GCHQ Used Fake Slashdot Page To Install Malware To Hack Internet Exchange

from the is-nothing-sacred? dept

Back in September, it was reported that the UK's equivalent of the NSA, GCHQ, had gleefully hacked Belgacom, the Belgian telco, using a "quantum insert" to plant malware on the computers of key engineers at the company. At the time, it was described as follows:
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides.
Over the weekend it appears that Der Spiegel published a further report by Laura Poitras on this hacking, which revealed that the spoofed websites used to install this malware were none other than Slashdot and Linkedin. Interesting choices.
So, it sounds like they did a man-in-the-middle attack, redirecting very specific visitors from those two sites to sites that planted malware instead. I wonder if LinkedIn (which is already involved in a lawsuit over the NSA stuff) and Slashdot have any legal basis to go after the government for effectively attacking their servers?

Update: Nicholas Weaver explains what happened in much more detail. It's not a fake page, but a packet injection attack.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gchq, malware, man in the middle, quantum insert, slashdot, surveillance
Companies: belgacom


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    uRspqF7L (profile), 11 Nov 2013 @ 5:55am

    interesting

    I wonder if LinkedIn (who is already involved in a lawsuit over the NSA stuff) and Slashdot have any legal basis to go after the government for effectively attacking their servers?


    I wonder if this reflects your general knowledge of law. You can't sue the Federal Government (for causes other than those specifically mentioned in the Federal Tort Claims Act, which is reserved for negligence by government employees) under a thousand-year-old doctrine called "Sovereign Immunity." Which every law student learns about in year one.

    You particularly can't sue law enforcement for damages created by law enforcement activities. Go ahead, check Lexis/Nexis--you won't find a case.

    Those who take legal claims made on this site seriously should keep this in mind next time around...

    http://www.nolo.com/legal-encyclopedia/suing-government-negligence-FTCA-29705.html

    https://e n.wikipedia.org/wiki/Sovereign_immunity

    https://en.wikipedia.org/wiki/Sovereign_immunity_in_the_Unite d_States

    link to this | view in chronology ]

    • identicon
      Call me Al, 11 Nov 2013 @ 6:09am

      Re: interesting

      Ok so they can't sue the Federal Government. But can they sue the UK Government since GCHQ are UK not US?

      link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      out_of_the_blue, 11 Nov 2013 @ 6:28am

      Re: interesting

      Not only that, but the fraud is perpetrated on a third party: Linkedin and Slashdot can't show any "evidence of real harm"* so their standing seems weak.

      BUT the larger points are: DON'T TRUST ANYTHING ON THE NET TO BE REAL. -- AND THE MICROSOFT MONOPOLY FACILITATES SPYWARE. (If only by its buggy common "features". And all other major OSs do too: they're designed to.) -- Far larger than security agency menace is rampant malware, almost NONE of which is ever hunted down by the agencies that could. Right now there's a particularly obnoxious ransomware which locks files, and it'd be easy for security agencies to trace the payments, but do they? Hell no.

      [ * Mike's phrase used when excusing Google for its wifi data gathering spying. ]

      link to this | view in chronology ]

      • icon
        Rikuo (profile), 11 Nov 2013 @ 6:34am

        Re: Re: interesting

        ...Microsoft hasn't had a monopoly in YEARS. In the 90's yes, they were as close to a monopoly as you could get in the home computing environment, but nowadays they have extremely stiff competition from Apple and iOS, and hopefully Valve will help jumpstart the home Linux computer with their SteamOS.
        As for security agencies tracing the payments...wouldn't that fall under the purview of law enforcement? If my computer gets ransomware, I don't call the nearest spy agency, I call the cops.

        link to this | view in chronology ]

        • icon
          pixelpusher220 (profile), 11 Nov 2013 @ 7:11am

          Re: Re: Re: interesting

          Computer OS's are still a monopoly by MS. Hand helds, tabs, phones, etc, obviously not.

          But market share in the desktop world is still heavily in MS's favor. Apple as a PC maker is still miniscule.

