Greetings Troublemakers... welcome to Trouble. My name is not important. At 10:30pm on October 29th, 1969, Charlie Kline, a student programer at UCLA, successfully sent the first digital message from one computer terminal to another via the DARPANET, a top-secret research project run by the US Department of Defense. The transmission of this single word, 'login' was a pivotal moment in human history, as it represents the official birth of the Internet. And it was from here that the first message was sent. A revolution began! In the nearly fifty years that have followed, this invention has thoroughly transformed our world and come to dominate virtually all aspects of our lives. It has restructured and rejuvenated capitalism, by revolutionizing finance and transforming the globe into a single interconnected marketplace. It has provided new methods of interacting with one another and helped shape the ways that we receive and process information. And it has provided a place for people to upload terabytes of videos of their cats. This is pinky... he's a male. He's available for adoption. He's pet of the week. The Internet has also become the central pillar of a new form of social control based around mass data collection and the construction of algorithms aimed at better predicting and manipulating human behavior. But while states and digital capitalists have used the Internet as a platform for mass surveillance and pacification, it has also been a site of subversion and created new possibilities for decentralized attacks on the dominant order. We've got a problem. What? Someone synched a RAT to one of my servers. A remote access tool – we're being hacked! On the front-lines of this war are hackers. Those who use curiosity, programming skills and problem solving to unlock closed systems and bend powerful forces to their will. Over the next thirty minutes, we'll share the voices of a number of these individuals as they share their experiences of defacing web sites, leaking emails, developing tools to thwart digital surveillance ... and making a whole lot of trouble. Hacking is one of those terms that I think has become a little bit nebulous. I would define it as using technology in a way that wasn't intended, by finding bugs and oversights in designs to make it produce results that were never supposed to happen. Creative subversion of technical systems. You take software and you modify it to get another result. For example, accessing information on a system that you shouldn't be able to access. Or making the system do something that it shouldn't be able to do – or that you shouldn't be able to make it do. There's a lot of different definitions of hacking, depending on who you ask. US criminal law defines computer hacking as unauthorized access to obtain information, transmitting destructive code, etc. I mean, they've basically expanded the definition in their ongoing efforts to criminalize everyday Internet activity. If you ask someone like Richard Stallman, he'll tell you that it's really just a creative solution to a problem. But hackers also do like to break into systems. There are all kinds of systems, and there's all kinds of access and all kinds of ways to gain access. Some hackers choose to fix and protect these systems. They work for the government, Microsoft etc. They call themselves White Hats. They're not even really hackers. They're seen in the hacking scene as sellouts. They do it for the paycheck... or maybe because of the flag. But there are those, of course, who don't don't it for employment. They don't do it for a paycheck, they do it for the love of solving complex puzzles. For the thrill of breaking into whatever artificial borders that these people decide to erect. Everything that's built can be broken. I don't think hacking has changed all that much in the last few years. What really has changed is the scope of things that can be affected with hacking. Before, in the 90's, most of it was just practical jokes because none of it had a lot of impact on real life. And in popular culture, you start to have hackers appear in movies, in television series, where there's this whole figure of these hackers that have these super powers. That can invade computer systems in any way, shape or form. There's a new virus in the database. What's happening? It's replicating... eating up memory.... uhh, what do I do? Type 'cookie' you idiot! Then it gets a lot more popularized. Since the dot-com boom at the end of the 90's, things now have a huge impact and everything tends to be connected to the Internet, or some sort of network. As digital information networks have evolved, a lot of personal information is being stored. Y'know, big data corporations and industries are relying on computers ... so hackers have access to this kind of information that these big companies have as well. Hacking can be very simple and very complex. But most times hacking is very simple. By supplying input in a certain way, you're able to make the back-end system believe that what you're supplying is actually part of its own code. Which, in a lot of cases, can give you full access to that system. That's not just limited to computers or telecommunication systems. We can really kind of apply this idea to all kinds of technical systems. So, for example, something like social engineering is a human form of hacking. Y'know, you can pretend to be somebody that you're not and ask another person questions about themselves in order to get them to reveal private information. It's possible that there is software in theory that doesn't have vulnerabilities. But