hack the planet, save the world
I have always been a little misanthropic, sympathetic to the outcasts and marginalized, naturally drawn to whatever is counter to the culture. The first time I saw Robocop, around age 6, I didn't ask my mom if I could become a robot, a cop, or even a robocop- I asked if I could get a charged mowhawk and dye it green, like the looters the fascistic Robocop attacks (she said no). And when I saw Hackers, I was instantly enamored.
If you haven't seen Hackers, first off- I feel sorry for you. It tells the tale of a group of misfit teen computer hackers fighting against the opaquely evil security officer The Plague. Their outfits are a pastiche of 90s counter-cultural (whether commercial or not...) fashions- grunge, punk, rave, and of course, cyberpunk. They phreak pay phones before rollerblading into the night, on their way to raves and horny make-out sessions in broken-into roof-top pools. This is of course when they aren't busy hacking- the art of flying through geometric primary colored landscapes representing troves of data (drawing on Neuromancer's hyperspace, like so many other films), evading Penn of Penn and Teller, in pursuit of Data, digital vandalism, and generally sticking it to The Man.
At one point during the film, a Secret Service agent reads from Lloyd Blankenship's IRL document "The Conscience of a Hacker", better known as The Hacker Manifesto, written even further back in 1986:
"""
This is our world now... The world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... And you call us criminals.
"""His partner, deadpan, replies "That's cool." And he's right. It is really cool. A little cheesy to our jaded eyes sure but you have to understand, there was a time when you were allowed to be earnest.
The movie is cheesy. Often hilarious. Like when antagonist The Plague, sketching alongside a white limo on a skateboard, detaches to grab a bright yellow floppy disc from the protagonist, Zero Cool / Crash Override, then latches back onto the limo, disappearing into a cloud of sewer steam at the obvious edge of the set.
Link to YouTube clip
For a certain subset of the population, it was the penultimate Cool. Hackers is a silly Hollywood movie, but it's not entirely fantasy. It represented a real life optimistic hacker ethos of the underdog's ability to take down the giant, a DIY David and Goliath story open to anyone with skillz to hack it. This was the general attitude of hacking as I knew it in the 90s and 2000s. Was I naive then? Am I now? Possibly.
For every left-leaning fighter for the cause of "information wants to be free," there has always been a neo-Nazi hacking for their own party's ends. (This is an unwelcome truth of the internet- as much as us idealists saw it as an egalitarian equalizer, it has always been used as effectively, if not more, by the far right, for opposite ends.)
Def Con, easily the largest hacking and security conference in the world, happens in Las Vegas every August. Its first event was in June of 1993, nearly contemporaneous with the release of Hackers. It was a zeitgeist era for hacking. The first event drew about 100 people, not a bad crowd. It's grown practically exponentially since then. You can expect to bump shoulders, elbows, chests, knees, heels, with about 30,000 attendees if you go today. And this year, I did.
You'll find myriad references to the movie Hackers as you attempt to work your way through the Def Con mob. Hackers badges, SAOs, stickers, cries from the half-mile long lines to "hack the planet", or an especially secure and complex computer known as "the Gibson" (presumably a William Gibson nod), the sounds muffled by the mass of unmasked sweating shuffling bodies.
But the sticker is at a booth for a next-gen AI-powered SIEM that will make all your wildest dreams come true. The badges are next door to the flashy booth with guys who apologetically explain that this CTF is actually sponsored by Google Gemini, despite hiding it. The call to action to hack the planet echos off the US Army's xTechnology competition tent.
Def Con wants to have it both ways. They want to maintain their cred as a counter-cultural gathering of hacker misfits playing "spot the Fed" like they did in the early days. Smol guys who do big things behind the curtain. While also being a business, government, and military friendly recruitment event, respected and respectable. Enviable. A one-stop shop for Goliath to suck up talent.
