Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers.
Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers.
-------
Why you should listen:
* Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.
* Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.
* Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.
-------
Key quotes:
* "There's now a new narrative that there was a single founder of Anonymous, the trolls and the early hacktivists. And that's just wrong in terms of historical record."
* "I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry."
* "The moment you cower, the moment you're not willing to speak up, that's the minute that I think ... the hacker spirit is dead and can't be effective in initiating change."
-------
Links:
* https://www.synack.com/
* https://gabriellacoleman.org/
* https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/
Bella DeShantz: [00:00:00] So welcome to the show. Gabriella. We're really excited to, to chat with you today. Uh, my name is Bella Deshaun's cook, and this is my co-host here. Jeremiah. How are you today?
Jeremiah Roe: Bella. Hey, Gabriella. How's that?
Gabriella Coleman: thanks. Thanks for having.
Bella DeShantz: Yeah. So, um, again, we're, we're super excited to get to chat with you today. I'm just going to jump right, right into it. Uh, so you're an anthropologist who studies hacking and hackers, uh, and you've done a lot of work studying the group anonymous. What drew you into this world in the first place?
Gabriella Coleman: So I started studying hackers around 1998, and I was a very traditional anthropologists working on medical healing, Guyana, South Korea. And low and behold, I came across something called the copyleft, which is a license that was invented by free software hackers, not in the security world, but nevertheless, a sort of domain where hacking [00:01:00] is thriving.
And, you know, I was just floored. I was floored that a bunch of technically minded people who in this case created free software. Um, we're also innovating in the legal realm and I, I found this to be a puzzle. Why was it that people who might be considered to have a kind of engineering mindset would go beyond technology to solve in this case, a problem with intellectual property law, they wanted access.
They found patents and copyrights to restrictive and said, you know what? We're just going to. Re-invent the law. That is what attracted me initially to the world of free software hacking. And over time, um, I got to see how there's very different types of hacking breakers and builders and hacktivists and biohackers.
And, you know, they have very different [00:02:00] histories and lineages. Um, but that spirit of. Being willing to think outside the box technically and also in non-technical domains is what interested me in this world. So as I got to learn more and more about hacking and its different variants, um, I continue to be sort of amazed by that sort of technical, but also political impact of hacking.
Even when hackers weren't trying to be political. Um, sometimes they are sometimes are not, but whether they have that intention or not, they are refiguring everything. Or they're refiguring a lot in different arenas from journalism to finance, to security, to law. And so that is what got me in and at the time as a young female anthropologist, um, who jumped in into this world, it was a [00:03:00] bit heretical for me to do so, because most anthropologists had to.
You know, leave their own country, uh, to do research, to, to be seen as a kind of respectable anthropologist, but I couldn't help myself because there weren't that many people in the trenches doing ethnographic work. And so that's, uh, why decided to stay. And here I am 20 years.
Bella DeShantz: So I have a question. I just, I guess just like my, my personal understanding, uh, obviously I know a good amount about cybersecurity hacking as a person who's in the industry. Kind of a technical person in the industry, and I know what the word anthropology means. Um, but I guess I'm wondering what exactly does it mean to study hackers and hacking from a, an anthropologist perspective?
Gabriella Coleman: That's a great question. So an anthropologist, um, generally does long-term field work. [00:04:00] And what that means is that in some capacity or fashion, you. Really integrate yourself with the people that you're studying. Um, you know, anthropologist sometimes study like objects or commodities like sugar, right. And that's how they enter into a topic.
But, but traditionally, even though the field has changed a lot, the idea is that you really immerse yourself in the world or group that you're studying. And so. Um, my first project, which was on free and open source software, I spent a lot of time on chat rooms, where people were, um, gathering for the project and to do development.
Um, I studied Debbie and, um, among other things.
Jeremiah Roe: my favorite district.
Gabriella Coleman: Yeah.
yeah. Fascinating project. But I also lived with [00:05:00] hackers and geeks as well and went to conferences. Right. So for a couple of years, my whole. Was literally about free software hanging out with free software people I'm interviewing them going where they went.
Right. So it's kind of embedding yourself in that world to participate in it. There's a term called participant observation. That's the main kind of methodology of, of anthropology. And so you participate, you observe, you observe and. You really gain a kind of holistic perspective of the world you study.
So that is what kind of sets anthropology apart is almost its methodology more than anything.
Bella DeShantz: That's really interesting. I can imagine, like being in that environment, I don't know, as sort of like someone specifically there to kind of study and observe, I can imagine that being really interesting.
Gabriella Coleman: Very interesting.
Very puzzling. I could barely follow conversations. I had to take, um, system administration [00:06:00] classes. I took programming classes. I took, uh, copyright and patent classes.