          The total number of computer 'devices' has exploded and MS has had little of that growth, but their 'core' market for personal computers (pcs/laptops) hasn't changed a whole lot.

          link to this | view in chronology ]

          • icon
            Rikuo (profile), 11 Nov 2013 @ 7:24am

            Re: Re: Re: Re: interesting

            Okay, seems I pulled an OOTB and I was talking out of my ass. I looked up some market statistics and collectively (counting all versions of Windows), Microsoft controls 89-90% of the market, as reported by netmarketshare.com.
            I retract my claims, given the evidence on hand.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 11 Nov 2013 @ 6:44pm

          Re: Re: Re: interesting

          iOS and Apple are the same. Please don't add another party into the mix when it's only a couple.

          link to this | view in chronology ]

    • icon
      Rikuo (profile), 11 Nov 2013 @ 6:30am

      Re: interesting

      Reading comprehension fail. This isn't the US Federal Government. GCHQ is in the UK. So whatever links you posted about when you can and cannot sue the US government automatically don't apply.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Nov 2013 @ 8:05am

      Re: interesting

      that's all very interesting and what not... irrelevant since we're not discussing US agencies, but interesting.

      link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 11 Nov 2013 @ 8:05am

      Re: interesting

      I wonder if this reflects your general knowledge of law. You can't sue the Federal Government (for causes other than those specifically mentioned in the Federal Tort Claims Act, which is reserved for negligence by government employees) under a thousand-year-old doctrine called "Sovereign Immunity." Which every law student learns about in year one.

      There are ways to make points without being an insufferable asshole.

      Here, let me give you an example. Given the statement above, I *could* reply as follows:


      I wonder if this reflects your general knowledge of Techdirt and search engines. You can easily see that we know about sovereign immunity by doing a simple search, under decades old concept known as "the search bar." Which every internet user learns about on day one. Also your citations are to the US, when this is the UK -- which also has something similar, sometimes referred to as Crown Immunity, but which has clear exceptions.

      You particularly shouldn't make obnoxious claims that are easily proven false by a simple search. Go ahead, check the search bar for "sovereign immunity." You'll find plenty of stories.

      Those who take any claims made by this commenter seriously should keep this in mind next time around...

      http://www.techdirt.com/blog/?tag=sovereign+immunity


      But, of course, that would be really obnoxious and uncalled for. Instead, I'd suggest an approach like the following one:


      Yes, we're aware of sovereign immunity, but as you too are aware, lawsuits are filed against governments all the time, and while the governments would certainly claim sovereign immunity, that does not always work. But, more to the point, I *asked* the general question because I wasn't sure if there would be a way for there to be a way around sovereign immunity in *this* particular case. You claim there is not. I asked because I figured some people might have other ideas.

      Separately, since all your citations are under US law, and the UK rules under Crown Immunity are somewhat different, I was curious to see if someone more knowledgeable about UK law in particular would have an opinion on the matter, because I admit that I am not an expert on UK law, or the law in general. Nor have I ever claimed to be.


      Which solution did you choose?

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        out_of_the_blue, 11 Nov 2013 @ 8:34am

        Re: Re: interesting

        @ "Mike Masnick": "There are ways to make points without being an insufferable asshole."


        But you chose to be "an insufferable asshole" and don't actually counter the point.

        Further, when I've complained here about actually being threatened with physical violence by one of your fanboys, besides my screen name being falsely used, besides the generally hostile environment here, YOU'VE DONE NOTHING, not even the most general statement that's not tolerated here. You take the position that you're not responsible for such comments, just dodging. But when some AC (and you know who it is by looking at IP etc), makes a valid point that pricks your arrogant little bubble, you go into schoolmarm mode -- and then just blather.

        link to this | view in chronology ]

        • icon
          Rikuo (profile), 11 Nov 2013 @ 8:42am

          Re: Re: Re: interesting

          " actually being threatened with physical violence by one of your fanboys"

          Care to provide proof of someone making a believable direct threat to your person? If you quote my line about wishing I was like Atticus Finch, that was me merely expressing a fantasy, not a statement that I was actively going to go out and shoot you.
          No-one on this site (besides Mike, whom if I recall correctly, has said in the past he has a very strong suspicion) knows who you are. We will never know who you are, nor do we care to know who you are. Without that very important piece of information, it is impossible for a rational human being to believe that there real legitimate threats made against you. Then again, you're not rational are you?

          link to this | view in chronology ]

        • icon
          Gwiz (profile), 11 Nov 2013 @ 8:48am

          Re: Re: Re: interesting

          But you chose to be "an insufferable asshole" and don't actually counter the point.



          Blue is upset because he thinks Mike is muscling in on his modus operandi.


