The Ex-Google Hacker Taking on the World's Spy Agencies

Morgan Marquis-Boire is the director of security for First Look Media, the most prolific publisher of Edward Snowden's remaining secrets. His daunting task is to safeguard those documents, as well as the communications of reporters with perhaps the press's most adversarial relationships with Western intelligence agencies.
20140620MORGANMARQUISBOIRE041edit
Ariel Zambelich/WIRED

During his last six years working as an elite security researcher for Google, the hacker known as Morgan Mayhem spent his nights and weekends hunting down the malware used to spy on vulnerable targets like human rights activists and political dissidents.

His new job tasks him with defending a different endangered species: American national security journalists.

For the last month, 34-year-old Morgan Marquis-Boire has been the director of security for First Look Media, the media startup founded by eBay billionaire Pierre Omidyar that has recruited journalists Glenn Greenwald and Laura Poitras.1 The website has become the most prolific publisher of NSA leaker Edward Snowden's remaining secrets. Marquis-Boire’s daunting task is to safeguard those documents, and the communications of reporters who have perhaps the press' most adversarial relationships with Western intelligence agencies.

Beyond protecting Snowden’s favorite journalists, Marquis-Boire sees his decision to leave Google for First Look as a chance to focus full-time on the problem of protecting reporters and activists as a whole, groups he sees as some of the most sensitive targets for governments globally. “I look at the risk posed to individuals in the real world,” says Marquis-Boire, an imposing, often black-clad New Zealander with earrings, dreadlocks, and a taste for death metal. “In human rights and journalism, the consequences of communications being compromised are imprisonment, physical violence, and even death. These types of users need security assistance in a very real sense.”

Marquis-Boire already has distinguished himself as a relentless counter-surveillance researcher and a vocal critic of the companies that have created an industry hawking spyware to governments. In 2012, he and researchers at the University of Toronto's Citizen Lab were the first to identify Finfisher, a stealthy collection of spying tools sold by the British firm Gamma Group that they eventually tracked to command-and-control servers in 25 countries. Later that year he helped trace how a piece of software sold by the Italian firm Hacking Team was used by the government of the United Arab Emirates to spy on a political dissident beaten by thugs. Just last month he revealed new findings that showed how that company's tools have evolved to target iPhones, Android devices and other mobile targets. And in early 2013 Marquis-Boire and Citizen Lab researchers mapped the spread of surveillance and censorship tools sold by the Palo Alto, California firm Blue Coat to 61 countries, including Iran.

In the detective work required to pin those stealthy spying incidents on repressive governments and Western companies, Marquis-Boire is "extraordinarily talented," says Ron Deibert, a professor of political science at the University of Toronto and Citizen Lab's director. "There are some people who are phenomenally adept at forensics, who have an intuitive sense of how to make connections through different pieces of evidence," he says. "Morgan has those skills...But what I very much appreciate about him is his passion for human rights."

A Cypherpunk In The Newsroom

First Look and Marquis-Boire aren't saying much about exactly what he'll do at the closely-watched new media startup. But Marquis-Boire says he was convinced early in their recruitment meetings that First Look will treat security as a central tenet. (More about First Look's plans in the video below.) The job also presents a challenge worthy of leaving his high profile position at Google: Protecting the communications between non-technical reporters and their highly-sensitive sources in a post-WikiLeaks and -Snowden era where they're both increasingly targeted by spooks.

Marquis-Boire hints that he's already researching security vulnerabilities that affect journalists, and working with several companies to release security fixes to their services in the next couple of months. Brian Sweeney, First Look's head of technology operations, says Marquis-Boire's work likely will extend into research designed to protect reporters beyond the company's firewall. "The idea that all digital citizens, including and especially journalists, have access to data privacy is something that we strongly believe in," says Sweeney.

Marquis-Boire, the son of two literature professors at the University of Auckland, got started with security experimentation as a teenager in the New Zealand hacker scene under the handle "headhntr." After starting college at Auckland, he and a group of friends wrote an article for the university magazine about breaking into the school's website to take over the server that ran it. On another occasion he was called into a local telecom's office and "given a stern talking to about using their services as a test lab."

