. But… it would fit.
Honestly, all cards on the table… I’ve spent so much time on this one because I just can’t get over the AI-ness here. It’s even on the central figures. If there’s a photographer involved, as they say there is, there is something very, very wrong with their camera.
I didn’t describe the scene, so: the image is of a small kitchen, old, intensely cluttered except for a clear spot on the floor in centre where our Sinner and our Saviour are placed. Our Sinner is a “mom” figurine, broken down, her feet being washed by our “Saviour” who is kind of signalled to be her daughter. There are a fleet of prescription medication bottles higher up on the counters, alcohol bottles everywhere, and an assortment of ashtrays scattered about the room; all the cigarettes appear to be tobacco.
And there’s an absolute avalanche of AI-like whatthefuckery, even in the main figures, even in the figures who are supposed to be the entire point of this image. I mean, look at this:
What is that shoulder seam? Also, choco milky is the best cleaner, I guessHonestly, it’s just insulting.(one billion dollars. a one billion dollar ad campaign. billion. with a b.)
That’s six slides down of twelve, just like the apostles. Despite how shoddy this mess is in some ways, that’s probably not a coincidence. It’s not unlikely that this has theological ties I’m not catching. But that’s okay; I’m just here for the politics.
Next slide, please.
[link] #politics #USPol #writing #fascism #HeGetsUs #superbowl #uspolitics
-
Thus Spoke and Maddog’s Top Ten(ish) of 2023
By Thus Spoke
Thus Spoke
Mum, I’ve made it; I’ve got my own official year-end list on Angry Metal Guy dot com. Just two years ago I had begun my probation period in what would come to be characteristically overzealous fashion, slapping a 4.5 on my first ever review, before deciding that words are much better than numbers. At the time, uncertain of my tenancy in these hallowed halls, I was juggling n00b reviews with short-form reviews on Instagram,1 the latter pursuit being what led me to apply here in the first place. And I’m glad I did!
My first complete year here as a writer has been pretty great, all things considered. I’ve reviewed (and not reviewed) some Excellent (with a capital ‘E’) albums and discovered new favorites—some of whom will be appearing below. It continues to humble me and blow my mind that I get to put my thoughts about music out here on the internet and that people actually read them; that I get to write about bands and records with a critical voice that actually garners some respect, like I’m a proper person who knows things; and that I have the chance to gush about artists I’ve loved for a long time, or only just hit upon. Reviewing Panopticon was a wonderful year-end highlight. Of course, not everything was rosy. It was another year of silence from Ulcerate2, not the greatest year for truly stand-out black metal (with some clear exceptions), and a year in which I struggled with some significant challenges at work. But disappointing promos and unavoidable life hurdles aside, 2023 has been the year that AMG—the reviewing, the staff, and the commenting community—has cemented itself as an important part of who I am. I’m grateful for all of you. Thank you.
Having not made one of these before, this has been my first proper taste of the agony (and perhaps joy) of choosing what to list and where to list them. Can I pen a Contrite Metal Guy piece about my picks later down the line? No, I can’t. So if I’ve forgotten something, please just don’t bring it up or it’ll torture me for at least the entirety of 2024.3 Now, on with the list before I change my mind!
#ish. Convocation // No Dawn for the Caliginous Night – Not only did this album floor me on first listen, but it also made me discover how much I love to say the word “caliginous.” *Annunciates* Cal-ig-in-ous. No Dawn… is just as satisfying, but in a very different way. Its drama, potency, and sheer scale are wondrous to behold and instantly catapulted it into my list (well, close enough). I had been thinking in recent months that I’d kind of fallen off the doom wagon. But Convocation was there right as the year was about to end to shove me firmly back on board. As Cherd opined “This is a towering celebration of death’s enormity, packaged in the heaviest and most shimmering of vessels,” and I concur. It’s really only down to a totally stacked year of music that this behemoth doesn’t rank higher.
#10. Thantifaxath // Hive Mind Narcosis – This album scares the shit out of me and I absolutely love it. Everything about its wacky, dissonant, bendy, manic, and malevolent intensity borders on the hallucinogenic and nightmarish. And as a piece of extreme metal, aiming to confront with the harshest of blackened death metal, this is a very good thing. Thantifaxath were a 2023 discovery for me, and this, their sophomore effort, thoroughly convinced me that I should be paying attention to them. It always sends me into a state of heavy foreboding, anxiety, and nausea at confrontation with the absurd. When I reviewed Hive Mind Narcosis, I talked about its contradictory coherence and beauty under a façade of erraticism and ugliness, and I believe this to be what makes it continue to stand out amidst many other unapproachable extreme metal records that came out in 2023, worthy as they may be.
#9. Downfall of Gaia // Silhouettes of Disgust – While I’ve had an appreciation for Downfall of Gaia since Atrophy, Silhouettes of Disgust has been the first one that’s really made an impression on me. It’s stuck with me nearly all year since it dropped in March, and I find myself continuing to return to it again and again. When I don’t know what to listen to, I’ll stick this on, and I’ll enjoy it every time. Melodically and emotionally powerful, it contains some of my favorite musical moments of the year, including in particular the building surge of drama and catharsis that ends “Optograms of Disgust” and the album entirely. I think the reason Silhouettes has had this effect was pinned down nicely by Carcharodon when he wrote: “this is the [album] that manages to blend most effectively all the disparate facets of Downfall of Gaia’s sound.” And I would go further and assert what he only hinted at, that Silhouettes is indeed the best of the band’s career.
#8. Stortregn // Finitude – I feel like Stortregn have been getting more and more fun with every album, or at least definitely on the last few. While Emptiness Fills the Void (2018) was light enjoyment, Impermanence (2021) stepped things up a gear into real grin-inducing territory. Finitude, however, blows those records out of the water with what is possibly the most fun I’ve had with technical death/black metal of any kind. Everything about it works towards this, from constantly evolving, circularly composed song structures that sweep you away with their drama and flair, to a flipping flamenco break in “Xeno Chaos” which I should hate, but instead, I absolutely fucking love because it works so brilliantly. Its melodies are gorgeous, its energy undeniable, its rhythms irresistible. Damn, I think I’m gonna go and listen to it again now, I’ve really given myself the itch.
#7. To the Grave // Director’s Cuts – This started off higher on my list. It’s not that I’ve cooled off on it. Quite the contrary, as To the Grave are my most-listened-to artist on Spotify this year, and I will still ardently defend, to anyone who bothers to vocalize their disagreement, that this is an Excellent album. It’s simply a testament to the strength of those you’ll find below. But let that not take away from the immensity that is Director’s Cuts. It’s a stunning slab of deathcore that utterly wipes the floor with anything else released in that subgenre this year, not just br00tal and groovy as all hell, but possessed of a powerful and righteous message of animal liberation, wrapped of course, in a super mean metal mien. “Manhunt,” and indeed most of the album, powered many a top set in the gym, while stone-cold classic-in-the-making, “Axe of Kindness” easily makes it to the Songs of the Year playlist. It’s just fantastic all-round. Until all are free! *Headbangs violently.*
#6. Wayfarer // American Gothic – I was not initially overly enamored with American Gothic. I don’t know what I was playing at though, because it’s quite clearly brilliant. It’s grown on me like no other album has this year, quickly and assertively muscling its way almost into my top five. Though at first I thought it was inferior to its predecessor A Romance with Violence, as I’ve mentioned, I was being silly, and it’s actually far superior. With a more coherent and consistent compositional structure, more powerful and punchy songs, with stronger, more memorable melodies, and a better integration of that uniquely Western vibe into vibrant and vicious black metal, this is my favorite Wayfarer album by a country mile. Brilliantly evocative, both satisfyingly savage and stirringly soft when it needs to be, American Gothic never ceases to transport me to the old West in its turbulent transformation with drama, passion, and beauty. And it’s wonderful to experience.
#5. Night Crowned // Tales – It was surprising enough that none of my esteemed colleagues had nabbed Tales before I did. But for it to be so mind-blowingly fantastic that it would end up this high on my year-end list was something else. With a songs-of-the-year-lister for an opening cut and, in general, a tracklist stuffed full of back-to-back bangers, and a blazingly bombastic, infectious spirit all around, Tales charges ahead of the competition with savage glee. It’s actually hard to overstate just how good this album is, particularly given how ridiculously easy it is to listen to with its catchy melodies, (relatively) snappy song lengths, and dynamic energy. The culmination of Night Crowned’s fiery and dramatic style of black metal, and the best of their already stellar discography, Tales calls me back ceaselessly and I’m more than happy to oblige.
#4. Fires in the Distance // Air Not Meant for Us – This album is magical. Nothing has changed since I first heard it in its entirety this spring. Elegantly composed, stirring, and effortlessly graceful, it’s hands-down the most straightforwardly beautiful thing on my list. It’s moving without being sappy, and pretty without being saccharine. And Air Not Meant for Us also wins points for including a midway instrumental that’s not only just as good as the other tracks, but possibly better, and bridges the two sides of the album in this lovely way that makes for a dreamy kind of interlude. Fires in the Distance have such a distinctive form of ethereal, key-accented melodeath/doom that I can only see the immense strength of Air Not Meant for Us as a huge, incredibly exciting sign of more brilliant records to come. As it is, I still haven’t had enough of this one.
#3. Serpent of Old // Ensemble Under the Dark Sun – Back in June, I confidently declared that “Serpent of Old have crafted one of the best metal records of 2023 so far, no exaggeration.” Well, it turns out I wasn’t exaggerating, because here it is, number three on my list. Clear as day I can recall hearing the opening notes of “The Sin Before the Great Sin,” as Ensemble Under the Dark Sun began playing for the first time. Straight away I knew that I’d landed a monster of an album, and 42 or so minutes later I was completely engulfed in its intoxicatingly atmospheric darkness. Like their eponymous snake, Serpent of Old wound their blackened death metal around and around my brain. Ensemble is intense, and yet utterly captivating, dripping with oppressive, haunting melodies and deep, angular dissonance. And it also features the best drum performance of the year in my opinion. To think this is a debut is frankly astonishing, and I am extremely keen to hear more.
#2. Dødheimsgard // Black Medium Current – For a long time, this sat comfortably in first place. Why is no mystery. Unlike anything Dødheimsgard have put out in the past, or anything else released this year, Black Medium Current challenged, confronted, and mesmerized me. Weird and discomfiting one moment, tear-jerkingly beautiful another, this album is an emotional and musical rollercoaster that treads perfectly that line between avant-garde wackiness and sincere black metal passion. I recall how stunned I was to discover its 72+ minute length, after already spinning it back-to-back multiple times because it’s so engrossing and intelligently composed. I also recall just how close I came to awarding my first “Iconic” when reviewing it, simply due to the lasting power I perceived it to possess. While the Contrite Metal Guy piece is not on the roadmap for anytime soon, I still believe Black Medium Current to be incredibly special, and an album that absolutely must be heard by everyone in the metalsphere, even if it’s to rapidly discover it’s not one’s cup of tea. Dødheimsgard have made an almost perfect record here. A worthy holder of the top position, were it not for one, equally lengthy rival…
#1. Panopticon // The Rime of Memory – As it’s so recently reviewed, perhaps this was obvious. But with Panopticon, I can be sure that its immense influence is not just due to proximity bias. Just like its predecessor …And Again into the Light, The Rime of Memory knocked me flat off my feet and buried me like an avalanche, with all of the intensity and force, and yet none of the cold. Because this burns white hot with passion and pain. I haven’t yet decided whether it sits above that prior record, but right now, it doesn’t matter, because it easily stands above all others in 2023. “Cedar Skeletons” alone snatches the song of the year accolade, but the whole is something I have to experience again and again. It would just be wrong to give anything less than first place to an album that quite literally brings me to tears because of how emotionally poignant and compositionally powerful it is. As with my #2 pick, its epic duration is immaterial in the face of its effect, which is utterly unmatched by any of my other list contenders. Panopticon—particularly on more recent records—seems to have a unique ability to tug on my heartstrings and to blend the most ferocious of black metal with the most serene and evocative Appalachian folk, and to have it all bleed pure pathos. The Rime of Memory more than matched my lofty hopes, and it already has a very special place in my heart.
Honorable Mentions:
- Ahab // The Coral Tombs – A return to form after the iffy Boats of the Glen Carrig. Managing at turns to be both as heavy as a colossal squid and beautifully still as the depths of the ocean.
- Nightmarer // Deformity Adrift – I love everything Nightmarer put out and this is no exception. Brutal and shivering with grim atmosphere and irresistible rhythm.
- Manbryne // Interregnum: O próbie wiary i jarzmie zwątpienia – Just as good, if not better than its predecessor. Which means it’s really rather good. Gnarly, intriguing Polish black metal with bite and pizzaz.
- The Circle // Of Awakening – This magnificent dramatic black metal opus came the closest to making it into the final list. I slept on this album hard until the final months, and it was only barely pushed out.
- Dymna Lotva // The Land Under the Black Wings: Blood – An album that came out of absolutely nowhere for me and stunned with its emotional potency and devastating delivery. Future Dymna Lotva records may well make the list when that year comes.
- Voidsphere // To Infect | To Inflict – Thank you to Dear Hollow for putting this on my radar. It’s like Decoherence and Darkspace had a baby. A dark, mesmerizing atmospheric black metal baby. Gorgeous.
Songs of the Year:
- “Cedar Skeletons” – Panopticon
- “De Namnlösa” – Night Crowned
- “Axe of Kindness” – To the Grave
- “Optograms of Disgust” – Downfall of Gaia
- “The Fall” – Serpent of Old
- “A Coral Tomb” – Ahab
- “Boreal” – The Ocean
- “Seven Crowns and Seven Seals” – Sulphur Aeon
- “Taufbefehl” – Nightmarer
- “Of Awakening” – The Circle (ft. Ne Obliviscaris)
Guilty Pleasure of the Year:
- “SIRENCORE” – Banshee – Not remotely metal unless you count some black metal shrieking scattered into its dance-pop. I did however, get mildly addicted to this song for a time. What can I say? I have to let my girly side out occasionally. And yeah. It’s going on the playlist.
