I see the meta about me is flying through the ether again.

Allow me to state my position.

I am professionally in infosec. In some roles I have been in, I have had to interact with the authorities. It happens. Happened a few weeks ago in fact, on my terms, and it was something that most assuredly saved lives.

Once I posted a slide here on the fediverse... it was from a presentation I was doing. On it in my credentials it said that I was a proud member of Infragard.

YES, i was a member of infragard... because I was hoping their threat feeds were good, I wanted access to them.

"A proud member of Infragard" is how they require you to say it to maintain access to their feeds.

Their feeds were ok...

I have had nearly no interaction with Infragard (a public private partenership to mitigate threat actors trying to impact critical infrastructure). My interaction with the FBI came down to one case, and I was asked by the defendant to cooperate with them... funny, huh?

If that makes me a fed... wanting access to threatfeeds for research...  I think your definition of "Fed" is overly broad.

On 3/3/19 I was attacked for this piece of information. I linked it back to a particular set of threat actors wanting to stop this community from becoming what it is today. Those old rumors are back.

Let me talk about the good we have done:

We raised over $6000 to benefit Ukrainian needy caught in a warzone.

We organized assets to help Ukraine resist invasion.

We setup tools for people to defend themselves against spying, and be more secure.

We tirelessly work to tear down siloed social media.

We combined forces with other legendary hacker groups to fold proteins to complete research that led to some of the vaccines that have helped contain this pandemic.

We have gotten people their first infosec jobs.

We have made friends, a community, and fought the power at every opportunity.

We are mighty. We punch up... and we do it really fucking well.

And I am not an agent for anyone but myself, and when I get to be, for this community.

We are
We save the world.

We're getting pretty good at it.

PS: wow, you made it this far?!? All that said... I am not here to change your mind. If your threat model includes me somehow, then you should block You know what you are comfortable with, and it's not up to me to decide that for you.

A few more things...

That folding effort? For a short time, combining forces with members of the cDc and L0pht we made the largest distributed supercomputer on earth.

We did that.

We woke up forces that lied dormant in our world, and have helped recover parts of a timeline lost... still doing it unapologetically. We built it, and they came.

We did that.

We are part of a coming project that may just change everything.

So, if all those things don't tell you what is, and what my motivations are, then go ahead and hate.

I can be your boogeyman.

Your sources for info are wrong and leading you to a place you probably don't actually want to be.

I can't help you.

But I would still probably try if the opprtunity prssented itself.

@thegibson Awesome write up.

I didn't know about your past, the allegations, etc. I always just find value in your content.

Keep on keeping on. PS, I love my shirt! I haven't had a chance to post it yet but it came in a week or so ago.

@thegibson yeesh, that sucks, such drama - where are you seeing this crazy stuff? Maybe time to avoid that corner of the intertubes! haha In any event, good excuse as any to jam to the Fugs' CIA Man. :P

I have questions...
most of what i've seen of the infosec industry sounds like a terribly depressing job; everything is vulnerable, nobody actually really cares, but they pay you to to come up with some checkboxes so they can pretend to care - how do you avoid exactly that? From what you're saying, it kind of sounds like you figured out a way to remain independent, which is nice.. but convincing the corpo's of the world to /actually/ care about tech debt over ZOMGFEATURES probably won't happen... i fear :(

@jns @thegibson while this is definitely part of it, look at the flip side. There is always more to do, folks to help, and things to fix. #infosec like anything else has its ups and downs, and you mostly get out what you put in to it. It helps to have a good team and a supportive business interested in more than "checkbox compliance".

But there is always more to learn, and it's an in demand skill set.

@pseudonym @thegibson I hear ya... I guess I've just gotten too jaded by being a developer for too long haha - a ceo once demanded we push a prototype application live, even though it very obviously and trivially allowed arbitrary execution on the server hosting it, as a feature, without any type of sandboxing - while at the same time boasting about security on the company website - that type of stuff will burn you out FAST haha

@jns @thegibson Oh, you're not wrong. That stuff happens. But we get some wins too.

@thegibson it is better to defederated than it is to be defenestrated

... I'll show myself out. :)

@jns @thegibson show yourself out.... the window!

...I'll show myself out. :)

I saw one of these. It was something like "that time the head of admitted to being a fed".

