Sixth “Corrupted Nerds” posted, on SoundCloud too

Cover art for Corrupted Nerds: Conversations episode 6: click for podcast web pageYes, I’m working through the backlog. Another Corrupted Nerds podcast has just been posted.

Distributed denial of service (DDoS) attacks are cheap and easy to do. It’s just a matter of overwhelming the target site with a flood of internet traffic. According to Michael Smith, head of Akamai Technologies’ computer security incident response team (CSIRT), such attacks will only get worse as we roll out faster broadband infrastructure.

“That increases the amount of bandwidth available to the home, but that also increases that amount of bandwidth that a bunch of computers at the home can throw at a target site,” Smith says.

That’s not the only reason that DDoS is becoming more challenging to defend against — but you’ll need to click through to the podcast to hear why.

Corrupted Nerds is also available via iTunes, and now also on SoundCloud. So you’ve really got no excuse not to listen. Well, unless you’re deaf. But that’s different.

Talking LulzSec and hacktivism on Triple J’s “Hack”

Triple J logoOn Tuesday, Triple J’s current affairs program Hack decided to take a look at hacktivism more generally in the wake of Matthew Flannery’s arrest — and boy was it a shemozzle!

I was interviewed for half an hour or more. Also interviewed were independent journalist and “chaos magnet” Asher Wolf, and Nigel Phair from the Centre for Internet Safety. Snippets of all that were used in the package that introduced the live studio debate. Fairly standard stuff. But…

When I listened to the program go to air, I was frustrated. Very frustrated. The discussion didn’t really go beyond “Is hacktivism good or what? Yep it is!” “No it’s not.” “Oh it is!” And with the benefit of hindsight, I think that’s because the discusion was framed the wrong way.

“Do you think that some targets are legitimate? Are groups like Anonymous a force for good? Or do you reckon that it’s a slippery slope to say that one kind of hacking is acceptable, but others are cyberterrorism?” asked presenter Sophie McNeill as she introduced the segment. Those positioning questions were repeated several times, and they kinda miss the point.

This framing pre-supposes that there’s a single, clearly-identifiable activity that we can point to and call “hacktivism”. It positions hacktivism as a neutral tool, and whether it’s legitimate to use this tool or not depends on the legitimacy of the target as an object to attack.

I guess that in this framing, hacktivism is like a baseball bat. It’s OK to hit baseballs with it, but not the fragile skulls of newborn infants. But it’s not.

Hacktivism is just the application of hacker techniques to political activism and, as the Wikipedia article points out, it covers a lot of territory.

There’s using “neat hacks” like encryption and tools to preserve anonymity to help protect the organisers of the activism. There’s the provision of alternative internet access when the government cuts off the official methods, as happened in Egypt. There’s the mirroring of otherwise censored websites to protect free speech, or setting up parody sites to mock the opponents, or spreading disinformation.

Then there’s denial of service (DoS) attacks to disrupt the opponents’ communications. And, yes, there’s the break-and-enter kind of hacking, the results of which can range from relatively harmless website defacements to the theft and “liberation” of large slabs of information — which can of course make collateral-damage victims of any individuals caught up in that process.

There’s a spectrum of behaviour there, from straightforward and long-established ways of supporting freedom of speech to edgier activities that in any other context would simply be labelled vandalism, criminal damage or worse.

If you lump all that together as a single activity, “hacktivism”, and then ask whether it’s legitimate to direct that activity in support of a particular political objective, well, the answer will depend on whether you agree with that objective or not.

“Stilgherrian says there’s a few examples where hacktivism has been really legit, like during the Arab Spring,” said journalist Julia Holman. Sure — apart from the phrase “really legit” — but not because having a disagreeable government justifies vandalism.

The hackerish acts I meant were those directed to keeping the communications channels open and organising a fairly traditional street uprising. The rest of the planet has agreed that freedom of speech is pretty fundamental stuff. They also seemed to agree that this conflict had turned hot. People were being killed, and when that starts happening it’s gloves-off all round.

I’ve included the audio of the entire discussion here, so you can listen for yourself. I’d be interested to know what you think, and whether this discussion frustrates you as much as it frustrated me.

A shout-out to Paris

First, though, I must give a special shout-out to Paris, whose hilariously out of touch comment was read on air: “This is the only form of activism our generation has… Our petitions are ignored. Anonymous is able to do justice to people who have lost a voice.”

No, Paris, all the traditional methods of political lobbying and activism still work just fine — well, in their creaky, democratic way.

It was good ol’ political lobbying of the government, and associated PR efforts in the media, that brought the controversial mandatory data retention proposals to a halt in this election year, not the vandalism of completely unrelated Queensland government websites. It was Senator Scott Ludlam asking intelligent questions of the Attorney-General’s Department in parliamentary committees, not stupidly confusing the Defence Signals Directorate (DSD) with the Queensland Department of State Development (DSD).