Maddog
My earballs had a mixed year. A headbanger’s field day, 2023 boasted a solid array of death metal and some doom that won over skeptics like me. But this year’s music lacked emotional weight. Few 2023 albums sounded as beautiful as Inexorum’s Equinox Vigil, as heart-wrenching as Darkher’s The Buried Storm, or as monumental as Gloson’s The Rift, all of which rocked my 2022 list. There was still plenty to love, but something felt missing.
And so, I found solace in music from years past. Trees of Eternity’s Hour of the Nightingale, perhaps the most underrated record in AMG history, offered me catharsis on dark days. Emma Ruth Rundle held my hand,4 expressing boundless empathy through Marked for Death. Every Enshine release whisked me into a secluded world of sorrowful beauty. Conversely, LiveWire’s thrilling Under Attack!, my favorite 2022 record, kept hopelessness at bay; no matter what, I’m happy to inhabit a world that has LiveWire in it. On the fiercer side, I rekindled my love for Morbid Angel’s Covenant (1993), Suffocation’s Effigy of the Forgotten (1991), and Dying Fetus’ Killing on Adrenaline (1998). This deep bench of yesteryear highlights helped scratch the itches that 2023 albums missed.
The scarcity of tear-jerking 2023 music also re-taught me an important lesson: music that isn’t overtly emotional can still offer consolation or escape. Indeed, my favorite 2023 records brought a smile to my tired face rather than feeding my wallowing tendencies. A comment from the recent Suffocation review expressed this sentiment best:
All things fall to ruin in this world, and that’s why we have death metal.
I’ll give thank-yous a shot, though they’ll inevitably be incomplete. Thank you to AMG for his fearless leadership, Madam X for her tireless work, Grier for his insults, Steel for his bourbon (and also his bourbon), Sentynel for keeping us alive, and Dear Hollow for doing all the writing. Thank you to the UK staff for tolerating my occasional visits, and to everyone who’s supported me through bouts of melodrama. And thank you to everyone who makes my world more musical: artists, comment-section banterers, fellow writers, friends who share music with me, kind people at shows, and more. I’ll be on board 70,000 Tons for the first time next month, and I’m excited to keep deepening my musical community.
Finally, thank you to Thus Spoke, my (list) partner in (vegan) crime. Her intense emotional connection to music bleeds through her words, inspiring me to listen more closely and write more goodly. Read her list first; you won’t regret it.
#ish. Ne Obliviscaris // Exul – Exul’s peaks show Ne Obliviscaris at the top of their divisive game. The band’s balance of beauty and brutality is as strong as ever, as the strings, clean guitars, and death metal riffs move in lockstep. Bassist Martino Garratoni’s hyperactive melodies round out Exul’s rich soundscape. It’s a pleasure to hear Ne Obliviscaris’ compositions unfold, ebbing and flowing among the band’s diverse strengths. Exul’s bloat is the only major splotch on an otherwise stellar record. Listen to Exul with an open mind; it’s easy to get clouded by the hype or the popular hatred. Exul offers a lot to love, and there isn’t much else like it.
[Pairing: Maison Ferrand (Ars, France), Citadelle Jardin d’Été Gin. This gin is easy to sneer at; it’s contemporary, a newcomer, and French. But give it a chance. You might find your mind wandering through a château garden in bloom.]#10. Gorod // The Orb – I slept on The Orb at first because of its lackluster bass. After a decade of spectacular performances, bassist Benoit Claus inexplicably dialed back his wizardry after 2015’s A Maze of Recycled Creeds. Still, Gorod makes it work. The Orb’s unhinged harmonic leads showcase guitarists Pascal and Alberny at their finest. Meanwhile, the album’s energetic peaks and valleys give space for the drums to take the driver’s seat. Every moment of The Orb amps me up for the next moment, most notably on career highlight “Breeding Silence.” The Orb isn’t memorable enough to land near the top of Gorod’s formidable discography, but Gorod’s brand of hyper-technical death metal is still fun as hell.
[Pairing: Founders Brewing (Grand Rapids, MI), Porter – 6.5% ABV. Less rich than some of its Founders brethren (e.g. Breakfast Stout), but still a flavorful feast.]#9. Altari // Kröflueldar – I don’t know what the hell this is, but I love it. Altari’s distinctive debut melds black metal and psychedelic rock. While those genre labels might provoke knee-jerk comparisons to Oranssi Pazuzu or A Forest of Stars, Altari’s sound is peerless. Stalwart rhythms ground you while swirling melodies emerge from nowhere to whisk you away, echoing Love’s Forever Changes and Jefferson Airplane’s Surrealistic Pillow. And yet, Kröflueldar’s blackened edge makes it a haunting experience. While Kröflueldar’s abrupt song endings have room for improvement, Altari’s hypnotic debut is a triumph. It might be tucked too far underground to turn many heads, but it’s well worth your time.
[Pairing: Brandy Soymilk Punch (made with Paul Masson VSOP Brandy). “What the hell is this? Why would I ever drink… Errr, why is my glass empty? Fill me up!”]#8. Sodomisery // Mazzaroth – The melodic black metal resurgence of 2023 peaked with Sodomisery. Mazzaroth checks every box. Dissection-lite blackened death riffs collude with soaring Misturious melodies to lure you into the fray. The album’s clean sections and Sodomisery’s newfound symphonic elements add emotional depth without sounding generic. Mazzaroth’s strengths coalesce in its belt-along choruses, which maintain the album’s somber mood while still worming into your brain. Because Sodomisery executes every component so well, the record sounds fresh despite trodding well-trodden ground. Even Sodomisery’s less-than-ideal name inspired three of 2023’s most iconic comments. Mazzaroth has captured the hearts of old fans and newcomers alike, and the attention is well-deserved.
[Pairing: BrewDog (Ellon, UK), Drop D – Cascadian Dark Ale, 8.1% ABV. Perfectly balances hoppiness and roasty stout flavors, without reinventing any wheels.]#7. Faithxtractor // Contempt for a Failed Dimension – While 2023 had no shortage of compelling no-frills death metal, the genre peaked in January with Faithxtractor. This is what you get when you cross faith unforgiving death metal with a tractor meticulous songwriting. Contempt for a Failed Dimension’s single-minded focus keeps it concise and fearsome across both its crushing slow sections and its frantic riff carnivals. Faithxtractor’s creativity elevates the album from “mere” fun to the top of its genre. Even at its most unhinged, Contempt for a Failed Dimension never trips over itself. Every riff inhabits its optimal location, and each one is essential to the final product. I’m not sure which dimension has failed—I hope it isn’t a spatial one—but I know Faithxtractor will punish it mightily.
[Pairing: Lagunitas Brewing (Petaluma, CA), IPA – 6.2% ABV. A familiar beer in a familiar style, but it always hits the spot. Sometimes that’s all you need.]#6. Xoth // Exogalactic – Xoth’s brand of technical blackened death-thrash is a sci-fi spectacle. Exogalactic’s futuristic riffs, twisting melodies, and narrative arcs make it feel like reptilian aliens are indeed enslaving humans as gladiators like hordes of warriors are really battling for the galaxy. Hearing Xoth play Tetris with electrifying melodies of all shapes and sizes is thrilling. While the album’s peaks fall short of its predecessor, you’ll be belting out its colossal choruses in no time. Xoth’s style is unique, but it shares a strength with Archspire, First Fragment, and Jane Austen: you can hear Xoth grinning through their art. Every time I listen to Exogalactic, I can’t help but grin alongside.
[Pairing: Brouwerij Huyghe (Melle, Belgium), Delirium Tremens – Belgian Golden Strong Ale, 8.5% ABV. A paradox in a glass: strong and flavorful, but light-hearted and bright. It’ll put a smile on your face.]#5. Raider // Trial by Chaos – Trial by Chaos is as dense as its cover art. Over 39 minutes of hectic death-thrash, Raider tells tales of dystopia, science fiction, and righteous defiance. Every element of Raider’s onslaught finds its mark. The guitars range from Floridian death metal steamrollers to three-piece melodic leads, nailing both styles. The thunderous rhythm section raises hell at climactic moments and stitches Trial by Chaos’ disparate pieces together. Most strikingly, Angelo Bonaccorso’s vocal variety imbues the music with emotional force and narrative structure. This is only Raider’s second full-length record, but its cohesion and show-stopping power make it best in class. Expect Raider to be a torchbearer for death-thrash in the years to come.
[Pairing: 3 Floyds Brewing (Munster, IN), Permanent Funeral – Imperial IPA, 10.5% ABV. Unforgiving in its strength, its hoppiness, and its intense flavor. Intimidating but irresistible.]#4. Wayfarer // American Gothic – Seamlessly blending their Western aesthetic with black metal, Wayfarer transports the listener to the Western United States circa 1900. This is not a romanticized Magic School Bus trip; everything around you is greed, senseless violence, and environmental devastation.5 American Gothic’s emotional palette matches this landscape, leading through righteous anger (“The Cattle Thief”),6 longing (“To Enter My House Justified”), and hopelessness (“Black Plumes over God’s Country”). The album’s fantastic rhythm section and its rich production, both uncharacteristic strengths for black metal, allow Wayfarer’s diverse compositions to shine. Even though Wayfarer isn’t the only band playing this style, they’ve won my heart. Concise but powerful, American Gothic is the new American gothic.
[Pairing: Buffalo Trace Distillery (Frankfort, KY), Sazerac Rye. Accessible for the wallet and the palate, but with a fierce rye edge. A flavor bonanza and a perfect companion for an evening of reminiscences or regrets.]#3. Hellripper // Warlocks Grim & Withered Hags – The “old Hellripper” is still alive and well, after two riotous slabs of blackened speed metal. The “new Hellripper” is no less formidable. Forays into death metal and old-school speed metal add flair around the edges. Meanwhile, Warlocks’ longer tracks leap out of Hellripper’s comfort zone while balancing melodic variety and narrative cohesion. Scottish folk influences add depth throughout the melodies, the lyrics rooted in Orkney mythology, and the unexpected bagpipes. With these forces combined, the record’s narrative pieces feel like captivating campfire tales rather than bedtime stories. And still, Warlocks’ speedy killers are the most fun I’ve had all year. Warlocks is both an exhilarating listen and a massive step forward for Hellripper’s songwriting.
[Pairing: St. George Spirits (Alameda, CA), Terroir Gin. The juniper-heavy palate will placate gin gatekeepers, while the Douglas fir and sage will transport open minds to a California coastal redwood forest. Classic, innovative, and delicious.]#2. Onheil // In Black Ashes – In Black Ashes is melodic black/death/speed/thrash at its finest. But that description is both a little too much and much too little. The album’s irresistible speedy riffs alone deserve Grier’s 3.5. Onheil’s mastery of melody and songwriting elevates In Black Ashes into the stratosphere. Led by the indomitable “Void,” In Black Ashes’ powerful melodies offer catharsis like none other. As the album progresses, Onheil flexes their compositional muscles more, melding narrative meloblack epics with Mors Principium Est-adjacent bangers. Every track is a winner, and Onheil strikes an impossible balance between enthralling riffs and emotional heft. In Black Ashes deserves a lot more love.
[Pairing: Hayman’s Distillery (London, UK), Royal Dock Navy Strength Gin. This isn’t just another boring London gin; spices and citrus add a twist. Bottled at the 114 proof point where soaked gunpowder can still ignite, Royal Dock is fierce but shockingly smooth.]#1. Theophonos // Nightmare Visions – Nightmare Visions throws everything at the wall, and everything sticks. I struggled to describe this album once, and it isn’t getting easier. Theophonos’ debut feels like a grind-paced tour through metal history, squeezed through a blackened filter. Armed with razor-sharp riffs, a vicious rhythm section, and a refusal to sit still, Theophonos’ dissonant style is both neck-shattering and evocative. The album’s density makes it a gripping experience, while Jimmy Hamzey’s (Serpent Column) masterful transitions hold the Jenga blocks together. Theophonos’ blood, sweat, and tears glisten through details like the inter-song callbacks and the blurring of frenzied black metal and serene rock. Ten months into our love affair, Nightmare Visions still reveals new facets on every listen. Even if blackened grind isn’t your home turf (trust me, it isn’t mine), give Nightmare Visions a shot. I’d never heard anything like it, but now I can’t stop listening.
[Pairing: Fifth Hammer Brewing (Queens, NY), POGlodyte – Sour Ale with Passionfruit, Blood Orange, and Guava, 5.5% ABV. The description is accurate but inadequate. Wilder than your wildest dreams, this sour is what you never realized your life needed. Rapture for every taste bud.]Honorable Mentions:
- Night Crowned // Tales – Tales is a scorcher from cover to cover, blending ferocious blackened death melodies with clean and folky digressions. Night Crowned jostled their way up here at the last minute. Ask me in a few weeks, and I might regret not pushing Tales up to my top 10.
- Tomb Mold // The Enduring Spirit – Tomb Mold’s 57-degree turn into prog death lands close to Fallujah’s best work. With dueling guitar leads, riveting bass melodies, and groovy drum lines, The Enduring Spirit is gorgeous and engaging. With more oomph, it could’ve landed near the top of my list.
- Saturnus // The Storm Within – From its crushing death-doom riffs to its My Dying Bride-esque dirges, The Storm Within ripped my heart out. Saturnus’ decade-awaited return suffers from bloat, but it’s still one of 2023’s rare emotional juggernauts.
- Kalmah // Kalmah – Kalmah’s Kalmah sounds like Kalmah, in the best way. Firestorm riffs, massive climaxes, and prominent synths get the blood flowing. The slower morose sections hit just as hard, especially with their infectious choruses. Kalmah doesn’t break new ground, but it still holds me rapt.