          BTW I think your assessment of Mike's comment is wrong anyways.

          link to this | view in chronology ]

    • icon
      Sunhawk (profile), 11 Nov 2013 @ 11:52am

      Re: interesting

      Well, depends if there's a relevant investor-state bullshit treaty...

      Wouldn't that be a fine "fuck you" - either governments axe investor-state dispute resolution nonsense or they get smacked for being naughty.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 11 Nov 2013 @ 6:14am

    Any re-direct can do this.

    And guess which search engine has for a couple years now re-directed all search term clicks through its own server? -- That's right! Your "friend" Google! -- ANY re-direct* can send you to any other site invisibly: just do its own call to get the site, process the HTML however wanted, then supply the fake. Can be a bit tricky to handle all cases invisibly, but Google has the resources to do it, even fake up linked sites. -- IF for some reason want to.

    Point is that you can't trust anything which is generated by computers. -- Nor ANY mega-corporation! You can't trust that Google is supplying what you want or letting you see all the availabe information. Google can censor invisibly by only showing what it wants you to see, as major "news" networks have done for decades. We're at just the start of The Matrix. -- And by the way, don't take either pill because BOTH are from an untrustable source!



    [ * Note down here because incidental to main point: Search any term and hover to see the link: it'll be google.com plus the site and a large number of characters, enough to uniquely identify your browser and the search term. -- BUT, here's a key trick: when I tested this incidentally in a modern Firefox, Google.com was stripped from the copied link! That may be why some of you believe it isn't true. But apparently Firefox is in cahoots enough to specially process Google's re-directs. -- Just test it yourself, IF you can see the actual links when hovering over link on a Google search page.]

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 11 Nov 2013 @ 6:26am

      Re: Any re-direct can do this.

      So... don't use google, problem solved.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 11 Nov 2013 @ 6:37am

        Re: Re: Any re-direct can do this.

        As if it was that easy.

        Just grab NoScript (if you have firefox) and check how many sites include googleanalitics and googleapis.

        It's fucking everywhere. Worse: it is often essential for functionality. This site is a prime example: you can't even read "reported" comments without unblocking googleapis.

        link to this | view in chronology ]

        • icon
          That One Guy (profile), 11 Nov 2013 @ 7:12am

          Re: Re: Re: Any re-direct can do this.

          Interesting, and less than nice to hear. Wide-spread use is one thing, being required to use it quite another, though I have to wonder what it is about the 'googleapis' bit that affects the comments.

          link to this | view in chronology ]

        • icon
          murgatroyd (profile), 11 Nov 2013 @ 7:44am

          Re: Re: Re: Any re-direct can do this.

          I'm using Ghostery in Firefox; it is reporting 16 blockable things (a mix of advertising, analytics, beacons, and widgets). I experimented a bit with blocking everything; the only one I'm not currently blocking is Gravatar (so I can see all the cute icons people have chosen :-). Even with all things Google blocked, I'm able to read reported comments.

          link to this | view in chronology ]

          • identicon
            ryuugami, 11 Nov 2013 @ 10:07am

            Re: Re: Re: Re: Any re-direct can do this.

            I'm using NoScript, Ghostery and RequestPolicy.

            Ghostery reports 14 cookies.

            RequestPolicy blocks the following 17 third-party sites:
            - google.com
            - ajax.googleapis.com
            - postrelease.com
            - facebook.net
            - rp-api.com
            - s3.amazonaws.com
            - reddit.com
            - flattr.com
            - google-analytics.com
            - twitter.com
            - quantserve.com
            - doubleclick.net
            - exponential.com
            - amazon.com
            - reinvigorate.net
            - scorecardresearch.com
            - akamai.net
            ... and I allowed only the following two:
            - gravatar.com
            - imgur.com

            Now, first of all... really, Techdirt? 19 third-party sites need to know that I accessed this page? NINETEEN? Each with their own tracking and vulnerabilities? I get flattr - if I had an account there, I'd enable access. Other than that... you're basically broadcasting your user base to half the 'net :(

            Anyway, site works almost perfectly without all those connections. I can't click to view down-modded comments, which does seem to require googleapis (blocking cookies with Ghostery doesn't mean anything for the access itself), but no great loss there.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 11 Nov 2013 @ 5:42pm

              Re: Re: Re: Re: Re: Any re-direct can do this.

