Spotlight Features

The Rise of the Ethical Hacktivist

hacker
The main problem with hacktivism "remains with the legislators and officials who fail to see things in analog-equivalent terms," said Piratpartiet's Rick Falkvinge. "If getting documents to a reporter was OK in the pre-Internet age as part of our checks and balances on power, then it has to be OK in the digital age, too." Yet "many powerholders freak out at the slightest occurrence of pentesting."

When Saul Alinsky wrote Rules for Radicals more than forty years ago, the world was very different from it today.

Protests and demonstrations were among the most common tactics for bringing about social change, and they were used on such a broad scale that they helped define the Vietnam War era and counterculture movement of the 1960s and 1970s.

Today, however, there’s a new tool available to those who want to change the world, and it’s already brought about results that are at least as dramatic. It’s called “hacking,” as controversial as its diverse variations.

“Try to imagine the organization of an event 20 years ago and compare it with what is happening today,” cybersecurity expert, cybercrime analyst, and author Pierluigi Paganini told LinuxInsider. “Just one tweet, a picture, can blow the wind into a revolution.”

What’s ‘Ethical’?

“Hacking,” of course, is a term that has long been fraught with ethical connotations. Often considered synonymous with computerized crime, the term has more recently been broadened to include concepts as far afield as product hacking — essentially, product improvement — and even “life hacking” for better personal productivity and efficiency.

Where things get really interesting, however — as the efforts of Anonymous have illustrated particularly well — is in the distinct and yet related notions of “hacktivism” and “ethical hacking.”

In general usage, the term “ethical hacking” typically is used to mean penetration testing for security-improvement purposes, while “hacktivism” means using computers to bring about political or social change. However, the line separating the two isn’t always entirely clear.

“There are many aspects of this concept,” Rick Falkvinge, founder of the first Pirate Party, Sweden’s Piratpartiet SE, told LinuxInsider.

“First, what is considered ethical can have many layers: Is the penetration testing made within the organization in order to promote better security practices, or is its penetration of a corrupt organization to expose corruption? Both could easily be described as ‘ethical,'” Falkvinge pointed out.

‘We Cannot Ignore Their Voices’

“Since the war in Iraq, hacktivism has been on the rise,” Terry Cutler, a Certified Ethical Hacker and cofounder and chief technology officer of Digital Locksmiths, told LinuxInsider.

From the uprising in Iran to the “Occupy” movement, “tools like Twitter and Facebook were the only way to engage and get their stories out, especially since local media was being blocked,” Cutler explained. “The tools and technology allow these attacks to happen much quicker than before.”

Hacktivism is “the expression of social dissent through hacking,” and it’s growing rapidly, agreed Paganini.

“Media mainly know the name of the collective Anonymous, but behind those masks, there are many people, many cultures and countries that daily face different problems,” he explained.

“The common intent is the fight for liberty of expression and free Internet access, but recent revelations have revealed that intelligence agencies monitor everything,” Paganini noted.

“I believe that the hacktivists in the future will pass from the keyboards to the streets,” he added. “We cannot ignore their voices.”

Aaron Swartz’s Legacy

Yan Zhu, a staff technologist with the Electronic Frontier Foundation, told LinuxInsider that much of the growth in hacktivism is due to the rise in public awareness of Aaron Swartz over the last year.

“Aaron spent a lot of his time hacking on projects for social and political change,” Zhu explained, citing the SecureDrop and RECAP projects as examples.

“He embodied the term ‘hacktivist.’ I think his death inspired many people in the free software and activism communities to put more energy into doing likewise,” she said.

Aaron Swartz memorial hackathons have been organized in more than 20 countries worldwide to finish some of the work that Swartz started, noted Zhu, who is also the creator of the Worldwide Aaron Swartz Memorial Hackathon Series.

In fact, hackathons are increasingly the means of organizing hacktivist efforts, said Richard Kastelein, entrepreneur, strategist, writer, and founder of The Hackfest.

‘It’s the First Step’

“It’s getting more and more common,” Kastelein explained. In addition to a health hackfest being organized by Six Degrees in Brussels in June, Kastelein is working with a UK group to tackle the aging crisis later this year, as well as contributing to a separate effort to help drive innovation and educate developing countries in the Caribbean, he told LinuxInsider.

