13. What is Hacking?
OK, so there is a humor element…
But what else?
New Hacker’s Dictionary (1998):
1) A person who enjoys exploring the details of
programmable systems and how to stretch their
capabilities, as opposed to most users, who prefer to learn
only the minimum necessary.
14. What is Hacking?
OK, so there is a humor element…
But what else?
New Hacker’s Dictionary (1998):
6) An expert or enthusiast of any kind. One might be an
astronomy hacker, for example.
15. What is Hacking?
OK, so there is a humor element…
But what else?
New Hacker’s Dictionary (1998):
7) One who enjoys the intellectual challenge of creatively
overcoming or circumventing limitations.
16. What is Hacking?
OK, so there is a humor element…
But what else?
MIT Jargon File (2000):
1) An appropriate application of ingenuity
17. What is Hacking?
OK, so there is a humor element…
But what else?
MIT Jargon File (2000):
1) An appropriate application of ingenuity
18. What is Hacking?
OK, so there is a humor element…
But what else?
In short: the reapplication of technology for uses not
originally intended.
43. So what is hacktivism?
Involves…
1. Repurposing ofTechnology
44. So what is hacktivism?
Involves…
1. Repurposing ofTechnology
2. Better understanding of technology (including traditional
technologies)
45. So what is hacktivism?
Involves…
1. Repurposing ofTechnology
2. Better understanding of technology (including traditional
technologies)
3. Promoting education of these technologies (they should
not be foreign to us).
46. So what is hacktivism?
Involves…
1. Repurposing ofTechnology
2. Better understanding of technology (including traditional
technologies)
3. Promoting education of these technologies (they should
not be foreign to us).
4. Possibly with a sense of whimsy
47. So what is hacktivism?
Involves…
1. Repurposing ofTechnology
2. Better understanding of technology (including traditional
technologies)
3. Promoting education of these technologies (they should
not be foreign to us).
4. Possibly with a sense of whimsy
5. Done for a social cause.
49. The Mentor: Conscience of a
Hacker (1986)
Another one got caught today, it's all over the papers.
"Teenager Arrested in Computer Crime Scandal", "Hacker
Arrested after BankTampering"...
Damn kids. They're all alike.
50. The Mentor 2
But did you, in your three-piece psychology and 1950's
technobrain, ever take a look behind the eyes of the
hacker? Did you ever wonder what made him tick, what
forces shaped him, what may have molded him?
I am a hacker, enter my world...
51. The Mentor 3
Mine is a world that begins with school... I'm smarter than
most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
52. The Mentor 4
I made a discovery today. I found a computer. Wait a second,
this is cool. It does what I want it to. If it makes a mistake,
it's because I screwed it up. Not because it doesn't like
me... Or feels threatened by me...Or thinks I'm a smart
ass... Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
53. The Mentor 6
You bet your ass we're all alike... we've been spoon-fed baby
food at school when we hungered for steak... the bits of
meat that you did let slip through were pre-chewed and
tasteless. We've been dominated by sadists, or ignored by
the apathetic. The few that had something to teach found
us willing pupils, but those few are like drops of water in
the desert.
54. The Mentor 7
We explore... and you call us criminals. We seek after
knowledge... and you call us criminals. We exist without
skin color, without nationality, without religious bias... and
you call us criminals.You build atomic bombs, you wage
wars, you murder, cheat, and lie to us and try to make us
believe it's for our own good, yet we're the criminals.
55. The Mentor 8
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not
what they look like. My crime is that of outsmarting you,
something that you will never forgive me for. I am a
hacker, and this is my manifesto. You may stop this
individual, but you can't stop us all... after all, we're all
alike.
56. The Mentor 8
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not
what they look like. My crime is that of outsmarting you,
something that you will never forgive me for. I am a
hacker, and this is my manifesto. You may stop this
individual, but you can't stop us all... after all, we're all
alike.
That year…
Julian Assange get’s his first computer
57. The Mentor 8
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not
what they look like. My crime is that of outsmarting you,
something that you will never forgive me for. I am a
hacker, and this is my manifesto. You may stop this
individual, but you can't stop us all... after all, we're all
alike.
