Widdershins: De-evolution and the Politics of Technology The circle is a symbol used in many cultures to signify an unbroken cycle or chain. In Wicca, a practitioner will cast a circle around the ritual area at the beginning of the ritual, moving clockwise, or deosil. A "sacred space" for worship and magick is created, with the circle allowing protection from outside forces, and a concentrated focus of energies to be contained within the circle. At the end of the ritual, the practitioner will move counter-clockwise, or widdershins, to release and return the energy contained within the circle back from whence it came. As is the case with most religions, its symbolism is reflected within society. "Social" circles expand and contract. And society has a tendency to draw circles around itself using divisions such as class and race to try to contain themselves. But as history has shown us, all of these circles are eventually undone, and what is contained within them is released and returned to the elements from which it was drawn. What if the circle is a technological one? Or what if the so-called magick within a closed circle is technological in nature? How do we release *that* type of magick? Part of the problem is that we don't think about the prison cell we live in. We are prisoners. The shackles are poverty, social division, ignorance, desention, and a media that stupifies us with a news machine that churns out mind-controlling propaganda along with a strong infusion of gimme gimme gimme to drive up debt to ensure we are chained to a job and paying interest on our "gold" cards for the rest of our lives. The key to unlocking these shackles is information. That is part of what we are going to talk about today. At first glance, most journalists here are probably going to report that this particular talk is on hacktivism. To a certain extent they will be correct, but as most journalists call half of the web site defacements "acts of hacktivism" then in truth this is NOT a talk about hacktivism at all. It is a discussion about politics and technology. You see, once upon a time, what is commonly thought of as cyberspace was a cavernous thought construct, whose physical borders and wires consisted of phone company equipment, X.25 relays, large components of the military-industrial complex -- mainly more machines and machine-driven than people. What few outside explorers and wanders that ventured into this realm were us -- hackers. Now of course we are rapidly approaching complete social acceptance of the computer within the home, movies with titles like "You've Got Mail", grandmothers exchanging recipes via ICQ, and most annoying of all (at least for me) news anchors saying things like "for more information on this story, log on to our web site at abcnews.com". Log on? You are publicly inviting me to start an interactive session via an account name and password on your corporate web site? You don't want me to use a web browser I guess, so I'll use telnet or ssh, because you asked me to "log on". Okay, maybe not a great defense in court.... In my opinion, cyberspace is de-evolving, at least on the surface. With the advent of the world wide web and every company on the planet trying to get on line, it has become a polluted and over-commercialized place. The web had potential, but is rapidly becoming "interactive television", complete with thousands of ads, very little decent content, and a least-common-denominator style of marketing and presentation. I'm supposed to hack that? If I wanted shit like that I'd steal cable TV. In many ways this is surface tension. There are some interesting things that are happening. And there are some important points that need to be discussed or at least brought to light. What have we done? Well, we have created a wealth of tools. And like many tools, they can be used for good or evil. "A hammer can build a house or cave in a skull" seems to be a popular sentiment. Yes, we all realize this is somewhat two-faced - some tools have generic features, other tools do include features whose purpose solely benefit the intruder and not the administrator, including tools I have written myself. But we have written a lot of tools. Using these tools we have created, some of us have destroyed. You cannot step around this fact. The only defense we have is that in any grouping of society, you have a few bad people. So we will always have to live with that aspect of that part of our society. [ talk about full disclosure and sharing of information ] So here's a question to get us really thinking - why are hackers feared? Probably because it boils down to this simple fact -- if someone comes up with a method of using a piece of technology in a way beyond what it was intended, a hacker will tend to admire the method. Additionally, injection of humor and/or irony will add extra points. Here is the point that the rest of society tends to miss -- this admiration occurs even if the method is illegal. In other words, if a hacker breaks into a system and defaces a web site, but does so in a technically interesting way, or even humorously, there will be a level of respect for that individual, even if the admiring hacker knows it is illegal and is something that they themselves would never do. Case in point: check out the web