Hacking, Hackers, and Hacktivism
Spend five minutes with anyone who studies “hackers” and you will quickly learn that the term is used to define a wide array of discrete subcultures, from homebrew computer programmers all the way through to military-industrial network vulnerability experts. If there is one unifying characteristic amongst all of these cultures (and there may not be), it is most likely the acknowledgement between these groups that the limitations imposed by code as a mode of regulating behavior can, and should, be subverted. Today we look to hackers, who they are, what they do, and what rules and norms govern those who do not recognize code as a governing influence.
Our guest speaker this week will be Molly Sauter, a student at MIT's Comparative Media Studies program and researcher at MIT's Center for Civic Media, who has written and spoken extensively about cultural perception of hackers.
- Gabriella Coleman, Phreaks, Hackers, and Trolls: The Politics of Transgression and Spectacle (from The Social Media Reader)
- Molly Sauter, Activist DDOS Campaigns: When Similes and Metaphors Fail (video, watch from to 1:56 to 21:44)
- Sauter uses the term "DDoS" throughout. This is an abbreviation for "distributed denial of service," a specific form of attack to a web server described in more detail here.
- United States Department of Justice, Prosecuting Computer Crimes (read pages 1-11: Introduction to the Computer Fraud and Abuse Act and Key Definitions)
- Intelligence Squared Debate: "The Cyberwar Threat Has Been Grossly Exaggerated" (an Oxford-style debate with Marc Rotenberg, Bruce Schneier, Mike McConnell, and Jonathan Zittrain; watch the video of the debate)
- Benjamen Walker, Doing it for the LULZ (from Too Much Information) (11:00 to 22:45 only, language at times is NSFW)
Videos Watched in Class
Operation Payback: http://en.wikipedia.org/wiki/Operation_Payback
The MIT hacks gallery: http://hacks.mit.edu/
MIT Tetris Hack: http://www.youtube.com/watch?v=IAIPUGO1iko
Steven Levy's Hackers: http://www.amazon.com/Hackers-Heroes-Computer-Revolution-Anniversary/dp/1449388396
Captain Crunch Whistle Hack: http://en.wikipedia.org/wiki/John_Draper
Joe Engressia is the blind phreaker: http://en.wikipedia.org/wiki/Joybubbles
Able Archer: http://en.wikipedia.org/wiki/Able_Archer_83
Grey Hat: http://en.wikipedia.org/wiki/Grey_hat
Zero Day Exploit: http://en.wikipedia.org/wiki/Zero-day_attack
Google's Application to apply for an exploit bounty: http://www.google.com/about/appsecurity/reward-program/
Article about Chrome bounty: http://www.computerworld.com/s/article/9204882/Google_pays_record_bounty_for_Chrome_bug
National Vulnerability Database: http://nvd.nist.gov/
Tom Cruise video: http://www.youtube.com/watch?v=UFBZ_uAbxS0
Operation Clambake: http://en.wikipedia.org/wiki/Operation_Clambake
Hacker zines like 2600: http://www.papercutzinelibrary.org/wordpress/
Electronic Disturbance Theater: http://en.wikipedia.org/wiki/Electronic_Disturbance_Theater
Ban on Guy Fawkes Mask: http://rt.com/news/bahrain-ban-mask-vendetta-478/
Operation Chanology: http://en.wikipedia.org/wiki/Project_Chanology
Al Qassam attacking US banks: http://news.softpedia.com/news/al-Qassam-Cyber-Fighters-to-Resume-Attacks-Against-US-Banks-on-March-5-332647.shtml
Operation Ababil: http://en.wikipedia.org/wiki/Operation_Ababil
I was particularly interested in this week's reading: United States Department of Justice, Prosecuting Computer Crimes it was interesting to see the amount of amendments as the years went by that the federal government attempted to control the internet behaviors of the public. This reading relates closely with my topic for my final paper of the governments control on a macro level in contrast to my paper which exams a small micro community that the federal government is attempting to control. In the readings it appears as if the government reacts in the way of a bell shape curve. Initially they are reactive in nature to something that they are late in response to, then they build up the momentum with legislation, then they continue to amend this legislation to be more and more restrictive until overregulation takes place. The federal government should look into addressing this method of over regulation for it does not protect the public from hackers or those that intend to do wrong, as much as it hurts the freedoms of the public citizens. Interestingcomments 10:49, 9 April 2013 (EDT)
Computer Hacking! Whether done for national intelligence reasons, protesting for civil rights, or simply causing disarray, hacking is now a common reality. The articles and video this week shed light on various hacking attributes. For this post, I’d like to address two: the relationship between hacking and activism (hacktivism), and identify theft.
