Lessons from LulzSec
For a brief period in 2011 LulzSec made headlines by going on a global hacking rampage. Despite a short existence, the group's activities provided a useful insight into the consciousness and capabilities of a small group of determined hackers as well as and the response from the state. Using this as a case study, and drawing from other examples, we can learn what is possible, why it might be useful, and how to protect ourselves.
First, I want to examine the political consciousness of historical hacktivist groups. Before 4chan became a cesspool of fascism, groups such as Anonymous and LulzSec emerged from this fringe of nerd culture promoting slogans such as #fuckfbifriday and free Chelsea Manning. There was a loosely anti-imperialist and anti-police distrust of the state. It didn't appear to form a coherent leftist ideology but nonetheless recognised many of the key criticisms of capitalism. Core LulzSec member Jeremy Hammond was a self-identified anarchist and actively encouraged what he called ‘electronic civil disobedience.’
First, I want to examine the political consciousness of historical hacktivist groups. Before 4chan became a cesspool of fascism, groups such as Anonymous and LulzSec emerged from the fringes of nerd culture promoting slogans such as #fuckfbifriday, ‘free Chelsea Manning.’ There was a loosely anti-imperialist and anti-police distrust of the state that didn't appear to form a coherent leftist ideology but nonetheless recognised many of the key criticisms of capitalism. Core LulzSec member Jeremy Hammond was a self-identified anarchist and actively encouraged what he called ‘electronic civil disobedience.’
__ )| ________________________.------,_ _ _/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous |==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists `----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec \ ==== \ \\~~\\ \ PIGS \\ #lulzsec `| === | ))~~\\ ```"""=,)) #fuckfbifriday | === | |'---') #chingalamigra / ==== / `=====' ´------´Hacktivism dates back to 1989, when a program was written that would infect machines with anti-nuclear proliferation propaganda. It would display the WANK logo along with a random message, before randomly attempting to infect other machines on the network. The random messages included ‘vote anarchist’ and ‘the FBI is watching YOU.’
W O R M S A G A I N S T N U C L E A R K I L L E R S _______________________________________________________________ \__ ____________ _____ ________ ____ ____ __ _____/ \ \ \ /\ / / / /\ \ | \ \ | | | | / / / \ \ \ / \ / / / /__\ \ | |\ \ | | | |/ / / \ \ \/ /\ \/ / / ______ \ | | \ \| | | |\ \ / \_\ /__\ /____/ /______\ \____| |__\ | |____| |_\ \_/ \___________________________________________________/ \ / \ Your System Has Been Officially WANKed / \_____________________________________________/ You talk of times of peace for all, and then prepare for war.But just as often as there were left wing hacktivists, there were well meaning individuals whose actions were assisting imperialism. In 1998, hackers collaborated on a DDoS attack in support of the Zapatista Army of National Liberation (an armed far-left libertarian-socialist group in central America) but that same year a US hacker group declared cyberwar on China and Iraq. Though it didn't make much of an impact, I'm sure the NSA appreciated the free help. Hacktivism became a big talking point in the mid-2000s at the time of 4chan and wikileaks. Distrust of Western governments was high in the wake of the Iraq war, and Wikileaks was airing the imperialists' dirty laundry by publishing a slew of hacked and leaked information. Anonymous were feeling bold and empowered after launching Project Chanology; a campaign that had demonstrated to themselves that they could be very disruptive once organised towards realising a common goal. Attacking Bank of America and supporting student protests, they saw themselves as 'bastions of freedom,' but the kind of freedom most important to them were bourgeois individiaul liberties. They saw Ron Paul as the only politician criticising imperialism and promoting individual liberty and, ironically or not, 4chan began the memeification of Ron Paul's 2012 election campaign and began its long descent into right libertarianism followed by its natural conclusion - fascism.
