Sixth “Corrupted Nerds” posted, on SoundCloud too

Cover art for Corrupted Nerds: Conversations episode 6: click for podcast web pageYes, I’m working through the backlog. Another Corrupted Nerds podcast has just been posted.

Distributed denial of service (DDoS) attacks are cheap and easy to do. It’s just a matter of overwhelming the target site with a flood of internet traffic. According to Michael Smith, head of Akamai Technologies’ computer security incident response team (CSIRT), such attacks will only get worse as we roll out faster broadband infrastructure.

“That increases the amount of bandwidth available to the home, but that also increases that amount of bandwidth that a bunch of computers at the home can throw at a target site,” Smith says.

That’s not the only reason that DDoS is becoming more challenging to defend against — but you’ll need to click through to the podcast to hear why.

Corrupted Nerds is also available via iTunes, and now also on SoundCloud. So you’ve really got no excuse not to listen. Well, unless you’re deaf. But that’s different.

Talking LulzSec and hacktivism on Triple J’s “Hack”

Triple J logoOn Tuesday, Triple J’s current affairs program Hack decided to take a look at hacktivism more generally in the wake of Matthew Flannery’s arrest — and boy was it a shemozzle!

I was interviewed for half an hour or more. Also interviewed were independent journalist and “chaos magnet” Asher Wolf, and Nigel Phair from the Centre for Internet Safety. Snippets of all that were used in the package that introduced the live studio debate. Fairly standard stuff. But…

When I listened to the program go to air, I was frustrated. Very frustrated. The discussion didn’t really go beyond “Is hacktivism good or what? Yep it is!” “No it’s not.” “Oh it is!” And with the benefit of hindsight, I think that’s because the discusion was framed the wrong way.

“Do you think that some targets are legitimate? Are groups like Anonymous a force for good? Or do you reckon that it’s a slippery slope to say that one kind of hacking is acceptable, but others are cyberterrorism?” asked presenter Sophie McNeill as she introduced the segment. Those positioning questions were repeated several times, and they kinda miss the point.

This framing pre-supposes that there’s a single, clearly-identifiable activity that we can point to and call “hacktivism”. It positions hacktivism as a neutral tool, and whether it’s legitimate to use this tool or not depends on the legitimacy of the target as an object to attack.

I guess that in this framing, hacktivism is like a baseball bat. It’s OK to hit baseballs with it, but not the fragile skulls of newborn infants. But it’s not.

Hacktivism is just the application of hacker techniques to political activism and, as the Wikipedia article points out, it covers a lot of territory.

There’s using “neat hacks” like encryption and tools to preserve anonymity to help protect the organisers of the activism. There’s the provision of alternative internet access when the government cuts off the official methods, as happened in Egypt. There’s the mirroring of otherwise censored websites to protect free speech, or setting up parody sites to mock the opponents, or spreading disinformation.

Then there’s denial of service (DoS) attacks to disrupt the opponents’ communications. And, yes, there’s the break-and-enter kind of hacking, the results of which can range from relatively harmless website defacements to the theft and “liberation” of large slabs of information — which can of course make collateral-damage victims of any individuals caught up in that process.

There’s a spectrum of behaviour there, from straightforward and long-established ways of supporting freedom of speech to edgier activities that in any other context would simply be labelled vandalism, criminal damage or worse.

If you lump all that together as a single activity, “hacktivism”, and then ask whether it’s legitimate to direct that activity in support of a particular political objective, well, the answer will depend on whether you agree with that objective or not.

“Stilgherrian says there’s a few examples where hacktivism has been really legit, like during the Arab Spring,” said journalist Julia Holman. Sure — apart from the phrase “really legit” — but not because having a disagreeable government justifies vandalism.

The hackerish acts I meant were those directed to keeping the communications channels open and organising a fairly traditional street uprising. The rest of the planet has agreed that freedom of speech is pretty fundamental stuff. They also seemed to agree that this conflict had turned hot. People were being killed, and when that starts happening it’s gloves-off all round.

