Hacktivist Tactics Raise Ethical Questions

Wednesday, January 27, 2010

Anthony M. Freed

6d117b57d55f63febe392e40a478011f

By Anthony M. Freed, Director of Business Development at Infosec Island


Recently we have witnessed the emergence of international hactivist and vigilante “the Jester” through his crusade against jihadi and militant Islamic networks and some third party networks that contain evidence of having been infiltrated by rogue elements.

Jester’s activities raise an important question:  Where do cyber vigilantes fall on the infosec ethics spectrum?

That is the issue my fellow editors and I have been wrestling with while considering our options for covering the Jester’s exploits.

On the one hand, he is acting against some very unsympathetic targets, including the website of the Iranian president. But on the other hand, he is employing what would be considered Black Hat tactics which violate multiple international and domestic laws, as well as possibly interfering with covert intelligence operations.

Since the publication of Richard Stiennon’s article which introduced most of us to the Jester and his cause, there have been a flurry of opinions offered in multiple threads that both praise and denounce Jester’s conduct.

Stiennon asks and answers the question for himself near the conclusion of his article: “In the absence of a lawful society is vigilantism wrong?   Certainly there are many players on both sides of cyber conflicts that feel strongly about their purpose. But in the final analysis I have to say that taking down websites is unlawful and wrong.   And, in this case, taking down Jihadist sites may hurt The Jester’s cause.”

I for the most part personally agree with Richard’s assessment.

But in the absence of context, if the only real ethical measure is the lawfulness of an action, we would never have seen progress in society’s evolution away from institutions like slavery or child labor.

Lawfulness seems an inadequate assessment method.

Subsequent to Richard’s article, I began a series of IM chats with Jester in an effort to uncover more about his methods and motivations.

Obfuscation for security reasons aside, the Jester seems to be a sincere, impassioned individual who genuinely believes his efforts are noble and justified by the barbarism of the terrorist tactics he witnessed as a soldier.

On multiple occasions now, Jester has made reference to the horror of watching his friends and fellow soldiers be “murdered” by jihadi operatives who have long been exploiting the internet and its accessibility to coordinate terrorist operations.

The feeling I get from our conversations is that the Jester is on a very personal mission to inflict some semblance of pain of on those who are actively working to harm and kill… well, you and me.

Jester also claims to be sharing the location of secret deposits of information he has found planted on legitimate sites in the US, unbeknownst to the site owners, by jihadi hackers.

Some of these hidden files contain information on everything from how to produce an improvised explosive device (IED) to long anti-western rants said to possibly have phrasing combinations used to prompt sleeper cells into action.

The bad guy’s bad is definitely much worse that the good guy’s bad here, and that does play awfully well for the Jester.

Also, the unique methods the Jester is using could more than theoretically be employed by our foes to wreak havoc on our own systems, and so there may be much to learn from this character that can employed for our own best defenses.

And so, after much consideration, we decided that we should indeed pursue this story and our regular contact with the Jester, as the news value of the information provided far outweighs any risk of somehow seeming to improperly glorify taboo infosec practices.

The following is the first installment of my conversations with the Jester.

Q:  Who are you targeting with your DoS attacks and why?

"Targets are rife, but I vet every single one. I am tipped off via various channels. But I verify all targets. What constitutes a target?

I 'target' known sites that recruit and co-ordinate attacks. They can't use cell phones anymore - they use the web - it's the anonymous playground.

You can have sleeper cell operative who is watching a jihad forum for a certain phrase. That phrase activates him to do whatever his task is."

Q:  Why take them up and down, why not just knock them out?

"These ops are time sensitive. My task is to make their chosen communication method unreliable.
By taking them down at random intervals, for random intervals, they can’t rely on them -they become unreliable and useless.

Because they never know when or where I strike from, and because it’s random, the intel agencies can still gather their (questionable) intel."

Q:  Critics say you do more harm than good – your reply?

"Some critics have said that I will only drive them underground, Well is that not the best thing to do for recruiters?

If you take the position that online jihadi propaganda, proselytization, and interaction is increasingly important in jihadi recruitment, then why is it bad to drive them back into the shadows online? That’s a key principle of COIN.

Underground they can’t reach the masses; therefore they are less effective at recruiting. An underground recruiter is less dangerous than an overground one."

Q:  You are all over Twitter - what about an Islamic group’s right to free speech?

"Well the internet is all about freedom of speech, which is a concept I support.

Freedom of speech is one thing, but when bad dudes use our internet, on servers hosted in our country, or continent - because they have no infrastructure of their own to do it - that’s a different matter

As for their freedom of speech, if that’s all they want, then please speak freely

Just make sure there is no recruiting or co-ordination going on. Now do you see my point?"

