As someone who has grown up around and knows many of the world's most notable hackers, it never fails to surprise me about the ignorance of the law demonstrated by "hacktivists" and other so-called "white hats".
The hero worship of MalwareTech, despite the fact that he absolutely committed crimes _which he plead guilty to_ is often the biggest clue.
As much as you can think you're on Team GoodGuy, if you commit crimes there are consequences for it. The feigned surprise and rallycrying needs to end. grugq's talk on OPSEC is step one. You're not a brand, don't sell fucking merch!
If you're doing "research" or "freedom-fighting" and it runs afoul of local laws, don't be surprised that the fuzz breaks your door in one night just because you couldn't stop yourself from chasing a bit of personal fame in the process. And as someone who knows most of these people, the vast majority are ego-driven.
At least the black hats are honest about who they are and what they do. And you don't hear about most of them because constantly seeking attention hurts their wallet.
Maybe I'm missing something about the MalwareTech story, but I don't think it's surprising people celebrate him. When I read some large feature on him (I'm sorry, I don't remember where) my impression was that he had royally screwed up as a young person, but that he was trying to turn his life around and did a serious good deed for the internet as a whole with his contribution to the wannacry thing. Many people make mistakes at any phase of life, and it's not surprising to me that people might celebrate people who try to move past that and do good.
He lied to investigators when he was arrested and continued to do so until they laid out all the evidence that they had against him. The timeline of his turnaround is also absurdly short (he continued to sell his malware until a couple of months before he "turned hero") and the malware he took down was literally his competition.
What you posted is a good story to tell though. Turning your life around after doing dumb shit in your real name and getting caught is plenty convenient but not worthy of hero worship.
The only reason MalwareTech served no time is because Ollam and his wife used their influence, political connections and their bank accounts to lobby aggressively on his behalf.
It's so much worse on the professional side of things. The number of glamorous security jobs is extremely tiny compared to all of the "SOC2 Compliance" checklist jobs out there. They've created the same kind of status economy that plagues academia to the point where you're on the "publish or die"/"be somebody on twitter or die" treadmill.
As a result, I've seen so much recycled research trying to be passed around as new work by people trying to make a name for themselves it's unbearable.
This especially happens in the crypto space, where you can take any basic concept like "Basic XSS Vulnerabilities", but applied to popular crypto exchanges and conferences will book your talk.
The number of people out there doing genuine cool shit (the kinda stuff you see in PoC||GTFO) are few and far between these days.
Yep, as someone that first attended Defcon 6 (at the Plaza), things have gone from keeping it quiet and underground to blast it on twitter for cred. Crazy thing is there are a lot of these Twit-iots that barely work in the industry and as you said, repeat others work.
I know a large number of them personally, some of them are nice people, but most of them are pretty insecure and constantly looking for acknowledgement. To a degree I guess we all are.
The number of people that want to skip working in IT / understanding other parts of business and go directly to their Offensive Security Cert and be called a hacker is numbing. Theres a reason most of the training programs within the leading firms / govt agencies, require following the apprentice / journeyman process much like other trades. It takes time and a deep understanding.
But nah.. i'll skip all that because check out mah tweeets.
> "As a show of gratitute[sic], the U.S. government had the Swiss police move up a raid of Tillie's apartment by a week.
Maybe that had to do with the Nissan hack a few months prior, or the intel hack in 2020...
> "In January 2021, Kottmann was involved in a source code leak from Nissan,"
> "On August 6, 2020, Kottmann uploaded more than 20 gigabytes of Intel's proprietary data and source code to Mega"
I recently listened to the latest episode of the Darknet Diaries and it really opened my eyes to how careful actual white hat hackers are. There are huge/subtle lines that they dare do not cross, which Tillie, sure as hell crossed :
> "The group collected about 5 gigabytes of data, including live security camera footage and recordings from more than 150,000 cameras in places like a Tesla factory, a jail in Alabama, a Halifax Health hospital, and residential homes"
Exploiting the data breach AND THEN disclosing is not "white hat" hacking
It’s incredible to me that people can applaud for the illegal activities of hacktivists like donk enby or the ddos secrets people (https://ddosecrets.com/wiki/DDoSecrets:About) but aggressively accuse their political opponents of “doxxing” for recording crimes by rioters or antifa in public spaces.
If it isn’t apparently already, hacktivists are by and large just a criminal arm of the progressive political machine. You aren’t going to find these groups exposing the activities and private communications of left leaning groups. Using criminality for political goals is terrorism, and this group should be labeled as such. Twitter and other platforms seem to be giving them safe harbor, however, even though they’re willing to censor others so readily.
Given Twitter's intense proclivity for banning political dissent, there is a 100% likelihood they got the nod from the FBI to leave this up as a honeypot for idiots to flock to like flies to shit. Didn't Twitter just update their hacked materials policy? Why the exception here? How are these people dodging indictments using no opsec?
In fairness, the hacked materials policy was a very transparent attempt to suppress the whole Hunter Biden laptop saga. (I really don’t give a fuck about that whole story but you can’t talk about the hacked materials policy without mentioning its genesis). So I don’t think a double standard is hard to explain.
Could it be that hacktivists align themselves with the progressive and anti-authoritarian left as they value individual freedom and mutual aid?
That is much more plausible than assuming they are a leftist criminal arm. Actually, had that been the case, we would have seen hacktivists that support both sides, because, as you said, they are 'just a criminal arm' and can be bought.
The hero worship of MalwareTech, despite the fact that he absolutely committed crimes _which he plead guilty to_ is often the biggest clue.
As much as you can think you're on Team GoodGuy, if you commit crimes there are consequences for it. The feigned surprise and rallycrying needs to end. grugq's talk on OPSEC is step one. You're not a brand, don't sell fucking merch!
If you're doing "research" or "freedom-fighting" and it runs afoul of local laws, don't be surprised that the fuzz breaks your door in one night just because you couldn't stop yourself from chasing a bit of personal fame in the process. And as someone who knows most of these people, the vast majority are ego-driven.
At least the black hats are honest about who they are and what they do. And you don't hear about most of them because constantly seeking attention hurts their wallet.