Jeremiah Roe: So really you're a part of our industry now. Like you're, you're just, you're stuck. You're not going back. I'm sorry. It's just kind of where you're at.
Gabriella Coleman: It's no, that's true. You know, you really, really, you, you are transformed through the parcel through the process, right. Um, so
Bella DeShantz: That's really interesting. So you recently joined the anthropology department at Harvard university, which very cool congratulations. Um, and you'll also be working with the Berkman center for internet and society. Uh, will you be teaching the same types of courses that you taught at McGill or, um, where you've been teaching for awhile or are you going to be focused more on recent.
Gabriella Coleman: uh, I'll be doing a lot of teaching as well. Three courses. I taught three courses at Miguel. Um, I'll also be doing a lot of research. I think one of the exciting things about being at Harvard is that the Boston Cambridge area is a [00:07:00] really important area for the history of hacking. Right. It's. MIT is where the term hat came into being, if you know the history of phone freaking, right, the freaks are those kind of precursors, Harvard students were really part of that history.
There were some really important freaking at Harvard, the loft, right. Um, was based out of Cambridge. Some of the loft guys are still in the area. So what, what this means is that it will allow me in my teaching. I teach, uh, Dedicated to hackers. Sometimes I call it hackers. The class, um, is that I can draw on the amazing pool of people in the area and history as part of my coursework.
The other thing I hope to do too, is I have recently been really interested in archiving hacker history, even though it's a recent history. And even though a lot of it exists in documentation. [00:08:00] Whether it's zenes or text files. Nevertheless, a lot of it is vanishing as well. And, um, I would really like to just start creating a archive that is accessible to other researchers and other Packers as well.
So be a few years before I can get that off the ground. I see that as. Companion to a project that I started a couple of years ago called tap Curio, which is a video portal and to hacker dumb, and that feature short little snippets of videos with texts. And it also kind of documents history, but it's very curated.
It's almost like a museum. Whereas what I hope to do is create a much bigger archive that is. Abundant, uh, kind of cornucopia of, of archives and information that others can tap it.
Bella DeShantz: How are you getting those? So like I was thinking about this a little [00:09:00] bit before our conversation about how, like, how do you get the documents that. Deemed important or worth preserving, uh, related to hacker culture. Like how do you find them? How do you know what is useful or just kind of nonsense on the internet?
How does that work?
Gabriella Coleman: So some of the documents I have were given to me actually by people I interviewed, um, for a recent history project on the professionalization of the hacker. And so as I entered. People someone was like, oh, I have a binder full of information. It's everything from, um, advertising around security to very, um, niche news clips, regional news clips from Denver, for example, on a hacking.
Right. And so he gave me. Two huge binders. I also know that, um, one member of the loft, I won't say his name just in case [00:10:00] he doesn't want it know. And he's, he's kind of an archivist. He has a lot of amazing information and hopefully once I have something set up, um, I can compel him to donate it. So currently it's mostly personal relationship.
Right. Um, but then I think once an, if something is set up, then people who are out in the world, right. Who may have a box of zenes or some hard drives with some old and important chat logs. I mean, chat logs are really, really important for hacker history. They might be willing to donate and in terms of what's worthwhile and what's not, it's sometimes, always hard to tell.
Right. Usually. An archivist takes most everything, and then hopes that later others will find a kind of use for it. Right. But you know, the worry is, if you don't take it, then, then it'll just stay in that basement and the basement will flood. And, and then that's the. [00:11:00]
Jeremiah Roe: So, so for those, those that aren't necessarily aware as to what, what zenes are, or, or kind of, kind of what, what this style of documentation is, or, or information sharing. Maybe you could elaborate, elaborate a little bit more. I'm also interested in hearing a bit more about this.
Gabriella Coleman: sure. I mean, hackers again, back to my maybe first original point that they're famous for technology. Fixing braking fixing or breaking technology, but in fact, they do so much more. And one of the things that hackers are famous for, uh, at least in certain circles, um, was an, is still the writing of Zen.
Right. And so some of the famous ones are things like frack or 2,600. Um, some are print, some are online, but you know, there's those, there's like two very famous ones. Here's [00:12:00] hundreds of other ones as well. Right. And, and others, like the youth international party line, which was part of the freak scene that came before.
And these scenes mix technical issues with cultural and political commentary. Right. And, um, small little groups, like bow had their own scene. So it was a way to kind of congeal the, the micro group. Right. And so a lot of hacker history exists in those, in those scenes. And it's not just in the English speaking world, right.
