The audio below is in Spanish, but you can read a translation of the full transcript on this page.
We will now take a break to prepare the next shows, and in the meantime, we leave you with a red-hot interview. If you've been following the news these last few days, you might have heard that the Spanish anti-LGBT organisation HazteOir has been hacked. We now bring you an interview with the group ACABgang, who are behind the hacking and the leaks. For those who don't yet know, HazteOir opposes abortion and antagonises the LGBT community. It has recently been linked to an ultracatholic sect called El Yunque.
April 5: hackers get into the servers of HazteOir and access several social network accounts belonging to the organization. The group ACABgang has claimed authorship of these actions. The hackers then contact HazteOir asking them to respond with a private message before they start publishing information. In the course of the next day a number of police reports are filed. Twitter goes on to ban more than 100 accounts and blocks a number of profiles related to the leaks. Several users are requested to delete parts of the messages that quoted the leaks.
April 6: ACABgang continues to create Twitter accounts and opens up the web-page https://acab.cwm.su/ where they start publishing the documents obtained from the ultraconservative lobby group. If you're planning to read them, you know the deal, it's best to use Tor.
There are about 20,000 documents and several databases amounting to over 20GB. They lay out in detail the lobby's strategic planning, from internal reports, contact lists, court cases, to financial documents. There's also a great deal of private information concerning chairman Ignacio Arsuaga, including his private calls.
A group of independent reporters starts assessing the leaks. The details published deal with Arsuaga's political and business relations. It is also revealed that he has put his son on a hormone treatment to, erm... prevent homosexuality. The group, which has apparently received funding by multinationals such as IBM, tried to put pressure on the TV broadcaster La Sexta to retract its reports regarding the organisation's links with the El Yunque sect.
Who are these ACABgang people, though? How come they speak Spanish if they reside in Russia? We had so many questions. We decided to contact them, and they agreed to an interview on a safe chat channel in the middle of the night. Don't pay much attention to the hackers' voices, we know they used sophisticated voice distortion techniques.
Just sit back, get yourself some popcorn or some puffcorn or whatever its name is where you happen to live. You're in for a dope interview.
1. Have the lowlifes of HazteOir contacted you by DM? What did you plan to do if they got in touch? Do you feel that your aims have roughly been met after the first batch of leaks?
No, HazteOir have not contacted us by DM. They have, however, defamed us in a nice post on their own page.
The idea with the DM was simply to talk them into leaving the LGBT community alone, that they stop fucking with the community.
Our aims were clear: we'd reveal the truth. And for now, we've managed, as much as they tried to shut us up.
2. What else, apart from getting hold of leaks, can a hacker do to fight back against this tragic new upsurge of fascism?
There are many ways of combating fascism, but these days if you want to show the hidden side of businesses and such, it's best to shed light on what they keep on their hard drives.
3. Could you explain, in as simple terms as possible, how complicated it was to obtain these last leaks? In other words, how much knowledge do you need to obtain results like these? Does one have to be a megah4x0r or...?
It hardly took us a day's work to blast it all open. We just had to play some 'social engineering' on one employee, and then we slowly scaled up our privileges within the network. That got us access to the servers and connected devices, so we started sniffing the entire network.
In a matter of hours we had all we needed about every employee: their passwords, email, everything. After that, it was easy. It took us longer to download the stuff than to carry out the operation in question.
4. All Cats Are Beautiful... but many people still believe the police is there to help our good fellow citizens. Members of the armed forces often attend events organised by the hacker community with the stated intention of recruiting people. Do you think it makes sense to keep the scene 'united' even if it means having to deal with 'the enemy within'?
Cops will help whoever suits them, whenever it suits them. They show up at events, like you say, to recruit. But are they really recruiting or are they just mapping who could turn out to be cyber-dangerous?
A united scene would be possible, in fact it would be great. But cooperating with governmental agencies just isn't our thing.
5. Tell us a little about your group, if it's not too indiscreet. How did the five of you meet?
We've known one another for many years. ............ and London-born ........... have known each other for over nine years. They met at a hacker group which will remain nameless, and became very close; they currently live together.
............ (who I will refer to as ...........) met ............... in 2015, in the 'deep web.' At the market ........... because ............ sold stuff. ............. started to trade in .............. seeing as Spain had a high demand for the stuff ........... sold. It was through that business that ......... built up trust with .............. and he is now like a son to him. He has now moved in with them.
............ comes from .............. On a trip to ............ , ............. and ........... met. It took a few years, for .......... to see .............'s work. The reaction was positive, so the work continued. Many years passed, and they decided to come out into the open, and stop hopping from IRC to IRC. They created a profile on Twitter, and there they met ......... ........... participated in some hacking activities ................. .............. stopped collaborating with ............ because he was now being sought for a number of crimes and cybercrimes. ............... went to live with ............ in Latin America.
So ACABGang was not initiated there, but its public profile was. It was the top members who opened up a Twitter profile to see if that worked out well. ACABGang has many more members who are still anonymous.
6. Is there a celebrity who inspires you?
7. In an earlier interview, you mentioned that you don't see yourselves as hacktivists, but as cybercriminals. You complain that hacktivism is too ambiguous a term. Aren't they similar, though?
Not at all. Cybercrime doesn't really have much to do with hacktivism. Hacktivism is more focused on political ideas, so to speak. It often has a political or social goal.
Cybercrime is very different, it's an entirely different, extremely powerful world.
8. Isn't it ironic that you need platforms like Twitter to mass-communicate things like these, but then, because they are centralised services, they are so likely to be censored? Do you think there's a technical solution to this? Will we see it play out?
We have Wikileaks, but they don't accept small or medium leaks, they go for the big fish. And that leaves people who want to publish stuff like ours with no other option but social networks. I'm sure there'll be a platform someday that will be perfect for this, it's just a matter of time.
9. In the spirit of 'don't wait for the leaks, make them happen'... What would you say to someone who wants to start up in the world of hacking nowadays? Phineas Fisher style. Don't you feel like putting together a howto describing the methods you used to get the files? (wink wink)
I have no clue how one would get into this nowadays. I guess through social networks or forums. You could meet someone there who'll share their skills. It was all so much better back in the days of IRCs and the good old MSN, hehehe!
10. Any good-practice tips for activists who worry about their digital privacy and safety?
Always browse through a VPN, and use Tor whenever possible. Set yourself up with a botnet to use the infected contacts as proxies. They will come in handy when the time comes.
Once you're ready to publish sensitive material or take any actions that could have consequences, please don't reuse an old nick. Don't pick a name that relates in any way to your life. Become a whole new person. Never tell anyone where you come from until you're sure that you're safe.
11. Thanks a lot for the interview.
Thanks to you, and greetings from Phineas Fisher, who says thanks for the plug!