Slashdot Mirror

Don't let history disappear ... download now! The file, "insurance.aes256," at 1.4G is ten times the size of the seven other Afghan War diaries files combined. Appears to be encrypted with AES Crypt from www.aescrypt.com Here's the torrent page from The Pirate Bay. https://thepiratebay.org/torrent/5723136/WikiLeaks_insurance here's the magnet link magnet:?xt=urn:btih:76a36f1d11c72eb5663eeb4cf31e351321efa3a3&dn=WikiLeaks_insurance&tr=http%3A%2F%2Fdenis.stalker.h3q.com%3A6969%2Fannounce here's the torrent link https://torrents.thepiratebay.org/5723136/WikiLeaks_insurance.5723136.TPB.torrent I tried to post the checksums here but the slashdot filter didn't like them. The AES256 encryption reminded me of this page from cryptome http://cryptome.org/0002/state-aes.htm which says State Department Warns Against AES Crypto page 3 of http://www.state.gov/documents/organization/89272.pdf says "The Bureau of Information Resource Management's Radio Programs Branch (IRM/OPS/ITI/LWS/RPB) provides all overseas missions two-way radios equipped with Digital Encryption Standard (DES) or Advance Encryption Standard (AES). These encryption algorithms provide limited protection from unauthorized interception of voice communications and are only approved for the transmission of Department of State Sensitive But Unclassified (SBU) and Department of Defense For Official Use Only (FOUO) communications. Under no circumstances should DES- or AES-equipped radios be used for the transmission of classified information, as defined by Executive Order 12958." What's up with that?

A study, written for U.S. Special Operations Command, suggested "clandestinely recruiting or hiring prominent bloggers."

Since the start of the Iraq war, there's been a raucous debate in military circles over how to handle blogs -- and the servicemembers who want to keep them. One faction sees blogs as security risks, and a collective waste of troops' time. The other (which includes top officers, like Gen. David Petraeus and Lt. Gen. William Caldwell) considers blogs to be a valuable source of information, and a way for ordinary troops to shape opinions, both at home and abroad.

This 2006 report for the Joint Special Operations University, "Blogs and Military Information Strategy," offers a third approach -- co-opting bloggers, or even putting them on the payroll. "Hiring a block of bloggers to verbally attack a specific person or promote a specific message may be worth considering," write the report's co-authors, James Kinniburgh and Dororthy Denning.

http://www.wired.com/dangerroom/2008/03/report-recruit/

http://cryptome.org/deepwater/deepwater.htm
The US gov has often learned about about contracts via terms like 'eight leaking cutters". They seem to like to get their needs down on paper.
This looks like a no bid contract, but inside the US over software.

NSA Ion Trap on a Semiconductor Chip

The idea of Wikileaks (i.e. the ability to anonymously expose government secrets) is valid and needs to survive. Currently Wikileaks is the only working instance of that idea. We cannot kill it simply because it is a bad implementation. In the years to come, there may be others and one of them may work better.

No, it isn't. CRYPTOME is a much older and very respected instance.

"NSA urged Mr. Clark not to write about Mr Friedman's 1957 trip and two others, suggesting that such revelations could hurt the agency's ability to read foreign secrets, the author wrote."
His trips where to the UK, others to Sweden and Switzerland. The http://cryptome.org/jya/nsa-sun.htm link is good background reading on methods.
More at http://biphome.spray.se/laszlob/cryptoag/crypto_ag.htm

and have have much pull in Sweden. In the 1960's Swedish crypto machines where been exported to the world.
The NSA wanted to ensure a flaw to allow reading of messages on every new device shipped.
In 1957 a top NSA's cryptographer called William Friedman went on a tour of the UK and Sweden. Private arrangements where made for 'trap door' tech - the key floats out with the message. By the 1980's this was leaking, Congress knew and the US press talked of it in 1986. Talks where also held to ensure another huge Swedish telco did not work too hard on any new strong crypto.
More at "Rigging the Game" http://cryptome.org/jya/nsa-sun.htm

And Cryptome is now saying that a Wired reporter contacted them after having spoken with a hacker claiming responsibility for the attack.