The French had their own scenes as well. Um, the Dutch had their own scenes. And so again, while a lot is known about the famous ones, like frack in 2,600. Um, there's still so much more to dive into. And just as a, as an interesting aside, I heard that frack published recently for the first time in five years.
Jeremiah Roe: Wow. How cool, um, with regard to, you [00:13:00] know, going back to kinda your class, um, I'm kinda curious, You know, this is all kind of intertwined with, with, um, you know, information sharing, um, historical context, um, uh, creating an archive for, for, for, for the hacker culture and all of this stuff. And I'm just kind of curious with the, with the new teaching role that you're going to be doing.
Um, I would, I would imagine that most of these, um, most of these students would be maybe non-technical and so. To me, the hacker culture is obviously just exceedingly, um, interesting. Uh, but I work in this realm and so I'm, I'm kind of curious as to, um, you know, those individuals that are non-technical what interests, what, what do you think would interest them the most about hacking and are they coming into your classes with sort of a lot of knowledge that you've seen or are they just kind of there to get the base? [00:14:00]
Gabriella Coleman: for the most part, people come in, uh, with very little knowledge and I would actually say, uh, they're chock-full. Of stereotypes. Right. Um, and that's what makes teaching a class on hackers. So fun is like, you could sort of just see those [00:15:00] stereotypes explode, you know, week after week after, week after week after week.
Right. So in that sense, um, it's, it's a really kind of satisfying course to teach, uh, precisely because they really have a narrow, very narrow vision of what hacking is. It's usually, you know, the criminal and perhaps Mr. Robot, right? Those are the, those are the two and they are really surprised that there's so much depth and breadth.
And then, you know, I am very lucky. I do bring in a lot of people from the hacker world. To, um, participate in class either online or in person. And that is this whole other dimension, because I think that there's a, you know, whether it's this podcast or things like Mr. Robots, um, I mean the public does have more opportunities to come across more realistic pictures of how.
Than [00:16:00] ever before, but I still think that, um, most people think that hackers are really like these matching biases, somewhat pathological, lonely, not, not quite fully human, you know, and then like when they come across, um, individuals, you know, and I, I do try to. A good. Cross-section not just white, white dudes.
Cause there are a lot, a lot of white due to the hacker world. They're just like, oh my gosh, humans, humans, they're humans. And they're doing this really interesting step. Right? So it's just incredibly satisfying. And I think teaching about hacking is just one of the reasons. I mean, obviously I do love the research, but the teaching is incredibly satisfying for that reason.
Jeremiah Roe: I could imagine. So, so, um, interestingly enough, It had been a while since I had, I had heard the term anthropologist. And so I had to look it up again to see what [00:17:00] anthropology is about. So I'm going to unabashedly admit to that. And as I looked at it, because initially it just didn't make a lot of sense to me.
I'm like, that's so that's so unique. You know, an anthropology professor would, would want to, to, to write books on the hacking culture. And, and then as I looked into it, I'm like, wait, no, no, no, it's not. It makes total sense. And, um, I just, I don't know. I find it exceedingly interesting. Um, from the perspective of a unique outsider coming into this culture, um, maybe not necessarily having the background into it, maybe dead.
I don't know. I don't want to assume. Um, but, you know, I just, I just find that to be really interesting in and of itself. And in the process of diving deep into the culture, uh, you naturally become embedded with, um, the things that the culture cares about, you know, um, with the people, uh, with, with the lifestyle, with a number of things.
And so through that, you've developed a number of, of, of connections [00:18:00] in the industry. Um, and in particular people who aligned with the group. And so, um, did that take a lot of time to build that trust within these specialized groups, uh, of the culture and are you still in touch with them? Um, and what part did they?
I know a lot of questions, but what part did they take in your book? Um, hacker hoaxer whistleblower and spy.
Gabriella Coleman: So you you've described the kind of anthropological relationship very well. Um, which is, you know we're not disinterested researchers, uh, because we become embedded. We start to care about many of the issues that hackers care about. That might be security. That might be privacy. That might be accountability.
And you form personal relationships. I mean, literally you become friends with some of the people. You write them letters of recommendation. You go to their court cases, right? [00:19:00] You become embedded. And that, you know, some people will call that kind of bias. Others will say no, that affords you a very unique perspective that other researchers can't have.
So let's back up anonymous. Uh, unlike studying free software hackers was much harder at some level with the free software community. Oh, yay. You want to learn about Linux? I'll talk to you for 10 hours straight and that'd be like, oh my God, enough enough? And they're very welcoming.
Jeremiah Roe: know that guy, maybe we know the same guy or, you know,
Gabriella Coleman: exactly.