As noted in Molly Sauter’s presentation, a primary goal of hacking is to attract media coverage that reveals the identity of those participating in a given action. This concept is an interesting one to consider from a retrospective viewpoint: before the Internet, how did information about public officials or public entities leak in the same manner? Did the same amount of information spill? Or, was there a much greater sense of privacy throughout industries, the government, and civil life? Mass media is a powerful mechanism that can "change the word" overnight, but how can we examine the interplay between the Internet and media? From one perspective, they are the same: messages spread quickly to large audiences across both avenues. From another perspective, the Internet acts as a stimulus that shapes media coverage. In other words, it's the first stepping-stone that turns privacy into publicity, which can begin through hacking.
As defined on the Wikipedia page , "Hacktivism is the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics." One important characteristic to consider with hacktivism, however, is "perspective." It’s all about one’s perspective surrounding a given "hacktivist's act:" those who believe they are simply exercising their freedom of speech may inevitably be committing felonies that destroy other people's identity or an organizations' operations. Hacking Iran's nuclear system is much different than hacking someone's bank account, but at the same time they're both deceitful, correct? When we think about activism, we think "good:" activists fight toward a common cause to create positive change in society (most commonly). When we think about hacktivism, however, good is not always the first thing that comes to mind. What do you think about the interplay with these two words? Can they mean the same thing or are they always different?
The second point I’d like to address is "privacy." When examining confidentiality today, I often ask myself what is truly private online? The article about China infiltrating the New York Times, or the reference about hacking Sarah Pallin's personal information illustrates that none of us are truly safe from being hacked. Emails are not private; Facebook is not private; and to certain extent, passwords are not private. With this in mind, how can we protect ourselves from identity theft? How can we create passwords that are impossible to hack? How can we protect our online identity (i.e., our real-world identity)? As we all file our 2012 taxes, for example, consider IRS refund fraud....Citizens with no IT background are able to earn tens of thousands of dollars through online hacking; and the majority are never caught. Are these types of hackers also hacktivists, because their united behind a common cause? What defines a hacker vs. a hacktivist? Why is it OK to invade one person’s or organization’s privacy, but not another’s? Is it OK when the vast majority disagree with a person's viewpoint, or a country's ideals, or a company's mission? Or, is hacking always wrong?
I've asked a lot of questions in this post, because hacking in another complex topic to dissect. Many of us "live online," and for that reason I question what will happen in the near- and long-term as our day-to-day lives become even more virtual. No matter how vigilant we are, no matter how many times we change our password, and no matter how many password characters we use, we may all, eventually, be hacked! Zak Paster 11:28, 9 April 2013 (EDT)
Having been a student, practitioner as a criminal and Constitutional lawyer, a teacher, a journalism and most importantly an observer of government and political behavior along with these touching subjects of invasion of privacy, free speech, independence, communication, and what should be a global effort at cooperation for the advancement of the entire society, for over 50 years *yee gads, I must be old) I have seen government in action, in inaction and pretending it is in action. The latter is the rule, not the exception. Our elected officials and the real powers behind the throne, non-elected officials and lobbyists create a proverbial chicken coup run by the fox. The top echelon of elected officials are figureheads who revel in their fame, power and fortune, Whether it be going through the motions at airport security, or passing insignificant laws that are more bark than bite that they expertly market to create the impression of having meat behind them they exist in their ivory towers. The problem in this country particularly is that most of us are fat cats living a lifestyle greater than an society before and really do not want to upset the real status quo. So they sit back for the most part and not rock the boat. The Dutch 350 years ago could not care if Holland or England was in power, so long as they were left alone to do their business. In Sicily where my ancestors lived the so-called "Mafia" operated in a way much like the American Dutch, but of course in a much more violent and way to control others. Sicily has been "governed" due to its strategic location along the first major trade routes by virtually every seagoing power of the last two millenniums, but early in the 2nd A.D. the Mafia was formed and since until recent attacks by the government as their power lessened has existed as the real governing body.
