Patriot Hackers: Stand YOUR Ground - Not Mine

Monday, April 16, 2012

Ali-Reza Anghaie


As part of my participation in Wikistrat, I get to see some pretty brilliant debates on what can - can't - will - and (hopefully) won't happen across the geopolitical sphere.

And while the Cyber sphere of geopolitics continues to trouble many with Fear - Uncertainty - Doubt, there is one area where the general consensus of the "Good Guys" is the same:

We do not need Cyber vigilantism to become the norm

Let me preface the rest of this by saying I do not care who The Jester, The Raptor, YamaTough, Anons, etc. are. As a matter of fact across various interactions I'm fairly sure most of these people have their hearts entirely in the right places, I probably would get along just fine in real life with them, and they are otherwise interesting characters. I also don't care if any or all of them are constructs or "condoned" operations of a given Nation-State.

My problem is what messages they send "on behalf" of their respective Nation-State or Quasi-Movement-Nation-State (e.g. Anons - Occupy) hosts AND the collateral damage they create or are even victims of.

With that out of the way lets first touch briefly on what I consider to be the two biggest enablers of the "problem of" Cyber vigilantes:

  1. Governments have spent the past eleven years drumming up Citizen corps to treat their neighbors as suspects - breeding environments of xenophobia - and creating boutique markets of Big Brothers and Little Brothers alike.
  2. Governments have not fulfilled their accessibility to security obligations to their citizens - specifically the comfort of being able to "call the police" in this space and get a reasonable response.

Out of (1) the result has been a polarization of reactions to perceived threats - on one side you have an overly politically-correct to the point of being naive movement to frame every potential threat as basically non-existent and entirely a construct of the ~other~ side. And on that "other" side you have near-religious zealotry defining everything in absolute terms. In effect the environment cultivated in (1) exasperated the problem across all facets of Security.

Additionally out of (2) those people "in the middle", including many of our bravest and those most in harms way (see: Powerful Peace), have no way to get reasonable issues addressed without either risking strange retaliation and skepticism from a/the Government tasked with protecting them or the hostile adversarial groups themselves. Indeed the actual moderates, not just extremists that self-proclaim themselves moderates, become perceived as enemies at both polarized ends.

Now - I'm intentionally trying to distil this into the two biggest problems - but this is hardly comprehensive. Regardless I stand by the idea that Cyber Patriots are an inadvertent creation of, and now problem for, the host Governments.

OK, now that I've perhaps alienated everyone, let me explain my title. I fully encourage and endorse protecting what's yours on a personal and private entity level. I've been adamant that waiting for Government to solve your security problems is a losing proposition. However, this is always been in the frame of defensive security problems - not becoming the aggressor. You have to make sure you understand the line between investigating a problem passively and pursuit/action that ends tragically.

In the same way I support Gun Rights, Agorist-Voluntaryist, Libertarian, and Austrian Economics in "real" life - it all spans to my suggested cyber postures. To use a comic book cliche - With Great Power Comes Great Responsibility (my apologies to Voltaire).

You're a better Citizen, a better hero, a better Sheepdog for your community if you know where to draw the lines in your own applications of Balanced Power.

"The truest testament to a warriors' worth isn't how often he unleashes his sword, but what he can accomplish without doing so." ~ Venator

So now I'm speaking to The Jesters and The Raptors of the World...

I know, believe me I know, what it's like to head-desk-repeat when trying to get action out of an upstream Government agency. I know how frustrating it can be to see messages of hatred and threats against your Country go unanswered in all forms of media. I know what it's like to be unfairly treated by your home country. I have sinned and been sinned against. I have felt betrayed or let down by both my country of birth (Iran) and my country of heart (USA). And I have taken up "cyber arms" myself - I'm not an innocent bystander regrettably.

I also know this - This course of action gets out of hand before you realize it and the repercussions on a geopolitical level with the leaders of Nation-States will be well well WELL outside of your ability to control it. It doesn't end with forums and individual sites. It doesn't end with doxing. It doesn't end with a zero-day market - Patriot and rogue Cyberweapons Dealers.