in practice, that's impossible to have. If an application or a system performs queries to a database based on your input, you could possibly alter your input to be able to then alter the database query, and possibly gain access to information that you shouldn't be able to. Mostly what an exploit does, it's a small tool that you run to get access to a special sector of the software you want to get. A lot of exploits and vulnerabilities are discussed publicly and being used in the wild. If you pay attention to lists like Full Disclosure or Security Focus, they'll tell you some of the latest tricks that are being used. Of course, those are the ones that are already publicly known, and that the vendors have often already released patches ... but a lot of companies don't always patch. They're not as on-top of it as they'd like to think that they are. For example, the Equifax hacks a couple of weeks ago was running outdated versions of Apache software. Most people don't really do updates regularly. So most people will actually get hacked by something very simple. Denial of service attacks ... basically coming up with ways to create an enormous amount of traffic to your server, to the point where it can't continue to provide those services. There's such a thing as Distributed Denial of Service attacks, where that traffic is coming from many places at the same time. The most serious techniques are what they call 'undisclosed vulnerabilities', what they call a 'zero day.' When someone discovers a vulnerability, and instead of reporting it – which is the White Hat way – they continue using it privately. And they don't report it publicly, so that way there's no way for anyone to really adequately protect themselves against it. I think a useful way to think about this is that the Internet is a really hostile place. It was never designed with privacy or security in mind. State actors and corporations control the entire thing. And so when you talk about their ability to exploit it ... I mean, to me, so many of the basic services that we use on the Internet are exploitative without thinking about a hacker getting into it, or malware or something like that. State actors like the US government have the ability to observe all Internet traffic in real time, collect it and store it, and then use it later at their discretion. And they work very closely with the digital capitalists – facebook, google and all these other entities – who are already storing that information anyway. The Internet has long been a tool used by social movements of various political stripes, both as a means of disseminating information and a fertile ground for recruitment. Back in the 1990's, the anti-globalization movement arose alongside the open-media publishing platform, Indymedia, which allowed for the virtual coordination of many localized fronts in the global fight against neoliberal capitalism. I need 50,000 people. 50,000? You're gonna have to give me some time. And drums. You want drums? OK, I can do that. And what about the Italians? The Italians? Man, they're stuck on the border. They're gonna be with you tomorrow. And the black bloc? The black bloc are already there. You're gonna see black and red like there ain't no tomorrow, kid. You just sit tight. These days, social media platforms like facebook have given rise to a new form of online activity known as 'clicktivism', in which likes, shares and the signing of online petitions have become a popular way for liberals and so-called 'progressives' to project an image of ostensible participation in campaigns centered around a variety of social justice-related issues, and often masking their lack of participation in real world struggles. Real change requires real action. That’s why I always share political articles on facebook, whenever I see them. But not everyone has been lulled into this comforting delusion of how social change works. On both sides of the political spectrum, groups and individuals have continued to use the Internet pragmatically, both to spread their ideologies and coordinate their IRL activities. Anonymous is a decentralized network of hackers and activists that exist in places like IRC and Twitter, and anyone is free to become Anonymous and start their own operations within the network. It's kinda similar to the black bloc tactic used as cover and collective identity. I'm doing ten years in the fence for computer hacking charges related to my involvement in Anonymous. I was hacking police departments, military contractors ... defacing their websites, releasing their emails and databases to the public. One of the bigger targets was a company known as Strategic Forecasting – Stratfor – which is a private intelligence firm made up of mostly former State Department and CIA agents. We took down their websites. We went on donation sprees with all their clients' credit cards, and gave their email archives to Wikileaks. And Wikileaks pubished them, showed that they had been spying on activist groups on behalf of corporations like Dow Chemical. Groups like Anonymous got really really famous defacing websites. Other groups attacked police websites, getting all the data they have about current police members. There's also groups that were blocking huge institutions, like credit card companies or banks. If they block their transactions, they lose money. So there's a bunch of stuff you can do with hacking. Anonymous, they were really famous for really getting that kind of popular participation in a hacking movement that really didn't mean you had to be an expert to use it. You could download