- Reverend Kristin Michael Hayter // Saved! – Saved! is jarring, but Hayter’s spellbinding vocals and her cohesive compositions won me over. The album pantses my heart in its best moments, like “I Will Be with You Always.” The out-of-place shorter pieces and the record’s rocky start hold Saved! back, but it’s still worth a spin or ten.
- Serpent of Old // Ensemble under the Dark Sun – This one is tough to describe. Ensemble’s blackened death melodies, at once eerie and grabby, crept under my skin on my very first listen. Given how dense and thoughtful Ensemble is, I still can’t believe it’s Serpent of Old’s debut.
Disappointments o’ the Year:
- Myrkur // Spine – Pairing: Methanol. A close relative of excellence, but hazardous in its current form. So close, but so very far.
- The Ocean // Holocene – Pairing: Southwest Spirits (Dallas, TX), Calamity Gin. The heavy floral and citrusy botanicals make for an intriguing promo pitch. Given my history with similar styles, I had every expectation of loving this. Alas, reality was not so kind; I struggled to finish it.
Songs o’ the Year:
- Onheil – “Void”
- Enslaved – “Congelia”
- Xoth – “Battlesphere”
- Sermon – “Golden”
- Gorod – “Breeding Silence”
- Ne Obliviscaris – “Equus”
- Insomnium – “1696”
- Theophonos – “Of Days Past”
- Raider – “Labyrinth”
- Wayfarer – “The Cattle Thief”
- Stortregn – “The Revelation”
#Ahab #Altari #Convocation #Dödheimsgard #DownfallOfGaia #DymnaLotva #Faithxtractor #FiresInTheDistance #Gorod #Hellripper #Kalmah #Lists #Listurnalia #Mānbryne #Myrkur #NeObliviscaris #NightCrowned #Nightmarer #Onheil #Panopticon #Raider #ReverendKristinMichaelHayter #Saturnus #SerpentOfOld #Sodomisery #Stortregn #Thantifaxath #TheCircle #TheOcean #Theophonos #ThusSpokeSAndMaddogSTopTenIshOf2023 #ToTheGrave #TombMold #Top10Ish_ #Voidsphere #Wayfarer #Xoth
-
Thus Spoke and Maddog’s Top Ten(ish) of 2023
By Thus Spoke
Thus Spoke
Mum, I’ve made it; I’ve got my own official year-end list on Angry Metal Guy dot com. Just two years ago I had begun my probation period in what would come to be characteristically overzealous fashion, slapping a 4.5 on my first ever review, before deciding that words are much better than numbers. At the time, uncertain of my tenancy in these hallowed halls, I was juggling n00b reviews with short-form reviews on Instagram,1 the latter pursuit being what led me to apply here in the first place. And I’m glad I did!
My first complete year here as a writer has been pretty great, all things considered. I’ve reviewed (and not reviewed) some Excellent (with a capital ‘E’) albums and discovered new favorites—some of whom will be appearing below. It continues to humble me and blow my mind that I get to put my thoughts about music out here on the internet and that people actually read them; that I get to write about bands and records with a critical voice that actually garners some respect, like I’m a proper person who knows things; and that I have the chance to gush about artists I’ve loved for a long time, or only just hit upon. Reviewing Panopticon was a wonderful year-end highlight. Of course, not everything was rosy. It was another year of silence from Ulcerate2, not the greatest year for truly stand-out black metal (with some clear exceptions), and a year in which I struggled with some significant challenges at work. But disappointing promos and unavoidable life hurdles aside, 2023 has been the year that AMG—the reviewing, the staff, and the commenting community—has cemented itself as an important part of who I am. I’m grateful for all of you. Thank you.
Having not made one of these before, this has been my first proper taste of the agony (and perhaps joy) of choosing what to list and where to list them. Can I pen a Contrite Metal Guy piece about my picks later down the line? No, I can’t. So if I’ve forgotten something, please just don’t bring it up or it’ll torture me for at least the entirety of 2024.3 Now, on with the list before I change my mind!
#ish. Convocation // No Dawn for the Caliginous Night – Not only did this album floor me on first listen, but it also made me discover how much I love to say the word “caliginous.” *Annunciates* Cal-ig-in-ous. No Dawn… is just as satisfying, but in a very different way. Its drama, potency, and sheer scale are wondrous to behold and instantly catapulted it into my list (well, close enough). I had been thinking in recent months that I’d kind of fallen off the doom wagon. But Convocation was there right as the year was about to end to shove me firmly back on board. As Cherd opined “This is a towering celebration of death’s enormity, packaged in the heaviest and most shimmering of vessels,” and I concur. It’s really only down to a totally stacked year of music that this behemoth doesn’t rank higher.
#10. Thantifaxath // Hive Mind Narcosis – This album scares the shit out of me and I absolutely love it. Everything about its wacky, dissonant, bendy, manic, and malevolent intensity borders on the hallucinogenic and nightmarish. And as a piece of extreme metal, aiming to confront with the harshest of blackened death metal, this is a very good thing. Thantifaxath were a 2023 discovery for me, and this, their sophomore effort, thoroughly convinced me that I should be paying attention to them. It always sends me into a state of heavy foreboding, anxiety, and nausea at confrontation with the absurd. When I reviewed Hive Mind Narcosis, I talked about its contradictory coherence and beauty under a façade of erraticism and ugliness, and I believe this to be what makes it continue to stand out amidst many other unapproachable extreme metal records that came out in 2023, worthy as they may be.
#9. Downfall of Gaia // Silhouettes of Disgust – While I’ve had an appreciation for Downfall of Gaia since Atrophy, Silhouettes of Disgust has been the first one that’s really made an impression on me. It’s stuck with me nearly all year since it dropped in March, and I find myself continuing to return to it again and again. When I don’t know what to listen to, I’ll stick this on, and I’ll enjoy it every time. Melodically and emotionally powerful, it contains some of my favorite musical moments of the year, including in particular the building surge of drama and catharsis that ends “Optograms of Disgust” and the album entirely. I think the reason Silhouettes has had this effect was pinned down nicely by Carcharodon when he wrote: “this is the [album] that manages to blend most effectively all the disparate facets of Downfall of Gaia’s sound.” And I would go further and assert what he only hinted at, that Silhouettes is indeed the best of the band’s career.
#8. Stortregn // Finitude – I feel like Stortregn have been getting more and more fun with every album, or at least definitely on the last few. While Emptiness Fills the Void (2018) was light enjoyment, Impermanence (2021) stepped things up a gear into real grin-inducing territory. Finitude, however, blows those records out of the water with what is possibly the most fun I’ve had with technical death/black metal of any kind. Everything about it works towards this, from constantly evolving, circularly composed song structures that sweep you away with their drama and flair, to a flipping flamenco break in “Xeno Chaos” which I should hate, but instead, I absolutely fucking love because it works so brilliantly. Its melodies are gorgeous, its energy undeniable, its rhythms irresistible. Damn, I think I’m gonna go and listen to it again now, I’ve really given myself the itch.
#7. To the Grave // Director’s Cuts – This started off higher on my list. It’s not that I’ve cooled off on it. Quite the contrary, as To the Grave are my most-listened-to artist on Spotify this year, and I will still ardently defend, to anyone who bothers to vocalize their disagreement, that this is an Excellent album. It’s simply a testament to the strength of those you’ll find below. But let that not take away from the immensity that is Director’s Cuts. It’s a stunning slab of deathcore that utterly wipes the floor with anything else released in that subgenre this year, not just br00tal and groovy as all hell, but possessed of a powerful and righteous message of animal liberation, wrapped of course, in a super mean metal mien. “Manhunt,” and indeed most of the album, powered many a top set in the gym, while stone-cold classic-in-the-making, “Axe of Kindness” easily makes it to the Songs of the Year playlist. It’s just fantastic all-round. Until all are free! *Headbangs violently.*
#6. Wayfarer // American Gothic – I was not initially overly enamored with American Gothic. I don’t know what I was playing at though, because it’s quite clearly brilliant. It’s grown on me like no other album has this year, quickly and assertively muscling its way almost into my top five. Though at first I thought it was inferior to its predecessor A Romance with Violence, as I’ve mentioned, I was being silly, and it’s actually far superior. With a more coherent and consistent compositional structure, more powerful and punchy songs, with stronger, more memorable melodies, and a better integration of that uniquely Western vibe into vibrant and vicious black metal, this is my favorite Wayfarer album by a country mile. Brilliantly evocative, both satisfyingly savage and stirringly soft when it needs to be, American Gothic never ceases to transport me to the old West in its turbulent transformation with drama, passion, and beauty. And it’s wonderful to experience.
#5. Night Crowned // Tales – It was surprising enough that none of my esteemed colleagues had nabbed Tales before I did. But for it to be so mind-blowingly fantastic that it would end up this high on my year-end list was something else. With a songs-of-the-year-lister for an opening cut and, in general, a tracklist stuffed full of back-to-back bangers, and a blazingly bombastic, infectious spirit all around, Tales charges ahead of the competition with savage glee. It’s actually hard to overstate just how good this album is, particularly given how ridiculously easy it is to listen to with its catchy melodies, (relatively) snappy song lengths, and dynamic energy. The culmination of Night Crowned’s fiery and dramatic style of black metal, and the best of their already stellar discography, Tales calls me back ceaselessly and I’m more than happy to oblige.
#4. Fires in the Distance // Air Not Meant for Us – This album is magical. Nothing has changed since I first heard it in its entirety this spring. Elegantly composed, stirring, and effortlessly graceful, it’s hands-down the most straightforwardly beautiful thing on my list. It’s moving without being sappy, and pretty without being saccharine. And Air Not Meant for Us also wins points for including a midway instrumental that’s not only just as good as the other tracks, but possibly better, and bridges the two sides of the album in this lovely way that makes for a dreamy kind of interlude. Fires in the Distance have such a distinctive form of ethereal, key-accented melodeath/doom that I can only see the immense strength of Air Not Meant for Us as a huge, incredibly exciting sign of more brilliant records to come. As it is, I still haven’t had enough of this one.
#3. Serpent of Old // Ensemble Under the Dark Sun – Back in June, I confidently declared that “Serpent of Old have crafted one of the best metal records of 2023 so far, no exaggeration.” Well, it turns out I wasn’t exaggerating, because here it is, number three on my list. Clear as day I can recall hearing the opening notes of “The Sin Before the Great Sin,” as Ensemble Under the Dark Sun began playing for the first time. Straight away I knew that I’d landed a monster of an album, and 42 or so minutes later I was completely engulfed in its intoxicatingly atmospheric darkness. Like their eponymous snake, Serpent of Old wound their blackened death metal around and around my brain. Ensemble is intense, and yet utterly captivating, dripping with oppressive, haunting melodies and deep, angular dissonance. And it also features the best drum performance of the year in my opinion. To think this is a debut is frankly astonishing, and I am extremely keen to hear more.
#2. Dødheimsgard // Black Medium Current – For a long time, this sat comfortably in first place. Why is no mystery. Unlike anything Dødheimsgard have put out in the past, or anything else released this year, Black Medium Current challenged, confronted, and mesmerized me. Weird and discomfiting one moment, tear-jerkingly beautiful another, this album is an emotional and musical rollercoaster that treads perfectly that line between avant-garde wackiness and sincere black metal passion. I recall how stunned I was to discover its 72+ minute length, after already spinning it back-to-back multiple times because it’s so engrossing and intelligently composed. I also recall just how close I came to awarding my first “Iconic” when reviewing it, simply due to the lasting power I perceived it to possess. While the Contrite Metal Guy piece is not on the roadmap for anytime soon, I still believe Black Medium Current to be incredibly special, and an album that absolutely must be heard by everyone in the metalsphere, even if it’s to rapidly discover it’s not one’s cup of tea. Dødheimsgard have made an almost perfect record here. A worthy holder of the top position, were it not for one, equally lengthy rival…
#1. Panopticon // The Rime of Memory – As it’s so recently reviewed, perhaps this was obvious. But with Panopticon, I can be sure that its immense influence is not just due to proximity bias. Just like its predecessor …And Again into the Light, The Rime of Memory knocked me flat off my feet and buried me like an avalanche, with all of the intensity and force, and yet none of the cold. Because this burns white hot with passion and pain. I haven’t yet decided whether it sits above that prior record, but right now, it doesn’t matter, because it easily stands above all others in 2023. “Cedar Skeletons” alone snatches the song of the year accolade, but the whole is something I have to experience again and again. It would just be wrong to give anything less than first place to an album that quite literally brings me to tears because of how emotionally poignant and compositionally powerful it is. As with my #2 pick, its epic duration is immaterial in the face of its effect, which is utterly unmatched by any of my other list contenders. Panopticon—particularly on more recent records—seems to have a unique ability to tug on my heartstrings and to blend the most ferocious of black metal with the most serene and evocative Appalachian folk, and to have it all bleed pure pathos. The Rime of Memory more than matched my lofty hopes, and it already has a very special place in my heart.
Honorable Mentions:
- Ahab // The Coral Tombs – A return to form after the iffy Boats of the Glen Carrig. Managing at turns to be both as heavy as a colossal squid and beautifully still as the depths of the ocean.
- Nightmarer // Deformity Adrift – I love everything Nightmarer put out and this is no exception. Brutal and shivering with grim atmosphere and irresistible rhythm.
- Manbryne // Interregnum: O próbie wiary i jarzmie zwątpienia – Just as good, if not better than its predecessor. Which means it’s really rather good. Gnarly, intriguing Polish black metal with bite and pizzaz.
- The Circle // Of Awakening – This magnificent dramatic black metal opus came the closest to making it into the final list. I slept on this album hard until the final months, and it was only barely pushed out.
- Dymna Lotva // The Land Under the Black Wings: Blood – An album that came out of absolutely nowhere for me and stunned with its emotional potency and devastating delivery. Future Dymna Lotva records may well make the list when that year comes.
- Voidsphere // To Infect | To Inflict – Thank you to Dear Hollow for putting this on my radar. It’s like Decoherence and Darkspace had a baby. A dark, mesmerizing atmospheric black metal baby. Gorgeous.