              I'm using NoScript, Ghostery, RequestPolicy and Cookie Controller (not to mention many other measures/extensions such as a local proxy server)

              Of your 19 in total (for Request Policy) I do not get
              - akamai
              - s2-amazonaws.com
              (I suspect this is because you have an amazon cookie)

              But I do see (which you didn't list)
              - chartbeat.com
              - sharethis.com
              - wibiya.com

              So my RequestPolicy sees 20 items
              (I too allow imgur and gravatar)

              Ghostery reports 15 cookies / tracking

              Actual cookies = zero. Cookie Controller is set to block all DOM, cookies except for about 10 sites where I allow either a cookie or a session one - that's it.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 13 Nov 2013 @ 1:35am

              Re: Re: Re: Re: Re: Any re-direct can do this.

              WoW TD ... BUSTED !!!!!

              So TD is just a dirty piece of shit spyware and Google's ass boy !!!

              (I actually suspected it from the start you know !! )

              link to this | view in chronology ]

        • icon
          John Fenderson (profile), 11 Nov 2013 @ 8:41am

          Re: Re: Re: Any re-direct can do this.

          But it is that easy. Don't use google services, and block all access to google servers, and you're done. If that means that you can't use certain websites, your beef is with those websites. Let them know, and move on.

          link to this | view in chronology ]

        • icon
          art guerrilla (profile), 11 Nov 2013 @ 10:27am

          Re: Re: Re: Any re-direct can do this.

          using adblock+ and ghostery on chrome, no probs reading 'reported' comments...

          (not using noscript here at work, but do at home, and don't recall *not* being able to read 'hidden' comments...)

          link to this | view in chronology ]

        • identicon
          PRMan, 11 Nov 2013 @ 10:52am

          Re: Re: Re: Any re-direct can do this.

          You can use everything on the web without Google Analytics. In fact, it speeds everything up not to use it.

          But Google Apis must be enabled for many sites.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 12 Nov 2013 @ 12:52pm

          Re: Re: Re: Any re-direct can do this.

          Slashdot's comment system hasn't been usable without Javascript (even just for viewing) for several years, at least for anonymous users. A few comments are visible but "click to expand"-type links don't work. If logged-in users can still enable the "classic" comment system they might be able to use NoScript.

          link to this | view in chronology ]

    • icon
      Rikuo (profile), 11 Nov 2013 @ 6:27am

      Re: Any re-direct can do this.

      And of course you don't provide any proof whatsoever about your claims or about the testing you did on a "modern Firefox". Nope. Just your claims. Just like a few articles back when you ran around screaming that judges should just take rights-holders word as fact.

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        out_of_the_blue, 11 Nov 2013 @ 6:32am

        Re: Re: Any re-direct can do this.

        @ "Rikuo" -- YOU can test it yourself, sonny, right on your own computer in front of your stoopidly dis-believing mind. I give the method.

        Note that the other reply accepts it, just says "so don't use Google", and here's my tagline for that:

        The phony deal that evil people (and gullible fools) try to force on us: You can't have the benefits of technology unless give up all privacy.

        02:32:29[c-025-2]

        link to this | view in chronology ]

        • icon
          Rikuo (profile), 11 Nov 2013 @ 6:37am

          Re: Re: Re: Any re-direct can do this.

          I expected you'd say that. I just knew it. You make a claim, don't provide any evidence, then, once I ask where is it, you turn around and say I should do the legwork of verifying YOUR claim.
          No. That is not how it's done. You make the claim, you do the work of backing it up. Why should I bother verifying what you said? I have absolutely no motivation to do so.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 11 Nov 2013 @ 6:46am

            Re: Re: Re: Re: Any re-direct can do this.

            "You make the claim, you do the work of backing it up. Why should I bother verifying what you said? I have absolutely no motivation to do so."

            He did.

            In science, you come up with a hypothesis, run an experiment and then post the results, together with the steps to reproduce the experiment and the results, which was what ootb did.

            That you don't feel inclined to test the hypothesis yourself because it might reveal that you are "wrong" is another issue entirely.

            Regardless, he is speaking the truth. I figure Google does it to track what links you hovered over, or maybe just so they can show you the useless preview image.

            Dunno what he is jabbering about with regards to Firefox, though.

            link to this | view in chronology ]

            • icon
              Rikuo (profile), 11 Nov 2013 @ 7:06am

              Re: Re: Re: Re: Re: Any re-direct can do this.

