Hacktivists in trouble

transcript

Hacktivism

Hacktivism(The war on…)

1. What is Hacktivism?

1. What is HacktivismWell it’s a portmanteau of…

Hacking…

1. What is HacktivismWell it’s a portmanteau of…

Hacking…

and activism.

So what is hacking?

Not This.

What is Hacking?OK, so there is a humor element…

But what else?

New Hacker’s Dictionary (1998):

1) A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

But what else?

6) An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

But what else?

7) One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

But what else?

MIT Jargon File (2000):

1) An appropriate application of ingenuity

But what else?

MIT Jargon File (2000):

1) An appropriate application of ingenuity

But what else?

In short: the reapplication of technology for uses not originally intended.

Example

What is Hacking?Repurposing technology: The phonograph

(0riginally intended as message recording tool)

Hacking the phonograph

But this includes…

But this includes…A respect for traditional technologies

It also includes:Learning and Sharing the Knowledge

Learning and Sharing the Knowledge

Information wants to be free!

So Hacking is…1. Repurposing technology

2. Understanding technology and how it works

3. Sharing the knowledge

4. Some lulz

Hacking + Activism =

Visiting DDB

Expecting this…

Daniel and Anke in garden

Anke knit hacking

So what is hacktivism?Involves…

1. Repurposing of Technology

2. Better understanding of technology (including traditional technologies)

3. Promoting education of these technologies (they should not be foreign to us).

4. Possibly with a sense of whimsy

5. Done for a social cause.

The Rise of HacktivismThe Mentor

The Mentor: Conscience of a Hacker (1986)

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

The Mentor 2But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

The Mentor 3Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

The Mentor 4I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike.

The Mentor 6You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

The Mentor 7We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

The Mentor 8Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

That year…

Julian Assange get’s his first computer

That year…

Jeremy Hammond is Born

That year…

Jeremy Hammond is Born

Meanwhile…

A brief history of hacktivism

WANK Worm According to Julian Assange, the WANK worm is the first

instance of hacktivism. On Oct. 16, 1989, during the Cold War when nuclear war was an immediate possibility, hackers hit the NASA computers with the WANK Worm. Two days prior to the launch of the plutonium-fueled Galileo space probe from the Kennedy Space Station, NASA employees logged on to see a humorous yet frightening welcome screen: "Your computer has been officially WANKed. You talk of times of peace for all, and then prepare for war," and "Remember, even if you win the rat race, you're still a rat." The machines of the U.S. Department of Energy and NASA worldwide had been penetrated by the anti-nuclear WANK (WORMS AGAINST NUCLEAR KILLERS) worm.

Electronic Disturbance Theater

In 1998, Electronic Disturbance Theater (EDT) developed and utilized a tool called Floodnet to target the Pentagon, the White House, the School of the Americas, the office of Mexico’s president, the Mexican Stock Exchange and the Frankfurt Stock Exchange, all in support of the Zapatista guerrilla movement in Mexico.

Electronic Disturbance Theater

method. Floodnet, which has subsequently been released as part of EDT’s “Disturbance Developer Kit,” allowed users to participate in a sit-in attack on these sites by a simple click on an icon on EDT's Web site. The Floodnet software then directed the participating computers to continually attack the target Web sites. It has been estimated that 10,000 people accessed Floodnet in this two-day action resulting in targeted servers being hit at a rate of 600,000 hits per minute.

The ElectrohippiesFloodNet has subsequently been deployed by a

group called The Electrohippies who used it to target the World Trade Organization and various e-commerce websites, defending their actions in Biblical terms: "As Jesus ransacked the temple in Jerusalem because it had become a house of merchandise, so the recent attacks on e-commerce web sites are a protest against the manner of it's [sic] recent development."

More about Electrohippies

Electrohippies recognized that DDOS attacks did have the result of denying speech to the target, but came up with a formula for determining when such action was justified:

1. the acts or views perpetrated by the targets of a [D]DoS action must be reprehensible to many in society at large, and not just to a small group.

2. the attack should show proportionality, -- it should focus on a single issue, and not the organization as a whole.

The theory is that the attacks should be counterpoints that allow alternative points of view to become visible; the goal is not to silence the targeted group but to restore informational balance.