Which they responded to with a threat of a subpoena, and publishing news about it before the reporter, after they told the reporter they wouldn't? ... er. Way to burn bridges, guys? Seriously, I understand free speech and using reporters as sources, but I don't think reporters are going to be too gung-ho about reporting your findings later after this.

The origins of this code could be a mystery for a while. The connection to something in Iran seems clear.
Different techs and directors then get on the phones/emails within Iran and start getting/requesting more info and better reports.
Israel Army’s intelligence Unit 8200/Urim then sits back and watches Iran glow with new connections and sites.
http://cryptome.org/eyeball/ilsig/ilsig-eyeball.htm

Young students fighting governments of foreign countries and organized crime families that could (as US government keeps saying) crush the infrastructure of the US? No, this is about shaping the ethics of police state workers from a young age to keep dissenters in check. KINDERGARTEN??? Protecting Cyberspace as a National Asset Act of 2010: http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=52895dd6-1931-4770-b089-3c6a23a41de0 An analysis available at: http://cryptome.org/isp-spy/s3480.htm Section 405: "(B) the use and impact of special hiring authorities and flexibilities to recruit the most qualified applicants, including the use of student internship and scholarship programs for permanent hires;" Section 406: "(2) K THROUGH 12.—The Secretary of Education, in coordination with the Director of the National Center for Cybersecurity and Communications and State and local governments, shall develop curriculum standards, guidelines, and recommended courses to address cyber safety, cybersecurity, and cyber ethics for students in kindergarten through grade 12." "(3) UNDERGRADUATE, GRADUATE, VOCATIONAL, AND TECHNICAL INSTITUTIONS.— (A) SECRETARY OF EDUCATION.—The Secretary of Education, in coordination with the Director of the National Center for Cybersecurity and Communications, shall— (i) develop curriculum standards and guidelines to address cyber safety, cybersecurity, and cyber ethics for all students enrolled in undergraduate, graduate, vocational, and technical institutions in the United States; and (ii) analyze and develop recommended courses for students interested in pursuing careers in information technology, communications, computer science, engineering, math, and science, as those subjects relate to cybersecurity. (B) OFFICE OF PERSONNEL MANAGEMENT.—The Director of the Office of Personnel Management, in coordination with the Director, shall develop strategies and programs— (i) to recruit students from undergraduate, graduate, vocational, and technical institutions in the United States to serve as Federal employees engaged in cyber missions; and (ii) that provide internship and part time work opportunities with the Federal Government for students at the undergraduate, graduate, vocational, and technical institutions in the United States." Section 407: Monetary awards for doing a good job suppressing the population?

Or the news reports are the "havoc". Different techs and directors then get on the phones/emails within Iran and start getting/ requesting more info and better reports.
Israel Army’s intelligence Unit 8200/Urim then sits back and watches Iran glow with new connections and sites.
http://cryptome.org/eyeball/ilsig/ilsig-eyeball.htm

Oh, except for the part where he says: "i didnt speak to newsweek or other media representatives about this."

No? It looks like Domscheit-Bergs Wife, political relations for Microsoft... did instead. They have already set a precedence of leaking between them to political and financial advantage.

A picture and article on the Anke and Daniel Domscheit-Berg at end of this interview

People are confusing this master key that breaks HDCP, saying it can help decrypt Blu-Ray discs. That's not the case: Blu-Ray is encrypted with AACS, which has a similar concept of device keys derived by a master key. AACS has a mechanism of revoking compromised device keys. Getting the AACS master key would bypass that mechanism, and would be great news.

This key isn't the AACS master key This is an HDCP key, which would allow one to create a "unauthorized" device that can connect to HDCP-encrypted HDMI and succesfully decrypt the HD stream.

HDCP has been known to be nearly broken since 2001, in that obtaining the device keys of 40-50 devices is enough to calculate the master key.

More technical details described here: http://cryptome.org/hdcp-weakness.htm

Cryptome has an interesting reading on the weakness of the key

Exactly, and on pp. 15 and 21 at on this tax form, we learn even more.