              No he didn't. He did not follow the scientific method AT ALL.

              The scientific method says you notice a phenomena, you conduct tests, then you come up with a conclusion. There's more steps such as publishing your research, but those are the three most basic steps. "I saw something, I conducted tests, I concluded that the tests say XYZ".

              OOTB started with the conclusion first, then worked backwards from there. He didn't explain very well what method he used (he just said search, but search where? Google.com's search box?). Did he post screenshots or video? No. All I have is a wall of text of a guy making a claim about Google and expecting everyone else to do the legwork of verifying what he says.

              Lastly...assuming he meant searching on Google.com, I did a search for dog. I hovered my cursor over each of the search results. In the bottom left corner of my browser, only one of them did indeed have the google URL, none for cat, none for house. My own research was completely different to OOTB's claims of "Search any term and hover to see the link: it'll be google.com plus the site".

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 13 Nov 2013 @ 1:18am

                Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                what is this bullshit about "scientific method" ??

                Newsflash for the dullards, law is not science !!!

                and:

                learn what the scientific method is before you try to explain it.

                link to this | view in chronology ]

            • icon
              PaulT (profile), 11 Nov 2013 @ 7:19am

              Re: Re: Re: Re: Re: Any re-direct can do this.

              "He did."

              Not really. He made a claim, but didn't provide evidence of his results. It's a popular troll tactic - make a claim, force others to do the work to prove it wrong, then claim people are lying/not doing it right if they get different results.

              Notice how he not only doesn't supply any supporting evidence that what he said happens actually occurs, but he's vague enough about the details (e.g. he says "modern Firefox, not Firefox version 25.0, doesn't say whether he's using a standard install or there's eany extensions installed, etc.), presumably to allow wiggle room if he's proven wrong.

              "Dunno what he is jabbering about with regards to Firefox, though."

              Me neither, which makes replicating his claims rather difficult, don't you think?

              "Regardless, he is speaking the truth. I figure Google does it to track what links you hovered over, or maybe just so they can show you the useless preview image."

              Maybe he's telling the truth (yes, there is a hash value between google.com and the search term), but that neither means there's any nefarious reason behind the value nor that he';s forced to use Google in any way.

              link to this | view in chronology ]

              • This comment has been flagged by the community. Click here to show it
                identicon
                out_of_the_blue, 11 Nov 2013 @ 8:27am

                Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                Listen, kids. This is VERY simple. Here's an example I get searching for just "firefox":

                http://www.google.com/url?q=http://en.wikipedia.org/wiki/Firefox&sa=U&ei=nASBUvS_L 8am=0CEUQFjAL&usg=AFQjCNHuxTHvg

                It's a re-direct. I've removed some of the extra to try and un-unique it, cause I expect it encodes much.

                But if you're not capable of finding this, that's your problem.

                By the way, "PaulT", tell me how to avoid Google everywhere.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 11 Nov 2013 @ 8:31am

                  Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                  link to this | view in chronology ]

                  • This comment has been flagged by the community. Click here to show it
                    identicon
                    out_of_the_blue, 11 Nov 2013 @ 8:41am

                    Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                    Oh, so duckduck is YOUR answer to ALL of Google's spying across the entire internets.

                    What about the tracking using javascript -- any scrap of data they can get -- to uniquely identify you? Care to field THAT question? How about googleapis? Do you KNOW anything about how the commercial tracking systems work? It's a bit trickier than just dodging the search page, fool.

                    link to this | view in chronology ]

                    • icon
                      Rikuo (profile), 11 Nov 2013 @ 8:43am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                      "What about the tracking using javascript"

                      Noscript. All that needs to be said.

                      link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 11 Nov 2013 @ 8:53am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                      Thank you for proving my point.

                      link to this | view in chronology ]

                • icon
                  John Fenderson (profile), 11 Nov 2013 @ 8:45am

                  Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                  First, so? If you don't want to use Google's link redirection (which I hate), don't click google's link. Copy the text of the URL and paste it into your address bar. Google (and the site you're going to) won't know that you you used Google.

                  Second, why are you even using Google to search for things in the first place? It seems bizarre to me, given that you have such an extreme hatred for Google.