a piece of software, and you could just run it on your computer and you would enter in the target URL and you could begin to participate in what was effectively like a virtual sit-in. Now as far as Anonymous, or hacktivists in general playing a role in revolutionary movements... Anonymous was very active during Occupy Wall Street and the Arab Spring. In general, an overall revolutionary strategy benefits from a diversity of tactics. Multiple attacks converging from all angles, including street protests, to smashed windows, to hacked websites. So Anonymous, y'know, revealing scandalous personal information on individuals associated with a company that is the current target of protests – timed well, it could be very effective. It's a really interesting concept to me. And a lot of people who are members of Anonymous use tools that I work on every day. And I hope they will use them for good. I think the unifying idea is just using anonymity to achieve some end. And doing it with other people. And I think that that speaks to some of their internal contradictions too, because they're not unified by a political ideology. Members of Anonymous fight with each other about that. And I think when you have no political ideology motivating work like that – work that has the potential to impact the whole globe, and has before - it can be really dangerous. We of Anonymous declare total fucking war on antifa, and all who support their criminal and violent actions towards innocent civilians. I've seen Anonymous operations go after people in a kind of y'know, right-wing, Pizzagate-type style. You know... I mean it originated on 4Chan. Historically, the hacker community has been very inclusive. When everything started, nobody really knew who was on the other side of the line. Everyone was just green text on a black background. With that said, there is a lot of sexism in tech generally, and I'd say that the people who are recruited from places like Reddit and 4Chan are like, y'know, your typical tech bros. Every community on the Internet, and every sub-community within those sites, whether it's 4Chan or Reddit or whatever, has a dog in the fight in gamergate. Gamergate and 4Chan, and the origins of the alt-right, I think are one of the most obvious confirmations of something that many of us who are radicals already knew ... which is that toxic masculinity, misogyny, whatever you wanna call it, is an incredibly dangerous and violent force. And it never ends there. Beyond the origins in 4Chan, I don't really know exactly where a lot of these young men came from. I imagine that it's probably not any more interesting than they are a result of late-capitalist alienation. But I think that they started out with, y'know, your just, like, garden variety misogyny. And then actual literal fascists went to their forums and whispered fascist poison into the ears of all these impressionable men. And because they already were prone to violence and bigotry, then it was just the natural conclusion. Doxxing is the practice of exposing information about your opponent that they'd rather have kept secret. Typically, doxxing happens from information that is already somehow readily available and maybe just a little bit hidden. If someone is doing their activism under a pseudonym, attackers will search for any kind of connection to their real physical persona and put that information online. And then whoever the target is, all the people who wanna go after that target will work collectively to terrorize them. The result of it can be, y'know, something like getting 50 pizzas delivered to your house ... or it can be a SWAT team showing up in response to a fake bomb threat. Protection against this is best done by compartmentalization of your online activities. So keep your activist activities and your regular activities separate. Use different email accounts when you sign up for services. Doxxing's also been used by hacker collectives to expose lists of police officers, members of fascist organizations... A lot of people were doxxed after the Charlottesville rally out of just public open-source knowledge, and had to back-track on their beliefs and actually had to go out in public and offer apologies. In June of 2010, a malicious computer worm called the Stuxnet virus was first discovered by a small Belorussian software company, VBA32. It was soon shared with cyber-security experts at Kaspersky Labs, in Moscow, and Symantec in Silicon Valley, who quickly realized that it was unlike any virus ever seen before. Far from your run-of-the mill malware, Stuxnet was a sophisticated weapon, comprised of millions of lines of code and believed to have been jointly developed by the cyber-warfare divisions of the American and Israeli military. Its target was the Natanz nuclear enrichment facility, in Iran. For Natanz, it was a CIA-led operation. So we had to have agency sign-off. Someone from the agency stood behind the operator and the analyst and gave the order to launch every attack. For months, the virus had lain hidden within the plant's Programmable Logic Controllers, machines that are commonly used to regulate and control a wide variety of industrial processes. Running commands that were completely untraceable to workers in the plant, Stuxnet targeted centrifuges for sabotage, causing them to explode, seemingly without cause. The virus was only discovered due to an error in an upgrade patch, which allowed it to jump out of the secured military facility and onto the world wide web …. otherwise we would have never even known it existed. The Israelis took our code