But from the beginning, his interest in hacking was also political: In the late 1990s the kiwi teenager discovered the Cypherpunks Mailing List, a group of cryptographers and radical libertarians bent on foiling government surveillance and empowering individuals with privacy tools. The group eventually would foster projects like the anonymous remailers that relay emails to obscure their senders' identities, the anonymity software Tor, WikiLeaks, and countless other privacy and encryption projects. "People realized that to actually have free speech, we have to be sure we won’t be monitored or persecuted," says Marquis-Boire. "The intertwined nature of privacy and free expression was at the core of the cypherpunk movement."

Marquis-Boire and friends soon hosted what he says was the first anonymous remailer server in New Zealand out of a "dingy warehouse apartment with far too many blinking lights and whirring things." Eventually, he ran five Tor relays, the nodes in the Tor network that bounce users' traffic to obscure their location.

But Marquis-Boire's first real job in security, penetration-testing banks, power plants, and other clients for a New Zealand auditing firm, was unsatisfying. "I spent a bit of time musing about how much it costs to hire security consultants to do something like a black box [penetration test] of your whole enterprise," he says. "I wanted to give my skills to the people who really needed them."

"He Has Quite a Hacker Mind"

In 2008, Google hired Marquis-Boire in its Zurich, Switzerland office. He was assigned to cybersecurity incident response at the company not long before the biggest known security crisis in its history: the so-called Aurora hacking operation, in which Chinese hackers breached Google's network for months and stole information that included source code from its servers. Marquis-Boire became an early member of the core team of network defenders assigned to battle the state-sponsored spies trying to eavesdrop on Google's users. "He has quite a hacker mind," says Heather Adkins, Google's manager of information security, "Of everyone I’ve ever hired at Google, I’d put him in the top one percent of technical capability."

When the Arab Spring began a year later, human rights activists like those at Citizen Lab who had seen Marquis-Boire's presentations on state-sponsored hacking began seeking his help analyzing attacks on vulnerable groups across the Middle East. As revolutions and political unrest blossomed from Tunisia to Egypt to Libya to Syria, his detective work became nearly a full-time job. "There have been a lot of books not read and canceled vacations," he says.

In the meantime, Google's Adkins adds, Marquis-Boire frequently uncovered weaknesses in the company's defenses for users---and he's been just as focused on locking out the NSA as China's People's Liberation Army. In the wake of revelations from Snowden's leaks that the NSA spied on unencrypted Google data moving between the company's data centers, Marquis-Boire was one of the first at the company to push for encryption not only of the company's internal data transfers, but also the exchange of emails between Gmail and other providers. That pressure led Google earlier this month to start publicly naming which email services do and don't allow for that encryption in a bid to pressure other companies to safeguard users' privacy.

Marquis-Boire's focus turned to protecting journalists in particular earlier this year, when he and other Googlers released research in March showing that 21 out of the 25 top media organizations in the world had been targeted in digital attacks that were likely the work of state-sponsored hackers. The same month, he joined a technical advisory group for the Freedom of the Press Foundation, which counts Glenn Greenwald, Laura Poitras and Edward Snowden as members of its board. "If you can’t protect your privacy and that of your sources, it's debatable whether you can actually practice journalism in the traditional sense," he says.

That notion represents a shift from the cypherpunk views of Marquis-Boire's youth. Once, cypherpunks were mainly interested in seizing privacy for themselves. Now, he says, that's no longer enough. "When we discovered that we could create private and anonymous communications with math, that was super cool," he says. "But then after a while I think it dawned on us as a movement that the only conversations you could have with those tools were with other cypherpunks."

"Now it’s been thrust into our faces that the people practicing adversarial journalism and exposing human right abuses are the real-world targets of precisely the kind of thing that the cypherpunk movement was trying to protect against," says Marquis-Boire. "It’s become apparent we need to provide privacy to those who need it, not just to ourselves."

1Correction 7/8/2014 12:27pm: An earlier version of the story misstated Glenn Greenwald's and Laura Poitras's role at First Look as founders.