Hello Barrett,

Hope you're well.

As promised, here's the draft of the article for Defense Technology International. It's in three parts: they'll run the opening paragraph at the top, then the Q/A section, with the final bit of personal background info dropped in on the second page as a box.

I'm going to need to get hold of a photograph of you to go with this: they'll just need a basic head-and-shoulders shot I think. Do you have anything you could possibly email over that they could use, please? It would need to be 300 dpi.

I've got to file this on Monday so if you could please get back to me before the end of Sunday, that'd be great. Am happy to amend bits that may be incorrect or where the editing has misrepresented you. Hopefully that hasn't happened, but if it has, please let me know. Also, I don't know when your birthday is so my listing of your age might be wrong; the piece will be out on or around March 1 so I guess we need your age to be correct for what it will be then.

Thanks again, and all the best.

Cheers,

AB

------

"Hacktivism" - network penetration by politically motivated groups or individuals - has long been recognised as an important element of what is routinely referred to as the Advanced Persistent Threat. In the last two years, operations conducted by - or in the name of - the hacker-focused, leaderless, decentralized community known as Anonymous have risen in prominence and effect.
   More an ideology than an organization, Anonymous "members" have hacked various government and commercial sites, often in response to law-enforcement activity against other elements of what they see as fraternal parts of a wider movement. Hacks have been conducted on companies including Paypal, Visa and MasterCard when they stopped processing donations to Wikileaks, and against law-enforcement websites following clashes between police and Occupy protesters.
   But as well as distributed denial-of-service attacks and website defacements, a strain of targeted online espionage has emerged from within the Anonymous ecosystem. AntiSec - a hacker group of Anonymous supporters that last year morphed out of LulzSec, which carried out attacks "for the lulz" [laughs] - have claimed responsibility for a number of high-profile data security breaches. Key among them was last February's publication of a cache of emails from servers at HB Gary Federal, a Washington information security consultancy. Over Christmas, AntiSec accessed the servers of geopolitical intelligence analyst Stratfor, and published 80,000 subscriber credit card details and in excess of 800,000 email addresses and passwords.
   AntiSec's core hacking team do not give interviews, but they have authorised the journalist and activist Barrett Brown to speak on their behalf. Brown runs Project PM, a crowd-sourced investigative operation dedicated to exposing the secrets of the intelligence-contracting and surveillance industry. The name comes from Persona Management, a concept for covertly influencing public opinion: this was one technique discussed by various intelligence industry professionals in the HB Gary emails, which the Project PM site has extensively mined. While Brown is not a hacker, is no longer a member of Anonymous, and is not involved in AntiSec's targeting decisions, Project PM is likely to be among the principal beneficiaries of the Stratfor breach, with around 5.4 million of the company's emails due to be published as DTI went to press.
   DTI contributing editor Angus Batey spoke with Brown over two phone calls during January, and discussed AntiSec's and Project PM's aims, the links between the hacktivists and the wider Anonymous/Wikileaks/Occupy movement, and what - if anything - people in the surveillance industry can do to avoid having their confidential data hacked and published.

Defense Technology International: Stratfor seemed an unlikely target. What was the motivation behind the hack?

Barrett Brown: There's a constant process whereby probing is done to see who's got vulnerabilities, so Stratfor was very much a target of opportunity. For the most part, the people who made this hack possible know what Stratfor is, what it does, and what it doesn't do. They know that Stratfor is not an evil company. But the fact of the matter is that over their years of information-gathering Stratfor will have spoken to or heard from a number of people who are speaking on what they think to be background. What is likely is that you'll have people at companies or institutions who are talking about someone else, anonymously, saying 'These guys are doing this, we think it's unfortunate, blah blah blah.'
   Obviously we're violating the rights of a lot of people here. The hackers are violating Stratfor's rights to possess their own emails and to not have their servers intruded and then torched on the way out. And it's a shame that it's being done that way, but things have come to such a point that I personally just don't care any more.
DTI: Given that Stratfor is an information-gathering service, more like a media outlet than a security contractor, does that mean...