That year…
Julian Assange get’s his first computer
Jeremy Hammond is Born
58. The Mentor 8
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not
what they look like. My crime is that of outsmarting you,
something that you will never forgive me for. I am a
hacker, and this is my manifesto. You may stop this
individual, but you can't stop us all... after all, we're all
alike.
That year…
Julian Assange get’s his first computer
Jeremy Hammond is Born
Meanwhile…
59.
60. WANKWorm
According to Julian Assange, theWANK worm is the first
instance of hacktivism. On Oct. 16, 1989, during the ColdWar
when nuclear war was an immediate possibility, hackers hit the
NASA computers with the WANK Worm.Two days prior to the
launch of the plutonium-fueled Galileo space probe from the
Kennedy Space Station, NASA employees logged on to see a
humorous yet frightening welcome screen: "Your computer has
been officially WANKed.You talk of times of peace for all, and
then prepare for war," and "Remember, even if you win the rat
race, you're still a rat."The machines of the U.S. Department of
Energy and NASA worldwide had been penetrated by the anti-
nuclearWANK (WORMS AGAINST NUCLEAR KILLERS) worm.
62. Electronic DisturbanceTheater
In 1998, Electronic DisturbanceTheater (EDT) developed
and utilized a tool called Floodnet to target the Pentagon,
theWhite House, the School of the Americas, the office of
Mexico’s president, the Mexican Stock Exchange and the
Frankfurt Stock Exchange, all in support of the Zapatista
guerrilla movement in Mexico.
63. Electronic DisturbanceTheater
method. Floodnet, which has subsequently been released as
part of EDT’s “Disturbance Developer Kit,” allowed users
to participate in a sit-in attack on these sites by a simple
click on an icon on EDT's Web site.The Floodnet software
then directed the participating computers to continually
attack the target Web sites. It has been estimated that
10,000 people accessed Floodnet in this two-day action
resulting in targeted servers being hit at a rate of 600,000
hits per minute.
64. The Electrohippies
FloodNet has subsequently been deployed by a group called
The Electrohippies who used it to target the WorldTrade
Organization and various e-commerce websites,
defending their actions in Biblical terms: "As Jesus
ransacked the temple in Jerusalem because it had become
a house of merchandise, so the recent attacks on e-
commerce web sites are a protest against the manner of
it's [sic] recent development."
65. More about Electrohippies
Electrohippiesrecognized that DDOS attacks did have the
result of denying speech to the target, but came up with a
formula for determining when such action was justified:
1. the acts or views perpetrated by the targets of a [D]DoS
action must be reprehensible to many in society at large,
and not just to a small group.
2. the attack should show proportionality, -- it should focus
on a single issue, and not the organization as a whole.
66. More about Electrohippies
The theoryis that the attacks should be counterpoints that
allow alternative points of view to become visible; the goal
is not to silence the targeted group but to restore
informational balance.
67. More about Electrohippies
The Electrohippies also distinguished between server side
attacks and client-side attacks, where a client-side attack
is coming from multiple individuals (using Floodnet, for
example), the though being that such action is more
democratic.
68. Oxblood Ruffin objects
"Denial of Service attacks are a violation of the First
Amendment, and of the freedoms of expression and
assembly. No rationale, even in the service of the highest
ideals, makes them anything other than what they are--
illegal, unethical, and uncivil.”
69. 3. Hong Kong Blondes
The Hong Kong Blondes was an underground network of
Chinese students spread across at least three continents.
It was started by Blondie Wong, who had reportedly
witnessed his father being stoned to death during the
1966-'76 Cultural Revolution. Group primarily protested
censorship and the violations of human rights that
occurred in China.
70. 3. Hong Kong Blondes
method.The group launched cyberattacks against the "Great
Wall" -- a series of firewalls put in place to block access to
Western Internet sites. With members operating inside
and outside of China, the group claimed to have found
significant security holes within Chinese government
computer networks and claimed to have defaced
governmentWeb sites, torn down firewalls and even
disabled Chinese communication satellites.They worked
to forewarn political dissidents of imminent arrests.
