Transparency: the Way of the Future?

Is full transparency in government a good thing?

Disruption

I believe the ascendence of wikipedia.org as a collaborative knowledge base has had a significant positive effect on the general access to knowledge. But it has also had a significant negative effect on existing encyclopedias. Recently, the venerable Encyclopedia Brittanica announced their final print edition. Really, it is no great surprise that an online knowledge base can be disruptive in this way. This is really quite similar to the disruption of printed news media (such as newspapers) by online new sources. But there are other ways that wikis can disrupt.

Wikileaks

The concept of a wiki is a compendium of material with contributions from several authors. There is a specific wiki called wikileaks.org that amasses secret material and publishes it, run by Julian Assange and his associates. The contributors are whistleblowers everywhere. Many of the contributions are centered on the secret doings of governments.

The interest in such wikis is fed by the conspiracy theorist and the popularization of the idea that governments are bad. That they are doing bad things. But weighing individual privacy against the common security is not a simple black-and-white issue.

That being said, I do believe that governments should not act unchecked. Doing evil "in the national interest" is wrong.

Wikileaks has the potential of disrupting a government's ability to operate. Perhaps they believe they can level the playing field between governments by rendering every government transparent. Perhaps they naïvely believe they are only seeking the truth. Unfortunately, they have done little to render Russia transparent, or Iran, or North Korea. Or even China. They have primarily been concentrating on the United States. Indeed, in some countries, if journalists attempt to render those countries transparent they will simply be murdered. Witness, for example, the purported state-supported murders of Anna Politovskaya and Alexander Litvinenko. Some countries simply have a history of dissuading whistleblowers by making sad examples of them.

It is doubtful wikileaks has the balls to assail any of these countries.

What this has done is to make it less possible for the United States (and some other target countries) to operate in the diplomatic arena, and consequently it lends a strong an advantage to their competitors. This is inevitable. And the trend is to only publish material from countries that are relatively easily penetrated: free countries. This disadvantage is coming soon to your country.

Competition between countries is not just political, or concerned with human rights. It also is about economic prevalence. Countries such as Russia, with its oil and natural gas pipeline that nearly controls Europe economically, and China, with its control over cheaply-made electronics (due to their singular labor policies compared with other countries) and its near-monopoly on rare earth elements, owes its prosperity to the influx of currency from other countries. It is a strong motivation these days: perhaps the only motivation that actually counts to China.

Transparency is not good for negotiation. Without it, countries can operate in secret. Keeping their agenda secret while they strive to achieve their goals is actually key to success. A level playing field would make things better for negotiation. Ironically, the playing field is being made less level by wikileaks.

The kind of transparency that wikileaks.org offers is total transparency. They constantly work to reveal everything they can: entire full sets of diplomatic dispatches, even full sets of military communiques. This will naturally reveal plenty of stuff that could be necessary for a country's economic survival.

Indeed, it would be to a competitor's advantage to extract such information and provide it to wikileaks. Whether this has actually happened is something I can't really verify, because wikileaks scrupulously seeks to anonymize the information, scrubbing away email MIME headers (so you can't be sure the emails were genuine in the first place!), zeroing empty blocks, and redacting content that could reveal their source.

If the publishing of the information is a crime, then they are accomplices and co-conspirators. But how do you prove that the information is true? You can't. They have scrubbed away all that can be used to prove it true. And if you independently verify one piece of information, can you trust the rest if you can't say where it actually came from? I doubt that wikileaks even knows whether the information they post is true or not. They may not even know for certain where it came from. Which makes the publishing of the information an incredibly questionable activity.

Wikileaks has also revealed information about companies as well, such as Bank of America. I am sure it would love to reveal information about people as well.

So, when Julian Assange commits a sexually predatory act in Sweden, for instance, he should be glad that such things can be transparent. And he should be glad to participate in a transparent legal process there, right? No. He is a hypocrite. It's OK to reveal other people's secrets. But when his secrets get revealed, then he objects! And fails to own his actions.

Hacktivism

Hacktivism, hacking for the purposes of vigilante social justice, has been on the rise. The Anonymous group is famous for hacking in retaliation for the removal of credit card support in wikileaks. Really, anything they set their collective minds to, if they think it represents an injustice, is cause for a retaliatory hack. This makes them judge, jury, and executioner for their brand of justice.

