From B.Meson / medium.com
Hack Back! — Discussions on hacking, Anarchism and secure OSs
UPDATE: Based on feedback from HB! I have made minor revisions to this document. Multi-word edits will be annotated with an asterisk(*). Minor revisions will not.
I recently had an exchange with the notorious hacker who hacked Hacking Team, a now infamous Italian company that sold spyware to oppressive regimes, which was used to target dissidents and journalists with spyware. Previously, the hacker breached Gamma Group, a similar corporation and dumped 40GB of files onto the Internet*. HB! was able to penetrate their customer support portal, where they obtained a list of targets in Bahrain . While 40GB seems like a large number, 30+ GB of it is a password protected zip file, presumably (according to HB) containing a full copy of the FinFisher server software, that no one has cracked.
The Hacking Team breach was much larger, containing about 400GB of useful files. These hacks, besides being technically interesting, seems driven by political and human rights concerns. Further, by releasing their emails and source code, we found key details of how these corporations operate, an example being the CEO of Hacking Team ending all of his emails with a famous line attributed to Benito Mussolini.
By releasing the source code, some zero days that these corporations were using have been patched, they have lost numerous clients and their own engineers are leaving the field. The technical details of the hack are quite interesting themselves as the techniques are quite sophisticated. The hacker, who uses several alias including Hack Back!, Gamma Group PR and Phineas Phisher recently attacked a police “union” in Barcelona. In one of the most interesting hacks, Hack Back! exfiltrated a bunch of Bitcoin and sent it to Rojava in their struggle for autonomy against multiple international forces, including ISIS.
We spoke over a variety of topics including secure computation, anarchism, international solidarity, and prison abolition. Our transcript has been lightly edited, translated and some details left out for operation security purposes. I use the name HB to refer to his Hack Back! alias.
BM: What do you think about the rise of Fascism in Europe? It seems to be related to a crises in Capitalism.
HB: But yea, seems obvious enough that whenever there’s economic crisis people look for alternatives and the radical right and left both grow a lot.
BM: Got ya. I mean, that sure correct. The US destroying the Middle East has really added fuel to that fire. and we have our own fascists running for office here in the US. :-/ It’s really not good, there was riots in several cities already.
HB: Another case where crisis brings out the best and worst in people. In Europe with the refugee crisis there’s amazing mutual aid, but also horrible xenophobia. Not to mention in the Middle East itself there’s
ISIS vs Rojava.
Anti-Trump organizing seems a good way to bring together everyone from Mexican immigrants to Muslims, to queers, to, well… everyone else that Trump shits on. But a lot of the middle-class liberal anti-trump people that shit on poor whites really annoys me. But honestly, I don’t really care whether Trump or Clinton ends up president. They’d both be about equally disastrous for the US and the world, and the presidential race is kinda just a circus where people feel like they have a say and divides and distracts them from the bottom-up organizing that actually creates change.
BM: I saw in an interview [6] that you started hacking after LulzSec. Can you believe the US gave Jeremy Hammond ten years? Fucking brutal. I recently sent him a POC||GTFO (hacking magazine) but the jail
returned it lol. What do you think about prison sentences that get handed out to hackers?
HB: I have a lot of respect for Jeremy and don’t want to sound like I’m making light of his sentence, it is fucking brutal. But everything about the US “justice” system (and all countries, but US incarcerates a lot
more than normal) is fucking brutal. When there’s people in there for life from 3 strikes of drug possession, then yea, I can easily believe Jeremy got 10 years.
Maybe with how much of a polyglot that magazine is, they were scared if he held the pages at just the right angle, it’d turn into “A Time to Die: The Attica Prison Revolt” or something
Maybe this is a bad opinion to have since there’s a decent chance I’ll be in prison on hacking charges at some point in my life, but it doesn’t make sense to advocate for CFAA reform without also advocating prison abolition. Hackers probably get more lenient sentences than similar crimes, it’s just that they also typically come from a social class that doesn’t go to prison, so that makes it seem like they get longer sentences.
BM: Yea, I saw an amazing amount of support for the refugees in Germany but there was also an insane Neo-nazi march the day after I left, of course with support from the police. And yes, the general sense of liberalism is extremely frustrating. For example, militant antifa who shutting down the streets are showing the way. Instead everyone complains about free speech or whatever non-sense. I generally sense the elections are a huge waste of time, I cant believe even self-described radicals participate.
When I wrote to him [Jeremy Hammond], he mentioned a lot of anarchist literature he wanted to read, but didn’t wrie about anything technical. I thought he would like technical things like POC||GTFO. I also tried to write him about some of the development in the technical world (we are big fans of QubesOS). Your email inspired me to write him some more.
HB: Good! Qubes was definitely an interesting experiment that had a huge impact on the security world, but to me putting everything in separate VM seems like a really messy hack, neither the most efficient or most secure, and necessary because at the start of Qubes development fine-grained permissions were really hard to do well (SELinux) so it was easier to just shove stuff in separate VMs. Despite spender kind of being an asshole I mostly agree with his criticism of qubes and that grsecurity with Role Based Access Controls is a better way
BM: It’s interesting for sure, although I think SubgraphOS has an interesting approach. I actually like that group, yet they seem to have a huge task in front of them. They want to do a lot, create a new email
client, fix GPG (whyyyyyyy?), harden the OS etc. It’s a massive task. I also think SELinux is one of the largest crime of the NSA to date.
HB: lol! SubgraphOS seems interesting, I haven’t gotten around to looking at it yet.