                  You can avoid google everywhere by blocking access to their servers. This is easily done using your hosts file. You can find plenty of easy instruction all over the net.

                  link to this | view in chronology ]

                  • icon
                    The Wanderer (profile), 19 Nov 2013 @ 12:55pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                    First, so? If you don't want to use Google's link redirection (which I hate), don't click google's link. Copy the text of the URL and paste it into your address bar. Google (and the site you're going to) won't know that you you used Google.
                    Unfortunately, this isn't correct.

                    If what you mean by "copy the URL" is "right-click on the link and select 'Copy Link Location' or the equivalent", that will just get you the Google-redirect URL.

                    If what you mean by "copy the URL is "highlight the green-text URL displayed underneath the actual link", although that will work in some cases, there are many cases where it won't. If the actual URL is "too long" to fit in the width of the search-results column, the green-text URL will be displayed with some middle part of the URL elided by an ellipsis.

                    I spent a good deal of time looking for a way around this problem, specifically so that I could once again "Copy Link Location" and get the actual URL of the search result rather than a redirector. I eventually ended up with a Greasemonkey script for the purpose; nothing else seemed to get the job done.

                    link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 11 Nov 2013 @ 11:31am

                  Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                  WHAT are you using to search? WHERE are you searching from? Chrome? Firefox? Google Search Page? I don't see any of these results when I use Chrome and Google's search page. Are you using the URL bar in Firefox or IE?

                  link to this | view in chronology ]

                • icon
                  PaulT (profile), 12 Nov 2013 @ 12:43am

                  Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

                  "Here's an example I get searching for just "firefox":"

                  In which browser? Which version? Are you copying a standard link or are you looking at sponsored ad links?

                  Why don't you simply answer the questions posed to you rather than trying to avoid direct queries? I suppose it's unusual for you to answer direct questions in the first place so there's that...

                  "It's a re-direct. I've removed some of the extra to try and un-unique it"

                  In other words "I've removed half of what I was whining about and changed the context of my results, so even if someone can prove they get something different to what I claim, I'll still make the same assertions"

                  Is that about right?

                  "By the way, "PaulT", tell me how to avoid Google everywhere."

                  Start by not using Google as your search engine, so that you don't have to post barely coherent whining about how their search results appear. Then, use tools to block their Javascript. Nobody's forcing you to visit sites that utilise Google as their ad platform, etc...

                  If you find this difficult, there's an off switch on your router. For the sake of everybody on the internet, I suggest you use it.

                  link to this | view in chronology ]

            • This comment has been flagged by the community. Click here to show it
              identicon
              out_of_the_blue, 11 Nov 2013 @ 8:22am

              Re: Re: Re: Re: Re: Any re-direct can do this.

              @ Dunno what he [me] is jabbering about with regards to Firefox, though [the AMAZING stripping of Google.com from the link when using right click, "copy link"]. -- I wasn't clear, and YEAH, I didn't believe it, either, just discovered it by accident while playing around with some Linux and the Firefox 20-something as installed. Just clicked "copy link" intending to manually strip google.com crap out, but didn't have to!

              And as nicely defended up there: just stated what I found, and it's possible for anyone to test it... If I could remember which was testing, it'd help. Believe was PCLinuxOS 2013.04.

              link to this | view in chronology ]

        • icon
          PaulT (profile), 11 Nov 2013 @ 6:40am

          Re: Re: Re: Any re-direct can do this.

          "here's my tagline for that:"

          ...said "tagline" having nothing to do with what you just said, and is equally applicable to any company other than the one you post paranoid rants about. Plus, the fact that you can choose to stop using Google any time you wish still stands.

          If you don't like the technology, please stop using it. You clearly don't understand it anyway, since you fail miserably at both logical and factual tests that anyone can apply to your rants.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 11 Nov 2013 @ 7:31am

          Re: Re: Re: Any re-direct can do this.

          OK, I went ahead and tested and found that you are full of it.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            identicon
            out_of_the_blue, 11 Nov 2013 @ 8:38am

            Re: Re: Re: Re: Any re-direct can do this.

            Answered:
            http://www.techdirt.com/articles/20131111/01080925194/gchq-used-fake-slashdot-page-to-insta ll-malware-to-hack-internet-exchange.shtml#c438

            Ain't it amazing how the Google defenders come out with denials and ad hom when it's easily available for anyone to test?

            link to this | view in chronology ]

            • icon
              Rikuo (profile), 11 Nov 2013 @ 8:48am

              Re: Re: Re: Re: Re: Any re-direct can do this.