It ends with more barriers to Internet Freedom - it ends with slowed economic integration in the regions that need it the most - it ends by further breeding an already troubling enemy-combatant Cyber Vigilante. It ends with kinetic action. It. Ends. Badly.

Let’s not replicate the sins of our Governments at our scale. Let’s not aggravate the problems Governments already face. We can hack for good, share information, integrate economically, integrate through gaming, coffee house conversations, any number of other outlets for this Patriotic energy.

There is no doubt we need a balanced approach to power, I'm not a pacifist and I don't disregard the threats radicalization online and cybercrime bring. I'm just suggesting Cyber Vigilantism is not a movement we want to support by also throwing "our" Western weight behind it.

NEXT TIME: How Governments can enable the Cyber Citizenry without breeding FUD and Vigilantism

(BTW, you all can join Wikistrat on Facebook and participate in their unique experiment. And I strongly encourage you to pickup Powerful Peace and see what happens when things get out of hand - and ideas on how to reign them back in.)

Cross-posted from Packetknife's Space

Possibly Related Articles:
Jester Patriot Hackers th3j35t3r Anonymous Hacktivist FUD Digital Vigilantism CyberPatriot The Raptor
Post Rating I Like this!
Ali-Reza Anghaie A few questions have come up that won't get addressed in Part Two so I'll do it here:

Q) Do you know The Jester or The Raptor or Etc. Etc.
A) See above, not even relevant, ..

Q) Who is this hurting? Why don't you like Patriots?
A) Have you seen the collateral damage done through even basic doxing and other harassments? How do we know who it's helping? The FBI has in the past discouraged such operations and for good reason - it can interfere with ongoing operations, create friction where none was needed, and otherwise overwhelm LE (that's already overwhelmed).

Q) Why do you want the Jihadists to have forums?
A) This is such a stupid question of me, given my very public record on the topic(s), that I question if you're a troll for asking.

That's it for now... the rest of the comments more-or-less tell me I'm too wordy and they didn't follow. :-/ -Ali
Ben Keeley 'We do not need Cyber vigilantism to become the norm' - Agreed...

However given the lack of a single independent body responsible for policing the internet I would imagine many of the people who suffer their personal details (dox) etc being released by blackhats would take comfort in the actions of the whitehats out there who step forward and do what the governments are slow/unwilling to do.
Ali-Reza Anghaie That's always the case - some group of people do take comfort in being able to turn to vigilante organizations, persons, or just knowing perhaps somebody will "step up" for them.

However, there are a lot of White Hats who are more than willing to help LEs or Attorneys get the proper channels opened and jobs done. It's not an either/or.

And as I note in (2) the unavailability of a standard process or at least ~reasonable~ answer as to why they can't help is part of the problem.

Either way - comfortable or not - the problem becomes that this back-and-forth puts other people at risk. It also can put geopolitical channels are risk too.

There is no good ending, on a wide scale, for this issue. So taking comfort on a case-by-case basis is merely a form of enabling the behavior in the long-run. Slippery slope is slippery.

Thanks for chiming in, -Ali
Ben Keeley Agreed re V.slippery.

In the world wide current financial climate though, who will cough up the finance or be prepared to fight for an independent body to 'police' the internet. Can't see it happening for sometime yet :( And until then does the Internet remain the 'wild west' (at least to an extent) - I think it will.
Ali-Reza Anghaie You're right, no disagreement..

I don't want to see it happen actually, I think that's a False Flag.

I'm not asking Government to solve this problem per se, I'm pretty explicitly suggesting that's a wait we can't ever afford to make. And I'm also suggesting using the energies in "response" elsewhere - and not in vigilante action.

By helping further educate, integrate, and otherwise "connect" the world reducing the areas where extremism like those being fought are accepted in the first place. Increase our integration through our energies, efforts, and technical abilities. It's a longer road - it's not nearly as sexy for some I suppose - but it's about making decisions that have something other than a bad zero-sum ending. -Ali
Ben Keeley What concerns me is that 'kids' (younger than 20 something) now have the technology and skills to cause havoc for members of the internet population, or of course otheres can use it for communicating/supporting terrorism.