It's such a vague accusation that it could mean almost anything, but of course, it's meant to evoke fears of some kind of professional snitch, spying on users for The Powers That Be.

Really felt "off".


Well, probably not. But I don't actually know you well -- just read a few posts.

But the accusation itself felt weird. It was intentionally vague: not just about the accusation, but also about who was being accused (I had to think back to realize that it probably meant you).

Designed, as it were, to be hard to fact-check, but generate maximal distrust.

And offered unsolicited, more or less at random in my feed. Like, who starts a conversation with that?

@TerryHancock @thegibson I feel like at this point I've been online enough long enough to detect Internet Drama Bullshit because I saw a post to that effect earlier and immediately went "this sounds like nonsense"

@thegibson Isn't it amazing how people get bent out of shape when they find out that "professionally involved in infosec" does not mean "professional blackhat cracker having a cover?"

@thegibson my bad for contributing to this fiasco. I was largely ignorant of infragard and how it functions. I still don't like it, but it's not as nefarious as I initially thought.

@thegibson it's been years since infragard has been relivant, is this shit still popping up?

i also still get emails from the libertarian party about how ineffective they are, that doesnt make me a libertarian.

@thegibson I had to look up infragard. From my limited exposure to the interactions between security related government orgs and the private sector, it seems people should stop basing their views on 24. It was a catchy show at the time, but, uh...

Anyway. Sorry about the Internet bullshit.

@thegibson wait what lol people on here think you’re a fed, lmfao. Infraguard is for anyone that is in infosec if you want.

@thegibson I can't believe this shit is still kicking around. I remember when a bunch of people de-federated with because you were a "fed". So fucking dumb

DHS, FBI, CIA and CISA are tremendous help. They provide more insight, data and support than many may realize.Relationahips are invaluable.

Some thoughts re: feds 1/2 

@thegibson I've been pondering this for a bit, and I will probably get flamed for it, but that is what it is.

I appreciate that you are honest about your experiences and interactions with the feds, even recent ones, but one thing that strikes me is this:

The concerns from people within communities that are actively harmed by the FBI are not addressed. And after you explain yourself and the work you've done, you start listing accomplishments with the H.T community, which I agree you should be proud of, but when these allegations come up again is not the time to bring them up.

That part of it comes off as deflecting any possible harm or threat felt by some members on here who are in the marginalized communities actively targeted by the FBI since it's conception.

And it's easy for me to accept your explanation, because I am not in one of those targeted communities. And you may have people from those communities that will still accept it, and that's completely valid.

I still want to listen to the ones around me who are worried about how flippant you are about it, and how you deflect to show off the cool stuff h.t does.

As far as I've seen no one has questioned the good h.t has done. But there are worries from people who've been harmed in the past.

re: feds 2/2 

@thegibson I know you and I might not understand how any of them might feel worry, because it's not our lived experience as white people, and specially not for me who's all the way over in Europe and only have Hollywood films to show me what the FBI is (until very recently).

I also appreciate that there is good work you can do in infosec by helping the FBI, I am not neglecting the fact that you might have saved lives.

Just as there are occassions when calling the police can save lives, but that doesn't mean we as white people should always be ready to call the cops, you know?

I love so many people on h.t and the people I've been able to reconnect with or share old hacker stories with. And you are indeed building a lovely community.

Said all that, I still I believe that there's something more to be gained here if you take some time and reflect on this part I've tried to take up here. And I don't expect you to answer me here. I'm not even sure you should.

It's hard to take time for introspection when you feel under attack, heck I've been there more than once. I am only writing this to you because I believe there's even an inkling of a chance that you'll hear me through all the back patting and defense of you.

We aren't perfect, but we can always strive to be more mindful

re: feds 2/2 

@maloki but I'd like to address me feelings on how LEO treats any marginalized group. It's fucking abhorrent, and if anyone with these concerns has trauma from experience, I am sorry for the fear and pain they feel due to it.

I take measures to make aure is inviting to many of these groups. 3 of my 4 children are LGBTQ... the actions taken to disenfeanchise them are infuriating to me.

I too have been on the threatened side of the LEO equation... I have felt some of that heat. 2/3

re: feds 2/2 

@maloki I will always try my hardest to fight inequality wherever I can find it.

re: feds 4/? 

