The Return of Hacktivism

Listen to this episode

S1: Hey, everyone. I have a special announcement for you today. This year marks the 25th anniversary of Slate, and for a limited time only, we’re offering our annual Slate Plus membership at $25 off. As a member, you’ll get no ads on any of our podcasts. Unlimited reading on the slate site and member exclusive episodes and segments from shows like Slow Burn Amicus and the Political Gabfest. For the past quarter century, Slate podcasts have been covering all the major news events, from elections to social issues to historic court decisions. Our culture shows have debated whether things are sexist, named the best summer songs and explained the latest TikTok trends if we’ve become a part of your listening routines. We ask that you support our work by joining Slate Plus. Sign up for Slate Plus at Slate.com. What next? Plus to keep us going for another 25 years? Again, we’re giving you 25 bucks off an annual membership through October 31st, so sign up now at Slate.com. So what next? Plus? Over the last year, two, we’ve talked on the show about hacking and hackers. We’ve usually been talking about ransomware, holding data and services hostage for money. A suspected cyberattack has forced a major energy pipeline in the U.S. to shut down operations. It was ransomware that shut down the Colonial Pipeline on critical infrastructure.

Advertisement

S2: This time, the food

S1: supply, the world’s largest meat supplier,

S2: cybercrime is hitting U.S.

S1: hospitals, countless schools, hospitals and small businesses,

Advertisement
Advertisement
Advertisement

S2: stealing private data and holding it for ransom. So far,

S1: things have gotten so bad that this week, the Biden administration held a two day summit with 30 countries to talk about the problem. Ransomware has America’s attention. But the thing is, not all hacks are made the same.

S2: One of the simpler ways to break it down is motive.

S1: This is Drew Harwell, who covers tech for The Washington Post

S2: with something like a ransomware gang or like a cyber crime outfit. There is just a crass capitalistic ambition to just make a bunch of money, and then you have these geopolitical espionage intelligence attacks where nations are hacking each other, shutting down roads or weapons, and the US is very good at that part of it as well.

Advertisement
Advertisement

S1: But over the last few weeks, a different type of hack has been having a renaissance. Different in both ambition and scope. The web hosting company Epik and the streaming platform Twitch have both been targeted in massive attacks by people with ideological motives, also known as hacktivists.

S2: The hackers that knocked over Epik and knocked over Twitch, they didn’t reveal any kind of interest in killing money out of those companies. As far as we know, like they weren’t demanding a ransom, they weren’t asking for money to be installed in some bitcoin wallet somewhere. For them, it was just all about the ideology and all about, like, humiliating this company on the public stage.

Advertisement

S1: In both of these attacks, the hackers seem to want to reveal personal details of platform users and taunt the platform’s lax security. In some cases, it’s about retaliation for harassment. In others, identifying links to the far right people with secret racist websites have lost their jobs. Others have been linked to the Jan. six attacks. But of course, none of this is simple. Innocent people have been caught up in the mix, too, with Hacktivism. Things get messy.

Advertisement
Advertisement
Advertisement

S2: You really don’t know what motive you can trust, right, like maybe they do want money or maybe they want cloud, or maybe they just want to, you know, have some laws on their own little private chat room. But the effects of it often tend to be the same. These hacks can just be absolutely devastating for the company, but also for the people who use them for their work in daily life as so much of our lives get ported onto the internet. It really kind of just drives home how much the internet being the backbone of our our life has really exposed us to these threats that we never, ever really expected to be thinking about.

Advertisement
Advertisement

S1: Today on the show, the complicated moral calculus of Hacktivism, I’m Lizzie O’Leary and you’re listening to what next? TBD a show about technology, power and how the future will be determined. Stick around. Epik with a K is a Web hosting service. It registers domain names, helps people create and maintain their web sites, and it’s best known for propping up some of the most noxious sites on the internet, like Gab, Parler and 8chan. And it was started by a guy whose name and yes, this is his real name is Robert Monster.

S2: He works in this industry that is extremely important to all of our lives that we never think about, right? It’s like the web infrastructure, the plumbing of the internet that keeps all of these websites online. There’s this whole just boring space of domain registrars and hosts and security companies, but they are really like the backbone of the internet. And so Rob Monster created this company, Epik that mostly what it does is register domain. So it was a company that people had never really thought about until a couple of years ago.