This just wasn't the case 20-25 years ago. And if a group in your local area tried to cause havoc (id theft/fraud/etc) or supported terrorism now then the police would be expected to close them down very quickly.

That for obvious reasons isn't happening on the Internet, and until it does I think some in the Infosec industry and the majority of the public will back the cyber vigilantes.
Ali-Reza Anghaie That's insane - that right there...

Do you think for a moment any operation of that scale that would create "havoc" or supported terrorism would hesitate to take Cyber Vigilantism ~KINETIC~?

Think about that - is that a risk you're willing to take? Lets say The Jester and/or The Raptor lead a charge of DDoS, OSINT, etc. wide in the open, on Twitter, in IRC, ..

Do you think the adversary won't retaliate if their significant operation is put at risk?

The Jester, to his credit - for the most part - carefully chose his targets in that sense. He made mistakes IMO but he wasn't entirely reckless. His particular actions are discouraging in what it means - projects if you will - to others.

(BTW, The Raptor strikes me as a rational actor - assuming the story is true.)

Also I think the idea that if the Government has cause and reason - and did not have "other" plans in mind - they could ~not~ shutdown major forums is naive. They friggin' go ape-sh*t on sites w/ ICE semi-regularly now. They can leverage geopolitics, as they did in the Ukraine, to take down sites out of their jurisdiction.

If indeed that's the sum of it... see, that's not even what The Jester or The Raptor or YamaTough wanted. Anons/Occupy/Wikileaks is a bit different in that regard (sometimes).

They weren't even expected a permanent loss of presence - although I think in at least a few cases they could have certainly reached that goal.

So then what's the end-result besides aggravation in the existing cases? Just escalating the trend. And it'll keep escalating until it ends badly.

And what of process? Collateral damage?

Lets say for the moment they could take a site offline that was the logistical hub for a neighborhood terror operation. They DDoS, hack, and wipe the server - attack the hosting company. What of everything and everybody else? What about the damage to them - or what about turning them a bit off, perhaps in rare cases furthering the extremism?

This really should be straightforward and academic at this point in history.

Vigilantism has been pretty Universally panned. It just has too many ways it goes wrong outside of the Comic Book universe.

Lets use our energies to accelerate the real change to make Vigilantes less of a desirable. That's really the bottom line - energy worth expending on keeping these personas, on the cyber vigilante activity, - those energies can have real, longer lasting, and safer impact in any number of other areas. -Ali
Ben Keeley 'Also I think the idea that if the Government has cause and reason - and did not have "other" plans in mind - they could ~not~ shutdown major forums is naive. They friggin' go ape-sh*t on sites w/ ICE semi-regularly now' - Wikileaks... Some financial pressure was applied with regard donations but the site is still running. No police takedown. An individual govt cannot easily tackle an entire group which spans multiple countries, and that is the crux of the issue right there.

Also look at teamposion ( their members only started to get taken down by the police *after* that mi6 phone stunt. And if you look at th3j35t3r twitter feed there are questions as to what info he may have relayed (i.e. Whitehat helping LEA?)!/th3j35t3r/status/190451774564470784

Look at Doxbin and the release of individuals dox. Another situation which the police have been unable to resolve currently.

This isn't a situation that governance/compliance, user education or forcing the ISPs to own will resolve. Agreed re 'Lets use our energies to accelerate the real change to make Vigilantes less of a desirable.' but that won't happen soon. And I believe the desirable end game should be independent policing body, until then lets not throw stones at people who in their own way are trying to help.

Ali-Reza Anghaie You just conflated two dramatically different types of actions.

The regular DDoSing of sites isn't remotely close to equivocal to a raid/sting or full prosecution. Those comparisons simply aren't reasonable to say that DDoSing and other such (current) vigilante operations are justifiable as a replacement or interim step.

And the fact that The Jester (or others) may have passed information to LEs doesn't change the basic premise. Not in the least. (In part due to a lack of transparency at the Government level - we'll never know.)