And the Microsoft (Bill & Melinda Gates) Foundation pushes Monsanto and their GMOs, as well as being heavily invested in them, and the peddling of securitized debt (global development bonds), which helped give us this economic meltdown. And numerous other perfidy, as well. [And that would be Milgram, Stanley MilgrAm]

First, they make the calls when the senior prosecutor was off-duty, and the junior one takes the incoming information.

Next, it was done at the end of the work week, so the most junior prosecutor must issue a warrant as Mr. Assange is a foreign national in Sweden, and they fear he might abscond out of their country.

Senior prosecutor returns, and since this has achieved international notoriety, thanks to dishonest Svensk reporters, prosecutor announces insufficient grounds for arrest warrant.

Definite smear campaign (we await phase II, but others are working behind the scenes against the ne'er-do-wells).

The Usual Suspects

Where is the actual document? May this be linked with cryptome.org delivering only a "403 Access Forbidden" at the moment?

Just speculating...

Must... double... check... before... posting..

Where is the actual document? May this be linked with cryptome.org only a "403 Access Forbidden" at the moment?

Just speculating...

In addition to the commentary posted here, Cryptome and another blog have both come to the conclusion that this is little more than a publicity stunt.

There's exactly one article on examiner.com that seems to form the foundation of whatever credibility this group may have. That article breathlessly enumerates some of the "big names" on their roster, but doesn't seem to either vet their credentials or even confirm their membership.

Snow job.

The tipical example of security by "something you have" is a door key.

A door key is a device containing five digits (a "something you know") encoded as depths of grooves.

it certainly is something you, and nobody but you is

Serious injury to a finger can result in its fingerprint becoming no longer something I am.

and nobody but you is

I wouldn't be entirely sure of that. Please take some time to read about silicone fingers.

Bad news brewing in here
http://cryptome.org/dodi/fm-3-28.zip
New Army Field Manual draft -- all this stuff is coming home as NORTHCOM-commanded Full Spectrum Dominance type doctrine. Please read this new revised Army field manual to have a better idea.

These domestic military operations are rapidly expanding - in recent weeks, mass scanning/stops in NY state and now in CA border areas. You *need* to study the details before something like the G20 descends on your city -- I have seen these domestic military crackdown ops up close and personal and it's really, really bad.

Jim Bell wrote about some sorta weird anonymous digital currency type system. The authorities have a legit reason to want to monitor something like this.
http://cryptome.org/ap.htm

Cryptome hosts this 2007 document:

http://cryptome.org/isp-spy/skype-spy.pdf

* Skype can provide records showing account creation, financial transaction and use of PSTN interconnections
* Due to the way by which Skype works, Skype does NOT have any records of user “logins”, “log offs” or other general online/offline status
* The Skype system is designed in such a way that voicemail is not centrally stored
* Calls, IMs and other activities between Skype users do not create billing records

Everything there implies that if you want your communications to be private with respect to what can be provided in response to a subpeona then Skype isn't a bad platform. As to what can be intercepted obviously that is not covered because it's not relevant to that document.

Except that a) cryptome seems to have done fine without demanding nearly as much money and Wikileaks is inherently distracting from that good work and b) (on the same page) there are pretty clear accusations that Wikileaks organisers have been pretty wasteful which could just simply be answered with the statement "Wikileaks has a policy to only ever expense the price of an economy class ticket and always choose the cheapest reasonable travel".

Assange seems to be showing the kind of stupidity that discredits Jimbo Wales. All he has to do is clearly publish his expense policy (not too much) and make sure to distribute most of the documents he has as quickly as possible (e.g. by giving them to cryptome) and he will regain much of his credibility.

We should all remember that quite a bit of this could be a false flag operation. Where have those hundreds of middle east diplomatic messages gone? If you do leak to wikileaks, as with anyone else, make sure they don't know who you are and make sure that the documents you leak won't be identified as coming from you.