And anonymous at some level, when I was there between 2018 and 14 was, was also welcoming. I was on the chat rooms initially. And, um, in the case of the, the kind of. No, that came into being 2000, 10 and 11. They had a channel dedicated to reporters and to [00:20:00] researchers because they wanted attention and people like myself, people like myself could act as a gopher and broker.
And I was, I brokered a lot of, um, not deals, but I opened the doors for, for journalists. Right. So it was handy for me to be. But it was incredibly hard for a couple of reasons. First of all, it was very chaotic. Um, so it was very hard to understand what was going on. People, you know, went by handles. Um, and it was hard to sort of know what a know, what was true, what was false, what was going on.
Not everyone involved in the hacktivist era that I was studying was engaged in illegal action. In fact, I would say the majority were not, they were mostly organizers, media makers, but anonymous became famous for their, you know, high stakes, high risk hacking. And that was something I was very interested in and wanted to [00:21:00] learn about.
And it took a very long time. I would say six months to 12 year. Um, sorry, let me back up. It took a very long time between six months to 12 months before some of the hackers started to open up to me. Uh, in interviews or let me into some secret chat rooms. Right. And as an anthropologist, unlike a journalist journalists are amazing.
They're kind of like Hawks or they come in swoop, get the data, you know, I'm just like, I'll sit for three months, you know, and wait, um, and just watch and then hope the data like lands in my lap, you know? And it did, it took a long time and I got a lot of information. And I didn't want to be in the chat rooms while they were organizing hacks.
That was just too risky for everyone. But, but certainly I wanted to learn about it after the fact. [00:22:00] And over time I was able to gain that access. And then even later, I mean, this is, this is, um, as points to this kind of long term committed. And the long-term relationships at the anthropologist forum. I mean, it's certain point people in anonymous got arrested and I, like I mentioned, I went to some of their trials.
I got to know some of them. And, um, after I got to know some of these individuals in person, then a number of them also gave me some logs or, information much later, but in time for my book. Right. And so, um, It was just very, very challenging for that reason, but it was also great in so far as, at, at the time I was actually teaching a little bit less.
I had some fellowships and that afforded me the time so that I could be present on IRC. For example, in, um, in the chat rooms, [00:23:00] six days a week, five hours a day. I mean, that's a lot of time. I can't do that right now. I wish I could write. Um, and just form those sorts of relationships that are, you know,
conducive toward.
They, they, they help, they helped me really understand what was going on and make sense of the.
Bella DeShantz: earlier you mentioned the like, you know, kind of, maybe it needs you, you might need to take time to understand what's true, or maybe not be able to know what's true or not true. Um, and you also kind of talked about, uh, you know, journalists getting information from these kinds of groups.
And I think. Uh, obviously it's so important for journalists to get accurate, truthful information and verify their information before sharing it out and not be spreading misinformation. Um, what is that look like for an anthropologist? Like what is your responsibility or need to get truthful [00:24:00] information?
Is it the same kind of, uh, requirement or different.
Gabriella Coleman: Great question. I, I would say there's some similarities, but also some differences. Um, you know, generally. Anthropologists aren't publishing for CNN or CBS or the Atlantic. I mean, we publish, you know, opinion pieces here and there we get quoted. Right. Um, so when a journalist gets something wrong and it's published, um, in a mainstream piece, I mean the ramifications are really substantial.
Right. And the stakes are really, really high. And currently there's a big battle over like whether there was a founder of anonymous or not. And a lot of journalists actually are publishing, I think, just straight up false information. And it's been very hard to correct the record. Right. [00:25:00] So an anthropologist, um, doesn't necessarily have the same type of impact.
I mean, I did write one popular book. It was read a lot, but a lot of, uh, academics. Um, publications are read for like, by like 20 people. Right? So even if there are some, some lies, it's not going to percolate out that that said, you know, um, an anthropological analysis on the one hand I do think tries to get matters of fact.
No, correct. Um, on the other hand, unlike a journalist, I can theorize how secrecy and telling why. Works in the collective. Right. Um, and that's part of my analysis and even point to, you know, some of the hoaxes, for example, that happened some of which maybe I was writing about when I didn't know his hopes later, I did.
Right. So there's a lot more freedom [00:26:00] for an academic and anthropologists to kind of, um, treat. Knowledge in, in different.
registers and then a journalist. Right. And I, and I do feel for, for journalists, I mean, they're working under much tighter deadlines, right. Um, so sometimes it's really, really hard to verify information in a week, a month or two.
Whereas some of the stuff I verified after four years, you know, I mean, I didn't publish my book for you. In part, because I was avoiding writing, but also because I was waiting on things, right. And journalists don't have that luxury. But I do mention, I do think journalists, you know, the standards matter because, um, you know, part of the current district distrust in the journalistic regime stems from some mistakes.