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

S1: Good morning. We’re coming on the air right now with breaking news. For those of

S2: you watching back in twenty eighteen, there was this just horrific shooting at the Tree of Life synagogue in Pittsburgh, Pittsburgh,

S1: Pennsylvania, just moments ago, police reporting there are multiple casualties with

S2: three officers. The gunman had shared all of these hateful anti-Semitic thoughts on this right wing social media site Gab. Think of

S3: it as a version of Twitter, but it’s popular among alt right members and other kind of folks that don’t feel welcome on sites like Twitter or

S2: Facebook. And in the aftermath, people were just furious. And, you know, they said, Let’s take this crap offline. We don’t want to support Gab. We don’t want to support a place where people are just free to to share this kind of hate. On the other side with Rob Monster in Epik, and while everybody was thinking about the victims of this horrific shooting, he was saying, Well, what about poor gab?

Advertisement

S4: Hey, guess what? There’s this site called Gab that come and go, daddy, just deplatform them. They took them down.

S2: Poor gab has been knocked offline, right? This is a haven for free speech. This is, you know, a place where, hey, maybe I don’t agree with everything that’s on the site, but I want to, you know, fight for the right for it to stay online.

S4: But I knew kind of at that moment, being a believer in due process that it is possible that this particular site might have been a case of throwing the baby out with the bathwater. And I kind of philosophically object to that. In general,

Advertisement
Advertisement
Advertisement

S1: Epik goes on to to host a whole bunch of different websites and platforms. We’re talking 8chan gab parler. Do we know or is it possible to tease out if this is about Rob Monster’s personal beliefs, that he sympathizes with some of these groups or that he really and truly just says you should be able to say whatever you want on the internet?

Advertisement

S2: The big thing that he conveys is that he has this very fundamental Christian belief that everyone should have the right to say what they want online. So, you know, he was a little different than a lot of the people on this side of the debate who are white supremacist neo-Nazi hater types. He tried to kind of play it in the middle by just conveying this as more of a I had a philosophical issue. And you know, he he is not alone. Like, there is, you know, the internet has libertarian roots that have for a long time said this distributed technology we have is great for sharing whatever you want in mid-September.

S1: A reporter named Stephen monetarily broke the news that Epik had been hacked. He posted a screenshot to Twitter where the hackers, who said they were affiliated with the group Anonymous, claimed to have a decade’s worth of data. They started sending out huge files of internal Epik data to the media.

Advertisement

S2: In all of those files was kind of like a reed me in which the hackers sort of laid out their thoughts, their own manifesto for why they had targeted Epik. And in no uncertain terms, they were saying that Epik had dug its own grave effectively. They said, you know, Epic’s reasoning was totally unacceptable that they had really contributed to these just hateful attacks over the last couple of years and that the hackers didn’t want to stand by it anymore. And so here, for everybody to see was just a huge mountain of evidence taken from inside Epic’s computers that included some really personal data, like people’s passwords and security questions.

Advertisement
Advertisement
Advertisement

S1: Yeah, I looked at some of the images when this was released and the hackers wrote notorious hackers on steroids present grand reveal of Rob, and then I’m quoting here Hitler should have won monsters. Epic fail when they say grand reveal how how much did they have and what did they have?

Advertisement

S2: It was giant. You know, we see these breaches all the time, right? You see, like, OK, more emails have been leaked onto the dark web or whatever. It’s kind of become sort of an everyday occasion. But this epic fail breach was. It was literally everything like it was passwords. It was financial invoices. It was years of documentation from this single business. It was not just any one piece of data, it was just thousands and thousands of records, like hundreds of gigabytes, even down to like four mirrored images of Epik servers that you could like launch from your own computer. Wow. Yeah, it was like everything that Epik was with suddenly public.

S1: The hacked files purport to reveal the real names of people associated with the Proud Boys. Q and on and supporters of the Jan. six Capitol riots. The amount of data is enormous, and researchers are still combing through it. There seemed like there are sort of two main effects here. One is that these extremists are being outed because their information became public, and the other is that people who study extremism are just delighted by the information. Tell me first about the people whose secret online lives were revealed.

Advertisement

S2: In some cases, including when we wrote about there was like a real estate agent in South Florida who, unbeknownst to anybody, had also owned these Holocaust denial domains and these racist domains. And once that came out like that guy lost his job, the real estate agency he worked with said No thanks. These very run of the mill, everyday people who you you see through your daily travels were also kind of believers in these hateful ideas. But the other part of it is that like Epik is not a small company, and a lot of the people who were Epik customers are not marching, not the white supremacist. There were a lot of normal people who had bought domains through Epik because it was cheap or it was easy or whatever whose data was also leaked. And so, you know, I think that gets to one of the issues here where this hack exposed a lot and gave us a lot of transparency into this part of the internet that we never talk about where there’s all sorts of horrible stuff happening and that should be exposed. But there’s also collateral damage.

Advertisement
Advertisement
Advertisement
Advertisement

S1: You’ve also talked to a lot of researchers who study extremism. What do they say that this gives them?