Q:  Where do you see yourself from an ethical perspective?

"This the first time I have really quantified my reasoning - to anyone.

My plan is to disrupt, not destroy – to make their methods unreliable, make them not trust the only medium left to them. 

I do wrestle with whether what I am doing is right, but figure if I can make their communications unreliable for them, all the better."


Now a question for the readers:  What do you think?  Is Jester to be characterized as the cliché outlaw hero who dishes out his own personal brand of justice on the bad guys?

Or is he – as some critics have labeled him – just a miscreant with script-kiddy tactics, meddling where he has no business to meddle?

Cast your vote by taking out Latest Poll: The Jester - Is he a Patriot or a Criminal? (Logged in users only)

Submit your comments or questions for Jester below, and stay tuned for more installments of my IM chats on Information-Security-Resources.com, now part of the InfosecIsland.com Network.

Possibly Related Articles:
22229
Network Access Control Breaches Privacy
Federal Military Municipal State/County
Denial of Service Hacks Jester Patriot Hackers DoS DDoS th3j35t3r Hacktivist
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Your line brings up an important point Lance - Ol' Ronnie was singing about Watergate just a line before - it took a criminal act to expose the criminal Nixon administration.

Jester is just another in a long line of antiheroes - there will be more...
1264721439
C643eec6350152c6c3fbd1288578d98a
Terry Perkins I love the Ronnie VanZant quote. Thanks Lance! This is a tough one. I think DISRUPTING or making their communications unreliable is good. I see it from both sides of the ethical question.
1265123644
Bd34ec51d072894fb65c87bbc781ce93
Buzz Hillestad Guys, seriously, we are at war and you are debating ethics?!? When was the last time war was ethical at all? Ethics should not be the question here. They guy is doing a service to his country and isn't even getting paid for it. He is a true patriot.
1265127654
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Buzz - for the most part, I agree with you. I am only concerned that Jester may interfere with Intel Ops on those same targets - else, go get 'em!
1265128233
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Buzz, I agree, as well. However, as security professionals it is a good discussion but by all means, Jester should go for it. I'm sure he sleeps just fine!
1265129104
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Aside form the constant death threats - he says he does!
1265134912
D5e39323dd0a7b8534af8a5043a05da2
Fred Williams When you have billions of Chinese youth - bored and nothing better to do than hack - you need guys like Jester. I'm glad someone is fighting on our side. This is an interesting article in Slashdot about a look into a Chinese hacker. http://news.slashdot.org/story/10/02/02/186238/A-Look-Into-the-Chinese-Hacker-Underworld?art_pos=12
1265203186
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Thanks Fred - am checking it out...
1265207990
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Vigilante Hackers as Heroes, but at What Cost?

"In the online world where personal information in extremely large volumes is merchandise for organized crime, where law enforcement is more focused on building war-rooms and appointing cyber security tzars, and where everyone leaves a digital footprint, cyber vigilantes have become something like worshiped heroes…"

http://information-security-resources.com/2010/02/03/vigilante-hackers-as-heroes-but-at-what-cost/
1265225641
A522fbd52ff0d8e2c9faf085e7ec0966
Cindy Roux What moral code is it that you follow, Master Jester? Whom do you serve?
1268165610
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Cindy - From my conversations with Jester, he feels he serves soldiers and civilians in the line of fire.

Stay tuned for Video number two - coming this week...
1268167595
A522fbd52ff0d8e2c9faf085e7ec0966
Cindy Roux Which soldiers? Think in the broadest sense of the word. Are we not all soldiers? "Common interests for good...who's good?"
1268174702
E4b33dbe234685965beb3e9f2a0ad456
Ted LeRoy The cyber world is just as valid a place for espionage and sabotage as any other realm of communications or social interaction. I appreciate what the Jester does. Unfortunately, since he's going it on his own, he's somewhat unprotected from both personal safety and legal perspectives.

Good luck Jester, and be safe!

Cindy, as a retired U.S. Navy Chief with a son who is an Infantry Marine, I think I favor a more restrictive view of who the soldiers are.
1268192531
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Ah yes - I have seen many of these Jester threads end up in an exploration of moral relativism.

All I know is that there are people out there i have never met, never crossed, and never harmed who want to kill me.

Jester is not one of them.
1268201946
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Amen, Anthony!

Ted, thank you and your son for your service to our country!
1268235820
E4b33dbe234685965beb3e9f2a0ad456
Ted LeRoy Thanks Terry and Lance!

I really enjoyed it and I hope my son does too.

Ted
1268281802
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.