              I really don't see how any of us here can be classed as "Google defenders" when we're anything but. I despise Google too, especially with their recent forced usage of Google+ on Youtube...but at least I am able to put things into perspective!
              You are not. To you, Google is the Internet, it's responsible for all of the evils in the world, no matter the fact it's just a corporation, it's mainly a search engine, it doesn't have the ability to lock people up etc.
              We get it. Google is scary. So is Bing and Yahoo, who, despite being search engines, you never call out. No, to you, Google is the sole evil corporate entity, because it's the ONLY ONE YOU CONSTANTLY BLATHER ON ABOUT.

              link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      out_of_the_blue, 11 Nov 2013 @ 9:03am

      Re: Any re-direct can do this.

      Oooh, ME, you forgot to mention that Google's re-directs may only be used when javascript is disabled (isn't that a spin term in itself? what means is when you don't allow spyware to run on your own computer!) -- anyhoo, when you let Google use javascript, they don't have to re-direct because almost any site you go to now has Google's javascript there, so it'd be redundant!

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Nov 2013 @ 10:22pm

      Re: Any re-direct can do this.

      "But apparently Firefox is in cahoots enough to specially process Google's re-directs."

      For crying out loud, isn't Firefox open source? Don't you think someone would notice if they put special Google code in there?

      Google has some weird Javascript where a link on the search results page actually starts as a normal link, but changes the link to the Google redirect as soon as it detects a "mousedown" event. If you have something that disables Javascript in whatever version of Firefox you were using, that might explain why you didn't get the redirection link.

      If you ask me, it's a bit dishonest to change a link on someone mid-click, but it's not exactly in my top ten complaints about Internet sites either.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2013 @ 6:17am

    GCHQ watches Mumsnet

    When a spook says they're monitoring 8000 threats in the UK (or 1000 or 200, they're never quite the same number each time), people think its some radical gihad site that nobody has ever heard of.

    It's not, it's theRegister, it's Slashdot, it's Mumsnet, or Techdirt.

    link to this | view in chronology ]

  • icon
    Not an Electronic Rodent (profile), 11 Nov 2013 @ 6:25am

    2 questions

    So it sounds like they did a man in the middle attack, redirecting very specific visitors from those two sites to sites that planted malware instead.
    That begs 2 questions:
    1/ How do GCHQ justify hacking a Belgium telecom company? (other than the standard vague "ZOMG TERRORISTS!!!")
    2/ Did they really bother to limit redirecting "specific visitors", or would they have considered it a bonus to install malware on several thousand other computers while targeting what they want?

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 11 Nov 2013 @ 6:57am

      Re: 2 questions

      1. 'Because we could'. Although that's a little too blunt, so they probably did the usual song and dance of 'Well we had the authorization to monitor foreign targets, and we were at least 51% sure that foreign targets might use the service so...'

      2. Given to an 'intelligence' agency, 'too much data' is a non-existent phrase unless prefaced with 'there's no such thing as...' yeah, the odds that they only went after specific targets once the system was breached... probably not too high.

      link to this | view in chronology ]

      • icon
        Not an Electronic Rodent (profile), 11 Nov 2013 @ 11:52am

        Re: Re: 2 questions

        and we were at least 51% sure that foreign targets might use the service so...'
        "And how did you arrive at the conclusion that it was 51% likely?"

        "... uh, because that's the threshold for us to have some sort of vague legal justification for doing what we wanted..."

        "So you really just made it up then?"

        "...uh... no comment?"

        "Yeah, thought so."

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2013 @ 6:37am

    so, when the heads of the 3 UK security forces were asked in an investigation last week, headed by Sir Malcolm Rifkin, i believe, and the answered 'NO' to whether their agencies had done anything illegal, they were actually lying? really?

    since there hasn't been any further news or reports from that investigation, i assume it was just as big a load of lies and bullshit as the first 'investigation' that was carried out a few weeks earlier?

    anyone that actually believed any of the 3 'heads' concerned have more chance of getting the truth out of a dead terrorist! there is no way on Earth they were going to do anything except lie from start to finish! they have been well tuned by the NSA as to what to say so as to get through that investigation and be able to carry on with the same shit, just as the NSA is doing! they even used the same lies about how the UK (USA) has been put in mortal danger because of Snowden. the only danger has been that the public now know even more than before that the governments are going to do what they like, say what they like and be allowed to get away with it. the only way there would have been more honest results would to have had public interest groups run the whole investigation!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Nov 2013 @ 7:21am

      Re:

      Rifkin didn't say they hadn't done anything illegal.

