I'm amused that efforts to infiltrate a group supporting Wikileaks led to the release of information supporting Wikileaks reason for existing.
Yes, it's very amusing. I don't think anybody in Anonymous saw that coming either. This level of hacking seems like a step up in level of crime for Anonymous. Legally, participating in a DDOS attack is just as serious with the FBI saying it could result in a 10 year max sentence. However, I think the average person would say the stealing of emails, documents, financial info, and source code is much more serious.
The result is beginning to look much more effective and important than DDOS attacks. I believe the uncovering of underhanded schemes to undermine Wikileaks and opponents of the US Chamber of Commerce is a complete surprise to those few members of Anonymous involved in the attack against HBGary and HBGary Federal. This might well be the start of a new wave of hacktivism targeting internal documents from government and industry. The following is a quote from Sparkatus' comment on Glenn Greenwalds article on Salon.
Hunton & Williams is one of the most important DC centric law firms. They play a significant role in most areas of public policy as standard legal advocates, lobbyists as well as "independent" party.
Among many other things, they host data rooms for public-private partnership efforts so that private companies can "share" information on their activities for review by government officials without that information being covered by FOIA rules. This may be typical for many law firms, but I know they provide this service for EPA.
I'm sure Hunton & Williams is now freaking out about Anonymous coming after them a la HB Gary Federal. With the amount of privileged info they have from a whole range of clients, distributed locations and law firm's typically low levels of technical savvy, they are a sitting duck.
It's a good question. France, where the Wikileaks site was being hosted at the time, should take the lead in any investigation. As Dark Helmet points out, it the attack was initiated in the US the FBI ought to investigate. If any of the DDOS traffic was initiated in the US or came through the US the FBI or justice Dept. could take that as a reason to launch an investigation or they could say it's up to France to request help from them. What I think is more significant is if the DDOS attack against Wikileaks came from a botnet. That would mean the individual PCs used in the attack were being used so, unintentionally by the owner. The attack could then be initiated from anywhere and it would be very hard, if not impossible, to find the culprit. On the other hand, the Anonymous attacks came from individual machines where the owner understood and volunteered to be part of the DDOS attack. The source IPs are not generally hidden in this case and it's much much easier to investigate and identify people to prosecute.
Aaron Barr was scheduled to give a talk at the Security B-sides Conference in San Francisco on Monday. The talk was to be about how the security of companies and government installations is endangered by their employees use of social networks (e.g. Facebook). In that talk he was planning to include his investigation into Anonymous. Although he probably was not going to name any members in the talk he did have a scheduled meeting with the FBI last Monday. The stolen email messages indicate he was going to be presenting his data from his investigation into Anonymous. Given the events that occurred over the weekend, I am sure there was a lot to discuss. Aaron Barr's talk at the B-sides conference has been canceled. Billy Rios, who wrote the book, "Hacking, The Next Generation", has replaced his slot but the topic is TBA. I am not making this stuff up. There will be a movie forthcoming.
Security firms are often targets of hackers. It's a tempting challenge and receives max lols. What is surprising here is that they went out of their way to provoke Anonymous in order to gain publicity. If the following link is of an actual email from the stolen stash [I am trying to confirm this] then it makes both HBGary and HBGary Federal look very bad.
Aaron Barr met with the FBI last Sunday. I would have loved to be a fly on the wall for that one. Anonymous says they intended to sell their info to the FBI. I doubt the FBI would be buying that information. I think it was an effort by HBGary Federal to gain favor with the government for future contracts and good publicity for them. If the FBI was seriously monitoring those particular IRC channels and Facebook accounts then they must now be angry with Aaron Barr for disrupting their investigation.
HBGary has a product release this month. Greg Hoglund is giving a talk at the RSA conference in S.F. next week where he is a distinguished speaker. Aaron Barr is speaking at the Security B-Sides Conference next Monday, also in S.F.. This is very bad timing for them. I think they have truly succeeded in undermining their company.
The best area to look for such tools is where there is a burst of technology improvement and the earlier inventions have been abandoned. An example that everyone can relate to: Tools to cut weeds around the home/farm. Most everyone in the US uses power tools but I am sure that manual tools which have a long history are still used in much of the world. I myself, use a scythe which was made for me 8 years ago and which I think is better than any power tool. What I am thinking of are the earliest and crappiest power tools that were abandoned for good reason.