Songs of the Year:
- “Cedar Skeletons” – Panopticon
- “De Namnlösa” – Night Crowned
- “Axe of Kindness” – To the Grave
- “Optograms of Disgust” – Downfall of Gaia
- “The Fall” – Serpent of Old
- “A Coral Tomb” – Ahab
- “Boreal” – The Ocean
- “Seven Crowns and Seven Seals” – Sulphur Aeon
- “Taufbefehl” – Nightmarer
- “Of Awakening” – The Circle (ft. Ne Obliviscaris)
Guilty Pleasure of the Year:
- “SIRENCORE” – Banshee – Not remotely metal unless you count some black metal shrieking scattered into its dance-pop. I did however, get mildly addicted to this song for a time. What can I say? I have to let my girly side out occasionally. And yeah. It’s going on the playlist.
Maddog
My earballs had a mixed year. A headbanger’s field day, 2023 boasted a solid array of death metal and some doom that won over skeptics like me. But this year’s music lacked emotional weight. Few 2023 albums sounded as beautiful as Inexorum’s Equinox Vigil, as heart-wrenching as Darkher’s The Buried Storm, or as monumental as Gloson’s The Rift, all of which rocked my 2022 list. There was still plenty to love, but something felt missing.
And so, I found solace in music from years past. Trees of Eternity’s Hour of the Nightingale, perhaps the most underrated record in AMG history, offered me catharsis on dark days. Emma Ruth Rundle held my hand,4 expressing boundless empathy through Marked for Death. Every Enshine release whisked me into a secluded world of sorrowful beauty. Conversely, LiveWire’s thrilling Under Attack!, my favorite 2022 record, kept hopelessness at bay; no matter what, I’m happy to inhabit a world that has LiveWire in it. On the fiercer side, I rekindled my love for Morbid Angel’s Covenant (1993), Suffocation’s Effigy of the Forgotten (1991), and Dying Fetus’ Killing on Adrenaline (1998). This deep bench of yesteryear highlights helped scratch the itches that 2023 albums missed.
The scarcity of tear-jerking 2023 music also re-taught me an important lesson: music that isn’t overtly emotional can still offer consolation or escape. Indeed, my favorite 2023 records brought a smile to my tired face rather than feeding my wallowing tendencies. A comment from the recent Suffocation review expressed this sentiment best:
All things fall to ruin in this world, and that’s why we have death metal.
I’ll give thank-yous a shot, though they’ll inevitably be incomplete. Thank you to AMG for his fearless leadership, Madam X for her tireless work, Grier for his insults, Steel for his bourbon (and also his bourbon), Sentynel for keeping us alive, and Dear Hollow for doing all the writing. Thank you to the UK staff for tolerating my occasional visits, and to everyone who’s supported me through bouts of melodrama. And thank you to everyone who makes my world more musical: artists, comment-section banterers, fellow writers, friends who share music with me, kind people at shows, and more. I’ll be on board 70,000 Tons for the first time next month, and I’m excited to keep deepening my musical community.
Finally, thank you to Thus Spoke, my (list) partner in (vegan) crime. Her intense emotional connection to music bleeds through her words, inspiring me to listen more closely and write more goodly. Read her list first; you won’t regret it.
#ish. Ne Obliviscaris // Exul – Exul’s peaks show Ne Obliviscaris at the top of their divisive game. The band’s balance of beauty and brutality is as strong as ever, as the strings, clean guitars, and death metal riffs move in lockstep. Bassist Martino Garratoni’s hyperactive melodies round out Exul’s rich soundscape. It’s a pleasure to hear Ne Obliviscaris’ compositions unfold, ebbing and flowing among the band’s diverse strengths. Exul’s bloat is the only major splotch on an otherwise stellar record. Listen to Exul with an open mind; it’s easy to get clouded by the hype or the popular hatred. Exul offers a lot to love, and there isn’t much else like it.
[Pairing: Maison Ferrand (Ars, France), Citadelle Jardin d’Été Gin. This gin is easy to sneer at; it’s contemporary, a newcomer, and French. But give it a chance. You might find your mind wandering through a château garden in bloom.]#10. Gorod // The Orb – I slept on The Orb at first because of its lackluster bass. After a decade of spectacular performances, bassist Benoit Claus inexplicably dialed back his wizardry after 2015’s A Maze of Recycled Creeds. Still, Gorod makes it work. The Orb’s unhinged harmonic leads showcase guitarists Pascal and Alberny at their finest. Meanwhile, the album’s energetic peaks and valleys give space for the drums to take the driver’s seat. Every moment of The Orb amps me up for the next moment, most notably on career highlight “Breeding Silence.” The Orb isn’t memorable enough to land near the top of Gorod’s formidable discography, but Gorod’s brand of hyper-technical death metal is still fun as hell.
[Pairing: Founders Brewing (Grand Rapids, MI), Porter – 6.5% ABV. Less rich than some of its Founders brethren (e.g. Breakfast Stout), but still a flavorful feast.]#9. Altari // Kröflueldar – I don’t know what the hell this is, but I love it. Altari’s distinctive debut melds black metal and psychedelic rock. While those genre labels might provoke knee-jerk comparisons to Oranssi Pazuzu or A Forest of Stars, Altari’s sound is peerless. Stalwart rhythms ground you while swirling melodies emerge from nowhere to whisk you away, echoing Love’s Forever Changes and Jefferson Airplane’s Surrealistic Pillow. And yet, Kröflueldar’s blackened edge makes it a haunting experience. While Kröflueldar’s abrupt song endings have room for improvement, Altari’s hypnotic debut is a triumph. It might be tucked too far underground to turn many heads, but it’s well worth your time.
[Pairing: Brandy Soymilk Punch (made with Paul Masson VSOP Brandy). “What the hell is this? Why would I ever drink… Errr, why is my glass empty? Fill me up!”]#8. Sodomisery // Mazzaroth – The melodic black metal resurgence of 2023 peaked with Sodomisery. Mazzaroth checks every box. Dissection-lite blackened death riffs collude with soaring Misturious melodies to lure you into the fray. The album’s clean sections and Sodomisery’s newfound symphonic elements add emotional depth without sounding generic. Mazzaroth’s strengths coalesce in its belt-along choruses, which maintain the album’s somber mood while still worming into your brain. Because Sodomisery executes every component so well, the record sounds fresh despite trodding well-trodden ground. Even Sodomisery’s less-than-ideal name inspired three of 2023’s most iconic comments. Mazzaroth has captured the hearts of old fans and newcomers alike, and the attention is well-deserved.
[Pairing: BrewDog (Ellon, UK), Drop D – Cascadian Dark Ale, 8.1% ABV. Perfectly balances hoppiness and roasty stout flavors, without reinventing any wheels.]#7. Faithxtractor // Contempt for a Failed Dimension – While 2023 had no shortage of compelling no-frills death metal, the genre peaked in January with Faithxtractor. This is what you get when you cross faith unforgiving death metal with a tractor meticulous songwriting. Contempt for a Failed Dimension’s single-minded focus keeps it concise and fearsome across both its crushing slow sections and its frantic riff carnivals. Faithxtractor’s creativity elevates the album from “mere” fun to the top of its genre. Even at its most unhinged, Contempt for a Failed Dimension never trips over itself. Every riff inhabits its optimal location, and each one is essential to the final product. I’m not sure which dimension has failed—I hope it isn’t a spatial one—but I know Faithxtractor will punish it mightily.
[Pairing: Lagunitas Brewing (Petaluma, CA), IPA – 6.2% ABV. A familiar beer in a familiar style, but it always hits the spot. Sometimes that’s all you need.]#6. Xoth // Exogalactic – Xoth’s brand of technical blackened death-thrash is a sci-fi spectacle. Exogalactic’s futuristic riffs, twisting melodies, and narrative arcs make it feel like reptilian aliens are indeed enslaving humans as gladiators like hordes of warriors are really battling for the galaxy. Hearing Xoth play Tetris with electrifying melodies of all shapes and sizes is thrilling. While the album’s peaks fall short of its predecessor, you’ll be belting out its colossal choruses in no time. Xoth’s style is unique, but it shares a strength with Archspire, First Fragment, and Jane Austen: you can hear Xoth grinning through their art. Every time I listen to Exogalactic, I can’t help but grin alongside.
[Pairing: Brouwerij Huyghe (Melle, Belgium), Delirium Tremens – Belgian Golden Strong Ale, 8.5% ABV. A paradox in a glass: strong and flavorful, but light-hearted and bright. It’ll put a smile on your face.]#5. Raider // Trial by Chaos – Trial by Chaos is as dense as its cover art. Over 39 minutes of hectic death-thrash, Raider tells tales of dystopia, science fiction, and righteous defiance. Every element of Raider’s onslaught finds its mark. The guitars range from Floridian death metal steamrollers to three-piece melodic leads, nailing both styles. The thunderous rhythm section raises hell at climactic moments and stitches Trial by Chaos’ disparate pieces together. Most strikingly, Angelo Bonaccorso’s vocal variety imbues the music with emotional force and narrative structure. This is only Raider’s second full-length record, but its cohesion and show-stopping power make it best in class. Expect Raider to be a torchbearer for death-thrash in the years to come.
[Pairing: 3 Floyds Brewing (Munster, IN), Permanent Funeral – Imperial IPA, 10.5% ABV. Unforgiving in its strength, its hoppiness, and its intense flavor. Intimidating but irresistible.]#4. Wayfarer // American Gothic – Seamlessly blending their Western aesthetic with black metal, Wayfarer transports the listener to the Western United States circa 1900. This is not a romanticized Magic School Bus trip; everything around you is greed, senseless violence, and environmental devastation.5 American Gothic’s emotional palette matches this landscape, leading through righteous anger (“The Cattle Thief”),6 longing (“To Enter My House Justified”), and hopelessness (“Black Plumes over God’s Country”). The album’s fantastic rhythm section and its rich production, both uncharacteristic strengths for black metal, allow Wayfarer’s diverse compositions to shine. Even though Wayfarer isn’t the only band playing this style, they’ve won my heart. Concise but powerful, American Gothic is the new American gothic.
[Pairing: Buffalo Trace Distillery (Frankfort, KY), Sazerac Rye. Accessible for the wallet and the palate, but with a fierce rye edge. A flavor bonanza and a perfect companion for an evening of reminiscences or regrets.]#3. Hellripper // Warlocks Grim & Withered Hags – The “old Hellripper” is still alive and well, after two riotous slabs of blackened speed metal. The “new Hellripper” is no less formidable. Forays into death metal and old-school speed metal add flair around the edges. Meanwhile, Warlocks’ longer tracks leap out of Hellripper’s comfort zone while balancing melodic variety and narrative cohesion. Scottish folk influences add depth throughout the melodies, the lyrics rooted in Orkney mythology, and the unexpected bagpipes. With these forces combined, the record’s narrative pieces feel like captivating campfire tales rather than bedtime stories. And still, Warlocks’ speedy killers are the most fun I’ve had all year. Warlocks is both an exhilarating listen and a massive step forward for Hellripper’s songwriting.
[Pairing: St. George Spirits (Alameda, CA), Terroir Gin. The juniper-heavy palate will placate gin gatekeepers, while the Douglas fir and sage will transport open minds to a California coastal redwood forest. Classic, innovative, and delicious.]#2. Onheil // In Black Ashes – In Black Ashes is melodic black/death/speed/thrash at its finest. But that description is both a little too much and much too little. The album’s irresistible speedy riffs alone deserve Grier’s 3.5. Onheil’s mastery of melody and songwriting elevates In Black Ashes into the stratosphere. Led by the indomitable “Void,” In Black Ashes’ powerful melodies offer catharsis like none other. As the album progresses, Onheil flexes their compositional muscles more, melding narrative meloblack epics with Mors Principium Est-adjacent bangers. Every track is a winner, and Onheil strikes an impossible balance between enthralling riffs and emotional heft. In Black Ashes deserves a lot more love.
[Pairing: Hayman’s Distillery (London, UK), Royal Dock Navy Strength Gin. This isn’t just another boring London gin; spices and citrus add a twist. Bottled at the 114 proof point where soaked gunpowder can still ignite, Royal Dock is fierce but shockingly smooth.]#1. Theophonos // Nightmare Visions – Nightmare Visions throws everything at the wall, and everything sticks. I struggled to describe this album once, and it isn’t getting easier. Theophonos’ debut feels like a grind-paced tour through metal history, squeezed through a blackened filter. Armed with razor-sharp riffs, a vicious rhythm section, and a refusal to sit still, Theophonos’ dissonant style is both neck-shattering and evocative. The album’s density makes it a gripping experience, while Jimmy Hamzey’s (Serpent Column) masterful transitions hold the Jenga blocks together. Theophonos’ blood, sweat, and tears glisten through details like the inter-song callbacks and the blurring of frenzied black metal and serene rock. Ten months into our love affair, Nightmare Visions still reveals new facets on every listen. Even if blackened grind isn’t your home turf (trust me, it isn’t mine), give Nightmare Visions a shot. I’d never heard anything like it, but now I can’t stop listening.
[Pairing: Fifth Hammer Brewing (Queens, NY), POGlodyte – Sour Ale with Passionfruit, Blood Orange, and Guava, 5.5% ABV. The description is accurate but inadequate. Wilder than your wildest dreams, this sour is what you never realized your life needed. Rapture for every taste bud.]Honorable Mentions:
- Night Crowned // Tales – Tales is a scorcher from cover to cover, blending ferocious blackened death melodies with clean and folky digressions. Night Crowned jostled their way up here at the last minute. Ask me in a few weeks, and I might regret not pushing Tales up to my top 10.
- Tomb Mold // The Enduring Spirit – Tomb Mold’s 57-degree turn into prog death lands close to Fallujah’s best work. With dueling guitar leads, riveting bass melodies, and groovy drum lines, The Enduring Spirit is gorgeous and engaging. With more oomph, it could’ve landed near the top of my list.