      He said their use of PRISM queries wasn't illegal based on the evidence he had seen (of 197 leads and the warrants against Brits that had led to them). That's a very narrow claim, and only applies to queries on that system (the 'official legal one') that goes to the US and causes a legal request to Google or Yahoo or whatever, and thus require a legalish warrant under RIPA signed by a minister.

      In effect he said the tiny legal bit is tiny and legal.

      http://www.theguardian.com/world/2013/jul/17/prism-nsa-gchq-review-framework-surveillance

      So for example, you are a Brit, in Britain. You visit theregister.co.uk, the server for elReg is in London.

      That is British to British traffic completely routed inside the UK.

      Yet you are spied on by GCHQ because all the fluff on the page (ads, twitter, fb, feeds etc.) comes from servers abroad, and GCHQ makes an effort to collect all of that, even though they know this is illegal for them to monitor that traffic.

      They claim they don't need a warrant because they tap it offshore (but we suspect those offshore taps are onshore just tapping the cable as it heads offshore).

      In this example, that traffic was Brits & Belgians visiting Slashdot and they used it to target Belgacom netadmins with malware.

      Belgacom hack is of course not legal and is an extraditable offence in Europe (I read the penalty is up to 6 years in jail).

      Anything done on the 'bulk' collection rule that spies on Brits is clearly a violation. Anytime they got NSA to spy on Brits and hand that data to GCHQ, is a violation. Getting an agent to do your bidding does not make your hands clean.

      Snoopers charter was never passed.

      Rifkin is the 'light regulation' that GCHQ boasted about to the NSA. Nobody expects any meaningful improvement from him. Just PR.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 11 Nov 2013 @ 7:34am

        Re: Re:

        (Test)
        I made two comments and I see the icon has changed as if my IP address has changed. This is just a test to see if I get the same blue icon.

        link to this | view in chronology ]

        • icon
          Rikuo (profile), 11 Nov 2013 @ 8:50am

          Re: Re: Re:

          ...and so what if your IP address changed? If you're not using a static IP, it could be something as simple as your lease on that address expiring and your ISP giving you a different one.

          link to this | view in chronology ]

          • icon
            Anonymous Monkey (profile), 11 Nov 2013 @ 11:31am

            Re: Re: Re: Re:

            I think he was testing the gravitar change.... it may be linked to an IP addy, but possibly also linked to a cookie.

            link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2013 @ 7:15am

    Glad to see they are targeting terrorist online hotspots like LinkedIn...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2013 @ 7:21am

    I wonder if LinkedIn (who is already involved in a lawsuit over the NSA stuff) and Slashdot have any legal basis to go after the government for effectively attacking their servers?

    Civil maybe but no prosecutor will touch it criminally.

    link to this | view in chronology ]

  • icon
    DV Henkel-Wallace (profile), 11 Nov 2013 @ 8:52am

    What about techdirt?

    Mike, any plans to switch TD over to https by default (at least for logged-in, and logging-in users)?

    It still can't protect against MITM attacks from someone who has compromised a CA, but that's presumably a small number.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2013 @ 9:17am

    Government sponsored terrorists are targeting innocent, hard working IT employees of respectable tech companies now? Not only the employees, but also attempting to compromise these companies' infrastructure and security?

    Sounds like an act of terrorism to me, or at the very least, an act of industrial espionage!

    This is why I don't use javascripts, flash plugins, adobe pdf plug ins, cookies (both 1st and 3rd party), or iFrames.

    Basically, because of these government sponsored terrorist organizations, almost every single function of my web browser is intentionally disabled.

    That's the price I pay for my global war on government sponsored terrorism.

    I would expect acts of terror like this from China. It's extremely shocking to see "supposedly" civilized countries, such as the US and UK, resorting to acts of government sponsored terrorism.

    link to this | view in chronology ]

  • icon
    Nicholas Weaver (profile), 11 Nov 2013 @ 10:11am

    Not FAKE slashdot, but packet injection...

    QUANTUM is not a fake slashdot page. Rather it is packet injection (which I speculated about months ago here: https://medium.com/surveillance-state/1b5ab05ac74e )

    How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.