Responding to doxing by helping identify it for being taken down is NOT Vigilante action. That is entirely doable in some cases w/o taking it further. And a full-on response that would actually ~erase~ the subject dox, achieving the goal that you infer, is simply not what's happening here.

Again - Cyber Vigilantism today is basically aggravating a situation without achieving any meaningful long-term goal that has a geopolitical impact. And if it continues to escalate it will have even more downside and the long-term results will be exactly the type of warnings I highlight in the original post.

We'll just agree to disagree on this but you've presenting nothing that I'd consider compelling. As as you're a fan of the actions - it's clear I won't be able to present anything to convince you otherwise either. Cheers, -Ali
Ali-Reza Anghaie To clarify on the third paragraph in the last comment. I'm trying to say you can do the same amount about doxing w/o turning to vigilante action. To get a "better" result you'd have to escalate in a way that Cyber Vigilantes aren't doing today. So it's a moot comparison in that regard. -Ali
Ali-Reza Anghaie As it presents the "other" side of this debate, The Raptor responded via Twitter starting at this tweet:!/th3raptor/status/192420255040151552


Other comments came in from LEs in confidence, a few actually, and some other people that wanted to stay out of it. So far the debate is split in the responses I've received.

Curious, -Ali
Michael Johnson Perhaps this vigilatism is being caused primarily by all the keyboard warrior 'cyber warfare' buzzwords and dick waving. When people who should know better start banging on about 'adversary nation states', 'nation state actors', or whatever, it's bound to attract the vigilante types wanting a piece of the action.

Whether their 'operations' translate into anything in the real world is also debatable. There's a far-right extremist group not far from where I live, and they're basically just two guys with a web site, and literally no influence offline. Likewise, many of the AQ groups being targeted by the vigilantes would never go beyond talking big on some forum.
Ali-Reza Anghaie Michael, even if that's a dig at me - that's an interesting point. And something that we were talking about in another forum, regarding this same topic, yesterday.

I'm going to integrate that in my Part II..

The second paragraph can be framed in multiple contexts - agreed. On both sides of the pond. Thanks, Cheers, -Ali
Michael Johnson Far from being a dig, I agree almost entirely with your arguments, but the vigilate problem begins with the powers-that-be promoting the idea of the Internet as a 'battlespace', and trying to attach militaristic terms to it.
Krypt3ia Far from being a dig, I agree almost entirely with your arguments, but the vigilate problem begins with the powers-that-be promoting the idea of the Internet as a 'battlespace', and trying to attach militaristic terms to it. <---- THIS

I would hasten to add though that the "talkers" also are those who end up in custody at some point because they are doing so. Supporting online does actually get to supporting offline in more than a few occasions. Knocking these places offline periodically only makes them go elsewhere where you can't see them.
Neal Rauhauser

This discussion is spot on within the bounds of the conversation, but I think it will quickly become something that will be seen as quaint and irrationally hopeful when the larger context is understood.

Our banking sector is a rotted husk, help up by politicians who will do anything to paper over the problem. They talk about liquidity, but the problem is solvency - there is a fairly linear relationship between liquid fuel and GDP, and global oil production peaked between 2005 and 2008. We're now in a permanent decline due to a combination of geology and a lack of investment due a mix of poor returns and volatility. An annual 3% to 5% decline in fuel means a similar contraction in GDP; none of that compound debt out there is going to get repaid. If we push the issue we'll see things like the currently peaceful Occupiers turn into a sneaky, violent insurrection, focusing on the soft, accessible infrastructure of a traditionally secure society which has disenfranchised them.

th3j35t3r and the various imitators among the white hood hackers are fairly uniformly authoritarian, Islamophobic, racist, nativist, or some combination of those attributes. We've had a decade of federal forces completely mis-trained with bigoted nonsense aimed at Muslims, and the result is that borderline retarded men are lured into things they'd never do on their own by highly paid informants in an effort to prop up the myth that we have a domestic problem with Islam.

Even worse, the right wing groups that have always been America's first source of domestic terror are not just ignored, they literally managed to bully DHS into not tracking them, and in some cases they're actively fostered as a counter to the phantom Muslim menace.