S2: This is a giant gift to anti-extremism researchers, like in the hours after this first leaked, there was like just just like feeling of ecstasy among a lot of them, because, you know, a lot of their data that they’ve had to pull together has been alacarte, right? It’s like pulled from different forums or different like street protests. And here was the decoder ring. Finally, they could even the playing field a little bit for these researchers who were just clamoring for as much transparency as they could get.

S1: When we come back, what the hackers behind these attacks really want. Last week, another group of hackers went public with the announcement that they’d hacked Twitch, which is owned by Amazon. They released a trove of data and wrote a note alongside it, saying Jeff Bezos paid $970 million for this. We are giving it away for free. Their entire source code was hacked and released publicly, so you would put that in this in this hacktivist bucket.

S2: I would. And yeah, to leak a company source code is just it really is kind of unheard of like it’s so it’s so on the opposite side of like a breach where people get email addresses because like a source code is the company that is what they spend millions of dollars every year building and have built over the last couple of years. And when you have the source code, it’s not just a threat today, it’s like we can potentially build something to keep you vulnerable forever. And so the reason for putting the Twitch hack in kind of the hacktivist column was that again, and like the little manifesto that the hackers included when they dumped all this data online was that, you know, in their argument, they said Twitch has become this toxic cesspool. They also used this hashtag that has become popular of critics of Twitch do better Twitch. So when the hacker used that hashtag, it was kind of a suggestion that they were paralleling that effort in that criticism of Twitch and that it was a lot more about really trying to target the company for its choices as opposed to targeting it for some cash

Advertisement
Advertisement
Advertisement

S1: you were using. And I am using the word hacktivist. And I think I first learned that word back in the kind of initial WikiLeaks era when they started dropping, you know, U.S. State Department cables, for example. I wonder if you could characterize how hacktivists today might see themselves versus them.

S2: I think in a lot of ways they feel like the mission is the same. These are ideological crusaders who are very mobilized by their cause and who feel like their main weapon is the internet and their ability to hack these companies and expose these companies for what they believe they truly are, as we have seen in the years after WikiLeaks. It was not so simple, right? I mean, there are a lot of geopolitical layers to that that we did not know in the moment, and that could still be a function of, you know, the modern hacktivists today because we really just can’t scrutinize their motives and who they are that closely because they’re anonymous. But I think the ideal is the same the idea that we have this powerful tool at our disposal and we can take on these big institutions that as normal people, we would otherwise be powerless to to push back against.

S1: Do you believe them?

S2: You know, every hacker is different, right? They’re not a monolith. And some, I think, are more moral than others. Some are just total chaos merchants happy to just dance while the company burns. But some do. You know, I talked to really do feel like this is a mission and this is something they support. You know, I will say that there is definitely a sort of rival argument among kind of information security types who say that Hacktivism is kind of a retroactive explanation for just wanting to take down a company in their minds is sort of frame it as these are hackers with the set of tools who are opportunists, if they can, if they can barge into a company and expose all this stuff that was never seen before, they’re going to do it, and they’re going to figure out a reason why they should do it afterwards.

Advertisement
Advertisement
Advertisement

S1: If you zoom out, the morality here gets complicated. One person’s Hacktivism is another person’s criminal, one person’s rogue employee, someone else’s truth teller.

S2: There is no real clear red line here. There’s just a lot of gray. And you know, I find it really interesting that while we were learning about these hacks, there was also this massive project around the Facebook files. You know, these were documents that were taken from inside Facebook, a company that did not want to share them a distributed online to a very interested public that exposed, I think objectively some really concerning stuff and was done by somebody on the inside. If you squint a little bit, that looks a little bit like Hacktivism, where we’re both sides are trying to force transparency no matter the means. And, you know, kind of tiptoeing around the legal edge to do it. It’s going to be really difficult in the future as we look at these kinds of attacks. To gauge like how we feel about them morally and ethically, and I think a lot of it’s going to depend on the target down the road, we don’t know who’s going to be targeted. We don’t know what information. It’s going to be exposed and we may not be as celebratory when the shoes on the other foot do Harwell.

S1: Thank you very much. Thank you. Drew Harwell covers technology for The Washington Post, and that is it for the show today. TBD is produced by the awesome Ethan Brookes or edited by Tony Bosch and Alison Benedict. Alicia Montgomery is the executive producer for Slate Podcasts. TBD is part of the larger What Next family, and we’re also part of future tense partnership of Slate, Arizona State University and New America. And I want to take a moment and recommend that you listen to Thursday’s episode of What Next? It helped me understand why a huge group of Hollywood’s behind the scenes workers are ready to strike. What next? Be back next week and Lizzie O’Leary. Thanks for listening.