tv HAR Dtalk BBC News February 4, 2020 12:30am-1:01am GMT
12:30 am
our top story: xi jinping says stopping the spread of the coronavirus is the most serious task facing china. the leadership admitted shortcomings in its response, as the number of people killed in the outbreak there rises to 425. some 20,000 people have been infected worldwide,the vast majority in china. the first formal test in the race to the white house is under way in iowa, with democratic candidates contesting the caucuses. president trump is expected to secure the republican nomination with ease. and on our website, scientists say they are deeply disappointed after trials involving an experimental vaccine against hiv proved ineffective. it had been hoped the jab would work against a southern african strain of the virus which causes aids. other research will now be prioritised instead. that's all. stay with bbc world news.
12:31 am
now on bbc news, it's bbc hardtalk. welcome to hardtalk, i am stephen sackur. for nations, corporations and all of us as individuals, the age of the internet has heightened vulnerability. information and data, the most valuable of all commodities, are at risk from hackers, motivated by greed or the national or ideological interest. my guest today, lauri love, was from childhood a gifted computer geek who joined a so—called hacktivist collective. he was charged with hacking secrets from the us military and narrowly avoided extradition, so what does his case tell about the realities of cyber security?
12:32 am
lauri love, welcome to hardtalk. this word hacker, would you describe yourself, have you ever described yourself as a hacker? i have happily described myself as a hacker since the age of 12, 13, because in our culture it didn't originally carry any negative stigma so it's just somebody who doesn't just accept that things work the way they are described but decides i'm going to explore, take them apart, put them together in new ways and be innovative with the technology.
12:33 am
i think it's a positive thing. so the main motivation might be curiosity, but i think the word has come to carry a lot more baggage than that these days. we think of hackers as people who are trying to break down cyber defences for all sorts of reasons, many of them malign, so where do you fit in that interpretation of hacking? we actually had a bit of a language war in the 1990s when we tried to get people to use a different term for malicious or criminal, and we use cracker to distinguish between people who are tinkering and trying to improve things and the people who are transgressing. we failed at that, so the terms now overlap and i think you have to contextualise it. so if you are hacking something to cause some damage or for financial gain or as part of a criminal enterprise or nation state antagonism, then i would differentiate that from the kind of hackers that improve technology or diagnose things or try to build up our defences so that we can be not as vulnerable.
12:34 am
interesting getting your first answer that you went right back to childhood. i want to take you back there again to ask you this. were you extraordinarily gifted? i use the word again, a bit of a prejudicial word, geek, in my introduction to you. did you see yourself as a geek and how specialised and gifted do you have to be to become a hacker? i'd say that i am differently gifted. part of the process we are going through of recognising neuro diversity is seeing that people can have a different set of skills that complement the skills that other types of people have. myself having asperger‘s and being on the autistic spectrum, there is an ability to develop strong interests and to really dive deep into something and absorb a large amount of information and i think that's something that characterises a lot of geeks is you have something that you are into and you master it,
12:35 am
so that, manifestly from quite an early age with mathematics and science. so here we have you as a teenager getting more and more deeply into your computers and into how they work and how you can use them in different ways from most people. that takes you to hacking and that takes you to collectives like the so—called cyber army that you are associated with, even i think as a teenager, and a little bit later to the group known as anonymous. you portrayed yourself as a guy driven by computer curiosity but those groups were driven by much more than that. cyber army was in the 1990s and in some ways was a precursor to other hacktivist groups like anonymous but there were less actions that involve compromises of computers. you are not disputing that
12:36 am
you are involved with anonymous. i would describe anonymous less as a group than a tactic. it is somewhat like the black bloc that people use in physical process where everyone dresses the same so that there is heard anonymity, so if you describe yourself as a member of anonymous you have kind of defeated the point. you are toeing around it! it is a roundabout way of saying there is not much point acknowledging it but there exists a protocol. anyone can take up this tactic to use it and make a point. so let's cut to the legal action which really unfolded in 2013 when there was a knock on your parent's door. at which time you are a student and had been to university and had dropped out for a while but none the less you were a gifted young man, living at home at the time in suffolk with your parents. there is a knock at your door, it is the british authorities and they are convinced that you have hacked into some of the most sensitive military internet sites
12:37 am