- Saturnus // The Storm Within – From its crushing death-doom riffs to its My Dying Bride-esque dirges, The Storm Within ripped my heart out. Saturnus’ decade-awaited return suffers from bloat, but it’s still one of 2023’s rare emotional juggernauts.
- Kalmah // Kalmah – Kalmah’s Kalmah sounds like Kalmah, in the best way. Firestorm riffs, massive climaxes, and prominent synths get the blood flowing. The slower morose sections hit just as hard, especially with their infectious choruses. Kalmah doesn’t break new ground, but it still holds me rapt.
- Reverend Kristin Michael Hayter // Saved! – Saved! is jarring, but Hayter’s spellbinding vocals and her cohesive compositions won me over. The album pantses my heart in its best moments, like “I Will Be with You Always.” The out-of-place shorter pieces and the record’s rocky start hold Saved! back, but it’s still worth a spin or ten.
- Serpent of Old // Ensemble under the Dark Sun – This one is tough to describe. Ensemble’s blackened death melodies, at once eerie and grabby, crept under my skin on my very first listen. Given how dense and thoughtful Ensemble is, I still can’t believe it’s Serpent of Old’s debut.
Disappointments o’ the Year:
- Myrkur // Spine – Pairing: Methanol. A close relative of excellence, but hazardous in its current form. So close, but so very far.
- The Ocean // Holocene – Pairing: Southwest Spirits (Dallas, TX), Calamity Gin. The heavy floral and citrusy botanicals make for an intriguing promo pitch. Given my history with similar styles, I had every expectation of loving this. Alas, reality was not so kind; I struggled to finish it.
Songs o’ the Year:
- Onheil – “Void”
- Enslaved – “Congelia”
- Xoth – “Battlesphere”
- Sermon – “Golden”
- Gorod – “Breeding Silence”
- Ne Obliviscaris – “Equus”
- Insomnium – “1696”
- Theophonos – “Of Days Past”
- Raider – “Labyrinth”
- Wayfarer – “The Cattle Thief”
- Stortregn – “The Revelation”
#Ahab #Altari #Convocation #Dödheimsgard #DownfallOfGaia #DymnaLotva #Faithxtractor #FiresInTheDistance #Gorod #Hellripper #Kalmah #Lists #Listurnalia #Mānbryne #Myrkur #NeObliviscaris #NightCrowned #Nightmarer #Onheil #Panopticon #Raider #ReverendKristinMichaelHayter #Saturnus #SerpentOfOld #Sodomisery #Stortregn #Thantifaxath #TheCircle #TheOcean #Theophonos #ThusSpokeSAndMaddogSTopTenIshOf2023 #ToTheGrave #TombMold #Top10Ish_ #Voidsphere #Wayfarer #Xoth
-
“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”
The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.
In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.
an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks
Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999
Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.
In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.
When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.
I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.
US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999Let’s break down this history as a quick list of dates and notable events and then dig into the details.
28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timelineThat timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.
Hacktivists Involved
Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.
This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.
WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.
An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”
Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999
Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.
As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.
“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.
As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.
US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.
Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?
f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999
Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.
The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.
KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.
Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.
The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.
XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)
XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.
“Emergency Issue” CD-ROM produced by KpZ, 1999Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.
XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.
Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.
US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.
http://www.legion2000.cc/ – via Internet ArchiveThe few defacements I can find by legion2000 occur in 1998 and are of Russian websites.
kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.
NATO does not prosecute innocent people
NATO does not raid
NATO does not create the mass-graves in your country
NATO is not out for blood, but out for peace
xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999
CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”
I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.
Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.
After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.
An example of a defacement post March is below.
USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.
A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).
Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000
After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.
“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.
Indeed, hackers are like Freemasons or workers, they must have international solidarity.
“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.
Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)
I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.
US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.
Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”
Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999
By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.
Solid Design Inc, defacement by RedHack – April 30th 2001Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.
This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.
Tactics & Techniques
“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.
The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.
The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.
The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.
CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.
Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.
Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.
Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999
The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.
From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.
“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”
“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.
Happy99 Virus in actionHackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.
Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.
According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.
Final thoughts
What is the take away from all of this, and was it really the first international hacktivist cyberwar?
The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.
Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.
The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.
A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.
Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.
Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998
The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.
The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016
When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.
“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker UnionIn looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.
To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.
I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?
Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)
I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.
“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.
Was the Kosovo War the first international hacktivist cyberwar?
The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.
It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.
After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.
Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001
I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.
There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.
If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.
#Brazil #CHC #China #ChinaEagle #cyberwar #DutchThreat #hacker #hackers #hacking #hacktivism #hacktivist #Hackweiser #history #HonkerUnion #KosovaHackerGroup #Kosovo #KpZ #NATO #newspaper #Pentaguard #Romania #Russia #RussianHackerUnion #RussianHackers #Serbia #Serbian #Slovenia #TeamSpl0it #TeamSploit #USA #war #XAKEP #Yugoslavia
-
“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”
The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.
In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.
an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks
Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999
Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.
In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.
When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.
I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.
US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999Let’s break down this history as a quick list of dates and notable events and then dig into the details.
28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timelineThat timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.
Hacktivists Involved
Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.
This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.
WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.
An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”
Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999
Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.
As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.
“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.
As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.
US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.
Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?
f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999
Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.
The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.
KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.
Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.
The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.
XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)
XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.
“Emergency Issue” CD-ROM produced by KpZ, 1999Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.
XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.
Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.
US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.
http://www.legion2000.cc/ – via Internet ArchiveThe few defacements I can find by legion2000 occur in 1998 and are of Russian websites.
kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.
NATO does not prosecute innocent people
NATO does not raid
NATO does not create the mass-graves in your country
NATO is not out for blood, but out for peace
xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999
CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”
I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.
Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.
After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.
An example of a defacement post March is below.
USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.
A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).
Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000
After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.
“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.
Indeed, hackers are like Freemasons or workers, they must have international solidarity.
“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.
Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)
I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.
US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.
Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”
Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999
By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.
Solid Design Inc, defacement by RedHack – April 30th 2001Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.
This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.
Tactics & Techniques
“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.
The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.
The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.
The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.
CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.
Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.
Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.
Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999
The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.
From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.
“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”
“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.
Happy99 Virus in actionHackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.
Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.
According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.
Final thoughts
What is the take away from all of this, and was it really the first international hacktivist cyberwar?
The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.
Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.
The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.
A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.
Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.
Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998
The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.
The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016
When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.
“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker UnionIn looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.
To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.
I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?
Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)
I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.
“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.
Was the Kosovo War the first international hacktivist cyberwar?
The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.
It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.
After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.
Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001
I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.
There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.
If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.
#Brazil #CHC #China #ChinaEagle #cyberwar #DutchThreat #hacker #hackers #hacking #hacktivism #hacktivist #Hackweiser #history #HonkerUnion #KosovaHackerGroup #Kosovo #KpZ #NATO #newspaper #Pentaguard #Romania #Russia #RussianHackerUnion #RussianHackers #Serbia #Serbian #Slovenia #TeamSpl0it #TeamSploit #USA #war #XAKEP #Yugoslavia
-
“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”
The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.
In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.
an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks
Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999
Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.
In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.
When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.
I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.
US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999Let’s break down this history as a quick list of dates and notable events and then dig into the details.
28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timelineThat timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.
Hacktivists Involved
Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.
This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.
WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.
An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”
Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999
Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.
As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.
“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.
As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.
US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.
Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?
f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999
Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.
The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.
KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.
Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.
The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.
XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)
XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.
“Emergency Issue” CD-ROM produced by KpZ, 1999Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.
XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.
Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.
US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.
http://www.legion2000.cc/ – via Internet ArchiveThe few defacements I can find by legion2000 occur in 1998 and are of Russian websites.
kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.
NATO does not prosecute innocent people
NATO does not raid
NATO does not create the mass-graves in your country
NATO is not out for blood, but out for peace
xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999
CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”
I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.
Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.
After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.
An example of a defacement post March is below.
USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.
A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).
Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000
After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.
“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.
Indeed, hackers are like Freemasons or workers, they must have international solidarity.
“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.
Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)
I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.
US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.
Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”
Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999
By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.
Solid Design Inc, defacement by RedHack – April 30th 2001Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.
This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.
Tactics & Techniques
“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.
The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.
The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.
The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.
CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.
Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.
Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.
Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999
The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.
From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.
“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”
“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.
Happy99 Virus in actionHackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.
Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.
According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.
Final thoughts
What is the take away from all of this, and was it really the first international hacktivist cyberwar?
The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.
Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.
The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.
A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.
Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.
Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998
The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.
The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016
When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.
“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker UnionIn looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.
To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.
I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?
Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)
I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.
“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.
Was the Kosovo War the first international hacktivist cyberwar?
The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.
It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.
After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.
Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001
I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.
There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.
If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.
#Brazil #CHC #China #ChinaEagle #cyberwar #DutchThreat #hacker #hackers #hacking #hacktivism #hacktivist #Hackweiser #history #HonkerUnion #KosovaHackerGroup #Kosovo #KpZ #NATO #newspaper #Pentaguard #Romania #Russia #RussianHackerUnion #RussianHackers #Serbia #Serbian #Slovenia #TeamSpl0it #TeamSploit #USA #war #XAKEP #Yugoslavia
-
“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”
The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.
In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.
an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks
Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999
Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.
In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.
When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.
I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.
US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999Let’s break down this history as a quick list of dates and notable events and then dig into the details.
28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timelineThat timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.
Hacktivists Involved
Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.
This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.
WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.
An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”
Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999
Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.
As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.
“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.
As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.
US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.
Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?
f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999
Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.
The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.
KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.
Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.
The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.
XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)
XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.
“Emergency Issue” CD-ROM produced by KpZ, 1999Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.
XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.
Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.
US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.
http://www.legion2000.cc/ – via Internet ArchiveThe few defacements I can find by legion2000 occur in 1998 and are of Russian websites.
kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.
NATO does not prosecute innocent people
NATO does not raid
NATO does not create the mass-graves in your country
NATO is not out for blood, but out for peace
xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999
CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”
I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.
Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.
After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.
An example of a defacement post March is below.
USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.
A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).
Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000
After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.
“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.
Indeed, hackers are like Freemasons or workers, they must have international solidarity.
“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.
Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)
I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.
US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.
Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”
Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999
By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.
Solid Design Inc, defacement by RedHack – April 30th 2001Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.
This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.
Tactics & Techniques
“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.
The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.
The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.
The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.
CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.
Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.
Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.
Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999
The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.
From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.
“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”
“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.
Happy99 Virus in actionHackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.
Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.
According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.
Final thoughts
What is the take away from all of this, and was it really the first international hacktivist cyberwar?
The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.
Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.
The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.
A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.
Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.
Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998
The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.
The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016
When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.
“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker UnionIn looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.
To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.
I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?
Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)
I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.
“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.
Was the Kosovo War the first international hacktivist cyberwar?
The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.
It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.
After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.
Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001
I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.
There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.
If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.
#Brazil #CHC #China #ChinaEagle #cyberwar #DutchThreat #hacker #hackers #hacking #hacktivism #hacktivist #Hackweiser #history #HonkerUnion #KosovaHackerGroup #Kosovo #KpZ #NATO #newspaper #Pentaguard #Romania #Russia #RussianHackerUnion #RussianHackers #Serbia #Serbian #Slovenia #TeamSpl0it #TeamSploit #USA #war #XAKEP #Yugoslavia
-
“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”
The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.
In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.
an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks
Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999
Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.
In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.
When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.
I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.
US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999Let’s break down this history as a quick list of dates and notable events and then dig into the details.
28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timelineThat timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.
Hacktivists Involved
Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.
This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.
WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.
An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”
Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999
Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.
As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.
“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.
As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.
US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.
Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?
f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999
Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.
The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.
KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.
Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.
The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.
XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)
XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.
“Emergency Issue” CD-ROM produced by KpZ, 1999Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.
XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.
Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.
US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.
http://www.legion2000.cc/ – via Internet ArchiveThe few defacements I can find by legion2000 occur in 1998 and are of Russian websites.
kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.
NATO does not prosecute innocent people
NATO does not raid
NATO does not create the mass-graves in your country
NATO is not out for blood, but out for peace
xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999
CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”
I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.
Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.
After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.
An example of a defacement post March is below.
USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.
A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).
Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000
After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.
“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.
Indeed, hackers are like Freemasons or workers, they must have international solidarity.
“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.
Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)
I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.
US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.
Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”
Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999
By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.
Solid Design Inc, defacement by RedHack – April 30th 2001Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.
This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.
Tactics & Techniques
“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.
The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.
The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.
The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.
CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.
Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.
Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.
Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999
The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.
From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.
“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”
“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.
Happy99 Virus in actionHackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.
Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.
According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).
Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999
Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.
Final thoughts
What is the take away from all of this, and was it really the first international hacktivist cyberwar?
The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.
Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.
The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.
A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.
Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.
Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998
The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.
The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016
When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.
“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker UnionIn looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.
To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.
I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?
Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)
I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.
“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.
Was the Kosovo War the first international hacktivist cyberwar?
The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.
It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.
After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.
Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001
I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.
There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.
If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.
#Brazil #CHC #China #ChinaEagle #cyberwar #DutchThreat #hacker #hackers #hacking #hacktivism #hacktivist #Hackweiser #history #HonkerUnion #KosovaHackerGroup #Kosovo #KpZ #NATO #newspaper #Pentaguard #Romania #Russia #RussianHackerUnion #RussianHackers #Serbia #Serbian #Slovenia #TeamSpl0it #TeamSploit #USA #war #XAKEP #Yugoslavia
-
Managed to score another bottle of Pen and Message Cigar from somebody in Fountain Pen Network-Philippines. It's so hard to acquire because Pen and Message limit the number of bottles a person can buy from their shop in Japan, and you have to use a different credit card for each bottle (at least that's what I was told)! It will be shipped to me this weekend. Glad to have a backup bottle of my grail ink.