What does this all have to do with the Internet and government control. I will tell you, it is a similar scenario, a similar mathematical formula in which the power is in the people, but until the people stop being conned they will never take it. Now, I am not and hope I do not sound like a Communist by our principals claims that we are a country, "By and for the People," and our only hope and salvation as a society is to wake up and become active participants and uncover the charades we are subject to by those we elect who under the color of authority are paper pushers. Rich 12:24, 9 April 2013 (EDT)
In my view, major corporations and government security departments have acknowledged that hacker break-ins are out of control within the Internet arena. Some companies are too fearful to join networks due to diverse software programs that could develop ample growing problems. Computer security in our days, is portrayed within usage of difficult passcode, however, is it enough? Hackers seem to carry the responsibility of security break-in, however are they truly liable for company’s loss? As clients demand security of their assets, the vulnerability of security breach highlights that it could not be protected eternally. Ample amount of money is spent on protecting devices that target the hackers, however do these systems support this protection, and why it is still an issue? With the advent of modern law, the characteristics of this issue seem to lack a common ground, which hackers and diverse security programs rely upon. And what are the rights of the government to seize documents and computer ware in case of the hacking incident? The responsibilities of system operators seem to be quite inadequate in comparison to a “true” right for protection. Current law acknowledges that a new threat is emerging where computer “criminals” would potentially be capable of industrial espionage and damaging infrastructures. How could the current law be altered or improved upon these various hacking frameworks? And what would be considered a freedom of information in this matter? How could the unauthorized theft be the primary focus of diverse corporation? And how vulnerability of various security measures could prevent drastic corporate or governmental invasions? user777 12:46, 9 April 2013 (EDT)
Rules that the Supreme Court regarding writing computer code and whether it is protected under a free speech clause is interesting, but I believe for the most part addressed under the Department of Justice Computer Fraud and Abuse Act, which deliniates in detail the federal crimes that an individual or group may commit, for example, by performing acts of trespassing on other peoples' or organizations computers by "exceeding authorized access" and taking National Security information. In my mind, if and individual or group is proven to show that they create a mechanical device for the purpose of terrorism, accessing National Security information, or in anyway creating code to exceed access for a non-authorized user, that is very obviously a federal crime. When one wishes to create that which defends such information protected by National Security acts, then that group or individual can do it in an authorized area with an authorized group, such as the military or a government authorized facility. It is difficult to overemphasize how seriously the US and other governments take hacking. Mostly it is viewed as organized crime at the lowest level if it does not cross international borders, terrorism if it does. One has to bring up humorously the movie Hackers with Angelina Jolie. Even though it is over 20 years old, it most accurately describes what is happening today in a prophetic manner. Daniel Cameron Morris 15:58, 9 April 2013 (EDT)
Discussion: Last week I succeeded at programming the wiki to not include my name when I signed it, as required; this week I have a discussion about radicalism and hackers and the knowledge of a cat. So in reviewing the substance of this assignment I have realized that the understanding on the wall of this page is the problem not the other way around. Therefore this is not the conclusion,. A bit of haste will make anyone impuctual as I have just demonstrate. Now I will discuss the necessity for review: Jonathan Zittrian is not a type of ready made rice snack in the grocer aisle or the Webster of deconstructivist lexicography, and memory loss, he was pretending to be Dave Navarro not Jimmy Fallon. I have a cat named Nipper, she loved the lecture about internet attacks. If anyone of you think this is Wall Street, think again! This is how my cat thinks. So I guess that the problem is not the computer, but, merely the author of the program and this association is FALSE. So basically, I am hot and ready for a frozen pizza but I cannot remember the brand. I guess my computer has a memory problem. That is my goal as I continue on the last assignment (which I received a 1 on, if people missed that comment [last week]).Johnathan Merkwan 13:32, 9 April 2013 (EDT)
