Increasingly I spent time speaking with reporters and academics about hacktivism, commenting on a series of Web defacements and DoS attacks. The press was awash with articles about "hacktivists" who weren't much more than low-rent computer criminals. It just smelled like the same cheap hacks were being elevated to political protest when, in my opinion, they weren't any more than script kiddy antics in drag. It became increasingly important for me to define hacktivism, mostly because I believed, and continue to believe,
that there were very definite tactics that were acceptable for hacktivists. If someone wanted to call his or her actions digital disobedience, or cyber sit-ins, or anything else, that was fine with me. But invoking the term hacktivism was not OK.
At the same time I was acting as the cDc's chief evangelist for hacktivism I began to joke that we had a noun longing to become a verb. It was one thing to talk about hacktivism. It was another to put it into practice. In the summer of 1999 the CULT OF THE DEAD COW descended upon Las Vegas like the well-heeled plague of locusts we are. Our mission was to launch BO2K - a network administration tool - at Defcon. Defcon is The World's Biggest Hacker Convention(tm). It used to have some grassroots legitimacy but now it's a job fair for entry-level computer security professionals. Gripes notwithstanding, I drafted the framework for Hacktivismo at this fifth rate Sodom and Gomorrah.
For some time the CULT OF THE DEAD COW had been aware of what has become known as "the Great Firewall of China." This is a system of DNS and desktop filtering used to control its citizens. American companies like Cisco and Websense had made the firewall available to the dot Commies. When you run a business from the beacon of freedom, exporting censorship is allowed especially if it feeds quarterly earnings. Since the cDc reasoned that access to information was a basic human right we started bouncing ideas around for piercing China's digital defenses. The first conversations I had were with Reid Fleming and AJ Effin Reznor in the Suite of the Elite, the cDc's high-roller digs at the Alexis Park, Defcon's hotel site. With a few possible development solutions in hand I began looking for the right mix of people to execute them. The first three hackers I approached agreed immediately.
Bronc Buster and The Pull from the United States, and The Mixter from Germany - who was then working as a security consultant in Israel - jumped on board. All brought different skills to the table and each was highly motivated. What is quite interesting is that we all knew each other by reputation but had never met in person. And over time ideas and code started to flow from one to the other to the point where we had our first prototype: a distributed network application called Peekabooty. It would allow users to bypass firewalls, national or corporate, and access the free side of the Web from a host computer. Part of our plan was to publicize state-sponsored censorship of the Internet and raise as much awareness as possible.
Some of the best advice I got in marketing hacktivism as an issue and a brand came from Grandmaster Ratte', the founder and resident communications guru of the cDc. He continually upbraided me for attempting to make hacktivism too respectable, too much of, as he put it, "a wine and cheese party." G. Ratte' advised me to make it sexy, sweaty, and dangerous. That's what would get hackers interested. They were the ones who were going to sit down and hack the code together for long hours and at no pay; not, with all due respect, the human rights establishment. They were just getting used to Web browsers.
I decided to stick hacktivism in everyone's face with a product name that was impossible to ignore. Peekabooty came, innocently enough, from an experience I had in Harlem. I was standing in front of Grandmaster Ratte's apartment building waiting for him. I spied a little girl sneaking a peek at me from behind her mother's enormous, spandex-encased backside. And the name Peekabooty jumped into my mind. It seemed so perfect and so playful, no matter how sassy most people thought it was. And from that moment Peekabooty became synonymous with Internet censorship. It worked even better as a meme than a technology. Everyone started talking about it, from journalists to policy makers to Congressional leaders. Finally people were starting to wake up to Internet censorship because hackers with blue hair and funny sounding handles said it was important.
Hacktivismo grew into a truly international organization. Most people were technical; others were lawyers, human rights workers, and artists. Our team came from the Americas, Europe, Russia, Israel, Iran, India, Australia, Taiwan, and the Peoples Republic of China. As the group started to grow I thought it was important for us to publish something like a mission statement. Having spent so much time poring through United Nations documentation it seemed appropriate to publish a declaration. In June 2000 I was staying at Grandmaster Ratte's place in Harlem and drafted what was to become the Hacktivismo Declaration in one sitting. It took ten more months of painstaking revisions, but finally I posted it to the cDc listserv for extensive critiquing. Eventually it made its way to Fred von Lohmann at the EFF who made it tighter. Cindy Cohn also was helpful in many ways. The Hacktivismo Declaration was published on July 4th, 2001. It has since been translated into ten languages.