defacements of Evil Angelica -- they are oftentimes humorous and even poke fun of defacement itself. What is even more disturbing for the powers that run our society is that we are willing to cross all kinds of social boundaries in our quest for knowledge. You see, the Internet has done wonders for breaking down barriers, including international borders. Probably the first group to fully realize the potential of this concept were the people that helped build the Internet. No, not the military industrial complex in the middle of the cold war, but the hackers working at educational institutions that began linking up the various regional nets to form what we now know as the Internet. They understood the barriers. Within academic circles they had been bypassing these barriers for years -- but now, the process is a lot more simplified and even automated. WE know how to share information. WE know how to contact each other quickly. WE have almost another language, a technological shorthand where we can say things like "port 80, 53, and 25 are open to the entire DMZ and they're running NT," and that is basically a complete and total security assessment. But this doesn't explain the fears. Society at large fears us because the media says they should, and this is reinforced with inane and technically inaccurate portrayals of what a hacker is in television and movies. But we have law enforcement and government agencies that appear to fear us. Of course, we could simply say they are stupid or just "don't get us", but I'd like for you to think about this for a minute. They are not stupid. They track down criminals using the most minute of clues. They have developed sophisticated technologies. They actually are smart. So why are they telling the media to fear us, and that we are all bad? I'm serious, we need to think about this. For starters, who benefits? This is one of those techniques you use to find out who is behind something, so let's look at who really benefits the most from this "fear". One obvious answer is that these law enforcement agencies get budget money. "We need more money to fight cybercrime, look at all of the website defacements, no one trusts online shopping which is the wave of the future, to save the economy we need more money to make the Internet safe and free from crime." Obviously law enforcement benefits. Governments benefit. They can tax us more for the money, they can say they are helping to alleviate fears, they can even do it bipartisanly, which always make them look good. For the more paranoid, if you believe in a secret society trying to create a world government, think about this. Various international treaties are being created. Some are regional, say maybe just the European Union, others are more global. They create these treaties regarding cybercrime and intellectual property rights that are basically impossible to enforce or control without a governing enforcement body who has multinational authority. Now would cybercrime and the fear of hackers create the New World Order? No. At least not alone. But it does provide one more example. Besides, the media *wants* sensationalism. Why? To sell adspace and make money, not inform the public. They have spent years conditioning the masses to want trite bullshit. The soundbite. God I hate the soundbite. A lot of reporters don't like interviewing me because I tell the truth. They ask "what is the biggest threat computer users face?" When I answer them "underpatched systems" they are often disappointed. "No everyone says that, what about hackers, what about cyberterrorists?" Hmm, it sounds suspiciously like they've answered the question for me. Sidenote to the media: this is why hackers don't like you. [ Disclaimer about being employed by commercial security software vendor who also benefits. ] Now I have exaggerated things to an extent to prove a point here, but we do have a world that hates and fears us, a media machine that could give a rat's ass whether we speak the truth or not, and governmental law enforcement and commercial security companies using us to make money or increase budgets. Things seem to be getting worse. Technological de-evolution. So what can we do? First off, let's look at some of the things we have done. I'll skip the breaking into systems and other similar things because that is what most of the rest of the talks at DefCon are about. However since like I said most of the media is assuming this is a talk on hacktivism, I have to cover the supposed hacktivist activity. Web site defacements are *not* hacktivism. They are usually boring, and if there is any message that is political, it is added on as an afterthought. I'd invite everyone to take a look at some of the articles from the Attrition folks at attrition.org on hacktivism. They have done a lot of research into this area, including an expose on the entirely self-fulfulling-prophecy media-created Chinese-American hacker war of defacements. What is worse is that some people really do think this is a way to get your political message out. The average defacer's "work" is never seen by the public at large, the message is never reported by the media accurately, and being that you are lumped in with a bunch of lousy grafitti artists the message is dismissed out of hand anyway. Do you folks