@maloki that said, I tire of defending what I do when the results of our work are literally stopping cataclysms, personal apocalypse, and making this world a better place no matter the cost...

Professionally and as an enthusiast I spend nearly every waking hour stopping things from immolating.

I'm done apologizing for it...

re: feds 4/? 

@thegibson That's perfectly fine.

re: feds 2/2 

@maloki you aren't wrong.

I addressed this point 3 years ago when this started. But I'm not going to dig for that toot at this point. I did not this time because it is not lost on me the current meta is caused by the same individual who likes to troll me eventually.

My work is almost exclusively stopping attacks by nation-state threat actors. I don't really deal with individuals in any way. I wish I could give those stories out. 1/2

@thegibson Some people get caught before their 18 and get a job offer rather than a wrap sheet. Some people ret-con an entire org to get cred with the feds and go white hat. Some people dance a few steps to see if it's as fun as it looks.

Doesn't make you a fed. Makes you willing to try something to see if it's worth it. If that's not "hacking" what is?

@TheGibson Oh, for fuck's sake. Let me be perfectly clear: I can easily imagine cases where I'd cheerfully cooperate with the feds, or other police agencies. If I know someone's dealing with child porn or planning to blow shit up? Yeah, I'm telling.

Sometimes the cops are assholes. Sometimes they're the good guys trying to stop the assholes. Anyone who says they'd never help the feds is hopelessly intellectually incurious.

@thegibson So, I've been thinking about this one overnight, and why it matters,...

I apologize if i'm stating obvious things here, it's just me thinking out loud mostly as usual haha -

Usually when someone calls you a fed in this little world of ours, they don't necessarily mean you're working for the fbi or the cia - it means something arguably worse - you're not to be trusted.

Not just, can we trust this guy not to turn us in - I don't think any of us believe you would (unless we murdered someone lol, but that'd be outside of the scope of hacker lore). - but also - if I disclose a vulnerability i found or exploit i made or whatever to this guy - can I trust that it won't immediately be used to benifit some corp. and ergo, line some 1%'ers pockets. And in that line of thinking it is perhaps more understandable that someone would be concerned when someone works in the industry.

But here's the thing.
Disclosure no longer matters.
What matters is, what benefits us as a community.

The times where a single exploit that affects all computers in the world is big news are gone. These days, that's just a fucking monday morning. Hacking has always been about tinkering and finding clever ways to do unexpected stuff, and, again, stating the obvious here, but apparently some don't get it - breaking into computers is not exactly clever, surprising, or interesting anymore and hasn't been for a long time. Software sucks so much these days, you can sneeze at a daemon and accidentally spawn a root shell. The art is in the defense, writing good code, and teaching others how to do so, the art is in doing the right things, learning, teaching and doing the right thing no matter what, the art is in looking past and beyond the lowest common denominator, and whatever the most popular software/language/framework/whatever is,...blablabla....

The thing is though. Trust is what makes or breaks communities. If we can't trust anyone, we're stuck to just playing with ourselves, we lose the group multiplier, and the ability to do great things for and with one another. There is a reason even the feds themselves have a motto of "trust, but verify", it's because, if there no longer is trust, then the opposing side has won.

As a community (one, that by the way, has been drown out by the overwhelming noise of what commercialization of the internet and the software industry as a whole has brought to us - to the point where it's become hard to find and recognize one another) we are doing ourselves a disservice by not trusting one another. If we don't trust each other, the feds have won.

And this kind of ties in to another thing i was talking about the other day with the warez thing,... this society often pushes good people to turn on one another. Let's not fall for that?

I'm a member of Infragard too as part of my job in InfoSec.

There's way too many conspiracy theories and FUD floating around here about it.
Actually I can't discuss much of anything specific with someone I don't work with. No "talking shop" unfortunately.

@gme it's not about who's right. Marginalized people as a whole have been treated terribly by the authorities... they have reason to be stigmatized to this.

I have grown beyond infragard.

For sure, but it's also nowhere what the conspiracy theorists want to think it is either. It's an information sharing venue. The FBI shares with us threats that affect our sector and we share with them things we're seeing in our logs. And there are real threats affecting my sector.
Sign in to participate in the conversation

A bunch of technomancers in the fediverse. This arcology is for all who wash up upon it's digital shore.