for the delivery system and changed it. Then, on their own, without our agreement they just fucked up the code. Instead of hiding, the code started shutting down computers ... so naturally people noticed. Because they were in a hurry, they opened Pandora's Box. They let it out and it spread all over the world. The Stuxnet virus set an important historical precedent, as it heralded the beginnings of a dangerous new chapter in modern warfare. Still in its relative infancy, state-led cyber military campaigns are now being conducted under conditions of total secrecy, shrouded from public scrutiny, or even knowledge. And given the widespread incorporation of digital systems into all aspects of industrial civilization, from electrical grids to emergency management systems and even missile launch sites, the potential consequences of these types of attacks could lead to truly catastrophic loss of life. And while states have been the first to reach this stage in the development of offensive cyber warfare, corporations and other sub-state actors are already charting their own courses in the militarization of digital systems. A lot of what we have as the Internet now - a lot of the building blocks of the Internet - were created by hackers. Experimenting with the technology, coming up with new uses for a communications system that was originally designed to sustain military communication in times of war. And all of these really talented young programmers started to found these Internet start-ups and these companies that become Silicon Valley. So hackers suddenly go from becoming criminals to these billionaire entrepreneurs. These corporations are gathering data at an impressive scale. People are naturally communicative beings. So we're constantly emitting information. And that information is captured by the social media companies and search engines. And that information is then taken and analyzed using algorithms to find patterns. Facebook actually records everything that you type in the status message – even if you don't send it. And maybe you're just thinking out loud when you're doing this. You're not thinking that you're actually thinking out loud in a really crowded room, with everybody having a recorder on them ... but that's actually what you're doing. I think about our right to privacy the way that I think about a lot of our other rights, in that if we actually had them they would be a good start ... but we don't. Privacy essentially is the right to keep thoughts to ourselves, and the right to decide who we share them to, and who can actually see them. We have a guaranteed right to privacy in the US Constitution, which says that the state can't just come in and, like, look around at our stuff and do whatever it wants. But they do. And they can. Because the state has a monopoly on power. Protecting your social information and your personal data is also defending your self-determination. There's this notion that's often used by the state and private companies that if you don't have anything to hide, then you don't have to worry about privacy, and you don't need security, and you don't need encryption. If you hear anybody saying “I have nothing to hide. I don't care about my privacy.” I recommend asking them for their credit card information or their social security number. The biggest concern I have with the “I have nothing to hide” is because today it seems really really easy to say it. But in the past we have lived in darker times. And the information we provide is really really useful to hit our groups ... or any kind of political activity. For example, surveillance cameras on universities – when you face a bigger threat ... let's say we have a coup d'etat in my country. That surveillance camera information becomes really really different from having just a couple of eyes watching them. What people are really saying, I think, when they don't care about their right to privacy is “I'm not like those bad people. "I'm a good person. I'm a law-abiding citizen.” Which is a meaningless concept. Everybody has secrets. Everybody keeps things to themselves. Whether or not they like to admit it, everybody puts pants on. And then we have these new tendencies like the Internet Research Agency and Cambridge Analytica finding ways to use our communication and social media and create these fake interactions where they can quickly create a profile of us of who we are, where we are in the political spectrum, what our tendencies are, and try to push us in new directions. And kind of control our view of the world. And you know, cyber is becoming so big today. It's becoming something that, a number of years ago, a short number of years ago, wasn't even a word. And now the cyber is so big. We conduct full-spectrum military cyberspace operations to enable actions in all domains, ensure the US and allied freedom of action in cyberspace, and deny the same to any adversary. Breaking news about Russian interference in our election. FBI now investigating Vladimir Putin. And as President Obama promises to retaliate for the cyber attack, the Russian President continues to deny he ordered it. Cyber warfare is really cheap. It requires very little equipment. It's very quiet. It's easily deniable. And so it becomes a really powerful tool for state actors and corporations to use, because it's very easy for them to just brush it off after and say “we never did this” or “we don't know who did this.” Nation states are actively at cyber war with each other. They each have their own dedicated cyber armies for purposes of espionage, for purposes of sabotage. It