Patrice Riemens on Tue, 28 Dec 2010 18:51:04 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> (Rolling Stone): Jacob Appelbaum, The American Wikileaks Hacker


original to:
http://readersupportednews.org/off-site-news-section/368-wikileaks/4402-the-american-wikileaks-hacker

(http://bit.ly/gB6Xrg)


The American Wikileaks Hacker
Jacob Appelbaum fights repressive regimes around the world - including his
own.


On July 29th, returning from a trip to Europe, Jacob Appelbaum, a lanky,
unassuming 27-year-old wearing a black T-shirt with the slogan "Be the
trouble you want to see in the world," was detained at customs by a posse
of federal agents. In an interrogation room at Newark Liberty airport, he
was grilled about his role in Wikileaks, the whistle-blower group that has
exposed the government's most closely guarded intelligence reports about
the war in Afghanistan. The agents photocopied his receipts, seized three
of his cellphones ? he owns more than a dozen ? and confiscated his
computer. They informed him that he was under government surveillance.
They questioned him about the trove of 91,000 classified military
documents that Wikileaks had released the week before, a leak that
Vietnam-era activist Daniel Ellsberg called "the largest unauthorized
disclosure since the Pentagon Papers." They demanded to know where Julian
Assange, the founder of Wikileaks, was hiding. They pressed him on his
opinions about the wars in Afghanistan and Iraq. Appelbaum refused to
answer. Finally, after three hours, he was released.

Sex, Drugs, and the Biggest Cybercrime of All Time

Appelbaum is the only known American member of Wikileaks and the leading
evangelist for the software program that helped make the leak possible. In
a sense, he's a bizarro version of Mark Zuckerberg: If Facebook's ambition
is to "make the world more open and connected," Appelbaum has dedicated
his life to fighting for anonymity and privacy. An anarchist street kid
raised by a heroin- addict father, he dropped out of high school, taught
himself the intricacies of code and developed a healthy paranoia along the
way. "I don't want to live in a world where everyone is watched all the
time," he says. "I want to be left alone as much as possible. I don't want
a data trail to tell a story that isn't true." We have transferred our
most intimate and personal information ? our bank accounts, e-mails,
photographs, phone conversations, medical records ? to digital networks,
trusting that it's all locked away in some secret crypt. But Appelbaum
knows that this information is not safe. He knows, because he can find it.

This article appears in the September 2, 2010 issue of Rolling Stone. The
issue is available in the online archive.

He demonstrates this to me when I meet him, this past spring, two weeks
before Wikileaks made headlines around the world by releasing a video
showing U.S. soldiers killing civilians in Iraq. I visit him at his
cavernous duplex in San Francisco. The only furniture is a black couch, a
black chair and a low black table; a Guy Fawkes mask hangs on a wall in
the kitchen. The floor is littered with Ziploc bags containing bundles of
foreign cash: Argentine pesos, Swiss francs, Romanian lei, old Iraqi
dinars bearing Saddam Hussein's face. The bag marked "Zimbabwe" contains a
single $50 billion bill. Photographs, most of them taken by Appelbaum,
cover the wall above his desk: punk girls in seductive poses and a
portrait of his deceased father, an actor, in drag.

The Battle For Facebook

Appelbaum tells me about one of his less impressive hacking achievements,
a software program he invented called Blockfinder. It was not, he says,
particularly difficult to write. In fact, the word he uses to describe the
program's complexity is "trivial," a withering adjective that he and his
hacker friends frequently deploy, as in, "Triggering the Chinese firewall
is trivial" or "It's trivial to access any Yahoo account by using
password-request attacks." All that Blockfinder does is allow you to
identify, contact and potentially hack into every computer network in the
world.

The Hottest Live Photos of the Week

He beckons me over to one of his eight computers and presses several keys,
activating Blockfinder. In less than 30 seconds, the program lists all of
the Internet Protocol address allocations in the world ? potentially
giving him access to every computer connected to the Internet. Appelbaum
decides to home in on Burma, a small country with one of the world's most
repressive regimes. He types in Burma's two-letter country code: "mm," for
Myanmar. Blockfinder instantly starts to spit out every IP address in
Burma.
Blockfinder informs Appelbaum that there are 12,284 IP addresses allocated
to Burma, all of them distributed by government-run Internet-service
providers. In Burma, as in many countries outside the United States,
Internet access runs through the state. Appelbaum taps some keys and
attempts to connect to every computer system in Burma. Only 118 of them
respond. "That means almost every network in Burma is blocked from the
outside world," he says. "All but 118 of them."