Except that a) cryptome seems to have done fine without demanding nearly as much money and Wikileaks is inherently distracting from that good work and b) (on the same page) there are pretty clear accusations that Wikileaks organisers have been pretty wasteful which could just simply be answered with the statement "Wikileaks has a policy to only ever expense the price of an economy class ticket and always choose the cheapest reasonable travel".

Assange seems to be showing the kind of stupidity that discredits Jimbo Wales. All he has to do is clearly publish his expense policy (not too much) and make sure to distribute most of the documents he has as quickly as possible (e.g. by giving them to cryptome) and he will regain much of his credibility.

We should all remember that quite a bit of this could be a false flag operation. Where have those hundreds of middle east diplomatic messages gone? If you do leak to wikileaks, as with anyone else, make sure they don't know who you are and make sure that the documents you leak won't be identified as coming from you.

According to wikileaks, they don't have any embarrasing "international cables" but they do have other documents that expose war time/rights violations by the US Government/Army. http://cryptome.org/0001/wikileaks-maybe.htm

But there is dissention in the wikileaks contributor community, someone keeps sending documents to cryptome that exposes the real goals of wikileaks - to get julian flying international in style and to get money from major news outlets for major leaks. Supposedly Manning even expected to share in the cash for his videos.

The motives make the site less noble, but the leaks are still great stuff. Especially the ones which deal with countries taking out "loans" to pay off the interest on the "loans" that they can't pay back anymore. This protects the banks that gave out the loans (usually part of the Federal Reserve banking cartel) because they can show the original loan and the new loan as "assets" (because they are still getting interest payments.) That means that the bank can actually loan out more money because they have more "asset" value on the books! When the pyramid finally falls down, the banks find some other way to clean up, usually with assistance from the Fed and the US Congress to get more imaginary (inflationary) money to be released from the "Federal Reserve."

The way this inflation scam works is well explained in "The Creature from Jekyll Island." It explains the current economic boom/bust cycle like no economist ever would dream of - because the author doesn't believe that any monetary system with no back-end discipline can survive in the long term (which is a big part of economics - "managing" the economy) The basic idea it promotes is that of a disciplinary standard that prevents inflationary spending - such as the gold standard. But even if you could care less about the gold standard, it still well explains the issues inherent in our current system, how it is used by governments and how it's hard to accept the political realities of not going into continuous inflation, which is why inflationary systems keep popping up. Rome is his first example of an inflationary system corrupted, and Greece and the Byzantine Empire. The bezant was accepted from China to Brittany, from the Baltic Sea to Ethiopia, and kept a stable price for 800 years, with a strict, disciplinary banking system. We don't have that today, just a bunch of pomp and fluff designed to look respectable and disciplinary. Deserving of respect or an exemplar of discipline our current monetary system is not.

It appears to be already in the SOP of some LEO groups. See the file on Cryptome. (The ZIP file contains a single PDF document). Take a look on page 4 of the document for suggestions on signal disruption.

...more and more dubious about Assange and his intentions. http://cryptome.org/0001/wikileaks-funds.htm

You wouldn't be employed by an american government employee would you? ......... CIA , FBI, NSA etc ?

...more and more dubious about Assange and his intentions. http://cryptome.org/0001/wikileaks-funds.htm

The US army improvised munitions handbook is better IMO.

http://cryptome.org/0001/tm-31-210.htm

Pretty much any ISP level device or IOS/CatOS

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html
http://cryptome.org/isp-spy/cisco-spy.pdf
http://www.networkworld.com/community/node/57070

also I bet not many of you noticed all the problems on cryptome & netSOLmain? jya this morning. come on I know there's a few old cryptome lurkers. Ya blockin yer iframes and cripplin yer xmlrpc's ?

Oh my a trojan.. Should I install it? y/N=?_ y

()*#&$(jmdsf .. NO CARRIER

Okay I am kidding but still. Carefully analyze eh?

You mean a "Trusted Computing" device? Yes, and maybe we should call congress and ask them to try passing the SSSCAagain so Palladium will be required by law. Then Microsoft can rule us all!