goes from intelligence gathering to, really, destroying nuclear programs - as they've done in Iran. And probably a whole bunch of other things we don't know about. Because they are so secretive... because they're so easy to hide. Everything run by a state in this area is run in a very military, or corporate way. There are people, y'know, doing shift work. There are very clear plans and strategies. Which means that they'll be working more efficiently towards an actual goal. The state can also use all of these techniques that it's developed against the civilian population. Against any actors it feels are a threat. Since hacking and compromising someone digitally is such an abstract thing, it will probably be easier to pull the trigger on someone, even if you're not exactly sure if they're the person you're looking for. This isn't like conventional warfare either. They can act in a way that obscures the origins of the attack, and they're not held to any standards of transparency or accountability on the world stage. If we're talking about a government that has no problems sending drones into a country, I mean... obviously they're not going to feel any need to have to answer to their hacking activities. It's very likely that we'll see a rise in groups using cyber-warfare to advance their own political gains, or to counter-attack repression. It’s often said that there’s no such thing as perfect security. All systems contain potential vulnerabilities that can be exploited by determined and capable adversaries. And when you choose to go up against the state, you’ve chosen an adversary that is both. Dozens of FBI agents targeted alleged members of a loose-knit hacking group. Armed with search warrants, agents hit six homes in New York, along with locations across the country. The best we can do is develop security protocols that are adequate for the task at hand. This means being constantly aware of the risks involved with the actions that we carry out, and understanding what steps that we can take to mitigate those risks. When it comes to communication, this means using methods and tools that are available to thwart interception and mass data collection in order to at least make things as difficult and expensive for our enemies as possible. How would they tell you to access the material on this phone? I think they would say what they've said, which I believe is in good faith. That we have designed this in response to what we believe to be the demands of our customers to be immune to any government warrant, or our (the manufacturer's) efforts to get into that phone. It’s also important to remember that this truth cuts both ways. As infallible as the systems of social control may appear, they too have vulnerabilities that are just waiting to be exploited by determined and capable adversaries. Let’s hope we can rise to the challenge. Someone has broken into the national bank – the Federal Reserve. A Twenty-First Century thief breaking into files, not into metal safes. I think there's a lot of interesting things that anarchist or anti-fascist collectives could do with hacking for their movements. But something I think is more interesting to me is: how can we use technology, and use hacking skills to come up with new ways to connect to each other, in a global movement where we can come to agreements together in a way that's safe ... that doesn't expose us, that doesn't put us at risk of surveillance? We should begin with the assumption that the Internet is hostile territory. It's an ongoing state of war. Military and law enforcement are using it as a tool for social control. But it doesn't have to be this way. And hackers and activists, we could use it to undermine and subvert these systems of power. We could create secure communication networks to coordinate the next big demonstration. But you certainly would have to be aware of encryption, of using proxy servers... of using software like Tor. You have to be able to protect yourself. Because if not, they're going to use it against us. I think the first step for any radical to protect themselves on the Internet is to understand their threat model. There's a really great resource that the Electronic Frontier Foundation has on figuring out your threat model. And they cover a lot of what you need to be thinking about with these things. There's this software called Tor that is very good to anonymize yourself if you want to do something over the Internet. People are recommending a messaging app for cell phones named Signal. The Tor browser, which when you install it and when you start it up, it sets up a connection to a decentralized network. And then your communication will go via this network in a number of different hops, so that if you're browsing to a website, it's not possible for that website to actually tell where you're coming from. One of the most important things that we really need to do is segment our identities online. And so don't re-use identities. Don't make them last for a long time. You might have a public identity, which you carefully curate, and then create yourself new identities to really target special operations that you wanna do. Special events that happen. If there's some protest going on, maybe make a new identity. It makes things a little bit difficult because we do tend to operate on a trust basis, and you need to re-build these connections. But definitely it's the only way to make sure that you stay protected. If you have for some reason linked your regular identity with your Internet persona, it's going to bring problems if some kind of neo-nazi