The event relies heavily on the use of Goons: volunteers who give their time to help run the event. These Goons come at wildly differing levels of professionalism early into the con, but they did get better as the con went on. I don't want to disparage their contributions. But I believe Def Con continues to rely on volunteers for 2 reasons: it saves money, but more importantly it gives the convention a veneer of DIY attitude. It's a throw-back to a smaller, pluckier con that no longer exists. It's the intimation of intimacy for an event that it is decidedly not any more.
This isn't to say there aren't amazing hackers doing amazing things at Def Con. Or that there aren't teams of sincere, earnest, optimistic hackers like I want to believe I am or was, that are pouring their heart and soul and every last fiber of their being into providing incredible workshops, training, competitions, demos, and merch, for nothing or close to it- striving to keep information free.
Def Con is happy to host them. They launder cred for the massive corporations and government entities that are now the real target audience of Def Con. Every big business with a half-decent security team sends someone to Def Con. This is a clearance house for cybersec. But not just enterprise tools and novel techniques for attendees to ogle at. All the talent (that can afford to attend) is collected under one roof.
Rivian donates trucks to play with and gets vulnerability reports in return. Google hosts a "CTF" where you pentest Gemini. Are these games or bug bounty programs or practical interviews you paid $500 to participate in? Attendees are as much a product to be scouted out as rare, shiny badges.
I shouldn't be surprised, maybe I can't even complain. The only reason I could afford to attend Def Con is that my employer bank-rolled this trip. The official hotels for the conference were The Venetian and Palazzo hotels, running around $200-600 a night for a basic King Suite (there are no standard rooms. Don't ask. They'll mark your file with "Poor"). Do I really even have a right to complain the $500 ticket conference isn't punk enough for me?
As I laid in a King Suite at the Venetian Resort and Casino, paid for by work, Friday night of the conference, recovering, I read that anarchist and early organizer of the conference Jeremy Hammond had been kicked out of the conference earlier that day. He cried out "War criminal!" "Free Palestine" and "This isn't a hacker conference - it's a military recruitment drive!" This interrupting The Dark Tangent, the face of Def Con, as he took jello shots next to Paul Nakasone (retired 4 star Army general, former commander of the NSA ((the fucking NSA!!)) and US Cyber Command, current member of the board of directors for WitnessAI and OpenAI ). A screenshot of the livestream just before this shows the closed caption "Go Army!" while DT takes a jello shot, though it's unclear from the capture who said this.
(links to another article with better details on Def Con's history with the military/intelligence)
Jeremy was not allowed his moment of protest, or hushed, or simply removed from the talk, but banned from the conference itself. Jeremy also states homophobic slurs were used while he (he refers to himself as "us" but accounts seem to indicate he acted alone) was physically removed. Reading about this flipped something in me, like a forgotten memory suddenly remembered.
I looked from my phone to the TV in front of me to the TV slightly to my right (in the "living room"), down to the I assume $50 bottle of Evian water provided on the counter, out to the pool populated by whatever creature it is that enjoys a tepid Vegas pool on a 105 degree night.
When I was young, I wanted to be among the Jeremy Hammonds of the hacking community. The hacktivists using great power for great good against even greater evil. Voices not afraid to speak out. That was my motivation when I got serious about cybersecurity in my late 20s. When I got a job offer as a white hat, I told myself I could use this to hone my skills, that I wouldn't be compromising anything.
But my job now is, in small part, defending against those guys. A larger part is keeping your PII safe, your credit card numbers, your medical info. That is good, worthwhile work. I'm not The Plague, creating ecological disasters to frame some black hat kids. But I'm certainly no Jeremy Hammond either. I have not spoken out, acted out, in any meaningful way against the atrocities happening here and abroad.
Here I am in the consumerist capitalist center of the universe. This should be the sign that I have in some degree made it. I'm in Vegas. The nice part even. Attending the most famous hacker con in the world.
Surrounded by hordes of drunken gamblers from 9 AM to 3 AM, assaulted by lights, noise, and crowds any time I leave my room. I have seen costume opulence in mid-tier midwest casinos. This was my first real experience with conspicuous consumption in its rawest form.