in the us federal government. it was actually somebody dressed in a ups delivery costume he knocked on the door and said there is a parcel for lauri love. as a kind of guise to get me down quickly rather than a police officer or an nta agent. i didn't get a package and was read my miranda or my caution. the national crime agency are driving this investigation. it is not an investigation any more. it certainly was then! there was a knock on the door in october 2013 and that began a process that has stretched on for about five or six years. and it is interwoven, the uk authorities and us authorities. the uk authorities were driving it but a lot of the information and motivation was coming from america. to quote the attorney for the southern district of new york, who we ironically have had on this programme talking about different cases, but none the less he was very
12:38 am
involved in your case. he says, lauri love is a sophisticated hacker who broke into, for example, federal reserve computers but also us army and nasa and other state institutions. he stole sensitive personal information, made it widely available and left people vulnerable to malicious use of that information. now that the us appear to abandon efforts to extradite you to the us, can you tell me, is that true? i don't think they abandon efforts. there is the high court overturned the decision. for some important reasons. and we will get to that. 0kay. if your question is, did i commit the alleged offences,
12:39 am
the problem as it is still sub judice in that i may be, i'm suspecting to be charged at some point in the uk and it would go to court so it would not be appropriate to undermine due process by commenting on that. i understand, because it isn't clear whether the uk authorities are ultimately going to charge you are not it is delicate legal territory but there are some things put into the public domain that i am interested to discuss with you. for example, in court papers the us authorities claim that through monitoring of your internet activities you once said, and this is a quote, you have no idea how much we, and you appear to be speaking on behalf of yourself and associates, there is an expletive and people can imagine what it might be. we can "mess" with the us government if we want to. here in the uk, the way we do things as we don't publicise the evidence when someone is being investigated. they are arrested and charged at that point and are able to see
12:40 am
the evidence and form a defence. is that the case that you feel you have the capacity to, let's use the word mess, with the online, cyber activities of the us government. if you choose to do so you have that ability. let's talk about it in the abstract. so someone who has the capabilities, to compromise things, has the potential to cause disruption, and we have seen it already with breaches and that same person has the potential to prevent those breaches by applying the same skill set as part of civic society, so this is what i do now as a cyber security consultant, i help networks avoid the potential of the breaches such as those that happened in the us. so you have in a sense, to use the old cliche, you have become the poacher who has turned gamekeeper? yes, and we require that. but if i may, my question is if your ideology has shifted.
12:41 am
you were a poacher, it seems, if one were to associate you with cyber army and anonymous and that mindset, you're somebody who felt that power was not accountable and you were going to undermine power, particularly in the case of the us military establishment, by discovering and releasing top—secret information. so has your ideology completely changed now? so, let's contextualise what has happened. my campaign was after the death of erin schwartz, a promising young technologist, who wrote some of the protocol is the web is built from and he was hounded to death by the department ofjustice in an overzealous prosecution. to be clear, he committed suicide? because he was facing decades in prison and millions of dollars in fines for downloading scientific journal articles, but the actual reason for the aggressive prosecution was his association
12:42 am
with campaigns to keep the internet free and association with internet transparency group such as wikileaks. but none the less, democracies in a sense have to keep secrets, don't they? the public consents to certain secrets being kept and you were trying to undermine those, or at least those responsible for the particular cyber attacks in question, were seeking to undermine those secrets? that would be the case if information was publicised, so it is the case that information was accessed because there was insecurity, embarrassing levels of insecurity for the networks, of the sensitivity of which we are talking. is it again, without getting into specifics, is it easier than people might imagine, even today, to get into these suppose it top—secret, highly secured cyber networks? i think the phrase that comes to mind is, but for the grace of god go we. more things have been hacked now
12:43 am
than have not been hacked. we only discover when the data is sold in the dark web and many breaches remain under the surface because the attackers don't want to give it away. a final point on your personal experience, because it has been a complexjourney you have had to go through. in 2018 the british appeal court rejected a us effort to extradite you to face the charges you have outlined. they did it for two reasons. one of which is they felt given your mental health, your formal diagnosis of autism and your history of depression and serious mental illness at times, that your mental health would not be safeguarded in the us system. how close did you come at times during this process to having a very severe problem? i would say i was actively to acutely suicidal throughout the entire extradition process.
