Interview with former AntiSec and Anonymous member Barrett Brown. Speaks about recent hacks and arrests.


Mar 8, 2012

By Angus Batey

Defense Technology International

Home-grown “hacktivism”—network penetration by politically motivated groups or individuals—has long been recognized as an important element of what is routinely referred to in cybersecurity circles as Advanced Persistent Threat.

In the last two years, operations conducted by, or in the name of, the hacker-focused, leaderless, decentralized community known as Anonymous have risen in prominence and effect. More an ideology than an organization, Anonymous’s “members” have hacked various government and commercial sites, often in response to law-enforcement activity against what activists see as part of their movement.

Hacks were mounted against Paypal, Visa and MasterCard when they stopped processing donations to Wikileaks; against law-enforcement websites following clashes between police and Occupy protesters; and, last month, against the law firm that defended U.S. Marine Frank Wuterich, who pled guilty following his part in the November 2005 killings of 24 Iraqi civilians. Targeted online espionage has become a favored tactic. AntiSec, a hacker group of Anonymous supporters that last year morphed out of LulzSec, which carried out attacks “for the lulz” (laughs), have claimed responsibility for a number of high-profile data security breaches. Key among them was last February’s publication of a cache of emails from servers at HB Gary Federal, an information security consultancy.

Over the Christmas and New Year’s holidays, AntiSec accessed the servers of geopolitical intelligence analyst Stratfor, publishing details of 80,000 subscribers’ credit cards, plus at least 800,000 email addresses and passwords. AntiSec’s core team does not give interviews, but they authorized writer and activist Barrett Brown to speak on their behalf. Brown runs Project PM, a crowd-sourced investigative operation dedicated to outing the intelligence-contracting and surveillance industry. The name comes from Persona Management, a concept for influencing public opinion; this was one technique discussed by various intelligence industry professionals in the HB Gary emails, which Project PM has extensively mined.

While Brown is not a hacker, is no longer a member of Anonymous and is not involved in AntiSec’s targeting decisions, Project PM is likely to be among the principal beneficiaries of the Stratfor breach, with around 5.4 million of the company’s emails due to be published as this issue went to press.

DTI contributing editor Angus Batey spoke with Brown in two phone calls during January and discussed Anti- Sec’s and Project PM’s aims, the links between the hacktivists and the wider Anonymous/Wikileaks/Occupy movement, and what—if anything—people in the surveillance industry can do to avoid having their confidential data hacked and published.

Defense Technology International: Stratfor seemed an unlikely target. What was the motivation behind the hack?

Barrett Brown: There’s a constant process whereby probing is done to see who’s got vulnerabilities, so Stratfor was very much a target of opportunity. For the most part, the people who made this hack possible know what Stratfor is, what it does and what it doesn’t do; they know that Stratfor is not an evil company. But the fact of the matter is that over their years of information-gathering they will have spoken to or heard from a number of people who are speaking on what they think to be background. What is likely is that you’ll have people at companies or institutions who are talking about someone else, anonymously, saying, ‘These guys are doing this, we think it’s unfortunate, blah blah blah.’ Obviously we’re violating the rights of a lot of people here. The hackers are violating Stratfor’s rights to possess their own emails and to not have their servers intruded and then torched on the way out. And it’s a shame that it’s being done that way, but things have come to such a point that I personally just don’t care any more.

Given that Stratfor is an information-gathering service, more like a media outlet than a security contractor, what does that mean?

Does that mean people are going to start hacking The New York Times or whatever, presumably because they have information? Well, frankly, I wouldn’t be opposed to that. I understand the negatives, [but] what we’re looking at here is not just the intelligence-contracting industry going after activists—which I think is significant—but other issues that are huge. And the fact that some of these things haven’t been pursued by the media is an indictment of a lot of institutions.

We have been engaged in a conflict with portions of the U.S. government and a number of other companies that have found common cause with them, in opposition to Wikileaks and the rest of the movement. And in the course of looking into that, we’ve found so many things, each one being very serious, which, taken together, represent a significant threat to information well above and beyond what [Anonymous/AntiSec] can represent. I understand the argument against it, and we always have to be more ethical than who we’re fighting, otherwise there’s no point in fighting. We are trying to be better than them. The CIA won’t take a phone call and tell you why they did certain things—they just won’t—whereas we always will.

How would you know you were nearing the point where you are no longer more ethical than your adversary?

When we initiate force against individuals. When we start carrying weapons. Right now, the closest thing to force we have is hacking, where we intrude upon a server and take information—and that’s rather benign compared to the daily use of force by governments and people in our country. Until then, I just don’t see it. There’s all kinds of slippery slopes. Personally, I think Anonymous is going to change and fragment before that happens anyway, so I’m not terribly worried about it.

What about the collateral damage—the people who, because they’ve bought a Stratfor newsletter or emailed a particular company, might find their personal data or credit card information published online?

I see it as akin to during World War II, where, in the course of fighting the Nazis, the U.S. and Britain and Russia accidentally smashed down villages that were occupied. Obviously, no one wants to see civilians killed, but civilians are killed by the thousands in a war.

And the governments that do those things, they don’t get the same kind of questions we do.