These 118 unfiltered computer systems could only belong to organizations
and people to whom the government grants unfettered Internet access:
trusted politicians, the upper echelons of state-run corporations,
intelligence agencies.

"Now this," Appelbaum says, "is the good part."

He selects one of the 118 networks at random and tries to enter it. A
window pops up asking for a password. Appelbaum throws back his head and
screams with laughter ? a gleeful, almost manic trill. The network runs on
a router made by Cisco Systems and is riddled with vulnerabilities.
Hacking into it will be trivial.

It's impossible to know what's on the other side of the password. The
prime minister's personal e-mail account? The network server of the secret
police? The military junta's central command? Whatever it is, it could
soon be at Appelbaum's fingertips.

So will he do it?

"I could," Appelbaum says, with a smile. "But that would be illegal,
wouldn't it?"

No one has done more to spread the gospel of anonymity than Appelbaum,
whose day job is to serve as the public face of the Tor Project, a group
that promotes Internet privacy through a software program invented 15
years ago by the U.S. Naval Research Laboratory. He travels the world
teaching spooks, political dissidents and human rights activists how to
use Tor to prevent some of the world's most repressive regimes from
tracking their movements online. He considers himself a freedom-of-speech
absolutist. "The only way we'll make progress in the human race is if we
have dialogue," he says. "Everyone should honor the United Nations human
rights charter that says access to freedom of speech is a universal right.
Anonymous communication is a good way for this to happen. Tor is just an
implementation that helps spread that idea."

In the past year alone, Tor has been downloaded more than 36 million
times. A suspected high-level member of the Iranian military used Tor to
leak information about Tehran's censorship apparatus. An exiled Tunisian
blogger living in the Netherlands relies on Tor to get past state censors.
During the Beijing Olympics, Chinese protesters used Tor to hide their
identities from the government.

The Tor Project has received funding not only from major corporations like
Google and activist groups like Human Rights Watch but also from the U.S.
military, which sees Tor as an important tool in intelligence work. The
Pentagon was not particularly pleased, however, when Tor was used to
reveal its secrets. Wikileaks runs on Tor, which helps to preserve the
anonymity of its informants. Though Appelbaum is a Tor employee, he
volunteers for Wikileaks and works closely with Julian Assange, the
group's founder. "Tor's importance to Wikileaks cannot be understated,"
Assange says. "Jake has been a tireless promoter behind the scenes of our
cause."

In July, shortly before Wikileaks released the classified Afghanistan war
documents, Assange had been scheduled to give the keynote speech at
Hackers on Planet Earth (HOPE), a major conference held at a hotel in New
York. Federal agents were spotted in the audience, presumably waiting for
Assange to appear. Yet as the lights darkened in the auditorium, it was
not Assange who took the stage but Appelbaum.

"Hello to all my friends and fans in domestic and international
surveillance," Appelbaum began. "I am here today because I believe we can
make a better world. Julian, unfortunately, can't make it, because we
don't live in that better world right now, because we haven't yet made it.
I wanted to make a little declaration for the federal agents that are
standing in the back of the room and the ones that are standing in the
front of the room, and to be very clear about this: I have, on me, in my
pocket, some money, the Bill of Rights and a driver's license, and that's
it. I have no computer system, I have no telephone, I have no keys, no
access to anything. There's absolutely no reason that you should arrest me
or bother me. And just in case you were wondering, I'm an American, born
and raised, who's unhappy. I'm unhappy with how things are going." He
paused, interrupted by raucous applause. "To quote from Tron," he added,
"'I fight for the user.'"