I deleted my Facebook. Everyone asks me why, here's why:

• Privacy: I do not like the fact my photographs are available and indexed by my own name. Someone could find out everywhere I have been based on the album, the photo and the dates.
• Shallowness

• The quality of communication on Facebook is poor. The most indepth conversation you can have is what someone is doing and what they have done. You are not promoted to have an intellectual debate (Read: Why the hell am I on Slashdot then?) I much prefer to use email although If my email clients were more like how you send messages to people on Facebook it would make me very happy.

• Trendy

• The people on Facebook for me are the wannabe trendy people. One or two years ago I tried to get my friends to join Multiply, it focused on contribution of blog postings, news, links, pictures and videos. It was difficult to get people to contribute things that were worthwhile.

• Cloud storage

• All your messages and photographs are stored remotely. Facebook also converts your photographs downward in quality and makes them easier to share with people so most people only ever see the low quality pictures. In other words, it's not a lossless backup medium. At least with email, my email may be hosted but I can still download my own copies.

• Excessive Openness
• : You could set your privacy settings very high but your friends will give you away. At least one of your friends will have settings that expose their list of friends, including you. This means people can deduce your whereabouts and who you know quite easily. Another thing is that if public search results are enabled by your friends, you can still be exposed through Google search there! If I were an employment agency, it would be trivial to make friends with one of your application or request happy friends (such as a distant young relative) who accept any request that comes their way. If your privacy settings are set to 'Friends of Friends', I see practically everything. Anyone in the same network has the 'right' to see everything about you.
• Keyboard unfriendly

• I may be a Windows user but I love keyboard control, I write this in VIM and my mail client is ALPINE.

• Slow

• On all the browsers I have used Facebook is slow. I underclock my laptop and it's annoying to have to return to normal speed just to use a website.

• Developers

• Mark Zuckerburg is not very nice. I do not believe in software patents but apparently he stole ideas from his fellow classmates. You can understand if you had an idea and someone stole it, without giving you credit. Zuckerberg sued by classmates. When some of the Facebook PHP code was leaked (Revealing Errors, Facebook source, it was rather disturbing what was written: 'put hotties there'. Also the news that the master password was once 'Chuck Norris' (master password) is rather disturbing. I do not think the developers are competetent. Especially something as privacy critical.

• Abuse

• The potential for abuse in Facebook is huge. Law enforcements can request practically all data about you see this Cryptome leaked document. The amount of marketing information they can collect on you is more than anywhere else, they have your profiles, your fan pages, browsing habits and internet usage patterns.

• Applications

• The applications are ins

The issues of people having their accounts frozen by PayPal were long, long ago.

True enough, these issues were many seconds ago, but these were only high profile cases (you'd hope that they would think twice before freezing somebody well-known's account, such as Cryptome or Wikileaks...). I suppose lesser known cases happen more often than that, even right now as we type.

According to the journalism of John Young, famously of cryptome.org, the name NSA used for what we call "public key" cryptography is thare called "non-secret cryptography" meaning that one of the keys is not secret. John Young's article can be read here: http://cryptome.org/nsa-nse/nsa-nse-01.htm

Except he's (more or less) right. James Ellis, at GCHQ (roughly the UK equivalent of NSA) had developed the basics of public key cryptography by the end of 1969. This was about 6 years ahead of Diffie Hellman and Merkle. In 1973, a GCHQ cryptographer, Clifford Cocks, realized that one-way functions would be an elegant way of achieving Ellis' insight. See http://cryptome.org/ukpk-alt.htm for example. This was some years ahead of RSA.

GCHQ and the NSA definitely would have exchanged this information. It's also quite possible that the US made some of these breakthroughs even earlier than the British; I've not paid much attention to anything NSA-related that has declassified in the last 5+ years.

I don't think so... public key cryptography was discovered by the GCHQ at least a decade before it was discovered in the public sphere: http://cryptome.org/ukpk-alt.htm

That paper was this one hosted on Cryptome: Unrestricted Warfare
by Qiao Liang and Wang Xiangsui (Beijing: PLA Literature and Arts Publishing House, February 1999)
It is translated by the FBIS, the CIA's Foreign Broadcast Information Service, which collects and translates reports from around the globe.

