Hack Back! — Discussions on hacking, Anarchism and secure OSs

A hacker recently pwned several corporations who get rich of violating human rights. Below is a bit of discussion of political theory.

UPDATE: Based on feedback from HB! I have made minor revisions to this document. Multi-word edits will be annotated with an asterisk(*). Minor revisions will not.

I recently had an exchange with the notorious hacker who hacked Hacking Team, a now infamous Italian company that sold spyware to oppressive regimes, which was used to target dissidents and journalists with spyware. Previously, the hacker breached Gamma Group, a similar corporation and dumped 40GB of files onto the Internet*. HB! was able to penetrate their customer support portal, where they obtained a list of targets in Bahrain . While 40GB seems like a large number, 30+ GB of it is a password protected zip file, presumably (according to HB) containing a full copy of the FinFisher server software, that no one has cracked.

Anyone have an idle GPU cluster?

The Hacking Team breach was much larger, containing about 400GB of useful files. These hacks, besides being technically interesting, seems driven by political and human rights concerns. Further, by releasing their emails and source code, we found key details of how these corporations operate, an example being the CEO of Hacking Team ending all of his emails with a famous line attributed to Benito Mussolini.

By releasing the source code, some zero days that these corporations were using have been patched, they have lost numerous clients and their own engineers are leaving the field. The technical details of the hack are quite interesting themselves as the techniques are quite sophisticated. The hacker, who uses several alias including Hack Back!, Gamma Group PR and Phineas Phisher recently attacked a police “union” in Barcelona. In one of the most interesting hacks, Hack Back! exfiltrated a bunch of Bitcoin and sent it to Rojava in their struggle for autonomy against multiple international forces, including ISIS.

We spoke over a variety of topics including secure computation, anarchism, international solidarity, and prison abolition. Our transcript has been lightly edited, translated and some details left out for operation security purposes. I use the name HB to refer to his Hack Back! alias.

BM: What do you think about the rise of Fascism in Europe? It seems to

be related to a crisis in Capitalism.

HB: But yea, seems obvious enough that whenever there’s economic crisis

people look for alternatives and the radical right and left both grow a lot.

BM: Got ya. I mean, that sure correct. The US destroying the Middle East

has really added fuel to that fire. and we have our own fascists running

for office here in the US. :-/ It’s really not good, there was riots in

several cities already.

HB: Another case where crisis brings out the best and worst in people. In

Europe with the refugee crisis there’s amazing mutual aid, but also

horrible xenophobia. Not to mention in the Middle East itself there’s

ISIS vs Rojava.

Anti-Trump organizing seems a good way to bring together everyone from

Mexican immigrants to Muslims, to queers, to, well… everyone else that

Trump shits on. But a lot of the middle-class liberal anti-trump people

that shit on poor whites really annoys me. But honestly, I don’t really

care whether Trump or Clinton ends up president. They’d both be about

equally disastrous for the US and the world, and the presidential race

is kinda just a circus where people feel like they have a say and

divides and distracts them from the bottom-up organizing that actually

creates change.

BM: I saw in an interview that you started hacking after LulzSec. Can

you believe the US gave Jeremy Hammond ten years? Fucking brutal. I

recently sent him a POC||GTFO (hacking magazine) but the jail

returned it lol. What do you think about prison sentences that get handed

out to hackers?

HB: I have a lot of respect for Jeremy and don’t want to sound like I’m

making light of his sentence, it is fucking brutal. But everything about

the US “justice” system (and all countries, but US incarcerates a lot

more than normal) is fucking brutal. When there’s people in there for

life from 3 strikes of drug possession, then yea, I can easily believe

Jeremy got 10 years.

Maybe with how much of a polyglot that magazine is, they were scared if

he held the pages at just the right angle, it’d turn into “A Time to

Die: The Attica Prison Revolt” or something

Maybe this is a bad opinion to have since there’s a decent chance I’ll

be in prison on hacking charges at some point in my life, but it doesn’t

make sense to advocate for CFAA reform without also advocating prison

abolition. Hackers probably get more lenient sentences than similar

crimes, it’s just that they also typically come from a social class that

doesn’t go to prison, so that makes it seem like they get longer sentences.

BM: Yea, I saw an amazing amount of support for the refugees in Germany

but there was also an insane Neo-nazi march the day after I left, of course with support from the police. And yes, the general sense of liberalism is extremely frustrating. For example, militant antifa who shutting down the streets are showing the way. Instead everyone complains about free speech or whatever non-sense. I generally sense the elections are a huge waste of

time, I cant believe even self-described radicals participate.

When I wrote to him [Jeremy Hammond], he mentioned a lot of anarchist

literature he wanted to read, but didn’t wrie about anything technical. I

thought he would like technical things like POC||GTFO. I also tried to write him about some of the development in the technical world (we are big fans of QubesOS). Your email inspired me to write him some more.

HB: Good! Qubes was definitely an interesting experiment that had a huge impact on the security world, but to me putting everything in separate VM seems like a really messy hack, neither the most efficient or most secure, and

necessary because at the start of Qubes development fine-grained

permissions were really hard to do well (SELinux) so it was easier to

just shove stuff in separate VMs. Despite spender kind of being an

asshole I mostly agree with his criticism of qubes and that grsecurity

with Role Based Access Controls is a better way

BM: It’s interesting for sure, although I think SubgraphOS has an

interesting approach. I actually like that group, yet they seem to have

a huge task in front of them. They want to do a lot, create a new email

client, fix GPG (whyyyyyyy?), harden the OS etc. It’s a massive task. I

also think SELinux is one of the largest crime of the NSA to date.