I can imagine that paper tape readers are not still made. I actually have some paper tape from the early '70s that encodes the World3 model (look up Club of Rome, the limits to growth). It is fragile now and likely wouldn't survive being read. If for some reason you actually wanted to read it I would try scanning it with a manual optical scanner and write a program to do a translation.
Another example: I don't believe that Dolby DBX disc decoders or encoders are being made. DBX discs are vinyl records encoded using DBX noise reduction. Not a lot of albums were made (I've heard 1100). I have two of them. It's very impressive to listen to them in comparison to standard vinyl releases. No surface noise at all! The decoding could be done entirely in software but I don't think that has been done. Why bother? If you need to transfer your album to another format, I will rent you my DBX 228 decoder for $2.28/day.
Just to point out something that not everybody may know here.
MP3 is an audio only digital encoding format that is more formally known as either:
MPEG-1 audio layer 3 or
MPEG-2 audio layer 3
MPEG-3, like MPEG-1, MPEG-2, and MPEG-4 are each a group of video and audio encoding standards. I haven't looked at the code or actually used this software but from what I can gather from a CNET review
http://download.cnet.com/MP3-Rocket/3000-2071_4-75337655.html
the MP3Rocket software will convert both audio and video streams. I am guessing that it allows one to strip out the video portion and have a stand alone MP3 file for just the audio. It seems it's not limited Youtube but can download video or music from any website. I am not sure if the downloads are limited to just using HTTP rather than the old method of FTP under a P2P architecture. So, it's not really much different than before. They are emphasizing this Youtube time shift angle but if the software is capable of downloading an MP3 file and storing it on the computer as an MP3 file still, how is that different than before. It may be because websites are more vetted as to pirated content (via DMCA) than P2P sources.
A separate point is that is has been true for a long time that one could digitally record music from the radio. Consumer DAT recording equipment was covered under the AHRA and had to include SCMS (Serial Copy Management System) copy protection scheme. That scheme was to prevent digital to digital copies but allowed home digital recording off analog sources.
Just to point out something that not everybody may know here.
MP3 is an audio only digital encoding format that is more formally known as either:
MPEG-1 audio layer 3 or
MPEG-2 audio layer 3
MPEG-3, like MPEG-1, MPEG-2, and MPEG-4 are each a group of video and audio encoding standards.
I haven't looked at the code or actually used this software but from what I can gather from a CNET review
http://download.cnet.com/MP3-Rocket/3000-2071_4-75337655.html
the MP3Rocket software will convert both audio and video streams. I am guessing that it allows one to strip out the video portion and have a stand alone MP3 file for just the audio. It seems it's not limited Youtube but can download video or music from any website. I am not sure if the downloads are limited to just using HTTP rather than the old method of FTP under a P2P architecture.
So, it's not really much different than before. They are emphasizing this Youtube time shift angle but if the software is capable of downloading an MP3 file and storing it on the computer as an MP3 file still, how is that different than before. It may be because websites are more vetted as to pirated content (via DMCA) than P2P sources.
A separate point is that is has been true for a long time that one could digitally record music from the radio. Consumer DAT recording equipment was covered under the AHRA and had to include SCMS (Serial Copy Management System) copy protection scheme. That scheme was to prevent digital to digital copies but allowed home digital recording off analog sources.
I just realized you said Japan. Actually they are both in Hsinchu Scince Park in Hsinchu, Taiwan. Same difference really. Your note got me thinking more about this and I realize there is another connection. Verisign issued both certificates, and revoked them when this was discovered. I also wonder if Microsoft has access to those private keys being that they were used to sign drivers running under Microsoft Windows. Microsoft doesn't have to know them for the PKI to work
I was aware of that and I must say that fact seems more than just a coincidence. Still, if you're a thief how do you break into a business and find what machine some private digital keys are stored and gain access to that machine without being an insider? How do you do this for two separate companies? Do they share any personnel (i.e. security guards)?
It is felt that the real target site was the Natanz fuel enrichment facility rather than the Bushehr nuclear power plant where the Iranian Homer works. Getting malware onto the target PLC's was a multi-step effort which required multiple vulnerabilities. One of them happened to be use of a default password, actually recommended by Siemens to stay its' default value because it was thought that not being connected directly to the internet meant it was safe to do. This should be easily fixed. What is not easy and is still something of a mystery to me is the availability of code signing keys to enable a root kit to be loaded onto a Windows machine. There is also speculation that there may have been a contractor, maybe from Siemens, who helped with the initial infection. Ultimately, it did not require bumbling by doughnut eating buffoons sleeping at every desk. Remember, that even Google was victimized by a hacking attack
Iran was using equipment from Siemens to control their centrifuges. The Siemens PLC's (Programmable Logic Controllers) are, obviously, programmable devices. I can't see Iran duplicating the software needed to do the programming. It is really quite a lot of code. That, in itself, would have slowed down their effort to process uranium by perhaps years. So they have Windows computers that contain this Siemens PLC programming software (Step 7). Once the Stuxnet malware was introduced to some Windows computer in their plant it looked to infect a particular server and then to infect a computer that had this Step 7 software.