No, the casino is not the convention. But it is. This is where they chose to host it, choose to place its attendees. And it is not for me. I was overwhelmed by the feeling that I do not want or need any of this. It's not my world. I do not belong here.
I got up from tossing and turning in bed and turned down the A/C another notch, never quite able to shake my wonder at how much energy this holy temple of Moloch, The Venetian, The Vegas Strip, consumes every hour. But also not turning the A/C off, or even up.
At breakfast the next morning a coworker would mention the only problem with a good dictator is you always get a bad one next. As a great singer once asked, "how did I get here"? Or to misquote I Think You Should Leave, is my professional life "nothing I wanted and everything I never wanted to be"?
Hacking has always been political but it's never been exclusively leftist. Look no further than the absurd smears against New York mayoral candidate Zohran Mamdani written using documents hacked from Columbia University by an avowed white supremacist hacker recently. Or the disgraceful black hat hacker "Big Balls" stripping you of your social safety net and signing a death sentence for millions aborad.
If hacking isn't inherently political, as some would argue, what are APTs? What's geofencing? Why is the default state of the internet becoming one of control, surveillance, censorship of anything left of Reagan, anything deemed unclean or unnatural by some astro-terfed advocacy group, Nazis, bots, and Nazi bots? Even as encryption gets better governments insist with increasing ire on back doors, with many corporations too happy to comply. They install kill-switches on the internet to shut down communication during mass actions. Is this non-partisan? Is using your hacking skills to defend that, to further it, non-partisan?
In 2004, at Def Con 12, Jeremy Hammond gave a now somewhat infamous talk (youtube link) about the duty of hackers to fight back against authoritarianism- Electronic Civil Disobedience at the Republican National Convention. In it, he advocates for hackers to use their abilities to disrupt the upcoming RNC. He argues that hacking is a tool and that those with the ability to wield it should use that tool as a means for social justice and civil disobedience.
He calls for "autonomous direct action against whatever targets" someone thinks appropriate for attack, especially things related to the Republican Party or conservatism. He does not call for attacking hospitals, despite what some have said.
He does say, seemingly off the cuff, that we also "need foot soldiers in the streets fucking shit up," and, reading from his script again, using "every method of disruption possible," including "shutting down power to Madison Square Garden." This doesn't go over too well. In the recording of this speech, you won't hear more than a smattering of applause. You will hear some groans.
One organizer interrupts to clarify it's not okay to tell people to "fuck shit up." The crowd begins to call out against Jeremy. Heated questions from the audience begin, none in support. Another organizer joins Jeremy on stage with his own microphone. He states that Def Con doesn't condone any of this speech, gives a measured response against it, not condemning the idea of electronic civil disobedience in general, but pointing out that crashing servers can cause real world death, like attacking a hospital's records. This gets more applause than anything Jeremy says.
So no, I don't believe that has ever been the general tone of Def Con. I don't think it should be. He went too far, was too loose with his words. At a younger age, say when I was around Jeremy's age in the video, I would have totally agreed with him. To me, he's speaking with the unreasonable zeal of youth. It's kind of stupid, like we all were. I don't pine for some previous version of Def Con that never really existed. I don't want hacking to be a collective of leftist radicals carrying out borderline terroristic acts. But look where we are today compared to the injustices of 2004.
And look at what didn't happen back then- Jeremy was not removed from the stage, or forced to stop his speech. Despite clearly not liking it, they allowed it to continue. They made room for dissenting opinions. The crowd wasn't castigated for speaking out of turn. No one on the stage or in the audience was banned.
What I see at Def Con today is capitulation to the same anti-First Amendment sentiment, the same pre-emptive compliance, the same increasing militarization we see being pushed on American society everywhere. Choosing to court the techno-military complex is a political decision. DT and Def Con are in many ways the face of hacking. Their decision to cozy up the Army at the same time our country is plummeting into actual authoritarianism, real fascism, is a choice they consciously made, and it's one I cannot and do not support.