Right. And so. Happen, but they can be corrected. Right. And, [00:27:00] and, um, more and more journalists. Do you do that with.
Jeremiah Roe: so context, context matters. And I think. From a context or perspective of context. Um, I think anthropology, anthropologists, you know, especially in the culture world. Yes. I must mess that word up. So sorry. Uh, would have much more context than say a journalist. What. And, and truth is embedded in, in these really complex issues in these, in these very intricate, like inter domain things that happen in, in the world of hacker culture, um, context has the truth.
It's not just, you know, black and white. It's just, the truth is so much more than, and I could see where anthropology has a huge role.
Gabriella Coleman: No. I mean, you, you bring up an excellent point too, which is certainly, you know, we can [00:28:00] all agree on certain. Like I was born on X day. I'm not going to dox myself. Um, but that could be verified. I think it's true. Right. But so many things that are in the realm of truth, don't have that clarity. That's the nature of knowledge, you know, whether it's, um, a kind of scientific take on the nature of bacteria.
I teach on the history of, of, of science. And it's like, you know, the bacteria is treated as simply an agent of infection for decades and decades. Um, and then scientists are like, well, there's this thing called the microbiome. Right. And, and that's a different type of truth. Um, but hard to see from the vantage point of a different type of truth.
And I would say when it comes, especially to social worlds, right. A lot of issues that. People think can be adjudicated simply through [00:29:00] facts cannot be adjudicated simply through fax. Right. Um, and yet, you know, of course with journalism, you try to get the base facts. Correct. Right. But nevertheless, there, there is a lot open for interpretation and context really helps us understand situations.
Bella DeShantz: Do you have any examples that you recall of, you know, having been so engrossed in this culture in anonymous? Um, do you recall any examples of, of things that journalists did get it wrong in the moment? We did have some negative impact.
Gabriella Coleman: I mean when anonymous became very famous in the end of 2010, 2011, for example. Where there were many distributed denial service attacks, for example, um, against PayPal and MasterCard in 2010 and supportive WikiLeaks or later against security for. [00:30:00] At the hands of wealth sec, and then anti-sex a couple of journalists were hell bent on finding like the single or two hackers who did everything, the leaders, the leaders, the leaders.
And it is certainly in the case. Anyone who knows any organization that certain individuals or groups often carry more weight or. Sometimes there's multiple groups and part of the organizational dynamics has to do with how they clash. Right. But there wasn't a single person or even two who were the single or do a movers and shakers.
And there were literally dozens of articles trying to identify these two people. Um, and if, again, if you were in the chat rooms, you saw that there were dedicated, um, channels. Um, for particular operations and actually some of the reasons some of the operations were so successful had to do [00:31:00] with some of the very savvy organizers, right.
Who could herd the cats, the hacker cats, um, and it was so hard to convince them. You know, I don't know if this had terrible ramifications, but I do think it reinscribe as a vision of power and hierarchy, um, that naturalizes it, which I don't think is a good thing. Cause sometimes, you know, um, groups come together autonomously and organize themselves by consensus and there isn't simply.
Someone pulling the levers. So, you know, there is a kind of high stakes around how we imagine power and that's why it matters. And I always had this theory that journalists, well, some journalists had this kind of vision because editors have so much power over certain journalists and stories they can make or break or kill a story.
Right. Whereas for example, academics [00:32:00] actually have a lot more autonomy. I would say. Um, I don't have a boss who's going to make or break my work at all. Right. So that's, that's one example. Um, that was quite recurrent and, and recently there's now a new narrative that there was a single founder of anonymous, the trolls and the early hacktivists.
And that's just wrong in terms of historical record. And again, the stakes are that. No, actually this is precisely interesting. Because of the ways that so many different individuals in groups come together and often very chaotic ways to make things happen. And we should try to understand how that works.
Jeremiah Roe: So that's, that's really interesting that, that you kind of described that and, and, uh, you know, not to stay on anonymous, but I I'm really interested in this particular group and sort of their historical context. And so, um, there's a piece about anonymous that. You know, most people haven't been focusing on because they haven't been in the news recently, but, [00:33:00] uh, there was a good portion of time there where they were in the news quite a bit.
There were tons of videos about them. There's lots of information about them online. Again, you mentioned some of the attacks that the collective groups perpetrated together, uh, such as, uh, large distributed denial of services and online protest and organizations. And then all of a sudden it kind of seems like the vanished and then, um, you know, people maybe forget about them.
And so I'm just kind of curious from your perspective or from your research, what have you seen, um, as to why that.