The Electrohippies also distinguished between server side attacks and client-side attacks, where a client-side attack is coming from multiple individuals (using Floodnet, for example), the though being that such action is more democratic.

Oxblood Ruffin objects "Denial of Service attacks are a violation of the

First Amendment, and of the freedoms of expression and assembly. No rationale, even in the service of the highest ideals, makes them anything other than what they are--illegal, unethical, and uncivil.”

3. Hong Kong Blondes

The Hong Kong Blondes was an underground network of Chinese students spread across at least three continents. It was started by Blondie Wong, who had reportedly witnessed his father being stoned to death during the 1966-'76 Cultural Revolution. Group primarily protested censorship and the violations of human rights that occurred in China.

3. Hong Kong Blondes

method. The group launched cyberattacks against the "Great Wall" -- a series of firewalls put in place to block access to Western Internet sites. With members operating inside and outside of China, the group claimed to have found significant security holes within Chinese government computer networks and claimed to have defaced government Web sites, torn down firewalls and even disabled Chinese communication satellites. They worked to forewarn political dissidents of imminent arrests.

PROJECT CHANOLOGYProject Chanology (also called Operation

Chanology) was a protest movement against the practices of the Church of Scientology by Anonymous, a loosely unorganized Internet-based group that emerged from the 4chan message boards. The project was started as a “mental warfare” response to the Church of Scientology's attempts to prevent the online sharing of a video interview with actor/Scientologist Tom Cruise.

PROJECT CHANOLOGYMethod. The project was publicly launched with a

video posted to YouTube, "Message to Scientology," on January 21, 2008. The project's goals were to "take down all Scientology Web sites as an immediate act of retaliatory censorship, counteract Scientology's attempts to suppress the videos (and other cult materials) by constantly reposting them, and publicize the cult's well-documented history of employing suppressive and violent tactics to mask its illegal or immoral activities." The initial cyber attack, which came in the form of a distributed denial of service attack, was followed by black faxes, prank calls, and other activities intended to disrupt the Church of Scientology's operations.

WikileaksLeaking site Developed by Julian Assange

Background as a hacker Endorses hacktivist ethic: information wants to be

22:50 https://www.youtube.com/watch?v=PvmfOaZ34Pk

Wikileaks

Bradley Mannings Data Dump ignites the Arab Spring.

the revolution seemed to have jelled days days after Wikileaks released a secret cable, written in 2008 by Ambassador Robert F. Godec that seemed to make it vivid that the external world saw his corruption as clearly as the Tunisians did.

Arab SpringAs Godec put it in the leaked cable, “...beyond

the stories of the First Family's shady dealings, Tunisians report encountering low-level corruption as well in interactions with the police, customs, and a variety of government ministries… With those at the top believed to be the worst offenders, and likely to remain in power, there are no checks in the system.” The Tunisian Government, the Ambassador wrote, seemed to believe that “what’s yours is mine”.

The HBGary hack

Colbert breaks it down.

https://www.youtube.com/watch?v=wLNFOJQZdwM

Internet Feds LulzSec

What the HBGary hack yields

Bank of America goes to the Department of Justice

Department of Justice directs them to Hunton and Williams

Hunton and Williams introduces them to Themis

Team ThemisHBGary,

Palantir Technologies

Berico Technologies

Endgame Systems

All work on undermining Assange

Barrett Brown

Barrett and Project PMCrowdsource the leaks.

What they founda plan by HBGary to undermine the credibility of the

journalist Glenn Greenwald and thereby neutralize his defense of WikiLeaks.

a disinformation campaign against critics of the Chamber of Commerce.

There were also plans for data mining and disinformation campaigns targeting social organizations and advocacy groups.

“persona management” system, a program, developed at the request of the US government, that allowed one user to control multiple online identities (i.e. “sock puppets”) for commenting in social media spaces, thus giving the appearance of grass roots support.

Jeremy HammondBorn 1985: They year The Mentor wrote his

manifesto

Glendale East High School

Stratfor

Barrett and Project PMCrowdsource the Stratfor leaks.