-
Neath man’s tongue‑in‑cheek campaign brings back much‑loved Thatchers cider
What started as a joke between friends has ended with Scott Sullivan from Neath being invited to Thatchers’ famous Myrtle Farm in Somerset for a personal surprise from fourth‑generation cidermaker Martin Thatcher — and the official return of Redwood, a much‑missed limited‑edition cider that disappeared from shelves years ago.
Scott’s posts calling for Redwood’s comeback gathered unexpected momentum online, drawing in cider lovers across Wales and the West Country. The campaign caught the attention of Thatchers themselves, who decided to bring the small‑batch favourite back as part of this year’s Cider Barn range.
Scott Sullivan outside Thatchers’ Myrtle Farm brewery with the campaign message that sparked Redwood’s comeback.A fan campaign that actually worked
Scott says he first fell in love with Redwood during a farm tour back in 2018, when he and a group of friends tried the oak‑aged cider for the first time. When it quietly vanished from the range, they never stopped talking about it — and eventually Scott launched a playful online push to bring it back.
The joke turned into a movement, and the movement turned into a result.
Thatchers invited Scott back to Myrtle Farm, where the campaign had first taken root, and surprised him with a case of the newly released Redwood — handed over by Martin Thatcher himself.
Martin Thatcher, fourth‑generation cidermaker, said:
Scott Sullivan and his partner outside the wooden Cider Barn doors at Thatchers’ Myrtle Farm during their return visit. (Image: Thatchers)“We were genuinely moved by the enthusiasm and nostalgia surrounding Redwood. Scott’s campaign reminded us of the special place this cider holds in people’s memories. With the apple varieties being so delicious in this year’s harvest, bringing it back felt like the right way to honour that passion.”
‘Surreal’ moment for Neath superfan
Scott Sullivan said:
“Redwood was the cider that made me fall in love with Thatchers. We instantly fell in love with its oak‑aged depth and delicate sweetness. I launched the campaign partly as a joke, but underneath it was a genuine love for something that brought us joy. To be invited back to Myrtle Farm and surprised by Martin Thatcher himself was surreal.”
He said he was “grateful” the company not only listened but brought the cider back “in such a thoughtful way”.
Scott Sullivan and fourth‑generation cidermaker Martin Thatcher celebrate the return of Redwood inside the Cider Barn.Redwood returns as part of exclusive Cider Barn range
Redwood, a 6% ABV golden cider matured in 150‑year‑old oak vats and infused with oak chips, is known for its rich character and subtle vanilla aroma. It returns alongside Grenadier and Tremletts in this year’s Cider Barn releases.
The small‑batch bottles are available exclusively from the Thatchers Cider Shop at Myrtle Farm and online.
Martin Thatcher added:
“As Scott will attest, the Cider Barn range makes a perfect gift for cider lovers or a special treat for those who love to try something new.”
Related stories from Swansea Bay News
Neath’s Katherine Jenkins stuns on Golden Globes red carpet as her Welsh gin brand makes Hollywood debut
The Neath-born star turns heads in LA as her Welsh gin reaches a global audience.Nestlé recalls baby formula over food poisoning fears as parents urged to check products
A major recall prompts warnings to families across Wales.Local Wetherspoons announce January sales across Swansea
Popular pubs slash prices for the new year with deals across the city.Fried chicken frenzy: Popeyes to open at Parc Trostre after Pizza Hut closure
#cider #foodDrink #Neath #thatchers
The US fast‑food giant prepares to open its latest Welsh restaurant. -
Il y a les archéologues qui sont à fond dans le "publier ou périr" pour passer à la postérité, et il y a ceux qui laissent des messages dans des bouteilles en verre sur les sites où ils ont fouillé afin d'avoir leur nom dans les journaux 200 ans plus tard, comme P. J. Féret l'a fait en 1825 à Eu, près de Dieppe, sur un site gallo-romain.
https://archaeologymag.com/2024/10/200-year-old-message-discovered-in-bottle-in-france/
#archéologie #ESR #université #Gaule #RomeAntique #histoire -
Toronto: Banner Drop Supporting Armed Palestinian Resistance
In the early hours of October 23rd, Palestine solidarity actionists dropped a large banner from the top of the Wallace Avenue Footbridge in the Junction Triangle of Toronto to escalate for Gaza and proclaim the longevity of Palestinian resistance beyond a “ceasefire” deal that the Zionist entity violates daily.
The top of the banner was secured to the footbridge fencing with zip ties. Actionists tied partially-filled water bottles to the bottom of the banner with string to ensure it stayed in place and was visible in its entirety to passersby.
The actionists’ intention behind this simple banner drop is to spread the message of Resistance By Any Means Necessary through a powerful quote by the great martyr leader Yahya “Abu Ibrahim” Sinwar:
“Does the world expect us to be well-behaved victims while we are being killed, for us to be slaughtered without making a noise?”
On the bottom of the banner is a call to action for the people of Toronto: Support Armed Resistance.
In the wake of Western imperialist attempts to disarm and de-militarize Palestinian Resistance factions and other regional allies, it is of utmost importance to respond to the calls from Palestinians on the ground resisting their colonial occupiers: GLOBALIZE THE INTIFADA.
Whether that be through a flood of banners across the city of Toronto or smashing in the windows of Zionist banks or slashing the tires of kkkop cruisers or damaging the supply lines of weapons manufacturers in the GTA— participate in nurturing a popular cradle for Resistance By Any and All Means, including what comes out of the barrel of a gun.
Glory to the Martyrs, Long Live the Armed Resistance, Free Free Palestine.
Received by email.
https://abolitionmedia.noblogs.org/?p=22206
#armedResistance #canada #northAmerica #palestineSolidarity #toronto
-
Toronto: Banner Drop Supporting Armed Palestinian Resistance
In the early hours of October 23rd, Palestine solidarity actionists dropped a large banner from the top of the Wallace Avenue Footbridge in the Junction Triangle of Toronto to escalate for Gaza and proclaim the longevity of Palestinian resistance beyond a “ceasefire” deal that the Zionist entity violates daily.
The top of the banner was secured to the footbridge fencing with zip ties. Actionists tied partially-filled water bottles to the bottom of the banner with string to ensure it stayed in place and was visible in its entirety to passersby.
The actionists’ intention behind this simple banner drop is to spread the message of Resistance By Any Means Necessary through a powerful quote by the great martyr leader Yahya “Abu Ibrahim” Sinwar:
“Does the world expect us to be well-behaved victims while we are being killed, for us to be slaughtered without making a noise?”
On the bottom of the banner is a call to action for the people of Toronto: Support Armed Resistance.
In the wake of Western imperialist attempts to disarm and de-militarize Palestinian Resistance factions and other regional allies, it is of utmost importance to respond to the calls from Palestinians on the ground resisting their colonial occupiers: GLOBALIZE THE INTIFADA.
Whether that be through a flood of banners across the city of Toronto or smashing in the windows of Zionist banks or slashing the tires of kkkop cruisers or damaging the supply lines of weapons manufacturers in the GTA— participate in nurturing a popular cradle for Resistance By Any and All Means, including what comes out of the barrel of a gun.
Glory to the Martyrs, Long Live the Armed Resistance, Free Free Palestine.
Received by email.
https://abolitionmedia.noblogs.org/?p=22206
#armedResistance #canada #northAmerica #palestineSolidarity #toronto
-
Whiskers kind of got inspired seeing that empty big-eyed look on my character in Webfishing, and drew this up! With a fairy bottle!
These are open for comm! $44, message me!
Art by Whiskers
AWD is https://linktr.ee/Ra_Zim
#furry #furryart #ZGFArt #WickedWhiskers #fishing #fishingrod #webfishing #jar #fairy #moth #Paintrazim #africanwilddog #canine #canid #anthro #bandanna #brownfur #male
-
So some time ago someone on Mastodon posted that they're biking into Portugal from Spain. I just sent them a message saying hi, and that should they ever be passing into central rural Portugal, i offer a couch to crash, a warm shower and nice warm meals. This person is moving around all mainland europe, essentially with just their bike, a tent and a water bottle.
Some weeks later, this person who i had only exchanged with just a couple of direct msgs here on Mastodon , was resting for 2 nights at my house, having conversation and hanging out. Up to the exact moment we met we both barely knew each other's names, how we looked, what kind of people we were. I didn't even know the exact date and time they were coming.
It reminded me of the great days of when i used couchsurfing .com when it was still completely free. Circumstances changed since then, and i had stopped using it for a long time, and i believe couchsurfing.com is no longer completely free. But having a similar experience after so long, and hosting someone completely random without any transaction happening except pure faith in people's goodness, reminded me once again of the joys of opening your doors to randoms. 1/2
#couchsurfing #travel #peoplekindness #hospitality #freehospitality #anotherworldispossible #randomthoughts
-
An Interesting Day
Yesterday was quite an interesting day. It started as my normal Saturday writing the Just A Thought, Miscellaneous Minds, and Movie Reviews. That were pretty much prepped through the week. But, I noticed my baby boy, Bobby Leach II, left a message—I kind on panicked because when that kid reaches out—it’s like the Day the Earth Stood Still—in jest, we call him the “Invisible Man” because he’s like a rarity that one very seldom sees. He left me a message that said, “Good morning Mom, just called to tell you I love you, and hope you’re having a wonderful weekend.” I called him up—we had a long conversation and he ended with…I’ve come to the conclusion that God has it all so we just need to do what’s right, look out for each other—everybody’s not on the same level and you can’t judge where they are—just help them when and if you can and keep it moving.”
This conversation started me on the trek of calling the rest of the crew, then I called Tanisha, my baby girl…opening with “Is the world coming to an end?” She asked why? I said, “your brother just called me—he never does that!” She said, “I know, we had a long conversation yesterday.” We discussed our plans for today and decided cooking was not part of the program.
The next call…Joi, who I call my logistics person. She’s always exploring new restaurants and places to eat. So, I immediately asked her what were the plans for tomorrow. She was talking about something was brewing with her friend Jackie, because her mom was in town, but there was nothing carved in stone. I told her I’d like to do something with our crew — last minute would be hard to find any reservations at all if possible—but like Sherlock Holmes, she was on the case.
I then called my oldest son, Andre’, who was on his way to the gym to workout. He’s our neighborhood health buff. When you see him, he’s a towering giant with a heart of gold. We talked for a brief moment. I told him I couldn’t wait until my new license plate came. He said, “Mom, I can’t believe how excited you are over a license plate.”
In the interim, my Goddaughter, Christina, was calling to see what I was doing because she wanted to come by. I told her was thinking about starting to paint the trim but hadn’t started yet. By the time she showed up, I was sitting in my easy chair with my feet up. Christina showed up at the door with the most beautiful bouquet of what looked to be like velvet flowers. She grabbed a cold bottle of water out of the fridge and we hung out watching one of my favorite Asian films…
Somehow that painting project got placed on hold. But I had a great day. Perhaps you are thinking all she did was talk to her kids. That may be true. But the point of this post is … Communication is key…My kid’s ages range from 40 to 54. I am so thankful to God, first of all, because they are still here, secondly, they’re never too busy for momma, and God is bringing healing and restoration in places in this family’s relationship that I prayed for.
So, on this Mother’s Day, I am so grateful for my crew. I feel like Stitch, “This is my family, it’s small and broken, but still good.” We must learn to love each other flaws and all. Happy Mother’s Day to my Mom—all my daughter’s, all the mothers at Peace Progressive MB, and my loyal readers. May your day be Merry and Bright! Blessings and Peace!
© Rhema International 2026. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Rhema Internation
#ChristianBlogger #ChristianBlogs #MotherSDay #AnInterestingDay #Andre #Believer #Bible #Blogging #BobbyLeachII #Christ #Christian #Christianity #Christine #faith #Family #fiction #God #Jesus #Joi #Life #love #Tanisha #Writing -
Air to Ground Message:
F/A LEFT A NICE WATER BOTTLE ON A/C 188 IN DEN SHE WILL BE BACK THERE TOMORROW ON FLT 3156 CAN YOU MSG THEM AND ASK FOR IT TO BE LEFT AT ONE OF OUR GATES UNTIL SHE GETS THERE
Area: Liberal, KS, USA
Type: Airbus A321
A: #a08be3e2964
F: #f24810df58a -
SOGA (MX) + SMETVREES + BOTTLED VIOLENCE
OCCII, Thursday, May 28 at 08:00 PM GMT+2
SOGA is a punk band from Mexico City that’s been active since 2018. They play energetic, fast, loud and raw hardcore punk with a political and feminist message. SOGA is Violeta on bass and vocals, Sara on guitar and vocals and Angy on drums. They have two albums out on Iron Lung Records, the most recent one titled “Corrosión” which they’re bringing for their first ever European tour in 2026.
SMETVREES Founded in 2023 by singer Ted and guitarist Kees, they still love to work together and make danceable, raw punk full of energy and chaos. They live for the stage and love when the crowd goes wild, dancing, moshing, and crowd surfing. Give them a few drink vouchers, a bunch of bananas, a crate of beer, and their day is complete.
Bottled Violence is a five-piece noise-punk band formed at Rock City Institute in Eindhoven that has been playing together for almost a year now. Live, they transform into a vast blur of harsh feedback, fuzz, screaming vocals, and loud drums. Their lyrics reveal that they hold clear opinions on society, covering topics such as monarchy, capitalism, and human rights. This was also evident in their performance at a housing rights protest in Eindhoven, as well as in performances in squats. The band’s inspirations can also be heard coming from Minor Threat, Dead Kennedys, and Sonic Youth.
https://calendar.askapunk.nl/event/soga-mx-smetvrees-bottled-violence
-
SOGA (MX) + SMETVREES + BOTTLED VIOLENCE
OCCII, Thursday, May 28 at 08:00 PM GMT+2
SOGA is a punk band from Mexico City that’s been active since 2018. They play energetic, fast, loud and raw hardcore punk with a political and feminist message. SOGA is Violeta on bass and vocals, Sara on guitar and vocals and Angy on drums. They have two albums out on Iron Lung Records, the most recent one titled “Corrosión” which they’re bringing for their first ever European tour in 2026.