Gabriella Coleman: So the heyday of anonymous was certainly between 2008 and 2014 and 15. And, and, and even referring to anonymous as a kind of singular thing in that period is a mis-characterization. Um, just because there is, yeah. These different groups and areas and [00:34:00] moments, and we don't have time to go into them, but really just interesting dynamic collective really, and really hard to understand those changes unless you were embedded in the ground.
It'd be very hard to, to come in after the fact and piece it together in a way that, again, I think with open source, you can do. Um, in some ways the hacktivists interventions between 2010 and 14 were exceptional, they were also partly indebted to the rise of things like social media and Twitter anonymous were really good at getting the word out.
They use the platform. And very media savvy ways, um, that now many different groups know how to use Twitter in that way, but they were kind of, um, really at the front forefront, they were also quite [00:35:00] big in part because WikiLeaks was quite big as well as a phenomenon, a whistle platform with major geo-political consequence.
And it was also interesting because. Especially in 2011 and 12 did so many operations and hacks and dossing, I mean, it was just hard to keep up and it, and it was exceptional. And so far as I just think that. when it comes to something like illegal actions related to hacktivism, the norm would never be a steady state of action.
It's too risky. Right?
Jeremiah Roe: So with regards, with regards to the. That particular piece risk. Right. I just want to touch on that for a moment, like with, with, I think, I think you've had some amazing experience inside the hacking culture in the world and, and looking at a lot of the different pieces that, that you've worked on, um, uh, throughout, throughout the years.
Um, I think it's, I think, you know, it's, it's [00:36:00] certainly impressive. Um, I, I just, from, from your perspective with being embedded with a lot of these groups, where's the line drawn for you particularly.
Gabriella Coleman: It almost has to be a case by case basis. Um, certainly if there's collateral damage. So if information is dumped and a lot of people who use information is exposed, um, had nothing to do with, let's just say the corruption, wrongdoing malfeasance it's being exposed, protecting. You know, don't dump that data, give the cash to a journalist so they could verify that everything is sound but only release.
What is relevant X net a collective in Spain has done precisely that anonymous. Wasn't so good at doing that. They were good at showing the world that you can hack, um, [00:37:00] and get information that is publicly readily. You know, and while hackers really innovated this hack leaking technique, I mean, there have been some prior break-ins in the analog era, the citizens commission to expose the FBI who broke into an FBI field office in 1971 showed the existence of a massive disinformation program COINTELPRO.
So break in sometimes are okay. Right. But I think there are better ways to do it. Right. And so minimizing privacy violations and collateral damage, I think is really, really important, but just because something is illegal, I don't think makes it necessarily bad. Right. And so just briefly there was, I think a lot of actions in the anonymous world, whether it's showcasing, um, rape culture, um, or some of the hacks and leaks, which I supported.[00:38:00]
And yet even some of the actions I supported that were dimensions that yeah, sure. I thought they, they crossed the line. Uh, but not so much so that I would just discount what they're doing in time.
Bella DeShantz: I think that idea of like, just because it's illegal doesn't necessarily mean it's wrong. It's. Feels to me, like a lot of where cybersecurity and hacker culture like came from initially, um, which on that note, uh, you've written a paper with, uh, Matt , which I hope, I hope I pronounce that name. Correct.
Awesome. Um, who is a security Reacher researcher at data and society? Um, and the paper is about the evolution of the professional security hacker, which of course is. Like right. What we're talking, it's so relevant to what we're talking about and very relevant to Jeremiah and I, um, and, uh, in a way the paper kind of explores how hackers are becoming mainstream and are gaining this new credibility in information security and more widely in society.
Um, so I was wondering if you could talk a little bit about how you think [00:39:00] the old underground world of hacking continues to influence the newer and more corporate and acceptable, uh, community of security research.
Gabriella Coleman: It's a fascinating history. I mean, so a number of security researchers professionals today.
hail, um, from the underground. And a portion were literally Outlaws. And so far as they were breaking the law and they weren't necessarily doing malicious things is they were owning systems. Um, but nevertheless, by virtue of the laws, they were doing illegal things, but they learned a lot.
Right. And in the era, this is the nineties where there weren't that many, uh, programs in academic circles that concentrated security. And so. People were in a good position to say, Hey, you know, we know how to secure your systems, which are terrible because we can get it. Right. Um, and what's interesting about the [00:40:00] history is that they were very adversarial.
They spoke up, they said, Microsoft, your shit stinks. You know, sorry. I mean, and they said it pretty, you know, openly aggressive. Yeah, but it. was a really bad, you know, it was really bad and Microsoft was just like, the problem is you, we won't even have like a security department. Right. Right.