For the next 75 minutes, Appelbaum spoke about Wikileaks, urging the
hackers in the audience to volunteer for the cause. Then the lights went
out, and Appelbaum, his black hoodie pulled down over his face, appeared
to be escorted out of the auditorium by a group of volunteers. In the
lobby, however, the hood was lifted, revealing a young man who was not, in
fact, Appelbaum. The real Appelbaum had slipped away backstage and left
the hotel through a security door. Two hours later, he was on a flight to
Berlin

By the time Appelbaum returned to America 12 days later and was detained
at Newark, newspapers were reporting that the war documents identified
dozens of Afghan informants and potential defectors who were cooperating
with American troops. (When asked why Wikileaks didn't redact these
documents before releasing them, a spokesman for the organization blamed
the sheer volume of information: "I just can't imagine that someone could
go through 76,000 documents.") Marc Thiessen, a former Bush speechwriter,
called the group "a criminal enterprise" and urged the U.S. military to
hunt them down like Al Qaeda. Rep. Mike Rogers, a Republican from
Michigan, said that the soldier who allegedly provided the documents to
Wikileaks should be executed.

Two days later, after speaking at a hackers conference in Las Vegas,
Appelbaum was approached by a pair of undercover FBI agents. "We'd like to
chat for a few minutes," one of them said. "We thought you might not want
to. But sometimes it's nice to have a conversation to flesh things out."

Appelbaum has been off the grid ever since ? avoiding airports, friends,
strangers and unsecure locations, traveling through the country by car.
He's spent the past five years of his life working to protect activists
around the world from repressive governments. Now he is on the run from
his own.
Appelbaum's obsession with privacy might be explained by the fact that,
for his entire childhood, he had absolutely none of it. "I come from a
family of lunatics," he says. "Actual, raving lunatics." His parents, who
never married, began a 10-year custody battle before he was even born. He
spent the first five years of his life with his mother, whom he says is a
paranoid schizophrenic. She insisted that Jake had somehow been molested
by his father while he was still in the womb. His aunt took custody of him
when he was six; two years later she dropped him off at a Sonoma County
children's home. It was there, at age eight, that he hacked his first
security system. An older kid taught him how to lift the PIN code from a
security keypad: You wipe it clean, and the next time a guard enters the
code, you blow chalk on the pad and lift the fingerprints. One night,
after everyone had gone to sleep, the boys disabled the system and broke
out of the facility. They didn't do anything special ? just walked around
a softball field across the street for half an hour ? but Appelbaum
remembers the evening vividly: "It was really nice, for a single moment,
to be completely free."

When he was 10, he was assigned by the courts to live with his father,
with whom he had remained close. But his dad soon started using heroin,
and Appelbaum spent his teens traveling with his father around Northern
California on Greyhound buses, living in Christian group homes and
homeless shelters. From time to time, his father would rent a house and
turn it into a heroin den, subletting every room to fellow addicts. All
the spoons in the kitchen had burn stains. One morning, when Appelbaum
went to brush his teeth, he found a woman convulsing in the bathtub with a
syringe hanging out of her arm. Another afternoon, when he came home from
school, he found a suicide note signed by his father. (Appelbaum saved him
from an overdose that day, but his father died several years later under
mysterious circumstances.) It got so that he couldn't even sit on a couch
for fear that he'd be pierced by a stray needle.

An outsider in his own home, Appelbaum embraced outsider culture. He
haunted the Santa Rosa mall, begging for change. He dressed in drag and "I
&#9829; Satan" T-shirts, dyed his hair purple, picked fights with
Christian fundamentalists and made out with boys in front of school.
(Appelbaum identifies himself as "queer," though he refers to at least a
dozen female lovers in nearly as many countries.) When a friend's father
encouraged his interest in computers and taught him basic programming
tools, something opened up for Appelbaum. Programming and hacking allowed
him "to feel like the world was not a lost place. The Internet is the only
reason I'm alive today."

At 20, he moved to Oakland and eventually began providing tech security
for the Rainforest Action Network and Greenpeace. In 2005, a few months
after his father died, he traveled alone to Iraq ? crossing the border by
foot ? and set up satellite Internet connections in Kurdistan. In the
aftermath of Hurricane Katrina, he drove to New Orleans, using falsified
press documents to get past the National Guard, and set up wireless hot
spots in one of the city's poorest neighborhoods to enable refugees to
register for housing with FEMA.

