::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::
 

A few farsighted hackers of the EFnet-based computer underground saw this morally conflicted security quagmire coming 14 years ago.

Uninterested in acquiring personal wealth, they gave birth to the computational ethics movement known as Anti Security or “antisec.

 

Antisec hackers focused on exploit development as an intellectual, almost spiritual discipline. Antisec wasn’t – isn’t – a “group” so much as a philosophy with a single core position.

An exploit is a powerful weapon that should only be disclosed to an individual whom you know (through personal experience) will act in the interest of social justice.

After all, dropping an #exploit to unethical entities makes you a party to their crimes: It’s no different than giving a rifle to a man you know is going to shoot someone.

Though the movement is over a decade old, the term “antisec” has recently come back into the news. But now, I believe that state-sanctioned criminal acts are being branded as antisec.

For example: Lulzsec’s Sabu was first arrested on June 7, 2013 and his criminal actions were labeled “antisec” on June 20, which means everything Sabu did under this banner was done with the full knowledge and possible condonement of the FBI.

(This included the public disclosure of tables of authentication data that compromised the identities of possibly millions of private individuals.)

This version of antisec has nothing in common with the principles behind the antisec movement I’m talking about.

But the children entrapped into criminal activity the hackers who made the morally bankrupt decision of selling exploits to governments are beginning to publicly defend their egregious sins.

This is where antisec provides a useful cultural framework, and guiding philosophy, for addressing the gray areas of hacking.

For example, a core function of antisec was making it unfashionable for young hackers to cultivate a relationship with the military-industrial complex.

The only ethical place to take your zero-day is to someone who will use it in the interests of social justice. Clearly, software exploitation brings society human rights abuses and privacy violations. And clearly, we need to do something about it.

Yet I don’t believe in legislative controls on the development and sale of exploits. Those who sell exploits should not be barred from their free trade but they should be reviled.

In an age of rampant cyber espionage and crackdowns on dissidents, the only ethical place to take your zero-day is to someone who will use it in the interests of social justice.

And that’s not the vendor, the governments, or the corporations – it’s the individuals.

In a few cases, that individual might be a journalist who can facilitate the public shaming of a web application operator.

However, in many cases the harm of disclosure to the un-patched masses (and the loss of the exploit’s potential as a tool against oppressive governments) greatly outweighs any benefit that comes from shaming vendors.

In these cases, the antisec philosophy shines as morally superior and you shouldn’t disclose to anyone.

So it’s time for antisec to come back into the public dialogue about the ethics of disclosing hacks. This is the only way we can arm the good guys.

#Anonymous #Anonymiss #Anarcy #Activism #Antisec #CgAn #Hacking #Hacktivism #Lessons #pentesting #security #SocialEngineering #CyberAktivist #ExpectTheUnexpected #Unite

 

(Visited 207 times, 1 visits today)

One Response to Antisec – This version of antisec has nothing in common with the principles behind the antisec movement

  1. Pingback: Antisec – This version of antisec has nothing in common with the principles behind the antisec movement – nebudchadrezzar at the edge of panic

    […] Antisec – This version of antisec has nothing in common with the principles behind the antisec mov…: “ […]

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.