Jeremiah Roe: Yeah. Yeah, that's
Gabriella Coleman: so, um, and, and so here were people who were potentially cast in a negative light by virtue of being a hacker, still speaking up.
And I, I mentioned this because we'll get to.
the present, which is, you know, I don't think that the InfoSec world is as adversary. As it was in the nineties, you know, that said people do still speak up in very visible and powerful ways. I think of someone like, um, Katie am I pronouncing her last name correctly? [00:41:00]
Bella DeShantz: Honestly, I'm not a hundred percent sure. Most,
Gabriella Coleman: I got it right.
Bella DeShantz: typing on
Gabriella Coleman: Okay. I know I'm so sometimes with, with names, I'm like, um, I'm not sure how I say that name, but Katie , she is a pioneer behind bug bounty programs. Um, she's the CEO of Luta security, you know, she helped set up bug bounty programs in different places yet. She's also very critical about how they're executed and their limits, right.
And we'll say so very, very visibly and dramatically. And talks and writing. And it's that spirit of speaking up a sort of saying like, okay, I was part of this world that helped cement bug bounties. They're powerful. They're important, but how they're being rolled out and implemented is really short-sighted.
And I'm going to say so, and I will say that I do think that a lot of, um, hackers, [00:42:00] whether they hail from the 1990s or more recent ones that are part of the InfoSec world, And say what's wrong and that's so important because the moment you cower the moment, you're not willing to speak up, whether it's in a kind of boardroom, whether it's on Twitter, whether it's by presenting a paper at, at black hat or Devcon, that's the minute that I think, you know, um, the hacker spirit is dead and, and can't be effective in initiating change.
Jeremiah Roe: There with, with, with that whole adversarial sort of, um, uh, change that we've seen happen throughout the years. I think that also partially aligns with the fact that, you know, mainstream has become more acceptable of the hacker culture and the fact that, um, security is a big deal. Not just because I say it is not just because Bella says it is, but because people are becoming [00:43:00] effected by these things over and over, we're seeing throughout the years, you know, mass, mass data dumps happening, mass data leaks happening, people becoming a compromised, their personal information, financial information, all of this stuff, getting leaked and it affecting real people's lives.
To that point, you know, we have a recent sort of thing. Um, that's happened in music. Right where the Missouri governor has, has threatened to prosecute or a journalist for looking at the freely available source code on any website. For those who aren't aware of go to any website, press F 12, you're going to get the source code.
And he's saying that's illegal. And he's going to prosecute somebody for that. That's the kind of adversarial mindset that's caused tension through the hacker culture throughout the years.
Gabriella Coleman: Yeah. So, um, you've just captured, first of all, why it's important to be [00:44:00] adversarial. And so far as, um, you are going to come across roadblocks, like the Missouri governor who just is one among many possible roadblocks where. Um, there is an interest in shining the light elsewhere, right? Because, you know, in the end, it's the Missouri government or the school board that was irresponsible.
Right. They were they're responsible ones. And so in order to deflect responsibility, it's very easy to. Place it on the journalists, the hacker who found the flaw. And again, like as a journalist, you're a little bit more protected, just the term hacker, you know, again for so many conjures criminality. So it's very, very easy to do that deflective work.
And I think it's, you know, if you look at the history, um, there's a lot more protections today. [00:45:00] Whether it's because of, um, precedent, whether it's because of, uh, the eff who has published the coders, right. Rights project. Right. Which really outlines why it's important to protect hackers, whether it's the work of Jennifer Granick, who has protected many hackers.
Right. And yet that specter always looms, right. That specter always looms and, you know, Just whether it's the threat of legal action. I mean, who wants to fork over $50,000 to defend themselves? That's a lot of money, right? So Yeah.
many don't end up in jail, but the legal threat is, is, is real. Um, and yet, you know, there's always going to be parties who don't want to hear that they were in adequate in their security protocols.
Right. Um, And so they'll always pull this move. Um, but it's important for the community to band together. [00:46:00] And, uh, the more that it's done collectively, the more chance that these, um, you know, silly shenanigans won't work
Bella DeShantz: ultimately, do you think that hackers getting more involved in traditional cybersecurity work is going to improve security and make the internet safer for everyone?
Gabriella Coleman: hackers and the security community have, um, been pioneers in terms of getting organizations. Whether it's the government or Microsoft to care about security and have also innovated methods and tools from, you know, Satan to loft, crack to many [00:47:00] recent ones. And I think they'll continue to play a really prominent and important role.
I also think that today's internet is different. Um, and many of the security issues. And vulnerabilities are not simply technical, but social technical. Right. What do you do about abuse and harassment? Um, what do you do about misinformation? And in this regard, I think that enlarging the pool of the types of people participating in thinking through security is the way to go.
