Chris Rock, an independent security researcher, is pissed off that the US Director of National Intelligence, James Clapper, is more afraid of ISIS than hackers. He’s hoping to change that by teaching hackers how to overthrow governments.
“I don’t want to live in a world where ISIS is scarier than hackers,” Rock began. Rock, who runs his own computer security company, laid out how to stage a coup using an army of cyber mercenaries during his talk at the DEFCON hacking conference is Las Vegas.
Rock has the hacking skills, but he needed to find an expert on overthrowing governments and stagings coups. He contacted Simon Mann, a mercenary who was part of a failed 2004 coup attempt in Republic of Equatorial Guinea, for tips and tricks on overthrowing a government. Mann spent five and a half years in jail for his coup attempt.
With the advice from Mann, Rock used his experience working as a hacker for the Kuwait government to model his theoretical coup attempt. In an interview with Gizmodo, Rock said that he was hired by Kuwait to test the countries infrastructure. In just two years, Rock says that he and three other people were able to gain complete control of several banks and critical infrastructure like Telecoms, which also manages many Kuwait media properties.
“We also had control of things like oil and gas and water as well,” Rock told Gizmodo. This research took place five years ago, and Rock says that Kuwait has since “patched up” its security flaws.
There are three ways, according to Rock, to stage an effective coup. You could plan a revolution, but it’s pretty hot in Kuwait, so that option is out. You could rig the elections, but that won’t work in Kuwait where senior government positions aren’t elected officials. There’s something that always works: hacking.
So here’s the key to overthrowing the government from a cybersecurity perspective: hack everything and anything. Gain control of critical infrastructure, co-opt the media to spread disinformation and sow the seeds of discontent, and spy on everyone within the government.
Obviously, you can use anything in the hacker’s toolkit, but Rock thinks it’s not worth the hassle of getting too fancy. There’s no point in trying to use complex zero day exploits to compromise the software of your enemies. Use tried and true methods like figuring out admin usernames and passwords, denial of service attacks—which overload targets with fake traffic and crashes them—or social engineering. Don’t take Rock’s word for it, these are actually the methods he used to take control of Kuwait’s infrastructure.
“I’m a big fan in robbing banks,” Rock said. “They’ve got lots of money, so we can just use the bank’s money.” Hacking into banks is useful because you can steal money to fund your coup while also framing the current government as corrupt. Rock joked about hacking a bank and sending a bunch of money to Hillary Clinton to make it look like she was corrupt. It’s easy to propagate this message when you’ve already hacked the media. Instead of attacking the bank’s network, Rock suggested paying off a custodian to insert a malware filled USB stick into some of the bank’s servers.
Once you’ve hacked the telecoms and internet service providers, you can control the country’s access to the Internet, or keep it running while the current government is trying to shut it down. Of course, you will want to gain control of the country’s oil and water infrastructure.
Rock thinks that there’s a semblance of a coup taking place in America, although a very sloppy one. “You [Americans] are seeing a coup take place in your own country. It’s being leaked out very slowly, and it’s probably not the method I’d use.” Rock says he doesn’t know who’s propagating the supposed coup, and that you’d probably have to study it for a few years to figure out who is doing it. He cites the recent dump of Democratic National Committee emails from what US intelligence services believe to be Russian hackers as evidence. “The important part is the technique, that’s what I’m interested in. But they used the right target, Wikileaks will publish anything.” Which, Rock says, is great for someone attempting to stage a coup, as they don’t have to go through the process of fooling the media and verifying the documents.
Rock wants hackers to retake the throne of the government’s greatest fear, and he said that he hopes his talk inspires the next generation of hackers. Judging by the cheering and excitement of the audience, he probably did a pretty good job.