"DMCA takedown provisions don't say take down the entire site."

DMCA provisions do require taking down at least part of the site (the offending material). Apparently you didn't read the notification for Network Solutions to Cryptome, because their policy is indeed to take the option of downing the whole site.

Also, I would like to make you aware that in accordance with the DMCA, upon receipt of a Counter-Notification from you, Network Solutions will disable your site for "not less than 10 days, nor more than 14 business days following receipt of the Counter Notification. During this time, the complaining party must initiate litigation. In the event that Network Solutions does not receive notice of litigation within the allotted time frame, your site will be reactivated.

http://cryptome.org/, 2/24/10

As I said in my GP post, "a DMCA request in this case triggers a site takedown". I further presume that's a common way for ISPs to accomplish the job, and that MS would be aware of that fact.

The owner of cryptome.org sent a DMCA counter-claim, under penalty of perjury. This means he acknowledges the accusation and bears the responsibility. NSol cannot be held responsible, and is granted immunity from prosecution by the DMCA.

You're broadly correct, but the devil is in details. Going by DMCA, the service provider cannot re-enable access to the content in question - they first have to inform the copyright claimant of the counter-claim, and then wait for no less than 10 and no more than 14 days for the claimaint to file the lawsuit. Only if the lawsuit isn't filed during that period, can the service provider re-enable service. Wikipedia explains this on a simple example. And this is precisely what Network Solutions did - this was mentioned in the comments to the original /. story. You can also read the correspondence between Cryptome and Network Solutions - it explicitly mentions this aspect.

As some people have pointed out, however, Network Solutions was only legally required to remove access to the offending work, and not the entire web site (the latter is "good enough", as far as law is concerned, just overly broad). I don't think this stems from some kind of malice, though, so much as incompetence and/or laziness - they figured that the easiest way for them to block this specific file is to take down the whole site.

http://cryptome.org/ is back up and has dozens of different companies similar documents from the likes of yahoo, facebook, paypal, myspace, aol, skype, et al.

Since coming back online he has made all of those available at the top of his website because of the interest generated from his temporary censorship.

Hello, Ms Streisand, is that you? I have Mike Masnick on the phone. He says it's important.

If you don't get it click here and join those that do.

http://cryptome.org/ is back up and has dozens of different companies similar documents from the likes of yahoo, facebook, paypal, myspace, aol, skype, et al.

Since coming back online he has made all of those available at the top of his website because of the interest generated from his temporary censorship.

Network Solutions has removed the block. The site is back up: http://cryptome.org./

http://downforeveryoneorjustme.com/cryptome.org

It's just you. http://cryptome.org/ is up.

But I can't resolve it either. How intriguing.

The problem is all the game consoles and most (all?) of the cellphones are DRM encumbered. Nobody can publish a program for these systems unless they get the personal approval of the manufacturer or use an "illegal circumvention device."

With both Microsoft and Apple both deep into DRM, one has to wonder if their ultimate goal may be to convert general purpose computers into the same censored kind of device. It is asinine when you buy hardware and are not allowed to install whatever software you legally own or create on it. It goes against the basic fundamentals of property law.

"Intellectual Property" companies tried to get the SSSCA passed to require by law all devices which even touched multimedia content have DRM. It is also interesting these companies have been trying to obscure the fact it is DRM by calling it a "security" technology.

You could google on _NSAKEY or NSA_KEY or NSAKEY and find what some security researchers in Europe discovered and published. For instance http://www.heise.de/tp/r4/artikel/5/5263/1.html
A Microsoft officer offered to explain the presence of NSA_KEY, and indeed gave a partial clarification. Microsoft then declined to answer the follow-up questions which were asked, and refused to explain why they were not answering. http://cryptome.org/nsakey-ms-dc.htm
Read into this whatever you like - innocent, tinfoil hat, or otherwise. Here's the wikipedia story about it; feel free to vandalize^W improve it with your comprehensive knowledge. http://en.wikipedia.org/wiki/NSAKEY