Weakened, illegitimate central power? Check. Ethnic and sectarian divides? Check. Massive economic and environmental stresses? Check.

The United States is greatly handicapped by its first civil war - defined nation states, uniformed armies, a clear cut beginning and fairly tidy ending to the conflict? *NOBODY* else does civil conflict like that ... but the paragraph preceding this one ... that's instantly recognizable to the rest of the world. We're going to have our second civil war and I don't think there is any way to stop it.

Diagnosing these vigilante groups on both sides of the line as the sparks that will set a brush fire in motion is correct, but the spark that creates the blaze isn't to blame, it's the causes and conditions that led to the accumulation of dry brush in the first place. If we don't deal forcefully with corruption and income inequality it won't matter what we do about provocateurs, because something *will* set it all off, and then we'll have a mess just like the former Soviet Union had during their collapse.
Asherah Wordvirus Knocking these places offline periodically only makes them go elsewhere where you can't see them. <<< This, right here. People decry what they see as lack of action from LE, but getting into these places (be they anon or jihadi, or whatever) takes time, resources, and skill. Discovering who some of the actors are is not enough to make arrests. Witnesses, evidence, and testimony have to be arranged, not to mention sharing and cooperation between countries/agencies.

Knocking a site offline due to an outsider's perception that LE isn't moving fast enough is short-sighted. Nobody ever quit the internet or stopped being a fanatic because their favorite forum went down. As Scot and others keep pointing out, they don't go away, they go somewhere harder to find.

All a fanatic will learn from this is to be more cautious. LE have to start over. Worse, the activity inspires more camaraderie in the ranks by giving them an enemy- especially if that enemy doesn't demonstrate any understanding of the ideas and culture of the people he's attacking. Playing up to an audience creates even more chaos and "us vs them" mentality. Suddenly everyone wants to be a cyberwarrior or armchair soldier. Apparently Xbox doesn't have a "world diplomat" game.

If they really wanted to do some good, why not make a real effort, learn the language, keep lists. Use those skills to teach the 'good guys' to defend themselves. The FBI is desperately short of skilled candidates, go to school and be one, or encourage your local government to promote and fund recruitment.

That's what patriotism really is, civic duty. Putting on an egotistical, self promoting circus act and encouraging the same from others (This also applies to Anonymous), and at the same time denigrating, overburdening, and demonizing the people actually tasked with solving the problem, does nothing to lessen any threats.

What really put me over the edge on this issue is the refusal to address criticism. A rational person does not set themselves and their opinion above criticism. Worse, to attack critics with personal smears and bully efforts is vile and cowardly. That's not the action of a hero nor a patriot.
Chuckling ABit *This* post and it's comments contain reasonably credible arguments against the ongoing operations run by th3j35t3r and Raptor (sheesh, I hope there isn't a man named Patrick Raptor who is about to complain.)

One can make a legitimate case against their actions (eg: that they will lead to further cyber vigilanteism, or that their actions are disruptive enough that they might significantly disrupt ongoing officially sanctioned operations.) I haven't made up my mind entirely, though so far I certainly tilt towards supporting th3j35t3r's efforts.

What I can't stand is the irrational arguments that are repeatedly made, the baseless accusations, the almost certainly purposeful deception, the unending ad hominem attacks, etc. Folks can respectfully disagree and still maintain their ability to engage in rational discourse.

This thread has been an oasis of reason. Even my friend Krypt3ia managed to remain stable and make a reasonable contribution. *Almost* all of the other comments were reasonable as well.

Thanks to Ali, and the rest!
mach mach A very good article, I understand your point of view and agree on many things you said here. Just one thing... this IS my ground I'm standing.

Ali-Reza Anghaie Sorry, that's the basis of all the Straw Men responses I've gotten. In the delayed Part II I've included the "Top 10" so to speak ways Cyber Vigilantism can/can't work or how it will and won't be interpreted domestically and abroad. (Now follows a bunch of words that say it isn't "my ground" - but you can jump to *** to see where I start to explore the places it IS possibly justified which might interest you more.)