These articles were absolutely fascinating! I was particularly intrigued by the "Phreaks, Hackers, and Trolls" chapter, especially the theatrical aspect of modern internet hacking. While hackers were once limited to the 256 character options of ASCII text available on usenet and .alt boards, modern multimedia possibilities can arouse more shock value, such as the flying phallus prank in Second Life. However, disguised behind elaborate digital costumes, the authentic human voice and political intention is lost. Not only has the increasing unhuman-ness of internet technology impacted the real-life, humanitarian aims of hackers, but also as Gabriella Coleman articulates, "Aesthetic hyperbole has made it difficult to parse out truth from lie," resulting in "cultural obfuscation." She later asserts that many breeds of hackers use the internet as a stage to parody real life. This strategy often seems at odds with producing legitimate social change or reformation of systems that hackers attack. For instance, trolls who employ racist and sexist language to mock and exploit chauvinistic real world structures are generally met with three types of responses. 1. They are flamed, criticized, or exiled for their behavior. 2. Their behavior approves of others to express similarly bigoted language and opinions. 3. Their trolling is met with a disaffected awareness that they are indeed trolls, and other users are not to pay them attention. This public awareness of trolls trolling grants internet communities a free pass to write off real racism that may manifest. As these trolls wrap legitimate social issues in absurdism/idiotism, the internet public feels less threatened by these hateful contributions and more neglectful of the power structures that such bigotry reaffirms, even in an anonymous online venue. Jax 16:49, 9 April 2013 (EDT)
The material this week was quite eye opening. I am still somewhat amazed at how 'virtual' seems to be the buzz word for bytes and bites... This myriad of information is anything but virtual...it's not going away...it's coded by the billions upon billions of 0,1s ... And if information is hanging out there that becomes accessible to folks by breaking in, how is that any different than them picking the lock on your front door and stealing your grandmother's secret recipe of spaghetti sauce. I was amazed at the debate and how anyone couldn't think there wasn't a potential threat. This cyber world Is a thief's utopia.... Caroline 17:15, 9 April 2013 (EDT)Caroline
This week's readings were again, very interesting. I think they have been getting better as the course goes on.
Some thoughts on the readings:
I was amused by the apparently contradictory description of hackers in the Coleman article which read: "...hackers tend to uphold a value for freedom, privacy and access..." I could not help but wonder how one can value both privacy and access, when taken to the extremes that those that are labeled "hackers" today take them. For example, if you are willing to obtain unauthorized access to a system/database and extract someone else's private information only to make it public for the purpose of causing them embarrassment or financial damage, then you obviously support and extreme notion of access but do not respect privacy.
That one criticism of Coleman aside, his article was absolutely outstanding. It was a very accurate trip down memory lane for me - I was around and enjoying the age of dial-up modems, electronic bulletit board systems including pirate boards and what he deems as "bitch boards" as well as the early (1980's) days of hacking, phreaking and dial-up (300 baud!) modems. He did a great job of providing a brief overview of the history of hacking and the various pranks and shenanigans (e.g. trolling) that go on online.
The new analytical model proposed by Molly Sauter was an interesting concept. Her model considers three points of analysis: motivations and intended effects, actual effects and technologies used. I can see some instances where motivations and intentions might be less relevant as even if an attack were to result in effects more significant than what was intended, they are still presumably caused by the hackers. Just the same, the cat pictures in her presentation rule!!
I'd be interested in understanding Molly's definition of a "reasonable act of civil protest" because she seemed to imply that Operation Assange which had (her words) "A secondary goal was to cause financial damage and embarrassment to the corporations targeted." was an ethical and reasonable act. Her analysis was valuable in that it sheds light on how this community thinks. I'm looking forward to hearing her speak tonight.
CyberRalph 17:26, 9 April 2013 (EDT)
I always read media articles outlining hacking attacks eminating from China with a grain of salt, these media stories are rolled out once a week in the press but we never hear reciprocal stories about hacking perpetrated by the US government on other countries. Nicole Perlroth’s, Hackers in China Attacked The Times for Last 4 Months, would seem to be another in a long line of articles casting aspersion’s on the Chinese government, without stopping to investigate whether the US acts in kind. Even when there is an odd story about US hacking attacks, the attacks are always framed positively, such as when the US and Israel hacked the Iranian nuclear weapons. We don’t hear about all the other types of espionage the US government carries out, unless it is against its own citizens (I recall reading a story about massive servers in California essentially running algorithms on hugh swathes of the internet to detect terrorist comments). Perhaps the reason China doesn’t want its citizens to be using google, facebook, and other American internet behemoths is because it doesn’t want all sorts of Chinese information to be passing through servers easily accessible to the US government. Joshywonder 17:36, 9 April 2013 (EDT)
Here's a great Russian Times article about crashing a commercial jet liner with an android phone...
Phildade 17:54, 11 April 2013 (EDT)