This document provides guidance on building a hacktivist community while managing risks. It emphasizes starting with lower risk activities like citizen journalism and reporting issues publicly. It stresses the importance of trust, privacy, and security training before taking on higher risks. Members should consider personal risks like location, technical skills, and identities that could make them more vulnerable targets. The goal is to raise awareness and potentially take informed action, not get arrested or endangered. Ongoing education and practice in digital security and privacy are key to operating safely.
4. What is “hacktivism”?
• Legal or lower risk hacking:
• Reporting, citizen journalism (maybe)
• Outing people for something
• Protest, petition, policy, law changes
• Civil disobedience (maybe)
Wednesday, May 1, 13
9. Lower Risk “hacktivism”
• Publicity. Use all possible social capital.
• Get consent, protect privacy, personal
security, personal data if possible.
• Rhizomatic spread. Don’t wait for the boss.
• Action plan. Group chat. Collectively edit
some documents. Needs list. Schedule.
• Report on what is effective.Ask for more.
Wednesday, May 1, 13
10. Emergency power!
• Hurricane Sandy
• Existing communities, social capital among
disabled people online
• Incredibly fast mobilization, public call, in-
person help from friends of friends of
friends, nearly random strangers
Wednesday, May 1, 13
11. Higher risk
• Reporting or citizen journalism (maybe)
• Infiltration, espionage
• Leaking military or other secret info
• Messing with governments, huge
corporations, organized crime
Wednesday, May 1, 13
12. Who will you piss off?
• Professional reputation/status?
• Stalkers or other hostile individuals?
• Intellectual property, legal, hacking laws
• Repressive government, military?
• Mexican drug cartel? Russian mafia?
• In short, what are you risking?
Wednesday, May 1, 13
13. Example:
Editing the Zetas
• What’s the threat level if you want to edit
some Wikipedia pages about Mexican drug
cartels?
• Where are you?
• Not-Mexico: Make persona, use Tor +VPN
• Mexico or near: Maybe that’s not enough
Wednesday, May 1, 13
14. Nuevo Laredo
carspotting
• Chat rooms to report on dangerous stuff
• Green Chevy at corner of 9th and Main
every afternoon
• Roadblock on the west road out of
downtown
Wednesday, May 1, 13
15. sms blogging
• blog from burner phones
• vojo.co has all-phone setup
Wednesday, May 1, 13
16. Risks, maybe
• Someone shoulder surfs you in a cafe and
shoots you in the head later
• Keylogging, insecure connection
• Site you’re on is run by gangsters. Oops!
• Or is on phpBB or something scarier
• (narcomensajes, torture, murder)
Wednesday, May 1, 13
17. Consider Risk
• Are you’re risking your freedom?
• Or your life
• Or other people’s lives
• Make sure it’s what you want to risk
• For a good reason!
Wednesday, May 1, 13
19. Why?
• What are your reasons and goals
• Publicity? (Then stick to lower risk)
• Personal studliness? (Don’t!)
• Expose truth?
• Freedom fighter?
Wednesday, May 1, 13
20. How to make a hacker
community
Wednesday, May 1, 13
22. Or, first...
• At least pause
• Ethics of encouraging others to do high risk
things on some crappy Windows machine
with LOIC or whatever.Yeah.
• Learn security, anonymity, privacy
• Put them into practice
• Practice!
Wednesday, May 1, 13
26. Feminist Hackers
• Bunch of women hackers talking
• Why is there a “false accusers” wiki run by
MRAs, but no “rapists” wiki run by rape
survivors? Unfair and wrong!
• OMG Haxxors!
• Retaliation (identity/safety/DDoS)
• Defamation, legal threats
Wednesday, May 1, 13
28. Pick your cool haxxor
names!
• We thought of some great ones
• Most of them were totally contaminated
• Anyway, they sounded like roller derby
names
• And we were telling them to each other,
which was dumb, but we realized that
about 2 minutes in
Wednesday, May 1, 13
29. • So I can never secretly be “Louise
Boat”.This makes me very sad.
Wednesday, May 1, 13
31. Testing each other
• We looked at what info we were leaking by
accident, and what we knew or could deduce or
find about each other.
• Some of us were better at it than others.
Wednesday, May 1, 13
33. Some hackers are more
equal than others
• We all had some practice, because we are
all women talking in public and thus,
present more attack surface
• Various factors made some of us more
vulnerable than others: queer, trans, people
of color, homeless, have kids, domestic
violence survivors...
• Those factors often encourage more
practice in privacy, anonymity, pseudonymity
Wednesday, May 1, 13
34. Check your privilege
• If you’re hacking in a high risk way you’re
risking everyone around you.
• The others in your “hacktivist community”
may be at risk merely by being associated
with you
• Protect your contacts
Wednesday, May 1, 13
43. Ops checklist
• Safer computer, software (encrypt)
• Physical security (for your computer!)
• Safer connection (Tor, thenVPN?)
• Persona management.
• Shut your pie hole!
Wednesday, May 1, 13
44. More leak vectors to
consider
• Location, time, time zone. Avoid patterns!
• Password hygiene
• Paying for stuff
• clicking links someone sends... (don’t)
• Panopticlick (browser fingerprinting)
• Tor, thenVPN(s)
Wednesday, May 1, 13
45. Study security, privacy,
anonymity guides
• EFF guide
• Internews, CPJ guides
• TOR, crypto.is
• Study together
• That’s still not good enough
Wednesday, May 1, 13
47. Consciousness Raising
• Bootstrapping new hackers is hard.
• Consider your personal identity and what
attack surface you present.
• This will take some discussion and thought.
• You will get a community that is capable of
hacking something for some reason
someday. Maybe in a crisis.
• It’s political consciousness raising
Wednesday, May 1, 13
51. Medium risk hacking
• There’s still things to do that probably
aren’t super super super risky...
Wednesday, May 1, 13
52. SRS Business
• Hollaback. Cell phone pics of street
harassment.
• Public callouts of public bad behavior,
whether pseudonymous or real name
• Twitter hashtags, mockery
• ShitRedditSays started reporting on public
misogyny. “Outing” and “doxxing” of
violentacrez ... ie “googling” and “his beer
buddy told on him”.
Wednesday, May 1, 13
53. FERT was born
• Feminist Emergency Response Team!
Wednesday, May 1, 13
54. Lower risk high risk
hacker activity
• Neighbor in domestic violence crisis, we found
her husband in herYahoo email and her phone
• Ex-pat Syrian journalist getting death threats.
Looked at email headers, IP and told her it was
not obviously a local threat or a threat from
within Syria
• Palestinian activist convinced site was hacked by
Israeli govt. Were able to show them it was just a
spambot, php/sql injection
• Advised feminist blogger undergoing 4chan raid
Wednesday, May 1, 13