really want to piss people off? STOP DEFACING WEBSITES. How will these government agencies get their budgets? How will security companies sell penetration tests? To quote one of those movies "the winning move is not to play." Have there been acts of what you could truly call hacktivism? Actually there are a few, but they are not widely reported because either they don't fit well into the soundbite category, or they offer up challenges that are beyond a reporter's knowledge. Now there are excepts, but I think most reporters are thinking "how do I sell *this* to my editor?" rather than "this is something truly worthy of wide coverage!" An example: Rubberhose. I encourage everyone to visit www.rubberhose.org. This is a great example of hackers coding together to help out the oppressed. Rubberhose is basically a crypto solution for people who are afraid they are going to get their passphrase literally beat out of them. The target user would be a human rights activist who writes up, photographs, and digitizes information about human rights abuses in a foreign country, and wants to keep from getting a passphrase beaten out of them that could decrypt the data and endanger the lives of the people the activist is trying to save. Another example: Peekabooty. What Hacktivismo and the Cult of the Dead Cow are developing are methods to allow suppressed people to bypass governmental technological boundaries such as firewalls to get to information. Their Hacktivismo Declaration is an important document simply because of it's solidifying nature. There are other smaller examples of such triumphs that the public nevers hears about. And do you know what? Rubberhose and Peekabooty scare the shit out of these governmental types, including the U.S. government. Do you know why? Do you know why the really smart people who control the transglobal entities, the secret societies that suppress knowledge and run the puppet media and economies of the world really REALLY fear us? The real fear is that we will organize. That is it in a nutshell. If we, the hackers, the ones who know how the wiring works, the ones who know how the ones and zeroes are all strung together, the ones that build and topple technological infrastructures as a hobby actually *unite*, we could do anything. There is no system, no transnational corporation, no government agency, or computerized secret that we as a group cannot uncover and gain access to. Watch at how these various organizations react to our activities. The liberal press will cover such things as the Hacktivismo Declaration as "something good coming from former criminals" or call the cDc "reformed black hats", and the mainstream press will not report it at all. Any mouthpiece for larger organizations even remotely related to computers will state that "you cannot trust anyone with an alias" (again, something they don't get). Besides supporting projects such as these, I am going to bring up some rather controversial material. Now I am not suggesting that you should *not* support human rights, but remember that there are other transgressions against people, against the environment, and against knowledge itself that are being perpetrated by tightly-knit circles. Let me ask you this. Does anyone here know someone who has died of ovarian cancer? Did you know that a large transnational with a huge pharmecutical interest has a cure? It was on their computer systems in the early '90s. I know because I had legitimate access as a consultant to those systems. I didn't even hack in, I was working on servers which were in the lab itself. I was even offered a job there, the pitch was like this "We have so much going on here, the cure for Ovarian Cancer, hell, some of these shelves and files probably have the cure for the common cold". This was 1990. Where the hell is that cure? Shelved. Why? Because they can make more money selling early detection kits and treatments than selling the cure. I find this to be as much as a crime against humanity as any other thing I have encountered or heard about. Of course I am not advocating that we immediately go out and Erin Brocavich their ass, but I am saying that there are probably more interesting and worthwhile targets when you are "getting the word out" than the simple defacing of a website. Imagine if one of us heard of a transnational that held a secret such as that -- one that was proprietary, but disclosure could result in saving lives. And imagine if we were organized. This is why we are feared. And quite frankly, because of such things as what Erin Brochavich and others have uncovered, what perhaps YOU have uncovered, we really do need to organize. Most of these transnationals care only about their one true god with two heads -- money and power. I recommend this -- we need to join forces and start to help the others groups out there, such as Amnesty International, and any other group that risks life and limb to help their fellow man. We could learn a lot about protecting and protesting, and they could learn about technology from us. There are those of us trying to band together to make this type of symbiosis actually happen, and work. Stay tuned for further developments. And trust me, the threat of human rights organizations teaming up with hackers is something even more fearful. As