The declaration reads in part, "That full respect for human rights and fundamental freedoms includes the liberty of fair and reasonable access to information, whether by shortwave radio, air mail, simple telephony, the global Internet, or other media," and, "That state sponsored censorship of the Internet erodes peaceful and civilized coexistence, affects the exercise of democracy, and endangers the socioeconomic development of nations." Hackers may wear different clothes and have odd interests, but we know what important values are.
At the same time we were trying to get the message "out," we were also trying to get it "in." The cDc invited the distinguished human rights activist Dr. Patrick Ball to speak at Defcon to a room full of hackers. The place was packed and Patrick made a huge impression. His presence at Defcon did not go unnoticed by Slobodan Milosevic when Patrick was brought in to testify against him at Milosevic's war crimes trial in The Hague. When Milosevic cross-examined Patrick, one of the first questions he asked him was, "So, Dr. Ball. Vaht can you tell me about these Dead Cow Cult?" I have no idea how Patrick managed to keep a straight face.
Hacktivismo progressed as a group but encountered a serious hiccup when the lead developer for Peekabooty rewrote the entire code base and decided to hijack the project and leave the group. It's amazing what some people will do when they figure they aren't getting enough press. When it was first announced on our listserv there were several days of chaos and rage. Some members wanted to crucify our little fame seeker, but it seemed best to let him go. He had been a disruptive force in Hacktivismo for months and things weren't getting any better. Plus when his code was reviewed it left our security experts dumbfounded. Peekabooty had been rewritten to conform to design specs that been rejected a year before as grossly insecure. You could hear the baby Jesus crying in Shanghai.
Within weeks Hacktivismo bounced back and the ideas started to fly again. The Pull came up with a really sweet hack that made a lot of sense. Since most Web censorship is based on DNS filtering, why not play against expectations? The Pull reasoned that we could have people post content that would be censored in China, and other fire-walled countries, right in plain view. DNS and desktop filtering scans for Web requests related to human rights, critical political commentary, women's issues, and a range of other topics that dictators feel uncomfortable with. But this filtering does not look for, "pictures of Disneyland, my trip to the grocery store," and other banal topics. So we would hide censored content in palatable Web sites through the process of steganography.
Steganography is a kind of encryption that allows one to bury digital content in a digital content base. Think of a Web page displaying a picture of the Mona Lisa. Steganography would allow you to hide a copy of the Declaration of Independence, an MP3, or any other piece of content digitally rendered in Da Vinci's masterpiece. No wonder the old girl's smiling. Within the space of a weekend The Pull had hacked together a working copy of the program. He then spent the next few months tightening it up. Hacktivismo released the steganography app at H2K2, a biannual hacker con in New York City. It was widely deployed. We heard from a lot of expat hackers from Iran, China, and the United Arab Emirates living in the West who were using it with their friends back home. The application was called Camera/Shy.
Our next project was called The Six/Four System. It is a complex and intuitive work of genius invented by The Mixter. Six/Four (a reference to June 4th, or the Tiananmen Square massacre) is an inaugural technology. It enables hackers to cobble together applications and drop them on top of any Internet protocol. It's not what you'd call a "user friendly" technology. The code is a bit ugly but it does enable extraordinary possibilities. Beyond the compelling achievement of this work in progress, two extraordinary things happened. The first lovechild is both significant and amusing.
I was concerned about Six/Four's firepower. Although Hacktivismo is an international organization, we are mindful of American law. Given that the United States Department of Commerce (DOC) regulates cryptography as an export and that Six/Four includes cryptographic components, I didn't want to place American members of Hacktivismo at risk. Better to have the American government on board than working against us. So we had our attorney, Eric Grimm, apply to the DOC for a ruling on the exportability of our technology. What is normally a one-month process took nearly four months. I'm not sure that the DOC has ever had a request from a Canadian, me, and a German, The Mixter. And I'm almost positive they’ve never had a request emanating from an organization that included Cult, Dead, and Cow in its corporate identity. But come it did, and the Six/Four System was finally approved and became synonymous with American policy. It was a relief to have the U.S., especially the Bush administration, act as a facilitator of greater freedom rather than as an oppressor and regulator.
This paper was reprinted with the permission of the author and is licensed under the Creative Commons 3.0 license. The paper was edited for length. The full version is available here.
#
No comments:
Post a Comment