This post originally appeared on the PUSCII blog on 26 march 2013
On the moral decay of the Dutch hacker scene
A lot has changed since the days when the people around Hacktic set up and defined the Dutch hacker scene. The Hang Out made way for a variety of hackerspaces; Hacktic itself is long dead (who needs dead trees to communicate nowadays anyway?) and the crew organizing OHM2013 is a completely different one from the oldies that had set up the Galactic Hacker Party and HIP. In short, we’re looking at a complete new generation of Dutch hackers.
Of course, nothing is more normal and healthy than for kids to rebel against their parents, but our parents have given us a difficult task there. For how in hell does one rebel against oldies who self-identified as “techno-anarchists” and were all too pleased with their image as online rebels? Some of the kids found a way: join the police! Well, technically, create a company that does the online dirty work for the police, but in this day and age of neo-liberalism and privatisation the difference is marginal…
Now, the notion of hackers voluntarily joining the police probably sounds completely absurd to an outsider, but that’s pretty much what happened. The Dutch High Tech Crime Unit is called Fox-IT. In case the name doesn’t ring a bell, they’re the main sponsor of OHM2013, employer of half of the organising core team, and you may find their logo painted on the wall of a Dutch hackerspace – not as a fuck-the-police-type graffiti, but as a thank-you for their kind sponsorship.
Let’s have a closer look at this company. Founded in ’99 by two TU Delft alumni who had previously worked for the NFI (forensics institute) and the BVD (secret service), Fox-IT started as a relatively normal security company. Such was the hip thing to do for a hacker who wanted to legally cash in on their skills at the height of the IT bubble. Things start to get saucy around 2006 when they developed FoxReplay, a tool for wiretapping, and started selling on the international market. Not caring much for their customers regard for human rights, Fox-IT has promoted their services to countries like Iran and the United Arabic Emirates, and sales to Egypt have also been confirmed. On September 27th 2011, Fox-IT sold their tapping-branch to the US company Netscout, conveniently just one day before a change in EU regulations was to place restrictions on the export of wiretap equipment.
But things also get a lot closer to home for the Dutch hackers, as Fox-IT has assisted the Dutch police in the apprehension of 4 members of AntiSec NL, a Dutch group closely linked to Anonymous.
To add to the sauce, Fox-IT has been experimenting with ‘hacking back’, as they call it. In an operation that was meant to take down the Bredolab botnet, Fox-IT used the seized ‘command and control’ servers to inject code on infected machines worldwide to display a message from the Dutch police. A clever hack, if you will, but also a controversial and illegal one. Lately, Fox-IT has been publicly lobbying to create legal rights for law enforcement to actively crack target systems.
Fox-IT now has customers worldwide and around 150 employees. They are the prototype of a privatised blend of law enforcement and defense, unhindered by any ethics and stretching its praxis to the shady borders of legality.
That’s the kind of company considered hip amongst contemporary Dutch hackers, who seem all too happy associating with and working for them. Fox-IT is actively recruiting within the scene, and many a hacker who used to share his tools and knowledge now works for them. Now, where did that come from? Sure, the scene has always had a bit of a flirtatious relationship with the secret service, but the old Hacktic crew simply giggled at the silly men with sunglasses and trenchcoats who attended their meetings. Moreover, they were exposing the wiretapping and other sniffing methods that were in use then, giving the general public means to detect, if not avoid, or play around with them.
Those early days of the hacker scene were marked by a shared sense of ethics: a hands-on attitude, for freedom of information and a healthy distrust of any authority. Luckily, on a global scale, many of these values have persevered. For example, one look at the CCC website is enough to see a strong outspokenness on the political issues surrounding hacking, actively monitoring and criticizing state surveillance. In fact, hackers worldwide are working on tools to subvert (state) surveillance and censorship. Furthermore, with the rise of Anonymous and related groups, we have seen an incredible increase in politically motivated hacks and cracks, all based on those same basic values of personal freedom and distrust towards authority.
How are we to interpret the bizarre contrast between upholding these values and happily accepting a company like Fox-IT in our midst? Are OHM and a number of hackerspaces drifting away from the hacker scene towards the security industry? Or do people simply not think or care about these issues because they distract from playing with LEDs and arduinos? Maybe the money is simply too good? Either way, the Dutch hacker scene is suffering from a severe case of schizophrenia where, on the one hand, it identifies itself with a global scene struggling against surveillance and, on the other hand, it condones, receives money from, advertises or even concretely works on the buildup of exactly that surveillance state.
The usual approach to such mental illness that is seen all too often within the hacker scene is to simply ignore it and bury it deep down in our subconciousness. Indeed, sometimes simply ignoring the peculiar conflicts that arise within our brain may lead us to perfectly happy (though perhaps somewhat socially awkward) lives. Not in this case, though. As the world around us is transforming, the importance of resolving this inner conflict is becoming ever more urgent. Like it or not, the hacker scene is a key player in a much larger political game that will determine the face of future online communication. If we are to sell away our skills to unscrupulous companies working for power-hungry governments, that future could be very grim.
It is for these reasons that the current generation of hackers needs to take a step back and reconsider the wise lessons our parents gave us. One cannot simply take the cool image of being a hacker yet act in ways that are complete opposite. It’s not cool to assist in the creation of an Orwellian dystopia. It’s also definitely not cool to assist in the apprehension of your fellow hackers (imagine how they might feel about attending the largest European hackercamp this year). That is not to say it’s all black and white, or that we should form some sort of unified front, but maintaining a praxis that is the direct opposite of what you are preaching is both unhealthy for yourselves and dangerous towards others. So please, work out who you really are and where you stand. Read the old philes and the new. Rethink what’s going on in the world around you. Discuss the role we play in it. Define your identity. And, in the end, if you still wish to call yourself a hacker, leave the fox out.