What I found strangely missing from the New York Times article was that one aspect of the poisoned PLC code was to intermittently changed the speed of the centrifuges in a way that wouldn't destroy it but kept the uranium from being successfully enriched. Such a problem would be hard to be aware of much less debug.
Another aspect of the story that I haven't seen explained is how the writers of Stuxnet got a hold of the code signing keys for Windows drivers from two separate companies; Realtek Semiconductor and JMicron Technology. The private keys for certificates is not something that should be accessible on the companies' website. In my mind, it doesn't even have to be on a computer connected to the internet. Was there collusion from these companies with the US?
A really good summary of Stuxnet can be found here (warning, it is technical) http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32 _stuxnet_dossier.pdf
An analogy where I think everyone would agree that no law is being broken is this: An outdoor concert where patrons pay to get inside but the performance can be easily seen and heard from the sidewalk. Then you can progress to situations where one stands on a book to see, uses a ladder, peaks under the tent. jumps the fence or crawls under the tent, disables the security camera and then jumps the fence, jumps the fence while security personnel are distracted by an acquaintance, jumps the fence after threatening security personnel with physical violence. At some point in that progression you have broken the law. The law, however, should not depend on making distinctions in some gray area where it's not clear or agreed upon that the law is being broken. What is much better are security solutions that require real work to defeat.
I had some help from a German speaking friend and with a little bit of guessing this is what I believe the case is about. The online map site allows individuals to access their content for free but they charge commercial websites to do the same thing. It's not clear if they are trying to monetize use of the site by individuals by requiring them to go through the home page. Even so, I would imagine they don't really care much about an individual bookmarking some desired map content. Bookmarks are a deep link. It appears the housing rental company is not paying as a commercial user of the site, but instead, allowing its' users to access the map content by using deep links obtained by via the housing rental company pretending to be an ordinary user. It certainly violates ethics but even if it violates the law there are much easier solutions to this than some legal recourse. At the very least, a technical solution should have been tried wherein the map website blocked any queries from the housing company's IP address or more generally any IP address which exceeded some threshold of queries and kept the lifetime of the session ID very short. That would also take care of deep links being stored on the housing site and use of a single proxy to obfuscate the source IP. The housing company could have stayed under the radar if they had used multiple proxies from the beginning.
I can't see how more effective methods of enforcing a paywall, or subscription model, to protect copyrighted material would work here because of the mix of usage, wherein the common user was allowed free access. Depending on the law to make up for a bad business model or poor technical security is just awful. Hyperlinks are critical to the usefulness of the World Wide Web. Limiting access of websites or portions of websites is also critical to the usefulness of the Web. In general, there are technical solutions we should rely on for restricting access. There is no need to depend upon the law to restrict deep linking.
I think Mike has a problem in intentionally misspelling nuclear. It happens to the best of us. I have to focus to spell it the way it appears in the complaint as nucliar (sic). I think even George Bush would have trouble with that spelling.
My comment above just mentions 3 mirror sites which can be used when the wikileaks.org URL and it's associated IP addresses are unavailable. At the moment there are 1289 mirror sites altogether. This doesn't even include that 5 major international newspapers have full copies of the diplomatic cables. It is actually conceivable that a virus could be distributed via Wikileaks as it does update all the mirror sites. That's a much bigger software job than Stuxnet though and I think it would have to be an inside job as well by some high level Wikileak traitor. Even then, the first indications of a virus would allow the distribution to be halted until the cables were freshly re-generated by Wikileaks and clean copies distributed to all the mirrors. Ultimately, really hard and very temporary. If it were only so easy as the movies.