[Editor’s Note]: This section is a response to the previous comment “Maybe this is a bad opinion to have since there’s a decent chance I’ll be in prison on hacking charges at some point in my life”
BM: To get back to your point about “there’s a decent chance I’ll be in prison on hacking charges at some point in my life”, I do hope that never happens. We would like to support you if we could.
HB: Eh, it’ll probably happen some day and you won’t know it. With [hacking] Hacking Team and Gamma Group I can at least hide [behind hacking techniques]. I’ve been doing [other illegal stuff] and it’s kind of a miracle that I’ve never had any problems.
BM: What about other tactics, like expropriating money. Sort of like Enric Duran then? It strikes me that you’re advocating or at least practicing a brand of illegalism like Lucio Urtubia, or at least along those lines? Is that because of a particular line of anarchist ideology or is just because you can and its
necessary. I was having dinner with a comrade recently and they commented “robbing banks is part of any revolutionary struggle”. But the framing of ideas matters. So yes, steal everything you can, but I’m
curious about motives. Also, what do you think about white hat hackers or security researchers who get paid like 300.000K a year to defend banks?
HB: I might’ve mentioned Enric Duran and Lucio Urtubia in response to a journalist talking about white hats and criminals. I’ll answer about white hats making bank securing banks:
When you grow up and get a good job, that’s comfortable and pays well, you lose your political consciousness. There’s a reason the song “Which side are you on?” was included in the video of Mossos (Editors Note: hacking the police union) That M1 verse, which starts “too many people be riding the fence” and continues “they’ll be condemning and condoning their actions in one sentence. Make up your mind, choose a side. Are you a patriot, or a menace to society? So riot, or sit by quietly. But don’t pull out your flag and say you gonna ride with me”, that verse is too true*. Are you going to “ride the fence” and maintain your “hacker” and “rebel” image?. And at the same time want to live a stable, comfortable life that the system gives you, in exchange for protecting it as a white hat. Capitalism and the State are the cause of so much misery and destruction. In front of that system, the ethical thing to do is attack, not protect it. Since I was a youth I admired expropriators, like Lucio Urtubia, Enric Duran, and Los Solidarios, not the bank’s security guards*. Nowadays, I prefer the cybercriminals to the white hats. The white hats write as if the fact that the State spending* more money on cybersecurity is a good thing. They write of hackers in white hats as good and of black hats as evil, without questioning how good the “good” guys really are and how evil the evil ones really are.
HB: Though I really don’t have a well thought out ideology. I just got tired of spending most of my time, at best, making money for shareholders while doing nothing socially useful, or at worst, making money for
shareholders while actively harming people and the planet. So I look for illegal ways to make money in order to free my time so I can do something useful with it. Once I had that figured out I started scaling
it up and making more money than I need and giving the extra away.
BM: Can I ask you about Rojava? Why send the money there? There are numerous struggles for liberation. Obviously the Kurdish people have their own struggles for autonomy and it seems to be centered around anti-capitalist (and particularly feminist autonomy). Obviously fuck ISIS. It does seem that Rojava has the best anti-imperialism framing as well.
HB: There are a lot of liberation projects that can do a lot with a little money and I’ve given to plenty besides Rojava. Rojava I donated publicly though because they’re able to openly accept money from a
criminal, and they need the attention. Anarchists and the International Left are doing nowhere near enough to support Rojava. The people criticizing Rojava are at best idiots, and at worst trying to find a way
to rationalize avoiding the hard work of supporting an actual Social Revolution, so they can go back to hanging out at their cooperative coffee shops and punk shows. Do they think an anarchist utopia just
appears out of nowhere, and they should only support it once everything is already perfect? Anarchism doesn’t just come out of nothing, it comes from a lot of work educating, organizing, and offering our perspective during moments of crisis when people are looking for alternatives. Rojava is not perfect, but is a multi-million person society endorsing libertarian ideals* and moving rapidly in that direction, that has in many ways already passed the accomplishments of other examples that anarchists like to fetishize like the Spanish Civil War. There’s a massive stateless area with explicitly libertarian ideals*, asking to engage with international anarchists, and they don’t jump at the chance to participate. It blows my mind. Maybe anarchists in the West have so internalized the idea that revolution is impossible (they just keep up the
radical rhetoric in the hopes of scaring authorities into granting reforms?), that when an actual revolution is happening they have no idea what to do.
BM: Finally, can you recommend one book? One song?
HB: Momo. It’s a children’s fantasy novel that has nothing to do with politics, but it’s a more biting criticism of capitalism than anything by Marx. Honestly I feel like most “politically conscious” musicians just do it for their image and don’t actually do shit outside of their music. When you see people actually living the words they’re singing it makes it so much more powerful. So I’ll go with Rap Insurrecto from the group Palabras en Conflicto (the rapper for most of the track is Sebastian
Oversluij who was killed by a security guard while robbing a bank)
Revision notes:
HB! I’d say “the State spending more money”. I never liked people using “wasting money” to argue against things they don’t like. War, prisons, spying on activists, etc, aren’t bad because they “waste money”, they’re bad because they’re wrong. “wasting money” is when you spend money and get nothing out of it. The State is getting exactly what it wants for the money, it’s just something bad
HB: It’s annoying how in the US, and rapidly spreading to other countries, libertarian and anarchist to a lesser extent, now mean the opposite [of what we mean] so we have to keep finding more awkward sounding words. So in a context like this interview where it’s clearly anti-capitalist I like to use the word libertarian so it doesn’t lose it’s meaning.