Upon returning home, he started experimenting with the fare cards used by
the Bay Area Rapid Transit system and discovered it was possible to rig a
card with an unlimited fare. Instead of taking advantage, he alerted BART
officials to their vulnerabilities. But during this conversation,
Appelbaum learned that BART permanently stored the information encoded on
every transit card ? the credit-card number used, where and when they were
swiped ? on a private database. Appelbaum was outraged. "Keeping that
information around is irresponsible," he says. "I'm a taxpayer, and I was
given no choice how they store that data. It's not democratically decided
? it's a bureaucratic directive."

Given his concerns about privacy, it's easy to see why Appelbaum
gravitated toward the Tor Project. He volunteered as a programmer, but it
soon became clear that his greatest ability lay in proselytizing: He
projects the perfect mix of boosterism and dread. "Jake can do advocacy
better than most," says Roger Dingledine, one of Tor's founders. "He says,
'If someone were looking for you, this is what they'd do,' and he shows
them. It freaks people out."

The Internet, once hailed as an implacable force of liberalization and
democratization, has become the ultimate tool for surveillance and
repression. "You can never take information back once it's out there,"
Appelbaum says, "and it takes very little information to ruin a person's
life." The dangers of the Web may remain abstract for most Americans, but
for much of the world, visiting restricted websites or saying something
controversial in an e-mail can lead to imprisonment, torture or death.

Last year, some 60 governments prevented their citizens from freely
accessing the Internet. China is rumored to have a staff of more than
30,000 censors who have deleted hundreds of millions of websites and
blocked an eccentric range of terms ? not only "Falungong," "oppression"
and "Tiananmen," but also "temperature," "warm," "study" and "carrot."

On a bright afternoon in San Francisco, before Wikileaks dominated the
headlines, Appelbaum is dressed in his usual hacker uniform: black boots,
black socks, black slacks, black thick-rimmed glasses and a T-shirt
bearing an archslogan. (Today it's "Fuck politics ? I just want to burn
shit down.") Though his work requires him to sit at his desk for most of
the day, he is rarely stationary. He frequently jumps up and executes a
series of brief, acrobatic stretches.He kicks a leg up against the wall,
cracks his neck violently, tugs one arm across his chest and, just as
abruptly, sits back down again.

He explains that we have to take a cab to pick up his mail. Like being a
strict vegan or a Mormon, a life of total anonymity requires great
sacrifice. You cannot, for instance, have mail delivered to your home. Nor
can you list your name in your building's directory. Appelbaum has all of
his mail sent to a private mail drop, where a clerk signs for it. That
allows Appelbaum ? and the dissidents and hackers he deals with ? to use
the postal system anonymously. Person One can send a package to Appelbaum,
who can repackage it and send it on to Person Two. That way Person One and
Person Two never have direct contact ? or even learn each other's
identities.
Tor works in a similar way. When you use the Internet, your computer makes
a connection to the Web server you wish to contact. The server recognizes
your computer, notes its IP address and sends back the page you've
requested. It's not difficult, however, for a government agency or a
malicious hacker to observe this whole transaction: They can monitor the
server and see who is contacting it, or they can monitor your computer and
see whom you're trying to contact. Tor prevents such online spying by
introducing intermediaries between your computer and the system you're
trying to reach. Say, for example, that you live in San Francisco and you
want to send an e-mail to your friend, a high-level mole in the Iranian
Revolutionary Guard. If you e-mail your friend directly, the Guard's
network could easily see your computer's IP address, and discover your
name and personal information. But if you've installed Tor, your e-mail
gets routed to one of 2,000 relays ? computers running Tor ? scattered
across the world. So your message bounces to a relay in Paris, which
forwards it to a second relay in Tokyo, which sends it on to a third relay
in Amsterdam, where it is finally transmitted to your friend in Tehran.
The Iranian Guard can only see that an e-mail has been sent from
Amsterdam. Anyone spying on your computer would only see that you sent an
e-mail to someone in Paris. There is no direct connection between San
Francisco and Tehran. The content of your e-mail is not hidden ? for that,
you need encryption technology ? but your location is secure.