So obviously. The technical folks are really important. And actually in the history of just technical security, some of the most important innovations were rhetorical. We're getting people to care. That's a rhetorical issue, not a technical one. And I think hackers were extremely savvy in that department.
That was, this is what the report we're releasing is partly about, [00:48:00] but it's really, really important to also. Uh, the lawyers, the sociologists, those affected by abuse and vulnerability, um, at the table. And we see that happening as well. I do think that sometimes, you know, I'm, I'm obviously people can probably tell a fan of the hacker world.
Um, but there are some blind spots from time to time and sometimes there's a kind of prioritizing of the. Right. Is there a technical solution and it's elegant and great. If you can get that technical solution, but it's also important to see where the limits of technical solutions lie. Right? And so that's what I would say is yes, they have a prominent role, but the more open they are to getting different types of stakeholders and participants at the table to deal with some of the really, really, really thorny issues.
Socio-technical [00:49:00] vulnerabilities.
Jeremiah Roe: So you've recently called or you you've stated that. The most important phenomenon of global culture and politics in the late 20th and early 21st century, um, is, is, um, Around this realm of hacker culture and, and, and your anthropological views that you've developed from that. And just kind of curious, where do you, where do you think it goes from here, you know, based off of your experience, what trends have you been noticing, um, from the movement forward and, um, will we see more instances of, of hackers driving politics in your personal.
Gabriella Coleman: There's so many different ways to hack today and many different types of technologists who are part of these autonomous or semi-autonomous communities. Right? I mean, even in InfoSec, right? Where you, you might work for a [00:50:00] corporation. If you're going to, um, you know, Devcon or different hacker conferences or the chaos computer club camp in Germany, you have these autonomous spaces where you come together and you decide on your own values and that's well in live in the hacker world in different domains.
So it's hard to say how exactly things will play out. Um, You know, if you'd asked me 15 years ago about the rise of anonymous, I could have never predicted that. Right. But nevertheless, I'm not surprised that hackers have refigured journalism with whistleblowing platforms. I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry in the world of finance.
I mean, it's, it's really something else to see. Um, The blockchain developers and the Ethereum developers change [00:51:00] everything from how finance happens to how smart contracts are going to happen. Right. And that I think is going to be incredibly impactful actually in the next five to 10 years, that's a domain that undeniably is going to both create new my debt.
It's going to create new modalities for financial transactions, legal transactions. Exactly organizations. I mean, the theory them allows for, you know, high powered capitalism, but also allows for, uh co-ops and there's a big thriving scene around using Ethereum for creating co-ops and collectives. So that's one domain.
I think that there's going to be a lot of active. And then I do think that the hacking and leaking in the breaches of the last 10 years are going to continue for the next decade. Right? Security is not going to kind of catch up. And while hacktivists are one group doing the hacks and [00:52:00] leaks, we've seen some recent ones with anonymous hacking epic, uh, the internet service provider.
Now nation states are involved in hacking.
Jeremiah Roe: Yeah, I think people are taking more of an ownership there themselves too, as the community progressive.
Gabriella Coleman: No exactly. So it's just, they're going to continue to be impactful. It's hard to predict how, but the more that there's journalists and academics who are existing alongside these communities, getting to know them, you know? Well, um, and not just swooping in from time to time, the better we'll understand.
What impact they're having, um, in the present.
Bella DeShantz: So first of all, if our listeners are interested to hear more from you about what you catch up on the work that you're doing, where can they do.
Gabriella Coleman: [00:53:00] They can Google my name, Gabriella Coleman, my website, Gabriella coleman.org will come up. I'm on Twitter. Biella. Colon is my Twitter handle. And then, you know, maybe you can find me in my office if, if you figure it out, I, for many years had a fake office number just to keep the Scientologists away.
Jeremiah Roe: Oh, that's great. Um, when one sort of last question, what is the, what is one thing people wouldn't know about you by looking at your LinkedIn profile?
Gabriella Coleman: I lived on a boat for a year doing environmental research.
Jeremiah Roe: Wow, that's awesome. I side note I've, I've thought of living on a boat. Uh, actually when I lived in California, so that's.
Bella DeShantz: It reminds me of the, like, I feel like every person who works in technology has a like dream life that they would live. If they weren't sitting at their computer, it reminds me of that, that.
Gabriella Coleman: Totally mine would be [00:54:00] living on a boat or having a permaculture farm, which is a very like geeky type of farming.
Bella DeShantz: Yeah. I recently learned about, uh, ocean farms. So I I'm there with yet.
Gabriella Coleman: Yeah.
Jeremiah Roe: This has been hugely interesting.