Brown: ...does that mean people are gonna start hacking the New York Times or whatever, presumably because they have information? Well, frankly, I wouldn't be opposed to that. I understand the negatives, [but] what we're looking at here is not just the intelligence-contracting industry going after activists - which I think is significant - but other issues that are huge. And the fact that some of these things haven't been pursued by the media is an indictment of a lot of institutions.
   We have been engaged in a conflict with portions of the US government and a number of other companies that have found common cause with them, in opposition to Wikileaks and the rest of the movement. And in the course of looking into that, we've found so many things, each one being very serious, which, taken together, represent a significant threat to information well above and beyond what [Anonymous/AntiSec] can represent. I understand the argument against it, and we always have to be more ethical than who we're fighting, otherwise there's no point in fighting. We are trying to be better than them. The CIA won't take a phone call and tell you why they did certain things - they just won't - whereas we always will.

DTI: How would you know you were nearing the point where you are no longer more ethical than your adversary?

Brown: When we initiate force against individuals. When we start carrying weapons. Right now, the closest thing to force we have is hacking, where we intrude upon a server and take information - and that's rather benign compared to the daily use of force by governments and people in our country. Until then, I just don't see it. There's all kinds of slippery slopes. Personally, I think Anonymous is gonna change and fragment before that happens anyway, so I'm not terribly worried about it.

DTI: What about the 'collateral damage' - the people who aren't part of the surveillance/intelligence-contracting industry, but who, because they've bought a Stratfor newsletter or emailed a particular company, might find their personal data or credit card information published online?

Brown: I see it as akin to during World War Two, where, in the course of fighting the Nazis, the US and Britain and Russia will accidentally smash down villages that are occupied. Obviously no-one wants to see civilians killed, but civilians are killed by the thousand in a war. And the governments that do those things, they don't get the same kind of questions we do.
   In the course of our reaction against the initiation of force by governments, we're going to end up stamping on someone's rights. But we're not going to lie about it, so that's another key difference - everything we do is out in the open. You'll never have to worry about Anonymous or our people doing clandestine things that impede upon truths. We're always going to be maximizing the degree of knowledge rather than minimizing it.
   It may sound callous, but it's not something I'm really able to care about, you know? Both of my grandfathers dropped bombs on civilians in the course of fighting fascists - and I don't know how they feel about that: but I won't ever have to do anything of that nature. What I may do is continue to participate with people who are seeking information on those people who have attacked us, and who have been keeping a number of important secrets away from the American public, despite the fact that the American public is the one funding these operations.

DTI: What operations are you referring to in particular?

Brown: After December 2010, when Anonymous first attacked MasterCard, Visa and Paypal in retaliation for them pulling the plug on Wikileaks donations, a couple of companies in that [intelligence contracting] sector were brought in to look at us. They [were referred] to Team Themis, which at the time was HB Gary, Palantir and Berico. They prepared some reports on us, and Endgame Systems created a report on us and on Wikileaks in late 2010. And of course we came upon these when we hacked HB Gary Federal in February 2011. There's also a program called Romas/COIN, held by Northrop Grumman since at least 2008, which was supposed to [be recompeted] in late 2010. A large array of companies was set up to win that contract, and [one consortium] included Apple and Google. And there are others we're investigating but haven't gone public with yet. The problem gets worse and worse the more we learn about it.

DTI: have you noticed the tactics of the companies you're investigating changing at all as a result of you making these things public?

Brown: There's a smaller company called Provide Security, the CEO of which just absolutely hates me. He's reached out and gotten involved with a group of hackers and ex-military people, and people who used to [be involved with] Anonymous but for some reason or another are now really opposed to Anon, who work out of IRC [internet relay chat rooms] just like we do. And, obviously, being who they are, they have much less dignified methods of going after us. So oftentimes these companies are doing the same things we are, but in worse ways than we normally do.
   It doesn't really hurt us that much, but it hurts them, I think. If they start adopting the methods of Anonymous then it's gonna be hard for them to explain how is that they're the better person in the fight. They usually point to our methodology as being a negative, so they lose out on that. I'm not saying that we're better than them, or they're any worse than us: what I'm saying is, from a practical standpoint, that people who are reading this should probably be careful how they react, and that they not drop down to our level.

DTI: What do you see as likely next steps?

