A Hacktivist View of US Cybersecurity
When those in power break their own laws then there is no law and no moral authority; there are just competing factions in an international power struggle to control resources. – Jeremy Hammond, Anonymous hacktivist.
Following the SONY and CENTCOM cyber attacks, there has been a lot of discussion about the difference between nation-state and individual hackers, large-scale hacks and smaller breaches. Most of the articles describing and analyzing these cyber trends have been written by cybersecurity experts or journalists relying on their expertise. The Guardian published an article that provides a unique and perhaps controversial stance: the viewpoint of a well-known hacktivist member of Anonymous. Writing for The Guardian from his current home at a federal correctional institution in Kentucky, Jeremy Hammond, member of the hacktivist network Anonymous, accuses the U.S. government of “blatant hypocrisy” for their cybersecurity policies.
Using the recent Sony hack as an example, Hammond claims that the hack was not fundamentally different from the many Anonymous operations with the only real exception being the source: North Korea. Hammond goes on to question the attribution, discussing the common claim made by many InfoSec figures that attribution of cyber attacks is difficult if not impossible due to the ability of the attackers to use proxies to make the attacks appear to originate elsewhere. So why would the US treat this allegedly common attack seriously despite the potential for a falsely attributed source? According to Hammond, “[i]t is…the perfect pretext for the US to launch their own hacking operations.”
Hammond goes on to criticize the US for framing their cybersecurity retaliation strategies aimed at North Korea as a means to protect “free speech.” Not only does Hammond provide a lengthy list of actions by Sony which place their own financial interests against notions of free speech, including recent lawsuits attempting to prevent discussion of their now-public internet emails, but Hammond goes on to emphasize the real issues of free speech in cyberspace. Hammond views hacktivist like himself as the true advocates for free speech, lamenting that “seeking the truth, voicing our dissent . . . we are criminalized and treated like terrorists.”
According to Hammond, invoking the “threat of terrorism” is “the biggest smoke-and-mirrors mechanism to deny citizens both due process and free speech in the 21st century.” Hammond claims that the US is more interested in hacking targets of their own than preventing attacks on US targets. To support this claim, he discusses his involvement with US cyber informant Hector Monsegur, aka Sabu, who asked Hammond to hack hundreds of foreign government websites rather than attempt to prevent him from following through with dozens of high profile hacks.
And that’s what this hype of ‘cyber-terrorism’ is all about: establishing pretexts for our ongoing offensive hacking operations. . . . Our unparalleled efforts to assert military-style dominance over the internet is forcing other countries to develop their own hacking units, leading to a digital arms race which makes us all less safe. If the US truly wanted to stop the proliferation of nation-state hacking, they would push for UN conferences to establish guidelines defining and prohibiting “cyber-warfare.”
Hammond argues that the US is seeking a “monopoly” on the use of hacking. Congress continues to add sentencing enhancements to existing laws and pass new legislation in order to punish hackers all the while recruiting those same hackers to work for the government to commit the same hacks against sovereign countries. According to Hammond, we should not be surprised when as a result foreign countries start using the same tactics on us.
Hammond is not against cyber-war, however his idea of cyber-war would involve different sides: a war between people and their governments. Hammond believes that the internet’s natural state is anarchy and that people should fight against any attempt to militarize or corporatize it.