Tracking trollers

413 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
413
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tracking trollers

  1. 1. BootstrappingYourHacktivist CommunityKiwicon 6 2012Liz Henry@lizhenryWednesday, May 1, 13
  2. 2. I will now tell you howto make a hacktivistcommunityWednesday, May 1, 13
  3. 3. HAHAHAHAWednesday, May 1, 13
  4. 4. What is “hacktivism”?• Legal or lower risk hacking:• Reporting, citizen journalism (maybe)• Outing people for something• Protest, petition, policy, law changes• Civil disobedience (maybe)Wednesday, May 1, 13
  5. 5. Wednesday, May 1, 13
  6. 6. Sometimes“hacktivism”looks like thisWednesday, May 1, 13
  7. 7. And “community”?• For community, you need trustWednesday, May 1, 13
  8. 8. Trust is niceWednesday, May 1, 13
  9. 9. Lower Risk “hacktivism”• Publicity. Use all possible social capital.• Get consent, protect privacy, personalsecurity, personal data if possible.• Rhizomatic spread. Don’t wait for the boss.• Action plan. Group chat. Collectively editsome documents. Needs list. Schedule.• Report on what is effective.Ask for more.Wednesday, May 1, 13
  10. 10. Emergency power!• Hurricane Sandy• Existing communities, social capital amongdisabled people online• Incredibly fast mobilization, public call, in-person help from friends of friends offriends, nearly random strangersWednesday, May 1, 13
  11. 11. Higher risk• Reporting or citizen journalism (maybe)• Infiltration, espionage• Leaking military or other secret info• Messing with governments, hugecorporations, organized crimeWednesday, May 1, 13
  12. 12. Who will you piss off?• Professional reputation/status?• Stalkers or other hostile individuals?• Intellectual property, legal, hacking laws• Repressive government, military?• Mexican drug cartel? Russian mafia?• In short, what are you risking?Wednesday, May 1, 13
  13. 13. Example:Editing the Zetas• What’s the threat level if you want to editsome Wikipedia pages about Mexican drugcartels?• Where are you?• Not-Mexico: Make persona, use Tor +VPN• Mexico or near: Maybe that’s not enoughWednesday, May 1, 13
  14. 14. Nuevo Laredocarspotting• Chat rooms to report on dangerous stuff• Green Chevy at corner of 9th and Mainevery afternoon• Roadblock on the west road out ofdowntownWednesday, May 1, 13
  15. 15. sms blogging• blog from burner phones• vojo.co has all-phone setupWednesday, May 1, 13
  16. 16. Risks, maybe• Someone shoulder surfs you in a cafe andshoots you in the head later• Keylogging, insecure connection• Site you’re on is run by gangsters. Oops!• Or is on phpBB or something scarier• (narcomensajes, torture, murder)Wednesday, May 1, 13
  17. 17. Consider Risk• Are you’re risking your freedom?• Or your life• Or other people’s lives• Make sure it’s what you want to risk• For a good reason!Wednesday, May 1, 13
  18. 18. There are good reasonsWednesday, May 1, 13
  19. 19. Why?• What are your reasons and goals• Publicity? (Then stick to lower risk)• Personal studliness? (Don’t!)• Expose truth?• Freedom fighter?Wednesday, May 1, 13
  20. 20. How to make a hackercommunityWednesday, May 1, 13
  21. 21. Don’t!Wednesday, May 1, 13
  22. 22. Or, first...• At least pause• Ethics of encouraging others to do high riskthings on some crappy Windows machinewith LOIC or whatever.Yeah.• Learn security, anonymity, privacy• Put them into practice• Practice!Wednesday, May 1, 13
  23. 23. Before y’all do this. . .Wednesday, May 1, 13
  24. 24. Totally pauseWednesday, May 1, 13
  25. 25. Wednesday, May 1, 13
  26. 26. Feminist Hackers• Bunch of women hackers talking• Why is there a “false accusers” wiki run byMRAs, but no “rapists” wiki run by rapesurvivors? Unfair and wrong!• OMG Haxxors!• Retaliation (identity/safety/DDoS)• Defamation, legal threatsWednesday, May 1, 13
  27. 27. Wednesday, May 1, 13