In the course of our reaction against the initiation of force by governments, we’re going to end up stamping on someone’s rights. But we’re not going to lie about it, so that’s another key difference—everything we do is out in the open. You’ll never have to worry about Anonymous or our people doing clandestine things that impede upon truths. We’re always going to be maximizing the degree of knowledge rather than minimizing it.

It may sound callous, but it’s not something I’m really able to care about, you know? Both of my grandfathers dropped bombs on civilians in the course of fighting fascists—and I don’t know how they feel about that, but I won’t ever have to do anything of that nature. What I may do is continue to participate with people who are seeking information on those people who have attacked us, and who have been keeping a number of important secrets away from the American public, despite the fact that the American public is the one funding these operations.

What operations are you referring to in particular?

After December 2010, when Anonymous first attacked MasterCard, Visa and Paypal, a couple of companies in [the intel contracting] sector were brought in to look at us. They [were referred] to Team Themis, which at the time was HB Gary, Palantir and Berico. They prepared some reports on us, and Endgame Systems created a report on us and on Wikileaks in late 2010. And of course we came upon these when we hacked HB Gary Federal in February 2011. There’s also a program called Romas COIN.

What do you see as likely next steps?

[Releasing personal information] is going to be very small beer compared to what’s going to happen in the near future. We’re closing in on a very unprecedented situation, whereby the Internet has provided for a sort of low-impact civil war. We have people on the streets every day being attacked by cops . . . . I won’t beat to death the fact that we’re under assault and we’re reacting, but I would just say that we didn’t start the fire in this case. There’s nothing that’s been done through Anonymous that has not been done by the U.S. government—not a single thing. And the people [within Anonymous] that are doing things are not getting paid, like the police or the FBI. They’re doing it on their own, with their own time, at their own risk. I’ve got a lot of friends who’ve already been arrested and charged, and others who may be, and I will eventually be charged myself.

What is the one thing you’d want people in the defense and intelligence establishments to take away from this interview?

That they don’t know as much about the industry as they think they do. Everyone wants to think that they are on the inside of things, but a lot of times it turns out that they don’t know what other companies are doing, and they have no way of knowing—and that’s by design.

I see a lot of unwarranted claims to competence on the part of some of these people who immediately dismiss what we’re saying about this industry—about some of the negatives of persona management and what it could be used for. It’s really hard to argue with something like [persona management], that’s made purely for disinformation and is surely used to fight terrorism on occasions, which is great. But the idea that some of these things aren’t going to come back and bite us in the ass is ridiculous. They already are to some extent, and now you have companies that increasingly find it advantageous to offer their services outside the government as well. There’s absolutely no way this isn’t going to evolve in such a way as to bring a lot of these offensive capabilities into widespread use, to everybody’s detriment.

A sliver of the industry might be doing things ethically, or taking precautions, and making sure they’re not ridiculously on the side of the bad—but other people are not necessarily making those same decisions. I’m not saying that everyone’s a villain, or that most of them are—or even that any of them are. I’m saying that they are doing things that haven’t been thought through and that they can’t think through in a meaningful way based on the small part of the industry they’re aware of.

Anonymous’s slogan is “Expect us.” Is the inevitability of your attention something people in this industry will have to learn to live with, or is there anything they can do to prevent it?

I think it’s the former. Remember that I don’t spend my time individually looking at different companies one by one: I spend my time trying to figure out how to prompt hundreds of other people to do exactly what I’m doing, and to do it more efficiently than I have been doing. I’m looking at a large-scale end-game where most of these companies are going to be affected at some point. From the standpoint of someone who wants to earn, it’s a pragmatic, reasonable choice to pursue things like persona management, disinformation, surveillance.

And we recognize that the best way to prevent that is to make it so risky that it’s no longer pragmatic. We’re not looking to get the Senate to bring in an oversight board or anything like that—those boats sailed long ago.

I’m trying to prompt a chain reaction here, in their direction. To some extent, I’ve made some headway with that. At our end, we’re developing methods to multiply our capabilities. And if you look at the course of Anonymous and Wikileaks and the movement over the past two years, I think it’s safe to say that our trajectory is worth paying attention to.

Barrett Brown

Activist, author, journalist; founder of Project PM

Age: 30

Background: A college dropout who finished his high school education via distance learning while living in Tanzania, Brown has, to his occasional chagrin, become the public face of the politicized hacker underground.

Warfare has been a theme of Brown’s life. Both his grandfathers served with the U.S. Air Force, flying bombers in the European theater. An elementary school contemporary of George W. Bush’s twin daughters, Brown was living in Dar es Salaam, Tanzania, with his real estate-dealer father when the American embassy there was bombed in 1998. Since 2010, the former Anonymous member has concentrated on fighting what he perceives to be the unaccountable and unregulated trade in private surveillance and intelligence technologies. He publishes his research into the intelligence/surveillance industry at the Project PM website—wiki.echelon2.org.

Brown’s first book, Flock of Dodos, was published in 2009. Last year, he signed a six-figure deal with Amazon.com’s publishing arm to write a book about Anonymous, which he is currently working on. He lives in Dallas with his girlfriend, a graphic designer.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: