I've written at length about Barrett Brown, who was justly arrested -- and not for any "journalism" -- and is awaiting trial on charges of assisting the hack of Stratfor.
Even the Guardian -- which is chock-full of geeks on the masthead like James Ball, formerly of WikiLeaks -- and has regular articles from cybersecurity guru Bruce Schneier, absolute encryption advocate -- describes what Barrett Brown has done as participating in a hack even as it tries to exonerate him because he exposed efforts by security firms to fight against hackers:
He was regularly quoted by the media as an expert on Anonymous, the loose affiliation of hackers that caused headaches for the US government and several corporate giants, and was frequently referred to as the group's spokesperson, though he says the connection was overblown.
In 2011, through the research site he set up called Project PM, he investigated thousands of emails that had been hacked by Anonymous from the computer system of a private security firm, HB Gary Federal. His work helped to reveal that the firm had proposed a dark arts effort to besmirch the reputations of WikiLeaks supporters and prominent liberal journalists and activists including the Guardian's Glenn Greenwald.
In 2012, Brown similarly pored over millions of emails hacked by Anonymous from the private intelligence company Stratfor. It was during his work on the Stratfor hack that Brown committed his most serious offence, according to US prosecutors – he posted a link in a chat room that connected users to Stratfor documents that had been released online.
But however some literalist may parse even the Guardian and claim that Brown is somehow a pristine step or two away from actual dirty hacking, it always pays to read the indictment and ignore most of what geeks rant on Twitter.
Barrett Brown is charged with "Traffic in Stolen Authentication Features" (18USC pars 1028 (a)(2), (b)(1)B), and (c)(3)(A) and Aid and Abet (18 USC par. 2) and also of course threatening an officer of the law and his family.
Brown's supporters spend a lot of time trying to prove he's a "journalist" and "not a hacker"; as that gambit has become rather threadbare when we see all the things he's done which I've outlined, they're now focusing on trying to prove that he "isn't a hacker," citing technical meanings of the word and their own idiosyncratic take on the law.
Of course they're wrong, because Barrett Brown is indeed a hacker.
First, a word on the special-snowflake status of the very word "hacker" -- for hackers.
Naturally, they want it to have only good connotations, and mean only positive things -- "making a computer work better" (or anything, for that matter; there's a site called "Lifehacker" that teaches you how to make Bunsen burners out of beer cans).
That "work better" can mean anything from speeding up performance or getting rid of annoyances to making sites inaccessible to "doing math in the browser" to get at other people's personal data lets us know how dishonest and corrupt hackers themselves are with this term.
They will never, ever accept that any unauthorized use of a computer -- doing to a computer what the owner doesn't want done to it and didn't intend to have done to it -- is "hacking".
That's because they want as capacious a meaning as possible of "good" for what they do that is in fact bad, to let themselves off the hook. In fact, this is what most of them mean by fighting for "Internet Freedom" -- innoculation against prosecution for harassment, piracy, illegal drug sales, even child pornography.
For them, Weev is not a hacker because technically, in the world of their own self-referential meaning, he didn't "touch a server," i.e. either steal or crack a password or log-on routine.
That he used cunning and brute force to compel a site to return to him lists of names and emails of customers by screwing around with serial numbers of devices he did not own doesn't count as "hacking" in their book.
When Aaron Swartz spoofed IDs and log-ons to gain unauthorized access to JSTOR's servers via MIT, that wasn't "hacking," in the eyes of these disingenuous extremists. Even when he directly jacked into MIT's LAN to access servers that kept tossing him off because he was using a script to grab numerous files rapidly, that "wasn't hacking" in their book because he in principle had access to JSTOR through his credentials at Harvard as a student (of all things, at the center for ethics) and could have logged in normally (but he didn't).
Once you find out the incredibly tendentious and dishonest lengths hackers will go to call things that are obviously hacking "not hacking" -- based on some highly technical definitions that in fact they aren't even consistent in applying in good faith -- you realize you cannot let them define it.
Like date rape or racism, there's a certain threshold where you have to allow the victim to define what the crime is -- and of course the law -- and not the perpetrators, who are always trying to get themselves off.
Meanwhile, the general public uses "hacking" in ways the little nerds find indiscriminate and "wrong," and use it to mean ANYTHING involving miscreants attacking their computer in any way.
Good! I've for the continued use of hacking to mean anything that is done to your computer that was not your intention. That means that someone who accesses your personal data online that is scattered around and uses it to social-engineer your password, or somebody who gets at your website's data by jamming on some vulnerability because you didn't "hash" or "salt" database tables is hacking, and is the problem, not you.
For example, when people's sites are attacked with a Distributed Denial of Service (DDoS) attack so that it no longer functions and is "down," they say the site was "hacked." Precious geeks eager to keep the term available only for the most heinous of crimes (and not even always then) tell them with withering knowier-than-thou rectitude that they haven't been "hacked," because in fact, when some flaw in MYSQYL or whatever is accessed to enable numerous accesses of the site, overloading it, this isn't "a hack" because their password wasn't stolen by technical or human (social engineering) means or by a brute crack, but by a "lawful" procedure. On this basis, a lot of these assaults on computer systems are "written off" and even declared to be "civil disobedience"(which of course they are nothing like, due to their coerciveness and violation of other people's rights, as I explain here.)
I think a lot of people encountering hackers for the first time don't grasp several essential features about them that anyone in Second Life or any online community would have grasped years ago:
1. They lie -- they go to great lengths to cover up their tracks, deny their crimes, and distract from their crimes as part of the crime itself -- think "Eddie Haskell" or "Hannibal Lector".
2. They try to rewrite or overwrite (i.e. hack) reality to create a realm where their crimes -- piracy, DDoS assault, even child pornography) are not really crimes, but merely essential, reasonable acts that should be normalized.
This connivance and tricksterism usually escape people looking at them superficially and seeing that they are driven by some sort of "Robin Hood" or "Gandhi" motivation -- supposedly -- although if Robin Hood took from the rich, he didn't kill them or gag them, and if Gandhi staged a demonstration, he didn't disable or silence his persecutors either.
Anarchists are always and everywhere trying to get their crimes exonerated -- declared as not crimes at all -- so they can win. That means -- despite their ostensible belief system of "not having governments" -- taking power themselves. I'm not for letting them do that. I'm for the rule of law -- over them -- which of course, these outlaws don't concede.
When it comes to an intellectual gangster like Barrett Brown, however, the faux-indignant nerds really feel they have a case that he's "not-a-hacker," however because he didn't personally sit at a keyboard and log in to somebody else's site.
But this is nonsense for all the reasons I've outlined -- let's go over them again -- he's charged with "traffic in stolen authentication features" and "aiding and abettin" with good reason:
1. He enabled hackers by going into a private IRC chat rooms and pasting links for the hacker masses to access -- and they did access them. Enabling hackers is hacking too. If you drive a car for a bank robber, not only will the media call you "a bank robber" in the group of bank robbers robbing a bank, the law will call you one, too, because you "aided and abetted". Hackers especially want to break down this link so that they can create an entire free, untrammeled realm for adversarial journalists -- some of them with about two-and-a-half press credits like Jacob Appelbaum -- to escape charges of hacking, i.e. enabling unauthorized use of servers to get informall unlawfully. Again: enabling *is* hacking and the law treats it is such even if "hacking" isn't a technical term.
2. He took responsible for the Stratfor hack in a press interview. Hey, he didn't mind calling himself a "hacker" even if his dishonest little excusers want to get him off now.
3. He served as the spokesman for the hacking collective Anonymous whose trademark activity is hacking -- and even hacking that the little fastidious nerds have to concede is hacking. Not only did he serve as spokesman, he used this position to threaten HBGary with worse repercussions involved in the hacking of them by Anonymous. That is aiding and abetting.
4. He ordered others to hack very explicitly, staying on line and staying in touch with them as they carried out hacks of websites where he wanted to get revenge. To be sure, an obvious case of this -- the hacking of Charles Johnson and Little Green Footballs and Robert McCain at The Other McCain -- is not put in the indictment, and Brown may never face charges for this unless Johnson attempts to take him to court. But it's on the record as part of his online reputation and shows he very deservedly is called a hacker -- you don't get to devise, instigate, supervise, and victory-dance over a hack and not be called a hacker yourself -- like you're some hands-free safe-cracker who gets your assistant to do all the work in a jewelry heist as you stand over them giving tips. The law wouldn't excuse you from robbery charges and it is no different when you're online.
5. He partakes of all the hacker culture. It's a pretty safe bet that if you use various kinds of software, and you go and chat on the IRC channels, you are part of hacker culture. A lot of people are in hacker culture and never actually hack anything. But they subscribe to hacker culture. A key feature of hacker culture is the overriding sense of righteousness and superiority telling other people that what Barrett Brown does is not hacking.
That's how you know someone is in hacker culture, and no longer subscribing to the rule of organic law.
It doesn't matter if Brown himself didn't use the credit cards. So what? He took responsible for the hack and helped others hack. Duh.
BTW, I see that Barrett Brown's mother (see below), who is also a participant of sorts in hacker culture although she may never have gone in an IRC channel much less clicked on a link to stolen credit cards -- because she tried to hide her son's laptops.
This isn't a huge crime, especially as they were easily found, but I don't know why the judge had to undermine the law herself and start babbling nonsense about "as a parent I can understand you" or "I know you meant the best," etc.
No, that's arrant bullshit. One of the reason's Barrett Brown is the way he is -- a heroin and suboxone addict, a threatener of violence to law-enforcers, an orchestrator of hacks of sites he doesn't like, and all around conspiracy nut and loon -- is because of his parents. They need to take some responsibility. The fact that he was living with his mom and getting high and living the hacker's life at his age at the time of arrest lets us know that she didn't set boundaries (dad is missing from the picture, as he is for so many of these hackers).
If God forbid my children were charged with a crime, it would never occur to me to start running and trying to hide their laptops. That's just wrong and you achieve nothing by it. Of course you cocoperate with authorities. That so many people think you shouldn't is the problem, not the police, doing their jobs.
Now, a chat log isn't an indictment (although hackers themselves are the very first ones to treat them as such). A lawful indictment as we have in Brown's case showing ample reason for his arrest on these charges also isn't a sentence.
So we'll see what happens in a court of law, and whether his lawyers -- and a jury inevitably influenced by media overwhelmingly positive of Brown and a hacker contingent bent on exonerating their own criminality -- do the right thing.
Otherwise all of us become less free, and at the mercy of hackers who believe they can take our rights away with impunity at any time.
Recent Comments