  28. 28. Pick your cool haxxornames!• We thought of some great ones• Most of them were totally contaminated• Anyway, they sounded like roller derbynames• And we were telling them to each other,which was dumb, but we realized thatabout 2 minutes inWednesday, May 1, 13
  29. 29. • So I can never secretly be “LouiseBoat”.This makes me very sad.Wednesday, May 1, 13
  30. 30. Test for leaksWednesday, May 1, 13
  31. 31. Testing each other• We looked at what info we were leaking byaccident, and what we knew or could deduce orfind about each other.• Some of us were better at it than others.Wednesday, May 1, 13
  32. 32. We found a lot of leaksWednesday, May 1, 13
  33. 33. Some hackers are moreequal than others• We all had some practice, because we areall women talking in public and thus,present more attack surface• Various factors made some of us morevulnerable than others: queer, trans, peopleof color, homeless, have kids, domesticviolence survivors...• Those factors often encourage morepractice in privacy, anonymity, pseudonymityWednesday, May 1, 13
  34. 34. Check your privilege• If you’re hacking in a high risk way you’rerisking everyone around you.• The others in your “hacktivist community”may be at risk merely by being associatedwith you• Protect your contactsWednesday, May 1, 13
  35. 35. Learn to attackWednesday, May 1, 13
  36. 36. Learn to spyWednesday, May 1, 13
  37. 37. Be a tricksterWednesday, May 1, 13
  38. 38. Be ParanoidWednesday, May 1, 13
  39. 39. Trust no oneWednesday, May 1, 13
  40. 40. Make personas withinpersonasWednesday, May 1, 13
  41. 41. Don’t contaminate yourpersonasWednesday, May 1, 13
  42. 42. Don’t boastWednesday, May 1, 13
  43. 43. Ops checklist• Safer computer, software (encrypt)• Physical security (for your computer!)• Safer connection (Tor, thenVPN?)• Persona management.• Shut your pie hole!Wednesday, May 1, 13
  44. 44. More leak vectors toconsider• Location, time, time zone. Avoid patterns!• Password hygiene• Paying for stuff• clicking links someone sends... (don’t)• Panopticlick (browser fingerprinting)• Tor, thenVPN(s)Wednesday, May 1, 13
  45. 45. Study security, privacy,anonymity guides• EFF guide• Internews, CPJ guides• TOR, crypto.is• Study together• That’s still not good enoughWednesday, May 1, 13
  46. 46. You must be flawlessWednesday, May 1, 13
  47. 47. Consciousness Raising• Bootstrapping new hackers is hard.• Consider your personal identity and whatattack surface you present.• This will take some discussion and thought.• You will get a community that is capable ofhacking something for some reasonsomeday. Maybe in a crisis.• It’s political consciousness raisingWednesday, May 1, 13
  48. 48. That isn’t veryglamorousWednesday, May 1, 13
  49. 49. But neither is jailWednesday, May 1, 13
  50. 50. Or the EcuadorianEmbassyWednesday, May 1, 13
  51. 51. Medium risk hacking• There’s still things to do that probablyaren’t super super super risky...Wednesday, May 1, 13
  52. 52. SRS Business• Hollaback. Cell phone pics of streetharassment.• Public callouts of public bad behavior,whether pseudonymous or real name• Twitter hashtags, mockery• ShitRedditSays started reporting on publicmisogyny. “Outing” and “doxxing” ofviolentacrez ... ie “googling” and “his beerbuddy told on him”.Wednesday, May 1, 13
  53. 53. FERT was born• Feminist Emergency Response Team!Wednesday, May 1, 13
  54. 54. Lower risk high riskhacker activity• Neighbor in domestic violence crisis, we foundher husband in herYahoo email and her phone• Ex-pat Syrian journalist getting death threats.Looked at email headers, IP and told her it wasnot obviously a local threat or a threat fromwithin Syria• Palestinian activist convinced site was hacked byIsraeli govt. Were able to show them it was just aspambot, php/sql injection• Advised feminist blogger undergoing 4chan raidWednesday, May 1, 13
  55. 55. “Stay Safe” (or not)Wednesday, May 1, 13
  56. 56. Create possibilitiesWednesday, May 1, 13

×