Many of the Anonymous crowd also perpetrate hacks that simply reveal lists of credit card numbers and email accounts and passwords. Don't they know that the rogue and state-supported Chinese and Eastern European hack squads are going to exploit these? They disrupt businesses like Sony's Playstation accounts. These acts are essentially criminal acts. And if they aren't criminal acts, they almost certainly lead to them.

In some ways, hacktivism can also produce effects that may be useful, such as making us aware that we should change our passwords. But these are secondary, reactive effects, and not the ones that they were seeking to accomplish. Not by a long shot.

Really, such lawless acts are indefensible. In this day and age where so much is constantly being attacked by Chinese hack squads, why don't these hackers join the good guys and help to build better defenses against the barrage of cyberattacks? There is a real need, and they have the talent. Please, Anonymous, step forwards and help. And I'm not talking about defacing Chinese government web sites.

Perhaps the FBI will have to bust these hackers and conscript them, like they did Sabu.

Either way, we need to get organized to fight cyberattacks and cyberterrorism.

Even if laws could keep up with technology, there are still Chinese state-supported hack squads to deal with. Maybe wikileaks will try to keep them accountable. Sure.

The Moral

Those interested in transparency and who are eager to reveal things must own their actions and practice what they preach. An anonymous hack is an asymmetric form of warfare. Not exactly transparent, is it?

Hackers, Part 2

Today, the FBI took down LulzSec, the splinter group of hackers responsible for so many incursions. Months ago, I speculated that they were known down to the person but I was premature. It turns out that their leader, "sabu" was known, though. That's when the FBI secretly arrested him and turned him into the most interesting mole in hacker history. While, in Hackers Part 1, I speculated that they were disbanded, it turns out that they had turned their efforts onto a new theme, AntiSec. It is good someone got them, because they supposedly had thousands of infected servers at their beck and call (topiary claimed this).

LulzSec, populated with personalities like sabu (Hector Xavier Monsegur of New York), kayla (Ryan Ackroyd of London), topiary (Jake Davis of London, actually arrested last year), pwnsauce (Darren Martyn of Ireland), palladium (Donncha O'Cearrbhail of Ireland), and anarchaos (Jeremy Hammond of Chicago), were responsible for a number of attacks that penetrated systems (mostly using password hacks), stole data and simply posted it (mostly on pastebin.com). Data sometimes included identity information and credit card information. But they really liked to ply DDoS attacks, which are made possible (and apparently popular) using off-the-shelf software like LOIC. The complicated process in finding anarchaos is detailed in this link.

Then things heated up, and in June 2011, other groups started outing LulzSec members. The link points to a pastebin post by the A-Team, a public rival hacking group. Their speculation about topiary was wrong, it appears, but they got sabu right. I wonder how other specified members uncommon, laurelai, eekdakat, nigg, madclown, avunit, tflow, and joepie91 are faring. They are listed in this link, some with names and addresses. Maybe they are on the way. But again, if they got topiary wrong and sabu right, then their record isn't exactly perfect.

In either case, Alpha Mike Foxtrot!

So it's clear that, when this happened, the FBI moved in and turned him. That can't be good for the other members.

This is on the heels of two interesting developments in hackerdom. The first is Anonymous and their prying into the international anti-hacking taskforce's conference calls. The second is the spoofing of Anonymous for the insertion of malware into their actual computers.

The FBI kind of got a black eye when Anonymous posted details of a conference call (the Anon-Lulz International Coordination Call) that occurred between the anti-hacking taskforces in both the US and the UK. The FBI recently admitted that this occurred. So that tells us that the posted transcript of the call was actually correct. It was during this call that the Anonymous member tehwongz was outed. Well, he's a 15-year-old kid, so no names were mentioned. He claimed to have hacked Valve's Steam network. The conference call was hacked by palladium (also known as anonsacco) and this is detailed in this link.

The other notable incident seemed to pass by without notice, although it did receive netplay. Here, a purported Anonymous tool for hacking, posted on pastebin.com, was actually malware in itself. This means that all the Anonymous sympathizers that downloaded and used this code, were infected with malware that would send their dox (identities and other useful information) to someone. This was detected by Symantec very recently.

I speculate that someone wants to know who they are. And get this interesting tidbit of information: the malware was spoof-posted on pastebin right after the MegaUpload raid.

It might be a perfect thing for a government to do to get these guys. First the MegaUpload raid occurs, enraging the hacktivists, then a malware post occurs, then the Anonymous hacktivists decide to use the tool to stage a DDoS attack. And voila! Plenty of names and IP addresses are streaming in.

We will see in the coming weeks and months what comes of this, I think.