In the four broad "Actors" outlined here - not one has cited a direct response to something facing ~them~ for their initiation of hostilities. In each case the Actors are responding to either a Non-State Actor or Nation-State Actor threats on a whole class, a way of life, etc. that is - by US Constitution - responded to by our Federal or State Governments. Even the second option, of States, has severe limits as SCOTUS has opined about. (At this point, narrowing it down to two ppl above - can't include Anons or Yama really but the principle applies across all Nation-State Actors to almost the same extent.)

If we use these definitions of "my ground" then we're, in effect, completely legitimizes any response to our "Way of Life" - we have indeed then decided the way the Enemy in this case - specifically Islamists and Jihadis - have appropriately defined their scope by responding to them on their initial rules of engagement.

Sometimes it helps to look at another "cleaner cut" situation and how it's interpreted abroad. Lets use STUXNET - the use of STUXNET clearly wasn't a "Nuclear" attack, right? However, it did establish the first rules-of-engagement in such an operations - it was dissimilar to any other alleged Nation-State Cyber actions before (think Russia - Georgia - Estonia). So THIS is what I'm talking about when I say lets not replicate or re-enforce the sins of the Governments in this case. They potentially established a rules of engagement that will end asymmetrically (we're not really dealing w/ rational Actors).

So - as I noted elsewhere - we ARE dealing with people that NEED support networks who ARE rational Actors (albeit w/ significant disagreements). Ultimately it's ~them~ we have to appease here to reduce the scope of the Islamist Jihadi problem down to a few outliers. And a few outliers aren't, in any case, addressed by ~any~ of the tactics we're discussing here (there is always, separate of Forums, Lone Wolves motivated beyond trap scope).

So there is no way these particular actions can be defined as "my ground" - you are always always always also on someone else's ground.

Now - I am thoroughly exploring when it is YOUR ground in the second installment but lets explore that a bit here. (Preview)

It is your ground when there is a direct operations and ACTIVE tie to something happening to you and you alone or an organization you reasonably Legally represent. In that case even Congress is debating giving Corporations and entities more leeway to ~offensively~ respond - an area that has been hotly debated in Courts (especially Washington around Microsoft).

However, I contend in Part II, that's even too limited a scope - there should be more leeway - that breaks down into community levels.

As another analogy if there is an actual Terrorist attack on say a school or mall, and the cops are about to go in, there is zero zero zero historical basis for the local CLEO to ~not~ be able to tell all the able-bodied legal CCW/CHL permit holders to come on in if they want. There are plenty of tactical reasons you might not want to do that but there are situations where the risk of blue-on-blue might be acceptable for the given adversary and timeframe of action requires (especially say school Terrorism).

So extending that to the Cyber realm there are situations I think the Government needs to prepare for that DO call upon the same ppl we would class as Vigilantism otherwise.

An example? Well - it can be argued that LA, NY, Miami, and a few other big metropolitan areas have good cause for maybe contracting services for DDoS or more intense offensive response operations or pre-emptive operations. I could be argued that a sudden appearance on a Jihaid website of, say, a major SCADA/Utility network of NYC warrants investigation and action in parallel to or separate of the FBI (with obvious obligations to report). It could also be argued that the "authorization" for such an operation doesn't have to be an explicit case-by-case chain of command through a LEO. It could indeed be a broader statue like a Neighborhood Watch or Castle Doctrine or Stand Your Ground.

~I~ argue in my second installment that this is where we need to explore - a variant of this - there is good historical and Legal basis to consider this "new world" adaptation of old world precepts.

Further I also argue we risk over-criminalization if we don'e nip this quickly now - and that even if what TJ and TR have done can be noted Illegal it might be in our best interest to consider mens rea and try to reconcile the positions in forgiveness instead of trying to pursue them further.

And that goes full circle to this problem being a creation of ~Government~ primarily - and we should work to not aggravate it.

So - in totally unplanned chaotic conclusion - I think there is a strong middle ground we need to get to. Quickly. Yet to do so means ceasing the escalation on the "right" side of the issue.

Cheers, -Ali
Page: « < 1 - 2 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked