Bootstrapping Your Hacktivist Community
Kiwicon 6 2012Liz Henry @lizhenry
Wednesday, May 1, 13
I will now tell you how to make a hacktivist
community
Wednesday, May 1, 13
HAHAHAHA
Wednesday, May 1, 13
What is “hacktivism”?
• Legal or lower risk hacking:
• Reporting, citizen journalism (maybe)
• Outing people for something
• Protest, petition, policy, law changes
• Civil disobedience (maybe)
Wednesday, May 1, 13
Wednesday, May 1, 13
Sometimes“hacktivism”looks like this
Wednesday, May 1, 13
And “community”?
• For community, you need trust
Wednesday, May 1, 13
Trust is nice
Wednesday, May 1, 13
Lower Risk “hacktivism”
• Publicity. Use all possible social capital.
• Get consent, protect privacy, personal security, personal data if possible.
• Rhizomatic spread. Don’t wait for the boss.
• Action plan. Group chat. Collectively edit some documents. Needs list. Schedule.
• Report on what is effective. Ask for more.
Wednesday, May 1, 13
Emergency power!
• Hurricane Sandy
• Existing communities, social capital among disabled people online
• Incredibly fast mobilization, public call, in-person help from friends of friends of friends, nearly random strangers
Wednesday, May 1, 13
Higher risk
• Reporting or citizen journalism (maybe)
• Infiltration, espionage
• Leaking military or other secret info
• Messing with governments, huge corporations, organized crime
Wednesday, May 1, 13
Who will you piss off?
• Professional reputation/status?
• Stalkers or other hostile individuals?
• Intellectual property, legal, hacking laws
• Repressive government, military?
• Mexican drug cartel? Russian mafia?
• In short, what are you risking?
Wednesday, May 1, 13
Example: Editing the Zetas
• What’s the threat level if you want to edit some Wikipedia pages about Mexican drug cartels?
• Where are you?
• Not-Mexico: Make persona, use Tor + VPN
• Mexico or near: Maybe that’s not enough
Wednesday, May 1, 13
Nuevo Laredo carspotting
• Chat rooms to report on dangerous stuff
• Green Chevy at corner of 9th and Main every afternoon
• Roadblock on the west road out of downtown
Wednesday, May 1, 13
sms blogging
• blog from burner phones
• vojo.co has all-phone setup
Wednesday, May 1, 13
Risks, maybe
• Someone shoulder surfs you in a cafe and shoots you in the head later
• Keylogging, insecure connection
• Site you’re on is run by gangsters. Oops!
• Or is on phpBB or something scarier
• (narcomensajes, torture, murder)
Wednesday, May 1, 13
Consider Risk
• Are you’re risking your freedom?
• Or your life
• Or other people’s lives
• Make sure it’s what you want to risk
• For a good reason!
Wednesday, May 1, 13
There are good reasons
Wednesday, May 1, 13
Why?
• What are your reasons and goals
• Publicity? (Then stick to lower risk)
• Personal studliness? (Don’t!)
• Expose truth?
• Freedom fighter?
Wednesday, May 1, 13
How to make a hacker community
Wednesday, May 1, 13
Don’t!
Wednesday, May 1, 13
Or, first...
• At least pause
• Ethics of encouraging others to do high risk things on some crappy Windows machine with LOIC or whatever. Yeah.
• Learn security, anonymity, privacy
• Put them into practice
• Practice!
Wednesday, May 1, 13
Before y’all do this. . .
Wednesday, May 1, 13
Totally pause
Wednesday, May 1, 13
Wednesday, May 1, 13
Feminist Hackers
• Bunch of women hackers talking
• Why is there a “false accusers” wiki run by MRAs, but no “rapists” wiki run by rape survivors? Unfair and wrong!
• OMG Haxxors!
• Retaliation (identity/safety/DDoS)
• Defamation, legal threats
Wednesday, May 1, 13
Wednesday, May 1, 13
Pick your cool haxxor names!