wants to publish that information on a board or whatever. Within the hacker community there's a strong ethos of shutting the hell up. Don't talk about things that you've done. And it comes back to this idea that your identity is really not that important. Forget the fame.... do it for the actual purpose of the thing you wanna do. But don't actually care about whether or not people really will know that it's you. Don't tell your friends... don't talk. Shut the hell up. Use really strong passwords, and a password manager. That's a really typical avenue that doxxing happens through, is just people finding your simple password and gaining access to your accounts. Use two-factor authentication on all accounts that you can. If you're trying to learn how to hack, you are going to have to learn how to program. How to computer program. And if you can learn how to develop websites and run servers, you could look at other people's code and spot the mistakes that they've made that allow you to exploit and leverage that vulnerability. Re-install your computer as often as you can. Try out new operating systems. If you've never used Linux, install it. If you've used Linux before, install another distribution of Linux. If you've always used Mac OS, maybe try Windows. Just try new things and don't be afraid to break it, because in the end if the computer breaks you can always just reinstall the operating system. Try the different tutorials you can find on Kali Linux, and really try and attack your own systems. Try to think outside the box. In that way, y'know, hacking is a lot like anarchy – things are what you make of it. It's not only about us getting more involved in technology and using technology. We also have to bring the politics to technology. We have to connect with the spaces where free software is being developed and make our politics a part of that space. And I think that's something that's happening, right? We can see that in a lot of the free software communities. But it's something we need more of. Decentralized, ideologically-driven hacker collectives, if we unite our efforts we could, without any resources whatsoever can dismantle a corporation, humiliate a politician. And independent hackers, we have the advantage since we're not doing it for a paycheck. We're not doing it for any kind of allegiance to a country. We're up all night. We're breaking into systems because we love it. Because the thrill of breaking into anything that they can build while being able to undermine their systems of control is a better driver, a better incentive for hackers than a paycheck or... America. If you take the offensive and hack, expose and destroy these systems of the rich and powerful, we could drive them offline. Hack the planet! Hack the planet! As a deepening awareness has emerged of the role that Russian hackers played in swaying the 2016 US Presidential election, and facebook has been pressured to release information on the Kremlin’s widespread usage of its targeted ads function as a means of exacerbating tensions and sewing political discord among the American public, hacking has moved from the margins of popular culture to the center of mainstream political discourse. If our movements of resistance have any hope of remaining relevant in this rapidly shifting political climate, it is vitally important that we understand the ways in which power is restructuring itself in our current digital age, and adapt our theory and practice accordingly. So at this point, we’d like to remind you that Trouble is intended to be watched in groups, and to be used as a resource to promote discussion and collective organizing. Are you interested in upping your digital security, or exploring the ways in which you can better incorporate an offensive online strategy to your organizing campaigns? Consider getting together with some comrades, screening this film, discussing how this might be done, and possibly pairing it with an info-session on how to use Tor, and how to encrypt your communication devices. Interested in running regular screenings of Trouble at your campus, infoshop, community center, or even just at your home with friends? Become a Trouble-Maker! For 10 bucks a month, we’ll hook you up with an advanced copy of the show and a screening kit featuring additional resources and some questions you can use to get a discussion going. If you can’t afford to support us financially, no worries! You can stream and/or download all our content for free off our website: If you’ve got any suggestions for show topics, or just want to get in touch, drop us a line at trouble@sub.media. We’d like to remind you that our fundraiser to grow our subMedia collective is still ongoing. We will be doing one final push in December, and hope to reach our goals by the end of the year. To help make sure this happens, go to sub.media/donate and become a monthly sustainer for as little as $2 per month. As always, we’re excited to see that people have been supporting and screening our work, and wanna give a big shout out to new troublemaker chapters in Vancouver, Prince George, Seattle, Bloomington, Brighton, Ithaca, Quebec City, Prescott and Edinburgh. If you’ve been organizing screenings in your town and we haven’t given you a shout-out, let us know! We will be taking the month of December off, and will be back with a fresh season of Trouble, plus a ton of fresh new subMedia content, starting in January. This episode would not have been possible without the generous support of Nicholas, Josh, Avispa Midia, Peter and Biella. Now get out there, and make some trouble!