I’ve included the audio of the entire discussion here, so you can listen for yourself. I’d be interested to know what you think, and whether this discussion frustrates you as much as it frustrated me.

A shout-out to Paris

First, though, I must give a special shout-out to Paris, whose hilariously out of touch comment was read on air: “This is the only form of activism our generation has… Our petitions are ignored. Anonymous is able to do justice to people who have lost a voice.”

No, Paris, all the traditional methods of political lobbying and activism still work just fine — well, in their creaky, democratic way.

It was good ol’ political lobbying of the government, and associated PR efforts in the media, that brought the controversial mandatory data retention proposals to a halt in this election year, not the vandalism of completely unrelated Queensland government websites. It was Senator Scott Ludlam asking intelligent questions of the Attorney-General’s Department in parliamentary committees, not stupidly confusing the Defence Signals Directorate (DSD) with the Queensland Department of State Development (DSD).

The trick, Paris, is to put down the hacker DoS hammer every now and then, because not everything is a nail. Choose one of the other, more appropriate, tools of democracy from the shelf when circumstances require.

Note: Dr Suelette Dreyfus from the University of Melbourne, a long-time observer of hacktivism, provided a significantly narrower definition of hacktivism in the program: “Hacking, in the terminology that is used in everyday reporting, which is not necessarily what the original term was, is about unauthorised access to computers and computer systems. Hacktivism is really about engaging in that, but with a political or social message.”

The audio is of course ©2013 Australian Broadcasting Corporation. I’ve extracted the hacktivism segment to present here, but you can go to the ABC website for the full 30-minute episode (MP3).

Weekly Wrap 148: Libertarian overload, with heraldry

Heraldry Overload, Union Theatre, Lithgow (detail): click to embiggenThe week of Monday 1 to Sunday 7 April 2013 was days ago, so once more I’ll just present the basic facts with a random photo.

Articles

Media Appearances

Corporate Largesse

None. But there’ll be plenty this week.

The Week Ahead

Well, Monday’s been done. I wrote a thing for Crikey previewing the Coalition’s broadband policy announcement. We’ll get the actual announcement tomorrow (Tuesday) or the day after (Wednesday, in case you need help working that out), so I’ll write more about it then.

Tomorrow (Tuesday) I’m also taking the train to Sydney for a 1500 meeting in the CBD and subsequent drinks, and then staying overnight for a lunchtime briefing on Wednesday.

The rest of the week will be a mix of writing and geekery, as I choose to take it.

However at some time on the weekend I should be returning to Sydney, to stay there for two weeks while Bunjaree Cottages turns into school holiday mode. In theory. Nothing has been confirmed. And I am actually quite relaxed with this knowledge.

[Photo: Heraldry Overload, an architectural detail on the Union Theatre, Lithgow.]

Talking about DDoS attacks on ABC TV’s “The Business”

Screenshot from ABC TV's The BusinessA strange thing happened yesterday. A distributed denial service (DDoS) attack, a big one, got reported in the mainstream media as having somehow all but crippled the internet — despite all the journalists presumably continuing to use the internet as usual.

“The internet around the world has been slowed down,” reported the BBC. Um, no.

Now I won’t go through all the details here, because eventually they were properly reported elsewhere and I’m writing it up for Technology Spectator in a piece to be published Tuesday morning. The short version is that a nuanced report on Kaspersky Lab’s Threatpost lost its nuance in the mainstream media, a process helped along by a data-plotting error in early reports. People like Gizmodo hosed down the bulldust.

However I was interviewed by ABC TV’s The Business yesterday, along with Patrick Gray of the Risky Business information security podcast and Ty Miller from penetration testing firm Pure Hacking.

If the embedded video doesn’t work, try the version at the ABC’s website. In both cases the video is ©2013 Australian Broadcasting Corporation.

I’ll also be talking about this DDoS attack on ABC News24 tomorrow morning at 1010 AEDT — and after both of those I’ll ponder the way the media handled this whole thing.