The DNS hosting provider (e.g. EveryDNS) does not forward traffic to the target web site. It is a nameserver which resolves a URL (e.g. Wikileaks.org) to an IP address and returns that to your machine which, in turn, sends traffic addressed to the IP address of the real target. The real target is commonly on a domain hosting provider which provides space on a server for the target web site's data. EveryDNS, which was the master authoritative nameserver for Wikileaks.org, decided to no longer resolve that URL. They can do this arbitrarily because they are a free service and thus there was no contract between them and Wikileaks. Once that happened, one could still go to wikileaks.org because there are caching nameservers (ISPs normally provide this) which will resolve the URL. However, that is temporary lasting a few minutes up to hours. After that, you will not be able to go to wikileaks.org but you can enter the IP address directly into your browser. Wikileaks has registered the wikileaks.org name and so also reserved a small block of IP addresses (213.251.145.96 - 213.251.145.111) these IP addresses had been on Amazon's domain hosting service. After Amazon dumped them, wikileaks.org moved to OVH, a French hosting company. However, that range of IP addresses no longer works at the moment , so It seems that either OVH succumbed to political pressure or there is too much traffic, either naturally or a DDOS attack. Currently, the wikileaks web site is accessible via wikileaks.de (87.106.151.138), wikileaks.ch (46.59.1.2), or wikileaks.se (88.80.6.179). Oddly enough, I have read that wikileaks is using EveryDNS to resolve those 3 URLs.
EveryDNS does not say if there is a DDOS attack on their nameservers or just on the Wikilieaks site. If their response to a DDOS attack on a customer is to delete their listing on the nameserver then this would only encourage DDOS attacks as this makes the attack, essentially, more effective. Also, since EveryDNS does not do domain hosting how are other customers affected by a DDOS attack on one customer? If EveryDNS itself is undergoing a DDOS attack, de-listing Wikileaks.org will not directly stop that attack. They are just hoping that de-listing will placate the attackers who will then gratefully cease their attack. A strategy that, again, makes DDOS attacks more effective and so encourages them. This also assumes that the DDOS attack comprises repeated queries for only the Wikileak domain(s). Their rationale is not believable and stinks of unspoken outside pressures.
On the post: Wikileaks Wasn't The Only Operation HBGary Federal, Palantir And Berico Planned To Defraud
Re: Re: Er...
Yes, it's very amusing. I don't think anybody in Anonymous saw that coming either. This level of hacking seems like a step up in level of crime for Anonymous. Legally, participating in a DDOS attack is just as serious with the FBI saying it could result in a 10 year max sentence. However, I think the average person would say the stealing of emails, documents, financial info, and source code is much more serious.
The result is beginning to look much more effective and important than DDOS attacks. I believe the uncovering of underhanded schemes to undermine Wikileaks and opponents of the US Chamber of Commerce is a complete surprise to those few members of Anonymous involved in the attack against HBGary and HBGary Federal. This might well be the start of a new wave of hacktivism targeting internal documents from government and industry. The following is a quote from Sparkatus' comment on Glenn Greenwalds article on Salon.
Hunton & Williams is one of the most important DC centric law firms. They play a significant role in most areas of public policy as standard legal advocates, lobbyists as well as "independent" party.
Among many other things, they host data rooms for public-private partnership efforts so that private companies can "share" information on their activities for review by government officials without that information being covered by FOIA rules. This may be typical for many law firms, but I know they provide this service for EPA.
I'm sure Hunton & Williams is now freaking out about Anonymous coming after them a la HB Gary Federal. With the amount of privileged info they have from a whole range of clients, distributed locations and law firm's typically low levels of technical savvy, they are a sitting duck.
On the post: Wikileaks Wasn't The Only Operation HBGary Federal, Palantir And Berico Planned To Defraud
DDOS against Wikileaks
On the post: Firm Involved In Planning Attack On Journalist Glenn Greenwald To Hurt Wikileaks Apologizes; Cuts Ties With HBGary Federal
Aaron Barr retreats
On the post: Leaked HBGary Documents Show Plan To Spread Wikileaks Propaganda For BofA... And 'Attack' Glenn Greenwald
Re:
Security firms are often targets of hackers. It's a tempting challenge and receives max lols. What is surprising here is that they went out of their way to provoke Anonymous in order to gain publicity. If the following link is of an actual email from the stolen stash [I am trying to confirm this] then it makes both HBGary and HBGary Federal look very bad.
http://img823.imageshack.us/img823/7462/hbgary.jpg
View this in contrast with quotes from Greg Hoglund, CEO of HBGary, in this article:
http://www.scmagazineus.com/anonymous-takes-over-security-firm-in-vengeful-hack/article/ 195837/
Aaron Barr met with the FBI last Sunday. I would have loved to be a fly on the wall for that one. Anonymous says they intended to sell their info to the FBI. I doubt the FBI would be buying that information. I think it was an effort by HBGary Federal to gain favor with the government for future contracts and good publicity for them. If the FBI was seriously monitoring those particular IRC channels and Facebook accounts then they must now be angry with Aaron Barr for disrupting their investigation.
