Share this page!

Lesley Carhart Profile picture
Twitter logo
20 Jan, 10 tweets, 2 min read
It's Tuesday night on January the 19th of 2021, therefore time to burn it all down. Let's talk politics and infosec.

Let's try to put some very basic, hopefully not-too-terribly controversial concepts out there in discourse:
1) Tech (including infosec and hacking), is deeply political.

Technologies invented, hacked, or adapted in a well-meaning bubble will frequently be abused for political purposes, or have an unforeseen political impact on society. See: mobile phones, social media, facial rec.
2) Forget or ignore Rule #1 at your own risk, and the risk of the next generation.

This is why learning about history and ethics is really important to even the most isolated and insular tech communities. Stuff from the way back can come back to bite everyone in stunning ways.
3) This is a reason why diversity of cultures, ideas, gender, race, and backgrounds is so important in technology and in security. It helps people see the whole picture, and see the technologies they secure, sell, make, and hack from a different perspective.
3a) No really, it's not about virtue signaling. Aside from basic decency, it's about realizing your billion-dollar tech doesn't work for 30 percent of the population because of the color of their skin, or that you're going to be sued and boycotted when it is used to abuse people.
4) You don't 'just hack stuff, man'. You are either having a security impact on the operational and security posture of organizations that Do Stuff, or you are building tools that will be leveraged by both attackers and defenders from all nationalities and political leanings.
5) It's perfectly fine to recognize all this and choose not to talk about politics in public at all, but recognize that that is still a political statement - and that you are still having some small or large impact on discourse, power balances, government, policing, and so forth.
6) People in infosec and hacking can have political opinions - even vocal ones - and still perform totally unbiased analysis, investigations, and research.

One of the first things we learn as investigators is to seek out and *recognize* and mitigate our biases and assumptions.
6a) Yes, you. You also do have biases, and if you don't think you do, you need to do more introspection. They can be as simple as thinking your work is foolproof, or as complex as cultural misgivings.
7) I find hacker culture to be a beautiful, chaotic, insane, and deadly serious art form that I'm privileged and humbled to touch a little corner of. It's tied into subcultures, tech, curiosity, a wild spectrum of politics, and most of all, people. Appreciate that. It's glorious.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

Lesley Carhart Profile picture
19 Jan
The Solarwinds incident is breathtaking in its scope, but it was also such a huge and delicate house of cards. It will take a long time to clear every organization, but really, one flagged bad device login brought so much infrastructure crashing down.
This really lends credence to the “adversaries only have to succeed once and defenders have to succeed all the time” mantra being bunk. One defender was successful once at a point in basic defense, and a bite got taken out of a very costly instrusion into multiple organizations.
Something else important to note for multiple reasons was the reuse of TTPs. A well resourced, state style adversary can scale up impressively to compromise multiple orgs simultaneously, but it came at the cost of some cookie cutter tactics that could be tied to one another.
Read 6 tweets
Lesley Carhart Profile picture
18 Jan
I'm just instantly blocking people who try to gaslight me this week, be it on infosec, minimum wage, natsec, or human dignity. Don't care if they're blue checks, execs, or have 8000 infosec followers. I'm all out of bubblegum.
I'm getting a lot of questions on this:
Gaslighting is different than debate, even bad faith debate, because it involves a person with some kind of power or authority persistently trying to convince you or me that what we personally experienced with our own senses didn't happen.
For instance, we all watched the capitol riots from a dozen cameras in real time, but there are people persistently working to convince us we saw something else, and that on-camera events didn't happen.
Read 5 tweets
Lesley Carhart Profile picture
12 Jan
We aren’t going to just forget that one of “ours” in our professional community enabled the events of the past week, are we? What ended up happening to this chucklenuts?
I think about this genius a lot.
Knowing infosec I’m legitimately scared he still works there, has faced no real consequences, and I’ll see him on the board of a con in two years.
Read 5 tweets
Lesley Carhart Profile picture
12 Jan
I know I am not the first one to say this, but there are a lot of very well credentialed people in tech worrying what would happen if internet giants collectively de-platformed a group who isn't right wing, while totally erasing the fact that it already happened to sex workers.
(Which is not a reason not to worry about the power that internet giants and infrastructure provide and the ethical and legal complications. Just stop erasing an entire group of people, many of whom have suffered horrible abuse or worse as a result.)
If there was one thing I was brought up wrong about even by a relatively liberal, non-religious family, it was what sex workers go through each and every day, and how unfairly persecuted they are. I regret not knowing that sooner.
Read 4 tweets
Lesley Carhart Profile picture
12 Jan
It is really important, in infosec and natsec, to understand if your adversary is making a tactical or a strategic choice.
For instance, why are they moving laterally? Is it because they just aren’t able to get their tool to run, or because they know exactly what system they want to reach on your network?
Is the immediate attack a distraction, or is it the point?
Read 5 tweets
Lesley Carhart Profile picture
11 Jan
I am so tired of conspiracy theories about
1) Nationwide blackouts
2) Nationwide internet takedowns

It's like suggesting somebody is going to simultaneously unscrew every screw of varying sizes and types in your home.
Neither of those things is happening in modern times without a nuke or an asteroid.
Also, the "national blackout" wet dream conspiracy theory is about the lamest one I can possibly think of - grow some post-apocalyptic creativity. Places all over the world do fine with unstable power. I think of 11 more interesting ways to destroy civilization by breakfast.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @hacks4pancakes has new unrolls!

Check out other threads from @hacks4pancakes!

Read all threads by @hacks4pancakes