The first thing Def Con attendees saw walking into the Vendors' hall this year was a massive tent and cordoned off line leading up to "xTech". A competition with a cool $100,000 cash prize hosted by the US Army for a "60 second elevator pitch" of how they would help the US Army sort unstructured data- which is, interestingly, generally Palantir's bread and butter, and certainly doesn't have any ominous undertones:
"""
The U.S. Army seeks a software-based AI-powered fusion engine that (1) ingests heterogeneous, disaggregated, noisy data sources (e.g., radar, cell phone activity, full motion video, intercepted radio transmissions, satellite imagery), (2) discovers the most valuable information across multiple data sets in near-real time, and (3) allows for dissemination of outputs in an object-ready format.
"""
And don't worry- if you don't win, you get an unprecedented chance to "engage with US Army and DOD experts attending DEF CON 33, receiving valuable feedback on [your] innovations." Gee I'd sure hate to miss it!
On Saturday afternoon, some 200 feet from this booth, a speaker would state an empty platitude about how us hackers can use our skills to fight if our country slips into authoritarianism. He didn't go into details, like Jeremy did so many years ago, on what that would look like. He didn't have any input on what the future threshold would be for a situation bad enough to justify such actions. He, and the crowd, were happy with the thought they could do it, some other time, further down the road.
I'm sure many of you have never felt this way. You see me as the aberration, the nail to be hammered or maybe better pried out, not belonging in the hacker world of today.
But I can't be the only person who attended Def Con this year who became a hacker with some sense of idealism, and didn't like what they saw there. I fear many of us are happy to applaud the idea of hacking for a cause, against Goliath. To tell ourselves we'll carry that torch, write that script, call out those injustices and hypocrisies we see in our hobby, our passion, our profession.
Held hostage by employment and benefits, hemmed in by a silent crowd, packed like sardines into a black curtained room, looking up to Dark Tangent and General Paul Nakasone (of the Army, NSA, US Cyber Command, WitnessAI, OpenAI), wanting to join in a cry out, act out, against the insanity happening before your eyes, everywhere you look. But keeping quiet in the end. Even as another gives you an example, shows you how it's done.
Has the entire Def Con audience slipped into complacency in a cushy job that pays for trips to exotic destinations? Is no one else disturbed by this?
I fear that capitalism, doing what it does best, is absorbing, has absorbed, whatever anti-establishment sentiment existed in hacking and turned that itself into yet another product, another support beam in the foundation of the establishment itself. If you can't beat them, buy them. I am not content to clothe myself in a Flipper Zero and Def Con badge, a $60 shirt, a $400 wifi pineapple pager, and call myself a good hacker.
Has hacktivism, or even just speaking up, become the hold out of a few brave souls, the Jeremy Hammonds, SiegedSec, and Maia arson crimews of the world? If so, why? Where did the idealism of the Hacker Manifesto generation go? Is the cDc just an overpriced merch brand? A panel to meet at a conference, hoping to get an autograph? What can you start doing today, online or in person, to bring constructive change through possibly questionable, devious, but Just action?
There is an on going genocide in Palestine. Gaza is being intentionally starved to death. Gazans are shot when they try to retrieve aide. I heard one reference to Palestine at Def Con: shouted by an attendee who was summarily banned. Def Con, not content with just keeping silent on the subject, is building deeper relationships with our military who cross-train, arm, and support the IDF. Building systems for the US Army is building systems for the IDF. The weapons you help train for use on some perceived enemy abroad will inevitably come home to roost. Look at Washington DC right now.
I cannot join the collective 29,999 strong silence of attendees in the face of Def Con's courting of the techno-military complex. It is wrong. Palestine must be free. I do not support Def Con here, in Bahrain, or in Singapore. It does not represent me, it is not my hacker conference. For my part, I'll use that time and energy to make some small difference behind the screen, trying to use my abilities for real good. Slinging stones at Goliaths as best I can.