71. PROJECT CHANOLOGY
Project Chanology (also called Operation Chanology) was
a protest movement against the practices of the Church of
Scientology by Anonymous, a loosely unorganized
Internet-based group that emerged from the 4chan
message boards.The project was started as a “mental
warfare” response to the Church of Scientology's attempts
to prevent the online sharing of a video interview with
actor/ScientologistTom Cruise.
72. PROJECT CHANOLOGY
Method.The project was publicly launched with a video
posted toYouTube, "Message to Scientology," on January
21, 2008.The project's goals were to "take down all
ScientologyWeb sites as an immediate act of retaliatory
censorship, counteract Scientology's attempts to suppress
the videos (and other cult materials) by constantly
reposting them, and publicize the cult's well-documented
history of employing suppressive and violent tactics to
mask its illegal or immoral activities."The initial cyber
attack, which came in the form of a distributed denial of
service attack, was followed by black faxes, prank calls,
and other activities intended to disrupt the Church of
Scientology's operations.
73. Wikileaks
Leaking site Developed by Julian Assange
Background as a hacker
Endorses hacktivist ethic: information wants to be free.
22:50 https://www.youtube.com/watch?v=PvmfOaZ34Pk
74. Wikileaks
Bradley Mannings Data Dump ignites the Arab Spring.
the revolution seemed to have jelled days days after
Wikileaks released a secret cable, written in 2008 by
Ambassador Robert F. Godec that seemed to make it vivid
that the external world saw his corruption as clearly as the
Tunisians did.
75. Arab Spring
As Godec put it in the leaked cable, “...beyond the stories
of the First Family's shady dealings,Tunisians report
encountering low-level corruption as well in interactions
with the police, customs, and a variety of government
ministries… With those at the top believed to be the worst
offenders, and likely to remain in power, there are no
checks in the system.”TheTunisian Government, the
Ambassador wrote, seemed to believe that “what’s yours
is mine”.
78. What the HBGary hack yields
Bank of America goes to the Department of Justice
79. What the HBGary hack yields
Bank of America goes to the Department of Justice
Department of Justice directs them to Hunton andWilliams
80. What the HBGary hack yields
Bank of America goes to the Department of Justice
Department of Justice directs them to Hunton andWilliams
Hunton andWilliams introduces them toThemis
84. What they found
a plan by HBGary to undermine the credibility of the journalist
Glenn Greenwald and thereby neutralize his defense of
WikiLeaks.
a disinformation campaign against critics of the Chamber of
Commerce.
There were also plans for data mining and disinformation
campaigns targeting social organizations and advocacy groups.
“persona management” system, a program, developed at the
request of the US government, that allowed one user to control
multiple online identities (i.e. “sock puppets”) for commenting
in social media spaces, thus giving the appearance of grass
roots support.
89. What they found this time
admissions of
Proposals for renditions
plans to discredit theYes Men on behalf of Union Carbide.
the Coca-Cola company was asking Stratfor for intelligence
on PETA, and the StratforVice President for Intelligence
remarked in a leaked email that “The FBI has a classified
investigation on PETA operatives. I'll see what I can
uncover.” Suggesting, of course, that not only did Stratfor
have access to the classified material, but that it would be
provided to Coca-Cola.
93. Endgame Systems
"Please let HBgary know we don't ever want to see our name
tin a press release."
Their principle product, available for a 2.5 million dollar
annual subscription, gave their customers access to “zero-
day exploits” – security vulnerabilities unknown to
software companies – for computer systems all over the
world (including the US).
94. Endgame Systems
"Please let HBgary know we don't ever want to see our name
tin a press release."
Their principle product, available for a 2.5 million dollar
annual subscription, gave their customers access to “zero-
day exploits” – security vulnerabilities unknown to
software companies – for computer systems all over the
world (including the US).
http://www.blackhat.com/presentations/bh-usa-
09/DAIZOVI/BHUSA09-Daizovi-AdvOSXRootkits-
SLIDES.pdf
95. Endgame Systems
"Please let HBgary know we don't ever want to see our name
tin a press release."