• We thought of some great ones
• Most of them were totally contaminated
• Anyway, they sounded like roller derby names
• And we were telling them to each other, which was dumb, but we realized that about 2 minutes in
Wednesday, May 1, 13
• So I can never secretly be “Louise Boat”. This makes me very sad.
Wednesday, May 1, 13
Test for leaks
Wednesday, May 1, 13
Testing each other
• We looked at what info we were leaking by accident, and what we knew or could deduce or find about each other.
• Some of us were better at it than others.Wednesday, May 1, 13
We found a lot of leaks
Wednesday, May 1, 13
Some hackers are more equal than others
• We all had some practice, because we are all women talking in public and thus, present more attack surface
• Various factors made some of us more vulnerable than others: queer, trans, people of color, homeless, have kids, domestic violence survivors...
• Those factors often encourage more practice in privacy, anonymity, pseudonymity
Wednesday, May 1, 13
Check your privilege
• If you’re hacking in a high risk way you’re risking everyone around you.
• The others in your “hacktivist community” may be at risk merely by being associated with you
• Protect your contacts
Wednesday, May 1, 13
Learn to attack
Wednesday, May 1, 13
Learn to spy
Wednesday, May 1, 13
Be a trickster
Wednesday, May 1, 13
Be Paranoid
Wednesday, May 1, 13
Trust no one
Wednesday, May 1, 13
Make personas within personas
Wednesday, May 1, 13
Don’t contaminate your personas
Wednesday, May 1, 13
Don’t boast
Wednesday, May 1, 13
Ops checklist
• Safer computer, software (encrypt)
• Physical security (for your computer!)
• Safer connection (Tor, then VPN?)
• Persona management.
• Shut your pie hole!
Wednesday, May 1, 13
More leak vectors to consider
• Location, time, time zone. Avoid patterns!
• Password hygiene
• Paying for stuff
• clicking links someone sends... (don’t)
• Panopticlick (browser fingerprinting)
• Tor, then VPN(s)
Wednesday, May 1, 13
Study security, privacy, anonymity guides
• EFF guide
• Internews, CPJ guides
• TOR, crypto.is
• Study together
• That’s still not good enough
Wednesday, May 1, 13
You must be flawless
Wednesday, May 1, 13
Consciousness Raising
• Bootstrapping new hackers is hard.
• Consider your personal identity and what attack surface you present.
• This will take some discussion and thought.
• You will get a community that is capable of hacking something for some reason someday. Maybe in a crisis.
• It’s political consciousness raising
Wednesday, May 1, 13
That isn’t very glamorous
Wednesday, May 1, 13
But neither is jail
Wednesday, May 1, 13
Or the Ecuadorian Embassy
Wednesday, May 1, 13
Medium risk hacking• There’s still things to do that probably
aren’t super super super risky...
Wednesday, May 1, 13
SRS Business
• Hollaback. Cell phone pics of street harassment.
• Public callouts of public bad behavior, whether pseudonymous or real name
• Twitter hashtags, mockery
• ShitRedditSays started reporting on public misogyny. “Outing” and “doxxing” of violentacrez ... ie “googling” and “his beer buddy told on him”.
Wednesday, May 1, 13
FERT was born
• Feminist Emergency Response Team!
Wednesday, May 1, 13
Lower risk high risk hacker activity
• Neighbor in domestic violence crisis, we found her husband in her Yahoo email and her phone
• Ex-pat Syrian journalist getting death threats. Looked at email headers, IP and told her it was not obviously a local threat or a threat from within Syria
• Palestinian activist convinced site was hacked by Israeli govt. Were able to show them it was just a spambot, php/sql injection
• Advised feminist blogger undergoing 4chan raidWednesday, May 1, 13
“Stay Safe” (or not)
Wednesday, May 1, 13
Create possibilities
Wednesday, May 1, 13
Top Related