Many of the individuals in these groups are bored teenagers, or socially outcast. LulzSec member Jack ‘Topiary’ Davis lived in Shetland and said he became a hacker because he was bored. They are already critical of society, they just need to learn that it is capitalism that is the cause of problems in society and not whatever the latest fascist scapegoat is. If communists are trying to build a party, they should be considering engaging these communities.
The imperialists states already know this, FBI agents (or at the very least informants) were found posting on anti Russian conspiracy theories on 8chan. And the Olympic Games leaks suggest that there's a whole room of people from these communities working for the NSA developing new cyber weapons.
The US military recognises both ‘cyber’ and ‘people’ as domains of war, alongside air, sea and land. Meaning that they are already actively engaged in online astro-turfing as well as cyber defence and offense. They understand how important it is to be active in these spaces, it's time leftists did too. We know CIA staff have been editing wikipedia articles in their free time. And that 'Bolivian' anti-Morales propaganda tweets originated in Virginia - coincidentally the same state as the CIA headquarters. These are only a few small examples where rogue agents have been sloppy enough to get caught, imagine what they are capable and inclined to do in officially sanctioned astro turfing campaigns.
Hacktivist groups like LulzSec demonstrated the capability of individual activists, collectives, and large self organising online groups to cause major disruption. More importantly the possibility to expose imperialist lies, state sanctioned terrorism, and illegal spying. Some of the hacks conducted by LulzSec were, in their own words, ‘so easy a child could do it,’ which was inpsiration for their tagline ‘laughing at your security.’
One of the most important lessons learned from LulzSuc is that it demonstrates the size and scope of law enforcement response to this type of activity. What tools they can use to track down hackers, and what defences hackers used that were effective.
The state is constantly expanding their powers in this regard. The UK recently passed a data sharing law that allows data held in the USA (for example your private data that is saved on Facebook's or Google's servers) to be accessed by British intelligence officers. They've carefully worded the document with promises to the public that the data will be handled safely and they'll only use it to catch pedophiles and terrorists. Now anyone who complains about it can safely be accused of being a terrorist sympathiser (or a pedo sympathiser - a charge the Murdoch press very quickly levelled at Corbyn when he raised questions about the proposed bill).
As long as the state is only enforcing this bill to catch pedophiles and ‘terrorists’ then how can any moral upstanding citizen complain? That entirely depends on how the state defines ‘terrorist.’ In an era of austerity, imperialism, monopoly capitalism and ecological destruction, anyone who opposes these things is de facto an enemy of the state. And anyone who stops passively accepting them and starts organising against them can very quickly be labelled a terrorist, just ask the Palestinians. The City of London police already included Extinction Rebellion in a list of "key threats" in a counter terrorism assesment. Former Met officer Paul Stephens even speculated that they were designated terrorists to facilitate intelligence gathering.
Anyone who wishes to organise against imperialism and in defence of the environment and workers rights should be aware of the state's capabilities in this regard. Western Marxists fantasise about smashing the state but are often ignorant on cyber, leaving themselves very open to compromise. Not only can the NSA read your private communications, they can remotely hijack a car, or even shut down an entire country's power grid at the press of a button. Finding and arresting activists with poor opsec would be childs play for them. It is essential for an activist in the 21st century to be aware of and knowledgeable about cyber security, both from a defensive position (how to communicate and organise without being spied on) and an offensive position. This means learning about some of the technical details about hacking, demonstrated capabilities, and legal consequences.
Lulzsec again prove a useful case study on this point - an example of what not to do. The group were organising on Internet Relay Chat (IRC) a once incredibly popular protocol for group chats. IRC isn't encrypted, so in order to maintain anonymity they would connect to the IRC server over an anonymous encrypted relay network called The Onion Router (Tor). Ironically the core principles behind Tor were created by the US Naval research laboratory and, as leaked FBI documents have suggested, they are not capable of directly breaking Tor encryption. It's a shame then, that Sabu accidentally forgot to connect to Tor before logging onto the IRC server and in doing so exposing his real IP address.