SMETVREES Founded in 2023 by singer Ted and guitarist Kees, they still love to work together and make danceable, raw punk full of energy and chaos. They live for the stage and love when the crowd goes wild, dancing, moshing, and crowd surfing. Give them a few drink vouchers, a bunch of bananas, a crate of beer, and their day is complete.
Bottled Violence is a five-piece noise-punk band formed at Rock City Institute in Eindhoven that has been playing together for almost a year now. Live, they transform into a vast blur of harsh feedback, fuzz, screaming vocals, and loud drums. Their lyrics reveal that they hold clear opinions on society, covering topics such as monarchy, capitalism, and human rights. This was also evident in their performance at a housing rights protest in Eindhoven, as well as in performances in squats. The band’s inspirations can also be heard coming from Minor Threat, Dead Kennedys, and Sonic Youth.
https://calendar.askapunk.nl/event/soga-mx-smetvrees-bottled-violence
-
This is a summary of the work done on initiatives by the Community Platform Engineering (CPE) Team. Every quarter, the CPE team works together with CentOS Project and Fedora Project community leaders and representatives to choose projects that will be being worked upon in that quarter. The CPE team is then split into multiple smaller sub-teams that will work on the chosen initiatives and day-to-day work that needs to be done. Some of the sub-teams are dedicated to the continuous efforts in the team whilst some are created only for the initiative purposes.
This update is made from infographics and detailed updates. If you want to just see what’s new, check the infographics. If you want more details, continue reading.
About
The Community Platform Engineering Team is a Red Hat team that is working exclusively on community projects. Its members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure teams. This team works on initiatives, which are projects with larger scope related to community work that needs to be done. It also investigates possible initiatives with the ARC (The Advance Reconnaissance Crew), which is formed from a subset of the Infrastructure & Release Engineering sub-team members based on the initiative that is being investigated.
Issue trackers
Initiatives
PDC Retirement
PDC is the Product Definition Center, running at: https://pdc.fedoraproject.org/.
However, this application which was developed internally, is no longer maintained. This codebase has been “orphaned” for a few years now and we need to find a solution for it.
We are reviewing and having a critical look on what we store in there, see what is really needed and then find a solution for its replacement.
Status: In Progress
Issue trackers
Documentation
Application URLs
Matrix Native Zodbot
With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, Zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative aims to provide a future-proof solution and allow us to conduct meetings without wasting time troubleshooting the Matrix <-> IRC bridge and Zodbot.
Status: In Progress
Issue trackers
Documentation
FMN Replacement
FMN is a project that allows people in our community to get notified when messages that interest them fire on the message-bus, making the message-bus more useful to people that are not directly developing or troubleshooting applications running in our infra.
The previous solution had plenty of tech debt which caused lag times between an event happening and the subscriber to be notified, so this initiative rewrote the service from scratch and is now live! Users are recommended to migrate their rules to the new service and notifications can also now be configured to email, IRC and Matrix.
Status: Done
Issue trackers
Documentation
Application URLs
DNF-Countme Update
DNF Mirrors Countme scripts are used to gain statistics data about the downloads of Fedora. Purpose of this initiative is to optimize the current solution by adding more comprehensive testing, removing unnecessary code and reducing storage consumption of the data.
Status: Done
Issue trackers
Documentation
ARC Investigations
Investigate moving registry.fp.o to quay.io
Traditionally, registry.fedoraproject.org was needed as quay.io did not support multiarch which it now does. The purpose of this ticket is to carry out some investigation work to confirm all the above is true as well as finding any other potential blockers to the move.
Status: Done
Documentation
Spam fighting
We had plenty of spam on pagure.io this year. To fight it more effectively, the ARC team tried a few different approaches to recognize and delete spam. It’s now much easier to delete the spam user with all the spam it created.
Status: Done
ARC investigation/planning for FCAS
In order to have a quantitative understanding of how the contributor activity has changed over the years and to provide the foundational support to the Fedora Project strategy 2028’s guiding star about doubling the number of active contributors every week, it is important to have a service that tracks their statistics. This measurement would help make the strategy goal meaningful as well as assist the Fedora Council and the related bodies understand how far they have progressed into making this happen and identify the underlying particular problems that act as a barrier in realizing this objective.
Status: Done
Documentation
Badges backend for new Service
Fedora Badges is a service that grants virtual accolades for milestones and completing tasks within the Fedora Project community. For example, a community member may collect badges for testing package updates on Bodhi when they test 1, 5, 10, 20, 40, 80, 125, 250, 500 and 1000 updates.
Status: Done
Documentation
Pagure to GitLab importer
With Fedora and CentOS now having an official namespace on GitLab, multiple projects want to migrate their repositories from Pagure to GitLab. This initiative is aimed to provide an easy way to migrate those projects.
Status: Done
Documentation
DNF-countme
The purpose of this work was about investigating the current solution and it’s bottlenecks to identify what needs to be done to solve the following problems:
- Storage bottleneck when creating the intermediate database file
- Operations efficiency for the infrastructure team
Status: Done
Documentation
Dist-Git decoupling & ecosystem mapping
The objective of the potential initiative is to move repository contents (including but not limited to source codes, Packit configurations, RPM specfiles) from Pagure Dist-Git to another platform and confirm that the associated tooling and services (including but not limited to FMN, Datanommer, COPR, Toddlers, FMN, CI, Monitor-Gating, Packit, Bodhi, Fedpkg) work well with the newer platform. The investigation aims to be as agnostic as it can be regarding the destination platform to help ideate a general solution for the compatibility of the associated tooling and services.
Status: Done
Documentation
Epilogue
If you get here, thank you for reading this. If you want to contact us, feel free to do it on matrix.
As CPE members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure, see also the Fedora Infra & Releng update and CentOS Infrastructure update.
https://communityblog.fedoraproject.org/2023-year-in-review-cpe/
#CPE #distGit #DNF #Fedora39 #FedoraInfrastructure #FedoraLinux38 #FedoraMessagingNotificationFMN_ #Infra #Meetbot #YearInReview #YearInReview2023
-
This is a summary of the work done on initiatives by the Community Platform Engineering (CPE) Team. Every quarter, the CPE team works together with CentOS Project and Fedora Project community leaders and representatives to choose projects that will be being worked upon in that quarter. The CPE team is then split into multiple smaller sub-teams that will work on the chosen initiatives and day-to-day work that needs to be done. Some of the sub-teams are dedicated to the continuous efforts in the team whilst some are created only for the initiative purposes.
This update is made from infographics and detailed updates. If you want to just see what’s new, check the infographics. If you want more details, continue reading.
About
The Community Platform Engineering Team is a Red Hat team that is working exclusively on community projects. Its members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure teams. This team works on initiatives, which are projects with larger scope related to community work that needs to be done. It also investigates possible initiatives with the ARC (The Advance Reconnaissance Crew), which is formed from a subset of the Infrastructure & Release Engineering sub-team members based on the initiative that is being investigated.
Issue trackers
Initiatives
PDC Retirement
PDC is the Product Definition Center, running at: https://pdc.fedoraproject.org/.
However, this application which was developed internally, is no longer maintained. This codebase has been “orphaned” for a few years now and we need to find a solution for it.
We are reviewing and having a critical look on what we store in there, see what is really needed and then find a solution for its replacement.
Status: In Progress
Issue trackers
Documentation
Application URLs
Matrix Native Zodbot
With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, Zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative aims to provide a future-proof solution and allow us to conduct meetings without wasting time troubleshooting the Matrix <-> IRC bridge and Zodbot.
Status: In Progress
Issue trackers
Documentation
FMN Replacement
FMN is a project that allows people in our community to get notified when messages that interest them fire on the message-bus, making the message-bus more useful to people that are not directly developing or troubleshooting applications running in our infra.
The previous solution had plenty of tech debt which caused lag times between an event happening and the subscriber to be notified, so this initiative rewrote the service from scratch and is now live! Users are recommended to migrate their rules to the new service and notifications can also now be configured to email, IRC and Matrix.
Status: Done
Issue trackers
Documentation
Application URLs
DNF-Countme Update
DNF Mirrors Countme scripts are used to gain statistics data about the downloads of Fedora. Purpose of this initiative is to optimize the current solution by adding more comprehensive testing, removing unnecessary code and reducing storage consumption of the data.
Status: Done
Issue trackers
Documentation
ARC Investigations
Investigate moving registry.fp.o to quay.io
Traditionally, registry.fedoraproject.org was needed as quay.io did not support multiarch which it now does. The purpose of this ticket is to carry out some investigation work to confirm all the above is true as well as finding any other potential blockers to the move.
Status: Done
Documentation
Spam fighting
We had plenty of spam on pagure.io this year. To fight it more effectively, the ARC team tried a few different approaches to recognize and delete spam. It’s now much easier to delete the spam user with all the spam it created.
Status: Done
ARC investigation/planning for FCAS
In order to have a quantitative understanding of how the contributor activity has changed over the years and to provide the foundational support to the Fedora Project strategy 2028’s guiding star about doubling the number of active contributors every week, it is important to have a service that tracks their statistics. This measurement would help make the strategy goal meaningful as well as assist the Fedora Council and the related bodies understand how far they have progressed into making this happen and identify the underlying particular problems that act as a barrier in realizing this objective.
Status: Done
Documentation
Badges backend for new Service
Fedora Badges is a service that grants virtual accolades for milestones and completing tasks within the Fedora Project community. For example, a community member may collect badges for testing package updates on Bodhi when they test 1, 5, 10, 20, 40, 80, 125, 250, 500 and 1000 updates.
Status: Done
Documentation
Pagure to GitLab importer
With Fedora and CentOS now having an official namespace on GitLab, multiple projects want to migrate their repositories from Pagure to GitLab. This initiative is aimed to provide an easy way to migrate those projects.
Status: Done
Documentation
DNF-countme
The purpose of this work was about investigating the current solution and it’s bottlenecks to identify what needs to be done to solve the following problems:
- Storage bottleneck when creating the intermediate database file
- Operations efficiency for the infrastructure team
Status: Done
Documentation
Dist-Git decoupling & ecosystem mapping
The objective of the potential initiative is to move repository contents (including but not limited to source codes, Packit configurations, RPM specfiles) from Pagure Dist-Git to another platform and confirm that the associated tooling and services (including but not limited to FMN, Datanommer, COPR, Toddlers, FMN, CI, Monitor-Gating, Packit, Bodhi, Fedpkg) work well with the newer platform. The investigation aims to be as agnostic as it can be regarding the destination platform to help ideate a general solution for the compatibility of the associated tooling and services.
Status: Done
Documentation
Epilogue
If you get here, thank you for reading this. If you want to contact us, feel free to do it on matrix.
As CPE members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure, see also the Fedora Infra & Releng update and CentOS Infrastructure update.
https://communityblog.fedoraproject.org/2023-year-in-review-cpe/
#CPE #distGit #DNF #FedoraInfrastructure #FedoraMessagingNotificationFMN_ #Infra #Meetbot #YearInReview #YearInReview2023
-
This is a summary of the work done on initiatives by the Community Platform Engineering (CPE) Team. Every quarter, the CPE team works together with CentOS Project and Fedora Project community leaders and representatives to choose projects that will be being worked upon in that quarter. The CPE team is then split into multiple smaller sub-teams that will work on the chosen initiatives and day-to-day work that needs to be done. Some of the sub-teams are dedicated to the continuous efforts in the team whilst some are created only for the initiative purposes.
This update is made from infographics and detailed updates. If you want to just see what’s new, check the infographics. If you want more details, continue reading.
About
The Community Platform Engineering Team is a Red Hat team that is working exclusively on community projects. Its members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure teams. This team works on initiatives, which are projects with larger scope related to community work that needs to be done. It also investigates possible initiatives with the ARC (The Advance Reconnaissance Crew), which is formed from a subset of the Infrastructure & Release Engineering sub-team members based on the initiative that is being investigated.
Issue trackers
Initiatives
PDC Retirement
PDC is the Product Definition Center, running at: https://pdc.fedoraproject.org/.
However, this application which was developed internally, is no longer maintained. This codebase has been “orphaned” for a few years now and we need to find a solution for it.
We are reviewing and having a critical look on what we store in there, see what is really needed and then find a solution for its replacement.
Status: In Progress
Issue trackers
Documentation
Application URLs
Matrix Native Zodbot
With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, Zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative aims to provide a future-proof solution and allow us to conduct meetings without wasting time troubleshooting the Matrix <-> IRC bridge and Zodbot.
Status: In Progress
Issue trackers
Documentation
FMN Replacement
FMN is a project that allows people in our community to get notified when messages that interest them fire on the message-bus, making the message-bus more useful to people that are not directly developing or troubleshooting applications running in our infra.
The previous solution had plenty of tech debt which caused lag times between an event happening and the subscriber to be notified, so this initiative rewrote the service from scratch and is now live! Users are recommended to migrate their rules to the new service and notifications can also now be configured to email, IRC and Matrix.
Status: Done
Issue trackers
Documentation
Application URLs
DNF-Countme Update
DNF Mirrors Countme scripts are used to gain statistics data about the downloads of Fedora. Purpose of this initiative is to optimize the current solution by adding more comprehensive testing, removing unnecessary code and reducing storage consumption of the data.
Status: Done
Issue trackers
Documentation
ARC Investigations
Investigate moving registry.fp.o to quay.io
Traditionally, registry.fedoraproject.org was needed as quay.io did not support multiarch which it now does. The purpose of this ticket is to carry out some investigation work to confirm all the above is true as well as finding any other potential blockers to the move.
Status: Done
Documentation
Spam fighting
We had plenty of spam on pagure.io this year. To fight it more effectively, the ARC team tried a few different approaches to recognize and delete spam. It’s now much easier to delete the spam user with all the spam it created.
