The Ex-Google Hacker Taking on the World’s Spy Agencies

[Eugen Leitl]

http://www.wired.com/2014/07/morgan-marquis-boire-first-look-media/ 

The Ex-Google Hacker Taking on the World’s Spy Agencies

BY ANDY GREENBERG   07.08.14  |   6:30 AM  |   PERMALINK
 
Ariel Zambelich/WIRED

During his last six years working as an elite security researcher for Google,
the hacker known as Morgan Mayhem spent his nights and weekends hunting down
the malware used to spy on vulnerable targets like human rights activists and
political dissidents.

His new job tasks him with defending a different endangered species: American
national security journalists.

For the last month, 34-year-old Morgan Marquis-Boire has been the director of
security for First Look Media, the journalism startup founded by Glenn
Greenwald and Laura Poitras. The website has become the most prolific
publisher of NSA leaker Edward Snowden’s remaining secrets. Marquis-Boire’s
daunting task is to safeguard those documents, and the communications of
reporters who have perhaps the press’ most adversarial relationships with
Western intelligence agencies.

Beyond protecting Snowden’s favorite journalists, Marquis-Boire sees his
decision to leave Google for First Look as a chance to focus full-time on the
problem of protecting reporters and activists as a whole, groups he sees as
some of the most sensitive targets for governments globally. “I look at the
risk posed to individuals in the real world,” says Marquis-Boire, an
imposing, often black-clad New Zealander with earrings, dreadlocks, and a
taste for death metal. “In human rights and journalism, the consequences of
communications being compromised are imprisonment, physical violence, and
even death. These types of users need security assistance in a very real
sense.”

Marquis-Boire already has distinguished himself as a relentless
counter-surveillance researcher and a vocal critic of the companies that have
created an industry hawking spyware to governments. In 2012, he and
researchers at the University of Toronto’s Citizen Lab were the first to
identify Finfisher, a stealthy collection of spying tools sold by the British
firm Gamma Group that they eventually tracked to command-and-control servers
in 25 countries. Later that year he helped trace how a piece of software sold
by the Italian firm Hacking Team was used by the government of the United
Arab Emirates to spy on a political dissident beaten by thugs. Just last
month he revealed new findings that showed how that company’s tools have
evolved to target iPhones, Android devices and other mobile targets. And in
early 2013 Marquis-Boire and Citizen Lab researchers mapped the spread of
surveillance and censorship tools sold by the Palo Alto, California firm Blue
Coat to 61 countries, including Iran.

In the detective work required to pin those stealthy spying incidents on
repressive governments and Western companies, Marquis-Boire is
“extraordinarily talented,” says Ron Deibert, a professor of political
science at the University of Toronto and Citizen Lab’s director. ”There are
some people who are phenomenally adept at forensics, who have an intuitive
sense of how to make connections through different pieces of evidence,” he
says. “Morgan has those skills…But what I very much appreciate about him is
his passion for human rights.”

A Cypherpunk In The Newsroom First Look and Marquis-Boire aren’t saying much
about exactly what he’ll do at the closely-watched new media startup. But
Marquis-Boire says he was convinced early in their recruitment meetings that
First Look will treat security as a central tenet. (More about First Look’s
plans in the video below.) The job also presents a challenge worthy of
leaving his high profile position at Google: Protecting the communications
between non-technical reporters and their highly-sensitive sources in a
post-WikiLeaks and -Snowden era where they’re both increasingly targeted by
spooks.



Marquis-Boire hints that he’s already researching security vulnerabilities
that affect journalists, and working with several companies to release
security fixes to their services in the next couple of months. Brian Sweeney,
First Look’s head of technology operations, says Marquis-Boire’s work likely
will extend into research designed to protect reporters beyond the company’s
firewall. “The idea that all digital citizens, including and especially
journalists, have access to data privacy is something that we strongly
believe in,” says Sweeney.

Marquis-Boire, the son of two literature professors at the University of
Auckland, got started with security experimentation as a teenager in the New
Zealand hacker scene under the handle “headhntr.” After starting college at
Auckland, he and a group of friends wrote an article for the university
magazine about breaking into the school’s website to take over the server
that ran it. On another occasion he was called into a local telecom’s office
and “given a stern talking to about using their services as a test lab.”

