We Spoke to the Hackers Who Defaced Donald Trump’s Website

"I don't think everybody should have a big fit about it," said the anonymous Canadian hacktivist of the stunt.

|
Aug 4 2015, 10:02pm


Donald Trump wants to make America great again! But perhaps first, he should properly secure his website. Photo via Flickr user Gage Skidmore

Telecomix is a hacktivist group of loosely connected individuals who are primarily known for bringing clean lines of communication to war torn areas where information is suppressed. In their own parlance, the group's guiding principle is "datalove," meaning they want to spread information far and wide while actively preventing it from being needlessly repressed.

To give you a couple of examples, during the 2012 conflict in Gaza, Telecomix provided dial-up internet lines to help people get their stories out to the rest of the world during an internet blackout. They also figured out how to provide a mass message to the people of Syria after detecting that their internet was being surveilled by the Assad government.

Their most recent action, however, was targeting Republican presidential candidate Donald Trump's website in a bizarre stunt meant to commemorate the career of outgoing Daily Show host Jon Stewart. Yesterday, Trump's website was defaced with a personal message to Stewart that began with a thank you: "[We] would like to take this opportunity to thank you for the many happy years of quality journalism and entertainment you and your team have undertaken at Comedy Central..."

Related: What Would Happen if Donald Trump Actually Became President?

The group followed up this defacement in a press release published on Pastebin, which aimed to clarify Telecomix's modus operandi among other things: "Simply, we attempt to ensure safe, uncensored channels remain available so people can inform themselves and each other anonymously."

The branch of Telecomix that took responsibility for the Trump defacement was Telecomix Canada, a team that rarely makes headlines for their actions, which predominantly focus around securing safe communication for dissidents and activists without drawing much attention to themselves.

VICE reached out to Telecomix Canada earlier today for a quick chat about their targeting of Trump. VICE also contacted a producer at The Daily Show, along with the Trump campaign, for comment, but has not heard back. The story will be updated accordingly if those parties respond.

VICE: I hadn't seen any high-profile Telecomix Canada activity until this incident. Are you a new sect of the Telecomix group?
Telecomix Canada hacktivist: Oh no, we've been around for years and years... We're not hidden, we don't make a point of hiding, we just don't do stuff that's illegal, or outright illegal, as a rule. And in this case, it's kind of a merry prank. I don't think everybody should have a big fit about it.

[Telecomix Canada] is kind of a loose-knit thing. We get together every so often and take on an op [a hacktivist operation]. We don't take on very many.

What sparked the idea of defacing Donald Trump's website?
Oh, we hadn't had an adventure in a long time. [Laughs]

Honestly, if you want to get into the deep subtleties of it, there's an awful lot about what's happened in the last five or ten years in terms of what goes on online that is driven by a lot of the philosophy [Jon Stewart] brought to the news business... An awful lot of what's going on now with people being very frank and funny online is driven by a lot of his first work. He was quite exciting, and people forget how crazy that is or was five or six years ago... He deserves a proper thank you!

And why the platform of Donald Trump's website? Just because Trump's getting so much attention right now?
We're not a hacking crew; that's not our thing at all. We did take some umbridge to [Trump's comment] that somehow you can have cheap and safe and good all in the same $3 website. And it's dangerous. This is where things go [wrong] in Canada... the federal government systems are virtually porous...

So it wasn't meant to be a higher thing; it really was meant to bring a smile, nothing more, nothing less, as described. But we did kind of want to highlight the entirety [of this cybersecurity dilemma] by dumping it on Donald Trump's corporate website, if that makes sense.

Ultimately the damage done to the website appears to be pretty minor.
This is where we become Telecomix and stick within our roles. There were several access points into the Trump.com system... We put the thank you note [in a place that was] deliberately... easy to find so they could fix it fast. So we weren't really showing everyone the [way in], you know. Because then the problem arises that someone more aggressive [exploits the vulnerability].


Telecomix's letter on Donald Trump's website.

Right, so you didn't want to open the door to more significant damage?
It's kind of like knowing [the way into the Trump site] and not saying [where it is]... We knew they would deal with it within a timely manner. We knew that we didn't want to create a circus over there.

This idea that IT [i.e. $3 websites] is something that you try to economize on... is really not a good plan. If in fact [the government] is determined to pursue surveillance... they're going to have to step up their game.

We'll continue to do our thing, we're positive, we're fairly confident that the reaction is going to be people undertaking better encryption and we're back to where we started in about two to three years. Everybody will be running HTTPS everywhere.

But, in the meantime, it creates this problem [of cyberattacks]. And if that's what's driving an awful lot of targeted attacks, and the dump of data. We're quite clear: we don't support destructive action like on anybody. We didn't see this as a destructive thing. There's probably some debate in the community depending on who you speak to.

The Trump campaign is not, of course, particularly driving any surveillance operations though.
Oh God no, [but] Trump's people lost a pile of credit card data in their hotels, [which hurts] somebody who's got a secondary mortgage on their house because they had a weekend at Trump's hotel chain [and got their information stolen]...

If you were building a car, it would require that it meet some basic standards and it be safe. We don't treat technology that way. Many large organizations—not all—treat it as a cost centre and one that they don't see worth an investment. But we honestly think—and this is a belief among our group—is that actually there's value in organizations that pursue safe environments for their people... But at the moment, certainly this is an example of a really broad problem in the industry, and in government as well.

[Canadian politician] Tony Clement is an example, we believe Tony Clement has the worst advice on the planet [Laughs].

And what are you referring to specifically?
As I say, they're pretty porous. There was a NAFTA hack this year... they left it open for a week, and they'd been notified on Twitter a week earlier about it, and they didn't pursue it at all. I mean it's really like that, and so when they start waving around cybercrime and stuff like that...

Here's the question. It's a really serious question. Although it's not really what we were hoping to raise [with the Trump hack], on a really serious level, [the government is] discussing what they claim is cybercrime. We see it, we honestly see it, more as a question of industrial negligence. That's how we really view the exercise. Open data systems are the future, but if you want them to work, you must actually do them in a way that is secure so that [the data you need to protect is secure].

Really, the issue is that it's halting an awful lot of that work because of the paranoia about cybersecurity, which is then phrased in a legal framework rather than a technical one.

So you're basically saying there's more emphasis on prosecuting cybercrime rather than on protecting systems?
No, I meant what I said in the first place! It's a question of how you see the panopticon. They see a breach and a hack on their systems as a cybercrime. We see it, although we don't participate in that kind of work, we see it as engineering negligence in the same way that somebody who built a bridge that fell down would be treated...

I don't even need to elaborate on it. That's actually it. That's actually how we see it. They call it cybercrime; we literally believe that it's negligent engineering. And there's more than enough talented people to help them do it properly.

Follow Patrick McGuire on Twitter.

Stories