What they found this time

admissions of

Proposals for renditions

plans to discredit the Yes Men on behalf of Union Carbide.

the Coca-Cola company was asking Stratfor for intelligence on PETA, and the Stratfor Vice President for Intelligence remarked in a leaked email that “The FBI has a classified investigation on PETA operatives. I'll see what I can uncover.” Suggesting, of course, that not only did Stratfor have access to the classified material, but that it would be provided to Coca-Cola.

Barret’s conclusion:

The FBI had been turned into a private dick for corporate America.

Barret’s conclusion:

The FBI had been turned into a private dick for corporate America.

And then it got worse

Endgame Systems"Please let HBgary know we don't ever want to

see our name tin a press release."

Their principle product, available for a 2.5 million dollar annual subscription, gave their customers access to “zero-day exploits” – security vulnerabilities unknown to software companies – for computer systems all over the world (including the US).

http://www.blackhat.com/presentations/bh-usa-09/DAIZOVI/BHUSA09-Daizovi-AdvOSXRootkits-SLIDES.pdf

Brown speculated that they were selling these exploits to foreign actors. In other words they were committing treason.

Then the hammer dropsThe DoJ took advantage of the fact that the Stratfor

data had a number of unencrypted credit card numbers and validation codes. This would be the pretext for charging that Brown was engaged in credit card fraud when he shared that link with the editorial board of ProjectPM. Specifically the FBI charged him with Traffic in Stolen Authentication Features, Access Device Fraud, Aggravated Identity Theft. Add to this an Obstruction of Justice charge (for being at his mother’s when the initial warrant was served) and the charges relating to the “threat” against the FBI agent, and Brown is looking at century of jail time. He has been denied bail. https://www.youtube.com/watch?v=6LGL_W9sixA

Actually its worse than thatNot only is The FBI the private dick for large

corporations…

But they are going to make sure you don’t even *embarrass* those corporations…

weev(andrew auernheimer)

Embarrassed AT&TFound that AT&T left web pages for Ipad users

unprotected

Embarrassed AT&TFound that AT&T left web pages for iPad users

unprotected

Each page could be accessed by simply adding 1 to a URL

unprotected

Harvested e-mail addresses of 114,000 iPad users, including Mayor Michael Bloomberg and Rahm Emanuel, then the White House chief of staff)

unprotected

Weev did not try to profit from it; he notified the blog Gawker of the security hole.

unprotected

Weev did not try to profit from it; he notified the blog Gawker of the security hole.

Sentenced to 41 months in jail and $73,000 to cover the cost of notifying customers of THEIR security hole!

The judge at sentencing

“You consider yourself a hero of sorts,” she said, and noted that Weev’s “special skills” in computer coding called for a more draconian sentence.

The judge at sentencing

“You consider yourself a hero of sorts,” she said, and noted that Weev’s “special skills” in computer coding called for a more draconian sentence.

Flashback from 1985: “My crime is that of outsmarting you, something that you will never forgive me for.”

Meanwhile: Aaron Swartz

1:50http://www.kickstarter.com/projects/26788492/aaron-swartz-documentary-the-internets-own-boy-0

Computer Fraud and Abuse Act

Makes unauthorized use of a computer system a felony. Justice Dept. interprets this to mean violation of a terms of service agreement.

Computer Fraud and Abuse Act

Makes unauthorized use of a computer system a felony. Justice Dept. interprets this to mean violation of a terms of service agreement.

So… Don’t lie on OK Cupid.

But it was illegal entry…

Abelson Report: Not clear there was unauthorized access.

Ultimate Conclusion: MIT Community needs to examine itself. Why didn’t it care? Reflects community ignorance of the dangers facing every MIT student and faculty member.

QuestionsWhat sources of information -

blogs, alternate media etc we could follow to get informed about the intelligence activities of these private intel companies?

To follow private intel companies

http://timshorrock.com/

@TimothyS

@anoncorpwatch

@youranonknews

Threatpost.com

http://www.wired.com/threatlevel/

http://wiki.project-pm.org/wiki/Main_Page

QuestionsWhat can Individuals and

corporations do to maintain their privacy?

QuestionsWhat can Individuals and

corporations do to maintain their privacy?

Hire a professional.

QuestionsHow can we influence policy

decisions on surveillance & protest our invasion of privacy?

Abelson’s point: First we have to educate our peers.

Keep Talking. Spread the word.