12:44 am
probably the darkest moment was when we lost in the first instance at the westminster magistrates‘ court and at that time the law had been changed after gary mckinnon‘s case so that the right of appeal would no longer be automatic, so it may have been that the right of appeal was not chosen by the high court and at that point us marshals could have come and met police would have taken me and as far as i was concerned that would have been the end of my life. how long it would take before i die might have varied but i could not imagine emerging from the concrete box, whether suicidal or neglect orjust dying in the cell. the actual wording that was used by the high courtjustice was that it would be unfair and oppressive to send someone with the medical complications that i have into the system of detention in the us, and we had a lot of expert witnesses come in and talk
12:45 am
aboutjust how bad the conditions are especially at the metropolitan correctional detention centre, but generally the us federal custody, there is insufficient provision for mental health, and that is another reason why there has to be reform of this system in the us. it is — it's actually quite difficult to read some of the things you said when you clearly were in a pit of despair during this legal process. at one point you said, and this is a quote which you probably remember, i will kill myself before i am put on a plane to america. they can use as much violence against me as they want, but my will is sovereign over my own body on my own life. which remains the case. it echoes the poem written by somebody in world war i, i am the captain of my fate. and again, if your human life, your value as a human
12:46 am
being, is to be reduced to being locked up for the rest of your life as an example to try and deter other people from seeking justice through hacktivist campaigns, in horrific conditions, where you'd be left in neglect, then i'm not sure that that constitutes a human life, with the dignity that a human should be accorded, at that point. you clearly identify with other people who have fallen foul of the united states‘ attempts to ensure cyber security. i'm thinking of people like chelsea manning and julian assange. i believe after your final victory in the appeal court, and the avoidance of extradition to the united states, you made a point fairly soon after of going to see julian assange while he was in the ecuadorian embassy. chelsea manning is in prison
12:47 am
for contempt of court, after being convicted and having her sentence annulled by president 0bama. she should be getting on with her life. she's been dragged into this grand jury process as elements of the united states really want to getjulian assange, in my view, for acts ofjournalism. and chelsea manning blew the whistle on the collateral murder video and provided the public with vital information as to how the military campaigns in afghanistan and iraq were going. unfortunately, the rest of the media did not provide that transparency. well, i understand well that point, but i also want to come back to something i said earlier. do you accept that democratic nations, as well as more authoritarian ones, not only have the intent to safeguard secrets in terms of national security, but have a right under an obligation to, and that actually in democracies the public does consent to that? and you and others who seek to break down those defences are actually operating contrary to
12:48 am
what the public wants. nobody consents to war crimes being covered up. nobody consents to the public not to the public not being informed as to how their tax moneys, and how people are being killed, often civilians, in conflict areas. we require whistle—blowers to be in a free and democratic society, because without the transparency, the sunshine of transparency, then there is a tendency — default tendency towards corruption. and so it is necessary. there will be a tension between secrets being kept, and there is in the national interest a requirement to keep secrets. sometimes that has to be counterbalanced by the public‘s right to know, but also the requirement for things to be brought out in the public interest. i would say that chelsea manning's acts were classic whistle—blowing, and have been recognised as such. julian assange facilitated that,
12:49 am
and the fact he is facing 135 years in prison, i think, is atrocious. well, julian assange‘s fate very much uncertain right now. let us return to you and your future. it is interesting that now you're working with a consultancy based in australia offering businesses the opportunity to safeguard their secrets, working against the hackers. you also interestingly i think were offering advice to the uk government when the national health service was attacked with a very dangerous virus. would it now be fair to say you see yourself as this idea of a white hat hacker? is that what you have become? there is this distinction between white hat and black hat hackers, in terms of working within the rules and parameters
12:50 am
of society, and the black hat being more in it for themselves. and you can't really have this binary distinction, it's shades of grey. i would say that i have never had a malicious intent, even to whatever extent i may have been involved in the anonymous hacktivist campaigns. it was through interest in achieving a more just society. having the skill set i do, which is fortunately in massive demand, because we cannot train enough people with these demands to fulfil the requirements we have for cyber security, if i was not applying that to keeping the world safe, then i would be wasting the talents that i have. and talking of your insights and talents, let's turn to the next generation. you're in your early 30s, but i know you spent a lot of time thinking about the next generation of computer wizards, young people with a special gift, to understand and take further computing capacity. how do you ensure that the next generation of kidsjust like yourself don't become dangerous hackers, but actually become people offering society something positive with their computer skills? it's all about creating the roots
12:51 am
into the right kind of role. so at the moment there are a lot of people that have the skills, and they're not being identified in the schools, they're not been brought in through the human resources hiring process. but oftentimes because, like myself, they're neuro—diverse and don't necessarily get a good cv and interview well. but they're fantastic behind the computer, and some people are finding these skills because they're into video gaming, and the point of video gaming is to beat the other guy. so if you can beat them by being more skilful, that's great. by cheating, that's fine. and then there is a moral hazard where they get into forums where they learn to hack the game, and they might be talent spotted by a sketch from an organised crime
12:52 am
group, who will say come and hack for us and we'll make you lots of money. into the dark web, but it is not even just that. there are no legitimate businesses, some of the multibillion—dollar businesses who are offering major rewards to people who can find a new door entries, new flaws in some of the operating systems, android and apple. there are millions of dollars available to young people who can find hacks to break down security system. does that strike you as something beneficial, or something potentially deeply dangerous? no, i think it's a fantastic development. in the early 1990s, i try to do the right thing, i tried finding a security problem and a web host in the uk, the biggest in the uk at the time, and i try to get in touch with the admin and i said this is why your system is insecure. and they just pulled the plug, called the police, and i had my internet cancelled, and they didn't want to have the dialogue. and for a long time, and it's still the case that security researchers are at risk of being criminalised. recently a panel of academics has
12:53 am
said that we need to recognise security breaches as human rights defenders for their ability to identify problems, and give them a protected status in revision to legislation. so bug bounties is the term. bug bounty is the term so the idea is that you find a bug, something behaving that the wait was intended to do. a weakness. a weakness, a vulnerability, and you can only do that by prodding and testing. so what these companies do is lower their defences and say you can have a go and tap on that window and try that door, but we are going to make a deal with you. you don't do any damage. you write some sort of report so that we can action that intelligence and then we will praise the value of it. that is when it is done safely, but in other instances people can sell what they discover about the weaknesses to third factors with malign intent, which brings us back to where we are right now.