As part of a plea deal with the FBI, Sabu started started trickling information to the agency and eventually lead to them having enough evidence to warrant a wiretap on another suspected LulzSec member — Anarchaos. Since they couldn't directly break Tor encryption, they instead used a correlation attack — simply watching his internet activity and correlating when the person suspected of being Anarchaos was at home using his internet, and when the 'Anarchaos' account was logged into the IRC channel.
These events have given us valuable learning experience. First, use good opsec. TAILS or I2PIRC are good for anonymous communication, and won't let you accidentally forget to anonymise like Sabu did. Second, don't be a snitch. Third, don't reveal any personal information, in case a team member is a snitch trying to build enough information about you to warrant a wiretap on your home. Sabu was so useful to the FBI that only one LulzSec member was never identified - which goes to show that if you're careful you can still stay anonymous even when you're chatting to an FBI informant.
If you want to learn how to hack yourself, you can find books on the subject. You can get a great overview with the very concisely titled 'Linux Basics for Hackers Getting Started with Networking, Scripting, and Security in Kali.pdf' I would recommend starting by installing Kali on a burner laptop, very helpfully the first chapter explains exactly how to do this.
But hacking, in the broadest sense, means getting somewhere you shouldn't be. It also includes ‘social engineering’ attacks - which can be as simple as following someone into a building while holding a clipboard, or pretending to be a network technician or repair technician. Self-proclaimed 'non technical' security researcher Jayson E. Street revealed how easy this in his DEF CON talk titled 'Steal Everything, Kill Everyone, Cause Total Financial Ruin!' He describes walking into financial offices where employees had passwords written down next to computers, laptops not secured, sensitive financial documents in open containers; key fobs, car keys, wallets and name badges left on desks.
Anyone could enter a building using these social engineering techniques, and place hardware in the network that steals data. USB keyloggers can record anything typed on a keyboard, including usernames and passwords. This isn't even a wishful fantasy, security researchers wouldn't still have jobs if they couldn't demonstrate that they are regularly able to walk into buildings and steal sensitive information using cheap tools they bought online. The reason breaches don't happen more often is that people don't know it's possible, don't have the skills and, most importantly, don't have the motivation.
One of the biggest relevations in US political history was when FBI documents were stolen from a filing cabinet. Documents that challenged the US’ narratives of itself to such an extent that newspapers wouldn't print them - documents that proved the conspiracy theorists correct; they revealed the illegal FBI operation codenamed COINTELPRO. But these agencies aren't keeping their files in a poorly secured cabinet anymore, they're on a server somewhere. Who knows what secrets they are keeping there - waiting for someone to steal that information and release it, like Snowdon did, like the anonymous NSA employees in 2016 who leaked the Nitro Zeus program - a US Israeli collaborative cyber project that was designed to disable Iran's national electrical power generation ahead of an invasion. Something even US government employees thought was so immoral they leaked it.
There are people who have the skills to hack but have neither the motivation nor the political consciousness to use these skills for the benefit of society. Similarly there are people are politically conscious but have limited their political activity in trying to recreate the 19th century political agitation. Dogmatically sticking to old methods and tactics, some which went obselete decades ago. As a result, the ‘online’ propaganda war is being lost to proto fascist FBI informants, hacktivism has largely fallen by the wayside, and the last generation of hacktivists all ended up in jail.
Leftists need to recognise that a) technical skills are necessary to understand and protect against advanced cyber abilities of the state; b) cyber is a domain where they should be actively engaged in promoting and recruiting; and c) hacking can be used as a very effective method of activism. Bolsheviks used hidden presses to communicate and robbed banks to fund their revolution, activists of the future may be using encrypted p2p messaging and stealing cryptocurrencies.
These lessons have already been taken fully on board by the alphabet soup agencies, it's time for left activists to learn these lessons too.