“There are more and more emerging hackathons around environment, health, LGBT issues, and much more,” Kastelein said. “We are finding more and more large brands and corporations want to get involved as sponsors via their CSR departments, and there’s simply more and more companies in sectors such as health that have APIs and even SDKs that are trying to build their own developer communities.”

A key benefit of “‘ethical’ hackathons,” he pointed out, is that they are “part of the process — a larger process — of driving innovation forward that is essential because it takes people from across the spectrum, pushes them together, and in a short time, they are forced to work together in a gamified, competitive atmosphere to build something that can effect change.

“It’s the first step,” said Kastelein. “Ideally, the next step for the great ideas would be boot camp, incubator, angel investment, VC, etc., or just a lean startup.”

‘Almost Tragic in Some Cases’

Perhaps the biggest downside of hackathons and coordinated hacking efforts is the possibility of losing momentum after the event is over.

“I’m afraid that the short duration of these events encourages people to work on small, fragmented projects that are not necessarily well thought-out,” Zhu said. “It would be great to see more hackathons that bring people together to work on larger, long-term projects, perhaps at regular intervals over the course of a year or so.”

Indeed, “seeing great ideas end after a short-term event is almost tragic in some cases,” Kastelein agreed. “Ideally, we would like to be the initial stage of an ecosystem that further fosters and nurtures those great ideas and moves them into real working products and services.”

On the other hand, “at least the results are made public,” he noted. “We are considering adding in an element that if great ideas fall to the wayside, we work with the groups in putting their code and concept into open source or Creative Commons mode to allow others to pick up where they left off.”

Kastelein pointed out that, according to public hackathon rules and principles globally, all intellectual property is currently owned by the groups involved.

Analog Equivalents

There seems little doubt that hacktivism is here to stay; however, the legal issues remain to be sorted out.

Piratpartiet’s Falkvinge said such questions become clearer when you compare digital hacktivism with its analog equivalents.

“I would describe the break-in to the FBI of March 8, 1971, that exposed COINTELPRO and numerous other anti-activist methods in light of the Vietnam war as a typical example of pre-Internet ethical hacking,” he suggested.

“Today, the equivalent would be to — illegally — break into a corrupt organization’s servers and copy similarly incriminating documents,” Falkvinge explained. “While today’s powerholders decry such acts, there is little doubt that the break-in of 1971 has been more than justified by the history books, and it certainly caused social change.”

Criminals or Heroes?

The main problem with hacktivism, then, “remains with the legislators and officials who fail to see things in analog-equivalent terms,” Falkvinge said. “If getting documents to a reporter was OK in the pre-Internet age as part of our checks and balances on power, then it has to be OK in the digital age, too.”

Yet “many powerholders freak out at the slightest occurrence of pentesting, even going as far as to punish students who point out security problems in their schools’ IT systems,” he noted. “That’s not proportional, and that’s causing a growing divide of resentment between the offline-borns and the Net generation.”

Looking ahead, “I’d pay attention to this growing divide of resentment and its large-scale social effects,” Falkvinge concluded. “It may manifest itself as a new political power in some countries, as is happening with the nascent Pirate Party movement, or it may manifest itself as an underground culture of people that has different names depending on whom you ask: ‘criminals,’ if you ask the powerholders whose crimes are getting exposed, or ‘hero journalists’ if you ask the average people who are getting news they wouldn’t otherwise.”

Either way, the trend promises to continue.

“We can arrest hackers and hacktivists that violate our networks and disclose our data,” Paganini said, “but we cannot stop an ideology.”

Katherine Noyes is always on duty in her role as Linux Girl, whose cape she has worn since 2007. A mild-mannered journalist by day, she spends her evenings haunting the seedy bars and watering holes of the Linux blogosphere in search of the latest gossip. You can also find her on Twitter and Google+.

1 Comment

  • So what are you trying to say Mr. Terry Cutler from DigitalLocksmiths? Iraqis are responsible for the rise of hackers? I don’t understand why you would put the Iraq war and hackers in the same context, I find this rather insulting and racist, is this the type of ethical hacking that your company does because I will never deal with a racist company!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

What's your outlook for the business climate in 2025?
Loading ... Loading ...

LinuxInsider Channels