12:54 am
as we sit here, you, one of the great gurus of computer security, whether you believe that all of us in their individual online lives, and nation states, can ever be truly sure that we are safe in their online world. i will read you something edward snowden said the other day. he said, listen, your computer, the security of your devices, whether it is your phone or washing machine, it is binary. it is either secure or it is not. there is no option to make it secure against the bad guys but insecure against the good guys. the truth is, all of us are secure or none of us are, so which is it? so that was actually in the context of inscription and government security services trying to undermine encryption. and we need it to communicate securely and store data securely. in terms of general security, it is a continuous process. you constantly have to be chasing and working to find bugs and eliminate them. but are we getting more 01’ less secure? we're getting better, and i see through my work now that there is an evolving ecosystem in the security community of people working together,
12:55 am
sharing information, helping their defences grow. so we are actually building something like an immune system for the internet, and it's fascinating to watch evolve in real time, and i'm happy to be a part of the process. lauri love, it has been fascinating having you on hardtalk. thank you very much indeed. hello. we've got some fairly chilly and windy conditions out there at the moment. with low pressure very much in charge of the weather at the moment, it is an unsettled story. quite lively weather, in fact. early tuesday, we're likely to see a bit of travel disruption, particularly for scotland and northern england, with a combination of some severe gales and also some icy stretches, and wintry showers around too.
12:56 am
now, we've got an area of low pressure that's moving south through the north sea. quite a lot of isobars on the map, so it is going to be a windy picture first thing tuesday morning, and quite a chilly morning too. temperatures just about above freezing for most of us, but a little below freezing, i think, in the countryside first thing. and if we take a look at the wind gusts we're likely to see tuesday morning, up to around about 40—50 mph quite widely across much of scotland, perhaps even 55 mph across the pennines. windy too for northern ireland, down towards the midlands, and even along the south coast we could see gusts of wind reaching around 45 mph. so tuesday, blustery showers really wherever you are, also a bit of sunshine on offer. but do watch out for those icy stretches first thing, particularly across the pennines, southern uplands, and highland scotland as well. most of the showers should gradually ease away, though, through the day on tuesday, so it will be a gradually improving picture. some sunshine developing, a bit of patchy cloud here and there, and those strong, gusty winds slowly starting to ease on into the afternoon.
12:57 am
but temperatures only around about 8—10 degrees, and with the wind chill, with a brisk northerly wind, it will feel a bit colder than that. and then, as we move through tuesday night and then on into wednesday, eventually we'll start to see this area of high pressure building in from the west, so that will quieten things down. we're going to be seeing largely dry, clear conditions through tuesday evening and overnight into wednesday as well. perhaps a little bit more across the north—west of scotland, with a few showers here. elsewhere, clear spells, a few mist and fog patches, and a touch of frost. so first thing wednesday, temperatures quite widely down to around about freezing, perhaps two or three above in more rural spots, but a chilly wednesday. a little bit of mist and fog around, especially further south across england and wales. that should lift into low cloud, but more sunshine developing during the afternoon. a little bit cloudier across the north—west of scotland. fairly cool temperatures, somewhere between about 7—9 degrees for most of us. looking ahead towards the end of the working week, that area of high pressure stays with us, so not only dry on wednesday, but also for thursday and into friday too, with a bit of sunshine. but also look out for frost, mist and fog.
12:58 am
and then, as we look towards the weekend, well, later on friday into saturday, the first weather front moves across the uk, bringing outbreaks of rain at times. so it's a bit of an unsettled story as we look towards the weekend. particularly by sunday, things turn wet and windy once again. bye for now.
1:00 am
i'm katty kay, in iowa. the headlines: the democrats‘ race for the white house gets real, with the iowa caucuses set to be the first formal test for the remaining candidates. i‘m kasia madera, in london. also in the programme: forced medical care and people held down to be sprayed with disinfectant — china adopts extreme measures to tackle the spread of the coronavirus. scenes like those now can be found right across social media, and they are really fuelling a sense of anxiety and fear about the coronavirus that is spreading right around the world. a setback in the fight against aids, as scientists say an experimental vaccine against hiv does not work. and we have a special
171 Views
IN COLLECTIONS
BBC News Television Archive Television Archive News Search ServiceUploaded by TV Archive on