our society continues to de-evolve into greed caused by the puppeteers running this clusterfuck, we have to prepare ourselves for a few inevitable truths. If We The People are getting screwed by the Man, and the Man is controlling the information, you can bet We The People will turn to us. We are already volunteering to help other citizens on this planet via such projects as Peekabooty and Rubberhose. However with increasing globalization it is possible that elements, particularly the oppressive ones, from different nation states will begin to affect us. Which brings us to widdershins. The opening of closed circles, to release their magick. Again as I stated, we are prisoners. The key to unlocking our shackles is information. That is why we say information wants to be free. A lot of this information has been gathered and closed away from the rest of us, some say to protect others, some say to protect us from themselves. Here is a little bit of information for you. I will tell you how your own talents are being used against you. You are being used by the system. So am I. We have to work, and work hard, all of us, because nothing is free. None of us live in freedom, because we are enslaved to various systems such as credit card debt, the entire health care and insurance cycle, and mortages and car payments. We are slaves of the economy. Know this. Your skills are being tapped into by others. The great "them." They. They watch our web sites, sniff our email, watch our posts to full disclosure mailing lists. They study our habits and very thought processes. They use this to say we are a danger to society, yet use our honed skills to build their defenses. Those that spy upon us have greater technical abilities than we have previously guessed. Do you really think that the NSA, for example, caved to public pressure and allowed export of crypto over 40 bits? No, it became obvious to our nation's enemies that the NSA could cut through 128bit encryption like butter, so they raised the bar. My guess is they can do a lot more than 128bit as well. I would not be surprised if 1024 bit could be brute force decrypted in a day or two, and 2048bit in a week to ten days. But we will not find out about it because the enemy nation states would find out about it. In fact, my guess is that anything close to their real capability will be denied as technically possible, to keep us and the rest of the world in the dark. It is the nature of governments to try and maintain control over its people, and preserve the infrastructures that sustain it. With the de-evolution of the nation state, and the rise of the transnational state, we must realize that we, the computer underground, are more of a target of various governments and transnational states than ever before. Because we are a provisional government away from becoming a transnational state ourselves. As I said earlier, if we were organized they would REALLY fear us, because we would be unstoppable. Maybe that is it. We are a headless provisional government, with hackers holding the wires instead of the infamous "them". And they can't control it, and that drives them absolutely mad. And they will try to stop us. Under the guise of laws used to protect us from cyberterrorist issues such as college students trading MP3s we are seeing our basic rights being slowly eaten away. A journalist who actually understands this stuff and isn't an idiot, whose name is Lew Koch, labeled this neo-McCarthyism with the name of "cybersteria". It is real. It draws circles around islands of information and freedom and closes them off. We have to find these closed circles that ensnare us and open them up. Their energy needs to be released. It has been said that the Internet is the great equalizer, and we should make that so. We cannot wait until they take away our rights. This is not a veiled threat about some bleak William Gibson futuristic landscape and all of us romanticizing we are Neo running around trying to unplug the Man. They are at the door. Now. It is here. Remember, what techniques used to suppress human rights in the physical world can be adapted to the virtual one. We all could be next. Cybersteria indeed. We are hackers. We adapt. If we are outlawed on the Internet, we will circumvent our shackles, maybe return to our BBS networks of old, but we will still share our information, we will still get our message out, we will not be suppressed. They will try their disinformation subterfuge, and try to cloud your minds with petty arguments such as the full disclosure debate, open source vs. closed source, and the technical interpretations of our work. But it will only strengthen our resolve. They will try to stop us from entering their sacred little circles by chopping off the heads of our leaders. Well guess what? There will be the occasional rallying battle cry by an individual or group, but there are no real leaders, only resolve and raw unbridled intellect. Black hats. White hats. Grey hats. Crackers. Script kiddies. You can use your terms to try and subdivide us and pit us against one another. It won't work. WE ARE HACKERS. In closing I'd like to use a traditional Wiccan saying after opening acircle. The circle is open, yet unbroken. Merry meet, merry part, and merry meet again. Thank you, and blessed be.