HBGary has a product release this month. Greg Hoglund is giving a talk at the RSA conference in S.F. next week where he is a distinguished speaker. Aaron Barr is speaking at the Security B-Sides Conference next Monday, also in S.F.. This is very bad timing for them. I think they have truly succeeded in undermining their company.
On the post: Do Tools Ever Die Off?
I can imagine that paper tape readers are not still made. I actually have some paper tape from the early '70s that encodes the World3 model (look up Club of Rome, the limits to growth). It is fragile now and likely wouldn't survive being read. If for some reason you actually wanted to read it I would try scanning it with a manual optical scanner and write a program to do a translation.
Another example: I don't believe that Dolby DBX disc decoders or encoders are being made. DBX discs are vinyl records encoded using DBX noise reduction. Not a lot of albums were made (I've heard 1100). I have two of them. It's very impressive to listen to them in comparison to standard vinyl releases. No surface noise at all! The decoding could be done entirely in software but I don't think that has been done. Why bother? If you need to transfer your album to another format, I will rent you my DBX 228 decoder for $2.28/day.
On the post: Is Downloading And Converting A YouTube Video To An MP3 Infringement?
format problem
On the post: Is Downloading And Converting A YouTube Video To An MP3 Infringement?
duplicate comment but now formatted
On the post: Is Downloading And Converting A YouTube Video To An MP3 Infringement?
On the post: Stuxnet Increasingly Sounding Like A Movie Plot
Re: stolen keys
On the post: Stuxnet Increasingly Sounding Like A Movie Plot
Re: stolen keys
On the post: US Customs & Border Patrol Protecting America From Chocolate Toy Eggs (And Charging You For The Privilege)
Re: Re:
http://www.cbp.gov/xp/cgov/newsroom/news_releases/archives/2008_news_releases/june_2008/06 122008_2.xml
On the post: US Customs & Border Patrol Protecting America From Chocolate Toy Eggs (And Charging You For The Privilege)
Re: Re:
http://www.cbp.gov/xp/cgov/newsroom/highlights/kinder_eggs.xml
On the post: Stuxnet Increasingly Sounding Like A Movie Plot
ha ha ha
On the post: Stuxnet Increasingly Sounding Like A Movie Plot
missing questions
What I found strangely missing from the New York Times article was that one aspect of the poisoned PLC code was to intermittently changed the speed of the centrifuges in a way that wouldn't destroy it but kept the uranium from being successfully enriched. Such a problem would be hard to be aware of much less debug.
Another aspect of the story that I haven't seen explained is how the writers of Stuxnet got a hold of the code signing keys for Windows drivers from two separate companies; Realtek Semiconductor and JMicron Technology. The private keys for certificates is not something that should be accessible on the companies' website. In my mind, it doesn't even have to be on a computer connected to the internet. Was there collusion from these companies with the US?
A really good summary of Stuxnet can be found here (warning, it is technical)
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32 _stuxnet_dossier.pdf
On the post: Deep Linking Could Be Infringement In Germany If Website Puts Even Ridiculous Weak Attempts To Block It
a good analogy
On the post: Deep Linking Could Be Infringement In Germany If Website Puts Even Ridiculous Weak Attempts To Block It
what the case is about
I can't see how more effective methods of enforcing a paywall, or subscription model, to protect copyrighted material would work here because of the mix of usage, wherein the common user was allowed free access. Depending on the law to make up for a bad business model or poor technical security is just awful. Hyperlinks are critical to the usefulness of the World Wide Web. Limiting access of websites or portions of websites is also critical to the usefulness of the Web. In general, there are technical solutions we should rely on for restricting access. There is no need to depend upon the law to restrict deep linking.
On the post: Florida Man Sues Wikileaks Over The Personal Distress It Caused Him
Re: Re:
On the post: How Political Pundits Get Confused When They Don't Understand That Wikileaks Is Distributed
mirror sites
On the post: How Political Pundits Get Confused When They Don't Understand That Wikileaks Is Distributed
Re: Re:
On the post: Wikileaks Says Its Site Has Been 'Killed'
EveryDNS rationale makes no sense
Next >>