Hackers and law enforcement have a colorful history. Pick any decade, and it’s chock-full of arrests and heavy-handed prosecutions, which paint a picture of a dramatic adversarial relationship.
With DEF CON 32 approaching on August 8th - 11th, a popular game played by attendees has always been “Spot the Fed,” with winners receiving a free t-shirt. Even if it’s not being officially played, the game continues throughout the hacker conference. Feds are relatively easy to spot, and most hackers do not want to talk to them, knowing they could be identified and inadvertently incriminate themselves.
Regardless of historical conflicts with authorities, it's becoming more common to see mainstream hacktivists boast of their relationship with law enforcement or government entities. Not long ago, this would never have happened. That’s because hackers have always been high on law enforcement's target list, especially Anonymous, since they launched Project Chanology in 2008.
But now the winds have shifted, and many mainstream hacktivists are divided on whether they can trust law enforcement. Some seem to be striving to be like them in some make-believe way. Others promote normalization. The question I ask myself is, how much of their claims are true? This is a hot topic in the cybersecurity circles I travel in, including the hacking community.
We’ve entered a new era that challenges trust. After all, whether you’re an ethical hacker or not, trusting the wrong person could have life-altering consequences.
Therefore, let’s examine the facts surrounding this controversy and get to the bottom of it.
Hackers, law enforcement, and opposing goals
There are several fundamental truths underlying the hacker subculture that have always helped to define what it means for us to be hackers. While society evolves and, assumes different forms with the changing of new eras, our truths remain the same.
The hunger for knowledge is the fundamental reason why we exist at all
A profound distrust of authorities is how we survive and proliferate knowledge.
In the famous words of The Mentor, in his 1986 essay commonly referred to as The Hacker Manifesto, he wrote, “We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you can call us criminals. You build atomic bombs, you wage wars, you murder, chat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. … “
Knowledge is the foremost weapon in the hacker’s arsenal. True to the old adage, “Knowledge is power”, so our knowledge is our power. But because of this, hackers attract adversaries, sometimes powerful ones.
Which brings us to the law enforcement element.
Because of the increased geopolitical conflicts around the world, hacktivists have gravitated into a delicate position that often puts them in close proximity to authorities, government agencies, and military personnel. It's becoming increasingly difficult not to involve them when it comes to saving human life.
Analyze that statement.
Thus, the proverbial “crimes” of the curious dissolved with the previous generation, only to be replaced with this new trend. While knowledge remains the cornerstone of hacking, our progeny took over and recreated the art of hacking in a world seemingly at the cusp of World War III. A warmongering generation that is inadvertently guided and influenced by social impact, counter-intelligence, and, of course, war itself.
In other words, hacktivists operate in the same space as governments. This is a consequence of circumstances.
Furthermore, because they are compelled by a strong moral obligation to commit cybercrimes for the greater good, they often find themselves in juxtaposition with the very agents sworn to the duty of enforcing cybercrime laws.
Therefore, it is becoming a norm without being widely accepted as a norm.
Pretending to have powerful allies
A prominent tool in the hacker's toolkit is social engineering. It’s an art of manipulation to extract sensitive information a person normally would not divulge. It can also extend to guiding an individual to perform certain actions but under false pretenses.
For example, a person with a strong sense of nationalism could be susceptible to manipulation and made to participate in what they believe to be a government-led hacktivist group.
This gives members the impression that their actions are protected with immunity. It also infuses an air of intrigue when its leader feeds members false directives that are supposedly coming from an intelligence agency.
This was precisely the case involving one hacktivist group I observed last year. Because of its leader’s past military experience, he employed military jargon that isn’t part of the common vernacular used in hacking circles.
In his group, he created the illusion that a synergy existed between his group and the intelligence agency, attracting others because of their naivety.
In public posts, he confessed that he worked for the FBI. When confronted about the post, he then said he worked with the FBI in counterintelligence. This story then morphed into being “state-sponsored” and working for the Office of the Director of National Intelligence (ODNI). The fanciful story then evolved into being “elevated” as an APT group, as though the designation meant they were being promoted.
In the end, I was approached by this individual as he attempted to unceremoniously blackmail me into “cooperating” or face another prison sentence. Since I was already well aware of his ploy, also knowing that governments don’t exactly work through a civilian mediator, the ruse was up.
Confrontations like this are happening more frequently in Anonymous, where certain members are throwing down their make-believe “Fed Card” as a means of juvenile posturing in an attempt to intimidate or instill fear in others. In the past, hackers settled scores by flexing their skills to prove a point, which seems to be the missing element all around.
Turncoat informants
Few members of the Anonymous hacking community have been identified as verified informants. However, those few are widely known because they are unusually vocal about being informants. Consequently, they are outcasted by Anonymous.
Therefore, it stands to reason that Anonymous hacktivists believe that someone with a relationship to a government entity or official – concerning activities related to Anonymous – poses the greatest threat to its members and their activities because such a person's loyalty can never be trusted.
This means that not only are they engaged in a hacktivist subculture where its members commit cybercrimes, but they are also in the ear of the very agents who investigate and make arrests for cybercrimes. The two simply don’t correlate.
As someone who has been on the receiving end of a cybercrime arrest and subsequent over-zealous prosecution, I can say that it was a hacktivist-turned Department of Defense “turncoat” who inadvertently put me on the FBI’s radar, which resulted in my arrest.
Striving to save human lives
At BSides in Vilnius this year, during a Q&A after my talk about hacktivism ethics, I was asked how I reported online predators when I am staunchly against working with law enforcement. The answer is simple: Submitting a tip isn’t relatable to collaborating with authorities.
The spirit of hacktivism, at its core, is to expose injustice, rectify social wrongs, and save lives. Following this logic, there are instances when unique circumstances present the possibility of saving human lives, making it impossible to avoid involving authorities to some extent.
For this reason, hacktivists in such positions provide information without engaging in formal informant agreements. By doing so, they demonstrate their autonomy and refusal to be controlled by any entity, thereby maintaining the integrity and value of their contributions as cyber vigilantes.
Take #OpChildSafety, for example. It is impossible to identify online sexual predators preying on children without filing a report that reaches law enforcement. After all, we can’t hop on a plane, track down the perpetrator, kick in their door, arrest, prosecute, and imprison them, so they can’t re-offend.
We can’t rescue the victims without authorities receiving and acting on our reports. In the same way, it would have been impossible for the hacktivist group GhostSec to stop two terrorist attacks had they not tipped off the authorities while at the same time maintaining their independence as hackers and refusing to answer to any government authority.
By Jesse McgGraw
Published on Cybernews
The original article can be found here
Comments