The trick, Paris, is to put down the hacker DoS hammer every now and then, because not everything is a nail. Choose one of the other, more appropriate, tools of democracy from the shelf when circumstances require.

Play

Note: Dr Suelette Dreyfus from the University of Melbourne, a long-time observer of hacktivism, provided a significantly narrower definition of hacktivism in the program: “Hacking, in the terminology that is used in everyday reporting, which is not necessarily what the original term was, is about unauthorised access to computers and computer systems. Hacktivism is really about engaging in that, but with a political or social message.”

The audio is of course ©2013 Australian Broadcasting Corporation. I’ve extracted the hacktivism segment to present here, but you can go to the ABC website for the full 30-minute episode (MP3).

Weekly Wrap 101: Codeine and counter-surveillance

My week from Monday 7 to Sunday 13 May 2012 was less productive than it might have been thanks to my shoulder being “out” for a few days, resulting in severe pain. No, I don’t mean I have a gay shoulder. I mean that a rib wasn’t seated properly.

The shoulder was repaired on Wednesday and is now slowly getting better, thank you. But despite the pain and the codeine haze, I did get a little work done.

Podcasts

  • Patch Monday episode 137, “Removing the anonymity from Anonymous”. A conversation about the tactics of Anonymous, LulzSec and other hacktivists with Israeli information security researcher Tal Be’ery, web security research team leader at Imperva’s Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.

Articles

Media Appearances

Corporate Largesse

None.

The Week Ahead

The current plan? A day of writing at Wentworth Falls on Monday. A day of travelling on Tuesday, taking the train to Sydney and then flying to the Gold Coast. Once there I’ll be covering the AusCERT 2012 information security conference for ZDNet Australia, flying back to Sydney on Saturday afternoon.

On Sunday afternoon I’m speaking about the total surveillance society at the Sydney Writers Festival.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Fuckin' art, innit, taken at the Hotel InterContinental, Sydney, on Saturday 12 May 2012.]

Weekly Wrap 3

A weekly summary of what I’ve been doing elsewhere on the internets.

Articles

  • NBN not over the line yet for Crikey, which outlines last weekend’s agreement between Telstra and the National Broadband Network Company (NBN Co). If this non-binding Heads of Agreement makes it all the way to a final deal, NBN Co pays an estimated $9 billion over coming years in exchange for access to Telstra’s “passive network assets” such as cable pits and ducts and exchanges, and to compensate Telstra for losing customers from its copper network to NBN fibre.
  • No wonder the cyber criminals are winning for ABC Unleashed, my commentary on the House of Representatives report on cyber crime, Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime.

Podcasts

  • Patch Monday episode 45 is about the future, near and far. The near future of business priorities for the coming financial year — cloud computing, collaboration and mobility — and the further future of the Telstra / NBN Co agreement.

Media Appearances

[Photo: “Samsung Space”, taken at the launch of Samsung’s Galaxy S Android-based smartphone at the Royal Hall of Industries, The Entertainment Quarter, Sydney on 23 June 2010. Click to embiggen. As we entered this UV-lit space, Mike Oldfield’s “Tubular Bells” played. Of course.]

Weekly Wrap 2

A weekly summary of what I’ve been doing elsewhere on the internets. It’s all a bit thin in this short Queen’s Birthday week.

Articles

  • #penrithdebate: O’Farrell 1, Democracy 0 for ABC Unleashed, in which I contend that Twitter is completely the wrong medium for political debates. “Great to see the ABC’s standards are now completely in the toilet,” reckons one commenter, who has precisely nothing to say about the arguments being presented.

Podcasts

  • A Series of Tubes podcast #111. Returning after a long break, Tubes includes an interview with James Spenceley and David Spence about the float of Vocus and the changes taking place in the Australian bandwidth market, as well as my ramblings about the Australian government’s discussions with ISPs about archiving data for law enforcement purposes, Google and privacy, and the latest OECD broadband penetration data.
  • No episode of Patch Monday because Monday was a public holiday.

Media Appearances

  • The Fourth Estate, Radio 2SER Sydney. I was interviewed in a follow-up to my Crikey article on hacktivism for the episode of 18 June 2010. The podcast will be available soon. The Fourth Estate is syndicated to other community radio stations around Australia, so do check to see whether your local station carries it.
  • Homepage, Radio 2MCE Bathurst. The episode broadcast 18 June 2010 included an interview with me about the Twitter debate. There’s no podcast as far as I know, but the program is repeated on Monday afternoon at 3.30pm local time on 92.3 and 94.7 FM, and there’s a live audio stream. Homepage is also syndicated to other community radio stations.

[Photo: Circular Quay, Sydney, as seen while walking to the Sydney Opera House yesterday. Click to embiggen.]