Brown: [Releasing personal information] is going to be very small beer compared to what's going to happen in the near future. We're closing in on a very unprecedented situation, whereby the internet has provided for a sort of low-impact civil war. We have people on the streets every day being attacked by cops... I won't beat to death the fact that we're under assault and we're reacting, but I would just say that we didn't start the fire in this case. There's nothing that's been done through Anonymous that has not been done by the US government - not a single thing. And the people [within Anonymous] that are doing things are not getting paid, like the police or the FBI: they're doing it on their own, with their own time, at their own risk. I've got a lot of friends who've already been arrested and charged, and others who may be, and I will eventually be charged myself.

DTI: In these pages you're speaking directly to the industries you're concerned about, and to people in the defense and intelligence establishments generally. What is the one thing you'd want that readership to take away from this interview?

Brown: That they don't know as much about the industry as they think they do. People should be careful about wanting to think that they really know the totality of what's going on in that industry. Everyone wants to think that they are on the inside of things, but a lot of times it turns out that they don't know what other companies are doing, and they have no way of knowing - and that's by design.
   I see a lot of unwarranted competence on the part of some of these people who immediately dismiss what we're saying about this industry - about some of the negatives of persona management and what it could be used for. It's really hard to argue with something like [persona management], that's made purely from information, and is surely used to fight terrorism on occasions, which is great. But the idea that some of these things aren't going to come back and bite us in the ass is ridiculous. They already are to some extent, and now you have companies that increasingly find it advantageous to offer their services outside the government as well: there's absolutely no way this isn't going to evolve in such a way as to bring a lot of these offensive capabilities into widespread use, to everybody's detriment.
   A sliver of the industry might be doing things ethically, or taking precautions, and making sure they're not ridiculously on the side of the bad - but other people are not necessarily making those same decisions. I'm not saying that everyone's a villain, or that most of them are - or even that any of them are. I'm saying that they are doing things that haven't been thought through and that they can't think through in a meaningful way based on the small part of the industry they're aware of.

DTI: Anonymous's slogan is "Expect us": is the inevitability of your attentions something people in this industry will have to learn to live with, or is there anything they can do to prevent it?

Brown: I think it's the former. Remember that I don't spend my time individually looking at different companies one by one: I spend my time trying to figure out how to prompt hundreds of other people to do exactly what I'm doing, and to do it more efficiently than I have been doing. I'm looking at a large-scale end-game where most of these companies are going to be affected at some point. From the standpoint of someone who wants to earn, it's a pragmatic, reasonable choice to pursue things like persona management, disinformation, surveillance. And we recognise that the best way to prevent that is to make it so risky that it's no longer pragmatic. We're not looking to get the Senate to bring in an oversight board or anything like that - those boats sailed long ago.
   I'm trying to prompt a chain reaction here, in their direction. To some extent, I've made some headway with that. At our end we're developing methods to multiply our capabilities. And if you look at the course of Anonymous and Wikileaks and the movement over the past two years, I think it's safe to say that our trajectory is worth paying attention to.

---

Barrett Brown
Activist, author, journalist; founder of Project PM
Age: 30
Background: Although he has worked cleaning movie theaters, in advertising and as a journalist, it is as an activist supporting the Anonymous/Wikileaks movement that Barrett Brown is best known. A college dropout who finished his high school education via distance learning while living in Tanzania, Brown has, to his occasional chagrin, become the public face of the politicized hacker underground.
   Warfare has been a recurring theme of Brown's life. Both his grandfathers served with the US Air Force, flying bombers in the eastern and European theaters during World War II. An elementary school contemporary of George W Bush's twin daughters, Brown was living in Dar es Salaam with his real-estate dealer father when the American embassy in the city was bombed in 1998. Since 2010, the former Anonymous member has concentrated on fighting what he sees as the unaccountable and unregulated trade in private surveillance and intelligence technologies.
   Brown publishes his research into the intelligence/surveillance industry at the Project PM website - wiki.echelon2.org. His first book, Flock of Dodos, was published in 2009; last year he signed a six-figure deal with Amazon.com to write a book about Anonymous, which he is currently working on. He lives in Dallas, Texas, with his girlfriend, a graphic designer.