R.K.: So you've written about hacktivism.
R.K.: Can you talk a bit about that?
P.L.: Well, hacktivism is in effect hacking for a political or social cause that is to say it's motivated by some sort of political concern. By hacking, I take that very generally to mean re-purposing technology for purposes for which it was not originally intended. So you take a piece of technology, a computer or whatever, you say I'm going to actually deploy this for some sort of political end. And I have been concerned with following some hacktivists in the last few years, what they've been up to and the kinds of trouble they get into.
R.K.: Can you give a little background on that? I know you mentioned Aaron Swartz, can you give a big picture about what's going on with hacktivism and how the-- hacktivism, to me seems to be a very Bottom Up activity. Is it?
P.L.: For the most part, it is. You get some nominal leaders but they're clustered, but for the most part it's just -, I think one way of thinking about it is that hacktivism is not really a doctrine, it's more of a tactic, and it's a tactic that could be deployed by, basically any sort of political agenda or social concern, and it does, for the most part, remain rather diffuse and a lot of it takes place underground or anonymously.
R.K.: Now there's always Cass Sunstein who wrote about the idea of disrupting protestors and what have you, by using sock puppets and fake personas online and what have you. Is that a kind of hacktivism?
P.L.: No, that's not. I mean, so let me give you a couple of examples. One example would be a distributed denial of service attack where thousands of users would go to somebody's website and keep clicking on it over and over again which basically grinds that website to a halt.
That's analogous to what would traditionally be called a sit-in. Where you sit in front of a bank or something like that and make it difficult for people to get in and out. Then there are others kinds of hacktivists actions that are more aggressive and which target an organization like H. B. Garry or Stratfor and unlock their secrets. So you mentioned sock puppets and one of the things that in fact they did come across in the H. B. Garry hack was that the U.S. Air Force had put out proposals for companies to create basically a sock puppet management system, meaning, what they wanted was a tool, what the U.S. Air Force wanted was a tool that would allow someone to control multiple individuals on social media sites.
So for example you might have twenty, a hundred accounts, the idea would be that one individual could sit at a desk and flood a website or flood the New York Time comments under an article with separate accounts but they were all under the control of one individual.
R.K.: So that sort of thing is a way for the state to make it appear that they have support when in fact they don't. Is that hacktivism or is that just an internet strategy?
P.L.: That is a, I consider that to be a traditional military psyops strategy.
P.L.: It's like saying, if it goes back to Sun Tzu in The Art of War. You make it look like you have more supporters and troops than you actually do, so I consider that just a traditional sort of military irregular warfare strategy and it's being done on the internet but it's just because the internet is the new battleground.
R.K.: So what are the different weapons in hacktivism?
P.L.: Well, one of them that I mentioned it the distributed denial of service attack where you get a number of people to descend on a site simultaneously. Another thing you can do, as I said before, is do a penetration of the system and one pivotal way is just to do what they call social engineering where you get someone, you cajole someone in to giving up a password; you do that then the game is over.