Appelbaum spends much of each year leading Tor training sessions around
the world, often conducted in secrecy to protect activists whose lives are
in danger. Some, like the sex-worker advocates from Southeast Asia he
tutored, had limited knowledge of computers. Others, like a group of
students Appelbaum trained at a seminar in Qatar, are highly
sophisticated: One worked on the government's censorship network, another
works for a national oil company, and a third created an Al-Jazeera
message board that allows citizens to post comments anonymously. In
Mauritania, the country's military regime was forced to abandon its
efforts to censor the Internet after a dissident named Nasser Weddady
wrote a guide to Tor in Arabic and distributed it to opposition groups.
"Tor rendered the government's efforts completely futile," Weddady says.
"They simply didn't have the know-how to counter that move."

In distributing Tor, Appelbaum doesn't distinguish between good guys and
bad guys. "I don't know the difference between one theocracy or another in
Iran," he says. "What's important to me is that people have communication
free from surveillance. Tor shouldn't be thought of as subversive. It
should be thought of as a necessity. Everyone everywhere should be able to
speak and read and form their own beliefs without being monitored. It
should get to a point where Tor is not a threat but is relied upon by all
levels of society. When that happens, we win."

As the public face of an organization devoted to anonymity, Appelbaum
finds himself in a precarious position. It is in Tor's interest to gain as
much publicity as possible ? the more people who allow their computers to
serve as relays, the better. But he also lives in a state of constant
vigilance, worried that his enemies ? envious hackers, repressive foreign
regimes, his own government ? are trying to attack him. His compromise is
to employ a two-tiered system. He maintains a Twitter account and has
posted thousands of photos on Flickr. Yet he takes extensive measures to
prevent any private information ? phone numbers, e-mail addresses, names
of friends ? from appearing.

"There are degrees of privacy," he says. "The normal thing nowadays is to
conspicuously report on one another in a way that the Stasi couldn't even
dream of. I don't do that. I do not enter my home address into any
computer. I pay rent in cash. For every online account, I generate random
passwords and create new e-mail addresses. I never write checks, because
they're insecure ? your routing number and account number are all that are
required to empty your bank account. I don't understand why anyone still
uses checks. Checks are crazy."

When he travels, if his laptop is out of his sight for any period of time,
he destroys it and then throws it away; the concern is that someone might
have bugged it. He is often driven to extreme measures to get copies of
Tor through customs in foreign countries. "I studied what drug smugglers
do," he says. "I wanted to beat them at their own game." He shows me a
nickel. Then he slams it on the floor of his apartment. It pops open.
Inside there is a tiny eight- gigabyte microSD memory card. It holds a
copy of Tor.

As fast as Tor has grown, government surveillance of the Internet has
expanded even more rapidly. "It's unbelievable how much power someone has
if they have unfettered access to Google's databases," Appelbaum says.

As he is quick to point out, oppressive foreign regimes are only part of
the problem. In the past few years, the U.S. government has been quietly
accumulating libraries of data on its own citizens. Law enforcement can
subpoena your Internet provider for your name, address and phone records.
With a court order, they can request the e-mail addresses of anyone with
whom you communicate and the websites you visit. Your cellphone provider
can track your location at all times.

"It's not just the state," says Appelbaum. "If it wanted to, Google could
overthrow any country in the world. Google has enough dirt to destroy
every marriage in America."

But doesn't Google provide funding for Tor?

"I love Google," he says. "And I love the people there. Sergey Brin and
Larry Page are cool. But I'm terrified of the next generation that takes
over. A benevolent dictatorship is still a dictatorship. At some point
people are going to realize that Google has everything on everyone. Most
of all, they can see what questions you're asking, in real time. Quite
literally, they can read your mind."

Now, in the wake of the Wikileaks controversy, Appelbaum has gone
underground, concealing his whereabouts from even his closest friends. He
suspects his phones are tapped and that he's being followed. A week after
being questioned in Newark, he calls me from an undisclosed location, my
request to contact him having been passed along through a series of
intermediaries. The irony of his situation isn't lost on him.

"I'll be using Tor a lot more than I ever did ? and I used it a lot," he
says, his voice uncharacteristically sober. "I have become one of the
people I have spent the last several years of my life protecting. I better
take my own advice."



#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mail.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org