HB: lol! SubgraphOS seems interesting, I haven’t gotten around to

looking at it yet.

[Editor’s Note]: This section is a response to the previous comment “Maybe this is a bad opinion to have since there’s a decent chance I’ll be in prison on

hacking charges at some point in my life”

BM: To get back to your point about “there’s a decent chance I’ll

be in prison on hacking charges at some point in my life”, I do hope

that never happens. We would like to support you if we could.

HB: Eh, it’ll probably happen some day and you won’t know it. With

[hacking] Hacking Team and Gamma Group I can at least hide [behind

hacking techniques]. I’ve been doing [other illegal stuff] and it’s kind of a

miracle that I’ve never had any problems.

BM: What about other tactics, like expropriating money.

Sort of like Enric Duran then? It strikes me that you’re advocating

or at least practicing a brand of illegalism like Lucio

Urtubia, or at least along those lines? Is that because of a

particular line of anarchist ideology or is just because you can and its

necessary. I was having dinner with a comrade recently and they

commented “robbing banks is part of any revolutionary struggle”. But

the framing of ideas matters. So yes, steal everything you can, but I’m

curious about motives. Also, what do you think about white hat hackers

or security researchers who get paid like 300.000K a year to defend banks?

HB: I might’ve mentioned Enric Duran and Lucio Urtubia in response to a

journalist talking about white hats and criminals. I’ll answer about

white hats making bank securing banks:

When you grow up and get a good job, that’s comfortable and pays well, you lose your political consciousness. There’s a reason the song “Which side are you on?” was included in the video of Mossos (Editors Note: hacking the police union) That M1 verse, which starts “too many people be riding the fence” and continues “they’ll be condemning and condoning their actions in one sentence. Make up your mind, choose a side. Are you a patriot, or a menace to society? So riot, or sit by quietly. But don’t pull out your flag and say you gonna ride with me”, that verse is too true*. Are you going to “ride the fence” and maintain your “hacker” and “rebel” image?. And at the same time want to live a stable, comfortable life that the system gives you, in exchange for protecting it as a white hat. Capitalism and the State are the cause of so much misery and destruction. In front of that system, the ethical thing to do is attack, not protect it. Since I was a youth I admired expropriators, like Lucio Urtubia, Enric Duran, and Los Solidarios, not the bank’s security guards*. Nowadays, I prefer the cybercriminals to the white hats. The white hats write as if the fact that the State spending* more money on cybersecurity is a good thing. They write of hackers in white hats as good and of black hats as evil, without questioning how good the “good” guys really are and how evil the evil ones really are.

HB: Though I really don’t have a well thought out ideology. I just got tired

of spending most of my time, at best, making money for shareholders

while doing nothing socially useful, or at worst, making money for

shareholders while actively harming people and the planet. So I look

for illegal ways to make money in order to free my time so I can do

something useful with it. Once I had that figured out I started scaling

it up and making more money than I need and giving the extra away.

BM: Can I ask you about Rojava? Why send the money there? There

are numerous struggles for liberation. Obviously the Kurdish people have

their own struggles for autonomy and it seems to be centered around

anti-capitalist (and particularly feminist autonomy). Obviously fuck

ISIS. It does seem that Rojava has the best anti-imperialism framing as

well.

HB: There are a lot of liberation projects that can do a lot with a

little money and I’ve given to plenty besides Rojava. Rojava I donated

publicly though because they’re able to openly accept money from a

criminal, and they need the attention. Anarchists and the International

Left are doing nowhere near enough to support Rojava. The people

criticizing Rojava are at best idiots, and at worst trying to find a way

to rationalize avoiding the hard work of supporting an actual Social

Revolution, so they can go back to hanging out at their cooperative

coffee shops and punk shows. Do they think an anarchist utopia just

appears out of nowhere, and they should only support it once everything

is already perfect? Anarchism doesn’t just come out of nothing, it comes

from a lot of work educating, organizing, and offering our perspective

during moments of crisis when people are looking for alternatives.

Rojava is not perfect, but is a multi-million person society endorsing

libertarian ideals* and moving rapidly in that direction, that has in many

ways already passed the accomplishments of other examples that

anarchists like to fetishize like the Spanish Civil War. There’s a

massive stateless area with explicitly libertarian ideals*, asking to engage with international anarchists, and they don’t jump at the chance to participate. It blows my mind. Maybe anarchists in the West have so internalized the idea that revolution is impossible (they just keep up the

radical rhetoric in the hopes of scaring authorities into granting reforms?),

that when an actual revolution is happening they have no idea what to do.

BM: Finally, can you recommend one book? One song?

HB: Momo. It’s a children’s fantasy novel that has nothing to do with

politics, but it’s a more biting criticism of capitalism than anything by Marx.

Honestly I feel like most “politically conscious” musicians just do it

for their image and don’t actually do shit outside of their music. When

you see people actually living the words they’re singing it makes it so

much more powerful. So I’ll go with Rap Insurrecto from the group

Palabras en Conflicto (the rapper for most of the track is Sebastian

Oversluij who was killed by a security guard while robbing a bank)

Revision notes:

HB! I'd say "the State spending more money". I never liked people using "wasting money" to argue against things they don't like. War, prisons, spying on activists, etc, aren't bad because they "waste money", they're bad because they're wrong. "wasting money" is when you spend money and get nothing out of it. The State is getting exactly what it wants for

the money, it's just something bad

HB: It's annoying how in the US, and rapidly spreading to other countries, libertarian and anarchist to a lesser extent, now mean the opposite [of what we mean] so we have to keep finding more awkward sounding words. So in a context like this interview where it's clearly anti-capitalist I like to use the word libertarian so it doesn't lose it's meaning.