But from the beginning, his interest in hacking was also political: In the
late 1990s the kiwi teenager discovered the Cypherpunks Mailing List, a group
of cryptographers and radical libertarians bent on foiling government
surveillance and empowering individuals with privacy tools. The group
eventually would foster projects like the anonymous remailers that relay
emails to obscure their senders’ identities, the anonymity software Tor,
WikiLeaks, and countless other privacy and encryption projects. “People
realized that to actually have free speech, we have to be sure we won’t be
monitored or persecuted,” says Marquis-Boire. “The intertwined nature of
privacy and free expression was at the core of the cypherpunk movement.”

Marquis-Boire and friends soon hosted what he says was the first anonymous
remailer server in New Zealand out of a “dingy warehouse apartment with far
too many blinking lights and whirring things.” Eventually, he ran five Tor
relays, the nodes in the Tor network that bounce users’ traffic to obscure
their location.

But Marquis-Boire’s first real job in security, penetration-testing banks,
power plants, and other clients for a New Zealand auditing firm, was
unsatisfying. “I spent a bit of time musing about how much it costs to hire
security consultants to do something like a black box [penetration test] of
your whole enterprise,” he says. “I wanted to give my skills to the people
who really needed them.”

“He Has Quite a Hacker Mind” In 2008, Google hired Marquis-Boire in its
Zurich, Switzerland office. He was assigned to cybersecurity incident
response at the company not long before the biggest known security crisis in
its history: the so-called Aurora hacking operation, in which Chinese hackers
breached Google’s network for months and stole information that included
source code from its servers. Marquis-Boire became an early member of the
core team of network defenders assigned to battle the state-sponsored spies
trying to eavesdrop on Google’s users. “He has quite a hacker mind,” says
Heather Adkins, Google’s manager of information security, “Of everyone I’ve
ever hired at Google, I’d put him in the top one percent of technical
capability.”

When the Arab Spring began a year later, human rights activists like those at
Citizen Lab who had seen Marquis-Boire’s presentations on state-sponsored
hacking began seeking his help analyzing attacks on vulnerable groups across
the Middle East. As revolutions and political unrest blossomed from Tunisia
to Egypt to Libya to Syria, his detective work became nearly a full-time job.
“There have been a lot of books not read and canceled vacations,” he says.

In the meantime, Google’s Adkins adds, Marquis-Boire frequently uncovered
weaknesses in the company’s defenses for users—and he’s been just as focused
on locking out the NSA as China’s People’s Liberation Army. In the wake of
revelations from Snowden’s leaks that the NSA spied on unencrypted Google
data moving between the company’s data centers, Marquis-Boire was one of the
first at the company to push for encryption not only of the company’s
internal data transfers, but also the exchange of emails between Gmail and
other providers. That pressure led Google earlier this month to start
publicly naming which email services do and don’t allow for that encryption
in a bid to pressure other companies to safeguard users’ privacy.

Marquis-Boire’s focus turned to protecting journalists in particular earlier
this year, when he and other Googlers released research in March showing that
21 out of the 25 top media organizations in the world had been targeted in
digital attacks that were likely the work of state-sponsored hackers. The
same month, he joined a technical advisory group for the Freedom of the Press
Foundation, which counts Glenn Greenwald, Laura Poitras and Edward Snowden as
members of its board. “If you can’t protect your privacy and that of your
sources, it’s debatable whether you can actually practice journalism in the
traditional sense,” he says.

That notion represents a shift from the cypherpunk views of Marquis-Boire’s
youth. Once, cypherpunks were mainly interested in seizing privacy for
themselves. Now, he says, that’s no longer enough. “When we discovered that
we could create private and anonymous communications with math, that was
super cool,” he says. “But then after a while I think it dawned on us as a
movement that the only conversations you could have with those tools were
with other cypherpunks.”

“Now it’s been thrust into our faces that the people practicing adversarial
journalism and exposing human right abuses are the real-world targets of
precisely the kind of thing that the cypherpunk movement was trying to
protect against,” says Marquis-Boire. “It’s become apparent we need to
provide privacy to those who need it, not just to ourselves.”

Tags: Edward Snowden, First Look Media, NSA, Security