Status: Done
ARC investigation/planning for FCAS
In order to have a quantitative understanding of how the contributor activity has changed over the years and to provide the foundational support to the Fedora Project strategy 2028’s guiding star about doubling the number of active contributors every week, it is important to have a service that tracks their statistics. This measurement would help make the strategy goal meaningful as well as assist the Fedora Council and the related bodies understand how far they have progressed into making this happen and identify the underlying particular problems that act as a barrier in realizing this objective.
Status: Done
Documentation
Badges backend for new Service
Fedora Badges is a service that grants virtual accolades for milestones and completing tasks within the Fedora Project community. For example, a community member may collect badges for testing package updates on Bodhi when they test 1, 5, 10, 20, 40, 80, 125, 250, 500 and 1000 updates.
Status: Done
Documentation
Pagure to GitLab importer
With Fedora and CentOS now having an official namespace on GitLab, multiple projects want to migrate their repositories from Pagure to GitLab. This initiative is aimed to provide an easy way to migrate those projects.
Status: Done
Documentation
DNF-countme
The purpose of this work was about investigating the current solution and it’s bottlenecks to identify what needs to be done to solve the following problems:
- Storage bottleneck when creating the intermediate database file
- Operations efficiency for the infrastructure team
Status: Done
Documentation
Dist-Git decoupling & ecosystem mapping
The objective of the potential initiative is to move repository contents (including but not limited to source codes, Packit configurations, RPM specfiles) from Pagure Dist-Git to another platform and confirm that the associated tooling and services (including but not limited to FMN, Datanommer, COPR, Toddlers, FMN, CI, Monitor-Gating, Packit, Bodhi, Fedpkg) work well with the newer platform. The investigation aims to be as agnostic as it can be regarding the destination platform to help ideate a general solution for the compatibility of the associated tooling and services.
Status: Done
Documentation
Epilogue
If you get here, thank you for reading this. If you want to contact us, feel free to do it on matrix.
As CPE members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure, see also the Fedora Infra & Releng update and CentOS Infrastructure update.
https://communityblog.fedoraproject.org/2023-year-in-review-cpe/
#CPE #distGit #DNF #FedoraInfrastructure #FedoraMessagingNotificationFMN_ #Infra #Meetbot #YearInReview #YearInReview2023
-
This is a summary of the work done on initiatives by the Community Platform Engineering (CPE) Team. Every quarter, the CPE team works together with CentOS Project and Fedora Project community leaders and representatives to choose projects that will be being worked upon in that quarter. The CPE team is then split into multiple smaller sub-teams that will work on the chosen initiatives and day-to-day work that needs to be done. Some of the sub-teams are dedicated to the continuous efforts in the team whilst some are created only for the initiative purposes.
This update is made from infographics and detailed updates. If you want to just see what’s new, check the infographics. If you want more details, continue reading.
About
The Community Platform Engineering Team is a Red Hat team that is working exclusively on community projects. Its members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure teams. This team works on initiatives, which are projects with larger scope related to community work that needs to be done. It also investigates possible initiatives with the ARC (The Advance Reconnaissance Crew), which is formed from a subset of the Infrastructure & Release Engineering sub-team members based on the initiative that is being investigated.
Issue trackers
Initiatives
PDC Retirement
PDC is the Product Definition Center, running at: https://pdc.fedoraproject.org/.
However, this application which was developed internally, is no longer maintained. This codebase has been “orphaned” for a few years now and we need to find a solution for it.
We are reviewing and having a critical look on what we store in there, see what is really needed and then find a solution for its replacement.
Status: In Progress
Issue trackers
Documentation
Application URLs
Matrix Native Zodbot
With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, Zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative aims to provide a future-proof solution and allow us to conduct meetings without wasting time troubleshooting the Matrix <-> IRC bridge and Zodbot.
Status: In Progress
Issue trackers
Documentation
FMN Replacement
FMN is a project that allows people in our community to get notified when messages that interest them fire on the message-bus, making the message-bus more useful to people that are not directly developing or troubleshooting applications running in our infra.
The previous solution had plenty of tech debt which caused lag times between an event happening and the subscriber to be notified, so this initiative rewrote the service from scratch and is now live! Users are recommended to migrate their rules to the new service and notifications can also now be configured to email, IRC and Matrix.
Status: Done
Issue trackers
Documentation
Application URLs
DNF-Countme Update
DNF Mirrors Countme scripts are used to gain statistics data about the downloads of Fedora. Purpose of this initiative is to optimize the current solution by adding more comprehensive testing, removing unnecessary code and reducing storage consumption of the data.
Status: Done
Issue trackers
Documentation
ARC Investigations
Investigate moving registry.fp.o to quay.io
Traditionally, registry.fedoraproject.org was needed as quay.io did not support multiarch which it now does. The purpose of this ticket is to carry out some investigation work to confirm all the above is true as well as finding any other potential blockers to the move.
Status: Done
Documentation
Spam fighting
We had plenty of spam on pagure.io this year. To fight it more effectively, the ARC team tried a few different approaches to recognize and delete spam. It’s now much easier to delete the spam user with all the spam it created.
Status: Done
ARC investigation/planning for FCAS
In order to have a quantitative understanding of how the contributor activity has changed over the years and to provide the foundational support to the Fedora Project strategy 2028’s guiding star about doubling the number of active contributors every week, it is important to have a service that tracks their statistics. This measurement would help make the strategy goal meaningful as well as assist the Fedora Council and the related bodies understand how far they have progressed into making this happen and identify the underlying particular problems that act as a barrier in realizing this objective.
Status: Done
Documentation
Badges backend for new Service
Fedora Badges is a service that grants virtual accolades for milestones and completing tasks within the Fedora Project community. For example, a community member may collect badges for testing package updates on Bodhi when they test 1, 5, 10, 20, 40, 80, 125, 250, 500 and 1000 updates.
Status: Done
Documentation
Pagure to GitLab importer
With Fedora and CentOS now having an official namespace on GitLab, multiple projects want to migrate their repositories from Pagure to GitLab. This initiative is aimed to provide an easy way to migrate those projects.
Status: Done
Documentation
DNF-countme
The purpose of this work was about investigating the current solution and it’s bottlenecks to identify what needs to be done to solve the following problems:
- Storage bottleneck when creating the intermediate database file
- Operations efficiency for the infrastructure team
Status: Done
Documentation
Dist-Git decoupling & ecosystem mapping
The objective of the potential initiative is to move repository contents (including but not limited to source codes, Packit configurations, RPM specfiles) from Pagure Dist-Git to another platform and confirm that the associated tooling and services (including but not limited to FMN, Datanommer, COPR, Toddlers, FMN, CI, Monitor-Gating, Packit, Bodhi, Fedpkg) work well with the newer platform. The investigation aims to be as agnostic as it can be regarding the destination platform to help ideate a general solution for the compatibility of the associated tooling and services.
Status: Done
Documentation
Epilogue
If you get here, thank you for reading this. If you want to contact us, feel free to do it on matrix.
As CPE members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure, see also the Fedora Infra & Releng update and CentOS Infrastructure update.
https://communityblog.fedoraproject.org/2023-year-in-review-cpe/
#CPE #distGit #DNF #FedoraInfrastructure #FedoraMessagingNotificationFMN_ #Infra #Meetbot #YearInReview #YearInReview2023
-
This is a summary of the work done on initiatives by the Community Platform Engineering (CPE) Team. Every quarter, the CPE team works together with CentOS Project and Fedora Project community leaders and representatives to choose projects that will be being worked upon in that quarter. The CPE team is then split into multiple smaller sub-teams that will work on the chosen initiatives and day-to-day work that needs to be done. Some of the sub-teams are dedicated to the continuous efforts in the team whilst some are created only for the initiative purposes.
This update is made from infographics and detailed updates. If you want to just see what’s new, check the infographics. If you want more details, continue reading.
About
The Community Platform Engineering Team is a Red Hat team that is working exclusively on community projects. Its members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure teams. This team works on initiatives, which are projects with larger scope related to community work that needs to be done. It also investigates possible initiatives with the ARC (The Advance Reconnaissance Crew), which is formed from a subset of the Infrastructure & Release Engineering sub-team members based on the initiative that is being investigated.
Issue trackers
Initiatives
PDC Retirement
PDC is the Product Definition Center, running at: https://pdc.fedoraproject.org/.
However, this application which was developed internally, is no longer maintained. This codebase has been “orphaned” for a few years now and we need to find a solution for it.
We are reviewing and having a critical look on what we store in there, see what is really needed and then find a solution for its replacement.
Status: In Progress
Issue trackers
Documentation
Application URLs
Matrix Native Zodbot
With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, Zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative aims to provide a future-proof solution and allow us to conduct meetings without wasting time troubleshooting the Matrix <-> IRC bridge and Zodbot.
Status: In Progress
Issue trackers
Documentation
FMN Replacement
FMN is a project that allows people in our community to get notified when messages that interest them fire on the message-bus, making the message-bus more useful to people that are not directly developing or troubleshooting applications running in our infra.
The previous solution had plenty of tech debt which caused lag times between an event happening and the subscriber to be notified, so this initiative rewrote the service from scratch and is now live! Users are recommended to migrate their rules to the new service and notifications can also now be configured to email, IRC and Matrix.
Status: Done
Issue trackers
Documentation
Application URLs
DNF-Countme Update
DNF Mirrors Countme scripts are used to gain statistics data about the downloads of Fedora. Purpose of this initiative is to optimize the current solution by adding more comprehensive testing, removing unnecessary code and reducing storage consumption of the data.
Status: Done
Issue trackers
Documentation
ARC Investigations
Investigate moving registry.fp.o to quay.io
Traditionally, registry.fedoraproject.org was needed as quay.io did not support multiarch which it now does. The purpose of this ticket is to carry out some investigation work to confirm all the above is true as well as finding any other potential blockers to the move.
Status: Done
Documentation
Spam fighting
We had plenty of spam on pagure.io this year. To fight it more effectively, the ARC team tried a few different approaches to recognize and delete spam. It’s now much easier to delete the spam user with all the spam it created.
Status: Done
ARC investigation/planning for FCAS
In order to have a quantitative understanding of how the contributor activity has changed over the years and to provide the foundational support to the Fedora Project strategy 2028’s guiding star about doubling the number of active contributors every week, it is important to have a service that tracks their statistics. This measurement would help make the strategy goal meaningful as well as assist the Fedora Council and the related bodies understand how far they have progressed into making this happen and identify the underlying particular problems that act as a barrier in realizing this objective.
Status: Done
Documentation
Badges backend for new Service
Fedora Badges is a service that grants virtual accolades for milestones and completing tasks within the Fedora Project community. For example, a community member may collect badges for testing package updates on Bodhi when they test 1, 5, 10, 20, 40, 80, 125, 250, 500 and 1000 updates.
Status: Done
Documentation
Pagure to GitLab importer
With Fedora and CentOS now having an official namespace on GitLab, multiple projects want to migrate their repositories from Pagure to GitLab. This initiative is aimed to provide an easy way to migrate those projects.
Status: Done
Documentation
DNF-countme
The purpose of this work was about investigating the current solution and it’s bottlenecks to identify what needs to be done to solve the following problems:
- Storage bottleneck when creating the intermediate database file
- Operations efficiency for the infrastructure team
Status: Done
Documentation
Dist-Git decoupling & ecosystem mapping
The objective of the potential initiative is to move repository contents (including but not limited to source codes, Packit configurations, RPM specfiles) from Pagure Dist-Git to another platform and confirm that the associated tooling and services (including but not limited to FMN, Datanommer, COPR, Toddlers, FMN, CI, Monitor-Gating, Packit, Bodhi, Fedpkg) work well with the newer platform. The investigation aims to be as agnostic as it can be regarding the destination platform to help ideate a general solution for the compatibility of the associated tooling and services.
Status: Done
Documentation
Epilogue
If you get here, thank you for reading this. If you want to contact us, feel free to do it on matrix.
As CPE members are part of Fedora Infrastructure, Fedora Release Engineering and CentOS Infrastructure, see also the Fedora Infra & Releng update and CentOS Infrastructure update.
https://communityblog.fedoraproject.org/2023-year-in-review-cpe/
#CPE #distGit #DNF #FedoraInfrastructure #FedoraMessagingNotificationFMN_ #Infra #Meetbot #YearInReview #YearInReview2023
-
Is antibacterial or regular hand soap best for killing germs?
Washing hands after using the toilet or patting a dog before a meal is crucial to remove feces-borne bacteria and germs. After COVID the message got through to most people. When one is in town looking for a public amenity or a cafe toilet, it is rare to find hot water, hand soap and a clean (paper) towel. But there is always a toilet spray in 1001 fragrance varieties.
In the absence of the ingredients for basic hand hygiene there is always a free plastic bottle of hand sanitizer since the last pandemic. Staff at grocers, bakers and cafes copiously cover their hands in the "antibacterial" and "antiseptic" products. Every product or packaging absorbs the persistent fragrance of the bought items and travels back into the home. The cost-effective chemical 'solution' does not substitute for hot water, soap and a towel.
"Professor Griffin says products claiming to kill bacteria are "not necessarily substantiated as being any better than just usual soap and water would be...These additives can be harsh and lead to dryness and cracked skin, which can create a pathway for germs to enter the body."
'Regular hand soap is very effective in removing potentially harmful pathogens (bacteria, viruses, fungi, and parasites), according to our experts. So, using that water, soap and that pneumatic action to get all of the dirt and grime from your hands and then rinsing is going to be more than adequate to keep you healthy."
"Our experts say there have also been studies suggesting that the use of soaps with antimicrobial additives can contribute to antibiotic resistance, which is problematic." >>
https://www.abc.net.au/news/2026-03-18/antibacterial-versus-normal-hand-soap-preventing-illness/106462854#pathogens #handwashing #culture #HygieneProducts #biocide #disinfectant #antiseptic #AntimicrobialResistance #AntibioticResistance #fragrance #allergy #FragranceFree #perfume
Image: Fumbling dogs before lunch, Bellingen