Their principle product, available for a 2.5 million dollar
annual subscription, gave their customers access to “zero-
day exploits” – security vulnerabilities unknown to
software companies – for computer systems all over the
world (including the US).
Brown speculated that they were selling these exploits to
foreign actors. In other words they were committing
treason.
96. Then the hammer drops
The DoJ took advantage of the fact that the Stratfor data had
a number of unencrypted credit card numbers and
validation codes. This would be the pretext for charging
that Brown was engaged in credit card fraud when he
shared that link with the editorial board of ProjectPM.
Specifically the FBI charged him withTraffic in Stolen
Authentication Features, Access Device Fraud,Aggravated
IdentityTheft. Add to this an Obstruction of Justice
charge (for being at his mother’s when the initial warrant
was served) and the charges relating to the “threat”
against the FBI agent, and Brown is looking at century of
jail time. He has been denied bail.
https://www.youtube.com/watch?v=6LGL_W9sixA
97. Actually its worse than that
Not only isThe FBI the private dick for large corporations…
But they are going to make sure you don’t even *embarrass*
those corporations…
100. Embarrassed AT&T
Found that AT&T left web pages foriPadusers unprotected
Each page could be accessed by simply adding 1 to a URL
101. Embarrassed AT&T
Found that AT&T left web pages for Ipad users unprotected
Each page could be accessed by simply adding 1 to a URL
Harvested e-mail addresses of 114,000 iPad users, including
Mayor Michael Bloomberg and Rahm Emanuel, then the
White House chief of staff)
102. Embarrassed AT&T
Found that AT&T left web pages for Ipad users unprotected
Each page could be accessed by simply adding 1 to a URL
Harvested e-mail addresses of 114,000 iPad users, including
Mayor Michael Bloomberg and Rahm Emanuel, then the
White House chief of staff)
Weev did not try to profit from it; he notified the blog Gawker
of the security hole.
103. Embarrassed AT&T
Found that AT&T left web pages for Ipad users unprotected
Each page could be accessed by simply adding 1 to a URL
Harvested e-mail addresses of 114,000 iPad users, including
Mayor Michael Bloomberg and Rahm Emanuel, then the
White House chief of staff)
Weev did not try to profit from it; he notified the blog Gawker
of the security hole.
Sentenced to 41 months in jail and $73,000 to cover the cost
of notifying customers of THEIR security hole!
104. The judge at sentencing
“You consider yourself a hero of sorts,” she said, and noted
thatWeev’s “special skills” in computer coding called for a
more draconian sentence.
105. The judge at sentencing
“You consider yourself a hero of sorts,” she said, and noted
thatWeev’s “special skills” in computer coding called for a
more draconian sentence.
Flashback from 1985: “My crime is that of outsmarting you,
something that you will never forgive me for.”
108. CFAA
Computer Fraud and Abuse Act
Makes unauthorized use of a computer system a felony.
Justice Dept. interprets this to mean violation of a terms
of service agreement.
109. CFAA
Computer Fraud and Abuse Act
Makes unauthorized use of a computer system a felony.
Justice Dept. interprets this to mean violation of a terms
of service agreement.
So… Don’t lie on OK Cupid.
112. Abelson Report: Not clear there
was unauthorized access.
Ultimate Conclusion: MIT Community needs to
examine itself. Why didn’t it care? Reflects
community ignorance of the dangers facing every
MIT student and faculty member.
113. Questions
What sources of information - blogs,
alternate media etc we could follow to
get informed about the intelligence
activities of these privateintel
companies?
115. Questions
What can Individuals and corporations
do to maintain their privacy?
116. Questions
What can Individuals and corporations
do to maintain their privacy?
Hire a professional.
117. Questions
How can we influence policy decisions
on surveillance & protest our invasion
of privacy?
118. Questions
How can we influence policy decisions
on surveillance & protest our invasion
of privacy?
Abelson’s point: First we have to educate
our peers.
119. Questions
How can we influence policy decisions
on surveillance & protest our invasion
of privacy?
Abelson’s point: First we have to educate
our peers.
KeepTalking. Spread the word.