Slashdot Mirror
Wikileaks Was Launched With Intercepts From Tor
The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..."
Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.
The summary is written as if Tor is suppose to be secure from eavesdropping. It isn't. It's supposed to offer anonymity. There's nothing to indicate that the _source_ of the documents was compromised.
"National Security is the chief cause of national insecurity." - Celine's First Law
I didn't.
"DRM is like the Ford Pinto: it's a smooth ride, right up the point at which it explodes and ruins your day."-C.Doctorow
Should rename them WikiThief.
My big question is whether or not their tactic for acquiring the documents is still usable by say, the Chinese Government.
Bureaucracy expands to meet the needs of the expanding bureaucracy.-Oscar Wilde
Sounds like an excellent way to spread disinformation.....even better than say.....the New York Times.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Transparency is what the information age is for. It will be interesting to see how political bodies adjust... on one hand, the leaks are damaging, and truly innocuous or routine things can be spun and blown way out of proportion by opposition groups. On the other hand, they now have to behave to higher ethical standards (or at least the appearance of high ethical standards) because virtually anything could become public knowledge.
those chinese hackers are good for something.. I'm thinking if we ever catch one though.. we'll sentence them to work in that Foxconn plant making iPhones ...
You have to admit though, whatever his crimes, that Julian is a mysterious and exotic person, who has the most with beautiful hair.
He looks like an extra vacant Bill Maher.
WiliLeaks? Really?
garethw
Personally reading the linked articles made me really, really uncomfortable. Obviously wiki-leaks as a site has its own particular biases and political goals, everyone does, but the way in which they went about gathering this payload fills me with a really agonising ambivalence.
It really strikes to the heart of my feelings about wikileaks itself. Democracies require informed populations and accountability – they’re premised on the fundamental idea that the voting public makes choices based on more than partisan, or self, interest. For the most part, when considered on a population-wide basis, this tends to happen. For every insane extremist there is a balance on the opposite side of the political spectrum leaving those who cluster around the middle to chart a more reasonable course. That being said, moderation is not always the best of all options (only killing half of all people with foreign accents is hardly the ideal resolution to the war on terror) but it’s the best one we have. Wiki gives us a level of information we previously lacked.
However, the fact that they were born out of some ethically questionable actions worries me. It makes me question the source of their information, its reliability, and its purpose to a far greater extent than previously. I am forced to wonder what their goal actually is, and worry that I’ve been naive in believing that they’re interested in mature and reasoned public discourse. Perhaps that’s an over-reaction. Does the idea of Fruit-from-a-poison-tree apply here?
You should try going elsewhere for you news aside from /. :p The first referenced article is the one I read.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Would this be a fundamental flaw of the TOR network? If you don't know who's controlling the exit nodes, then you will never know if the information you send is truly secure.
One of the things we were trained for in the Navy-and something in which I got an abject lesson-is "Trust but verify". I "trusted" my senior petty officer when he told me that he'd secured the transmitters when we went to go raise the antennas. When I got back to radio to restore the "secured" transmitters, I found them happily pouring out 1000 watts of power with each ping, which were coming 2-3 per second.
My "Link-11 Sunburn" taught me that very important lesson: Trust but verify.
If you can't verify the network yourself, then don't trust it. Make sure the information you send over it can't be traced back to you in any way. Good luck with that, but do your best anyway.
[End Of Line]
Only the bad guys use P2P. FACT!!
Are you user of P2P?
You are a bad guy !! FACT !!
Commies, go home !!
take him to the greek looks totally gay. lots of slashfags will probably like it.
If you want to see how even Wikileaks volunteers don't know how funds are used in their organization read the following link at Cryptome
http://cryptome.org/0001/wikileaks-funds.htm
Cryptome has also published a lot of Wikileaks founder's personal emails in which, like many of us at different points in time in our lives, he speaks of how broke he is. After founding Wikileaks, he told an Australian newspaper Sydney Morning Herald that he did not use a single cent from Wikileaks for funding his personal expenses, but he has substantial private investments. Where did the money come from?
Cryptome has all the inside information about Wikileaks.
I am a supporter of the site thought. Not of the shady founder. Wikileaks good.
http://www.wired.com/threatlevel/2007/11/swedish-researc/ :)
As people might recall log-in and password information for 1,000 e-mail accounts belonging to foreign embassies where seen in plain text too.
Tor was always one huge honey pot built on the US telco network with all exit nodes collectable to the NSA.
Others are just building their own small data collection services on top.
Another man in the middle data retention story
Domestic spying is now "Benign Information Gathering"
Go somewhere else? I don't understand the concept.
Anybody involved with TOR knows that EXIT nodes are a big potential risk, and not only have there been rumors of official government sponsored (and therefore tapped) exit nodes, but even /. had a story about it a long ass time ago. Recently the TOR guys have been trying to curtail this via a few different methods, but it is nothing new. Regardless, exit node sniffing is a novel way to get information, (for example, allow only .gov or .edu traffic)
"It's ok, I'm completely secure as long as my iron is off"
Almost anyone could get into that game, at least in a small way with one or more Tor exit nodes.
That's the problem with using something that bridges back to the normal Internet: Security can be quite low without painstaking preparation. I2P at least will not pose such a risk because your destinations are all inside the darknet, and even https is discouraged because the connections are considered secure as well as anonymous (your base64 address acts as the public key that pairs with your local identity which is secret).
Why? I can stand to wait a day or two (or much longer, usually). In return, I have much less places I need bother to look.
I, unlike some others, don't have an addiction to knowing what is going on RIGHT NOW everywhere else in the world.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
The author mentions the disk access for deduped primary storage (he points out (rightfully so) that deduped primary storage will perform slower than non-deduped primary storage), but he failed to mention what I think is an important point when discussing deduplication and network performance/bottlenecks.
If you dedupe your backups (the author mentions, for example, a VTL solution), you then gain the ability to replicate only the unique data to your DR site. In terms of saving bandwidth, this can be an absolutely huge savings. Imagine if you backup to a VTL, and with dedupe you get an average 25:1 ratio; that means that, for the purposes of DR, you can replicate 25x more data through your pipe than you would have been able to, without dedupe.
Nemilar http://www.techthrob.com - Visit Me!
No government is innocent. No large group of people are innocent. No Corporation is innocent. The weak exist to be dominated as long as capitalism is the religion of the world.
As long as it's not our weak being dominated, thats the best we can hope for in the current world.
...for getting around the Great Firewall to d/l porn and access facebook, not for doing anything that needs to be secure.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
I didn't.
This is informative? Must be editors with mod points. Otherwise how does whether one person's first exposure to this story came from Slashdot inform the rest of us about anything? If this is informative then the parent post talking about how he had already read this elsewhere before it appeared on Slashdot is equally informative. Confirmation bias at its finest, folks.
More precisely, it is not the nodes themselves that are the risk, but the (unencrypted) communication coming from the exit nodes.
While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.
Go look at the list of CAs your browser trusts.
I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.
Maybe some folks here didn't realize that this is how the model works. That's part of the problem.
So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.
Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.
Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives. See the demo. There's a Firefox extension.
Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.
I don't either, and generally I don't read the online (or offline) papers. I do get news from several sources though (mainly because I subscribed to a feed for keeping up with what groups are doing politically).
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
probably a /. mod with an ax to grind. I tend to piss people off for one reason or another.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
That Julian Assange is a fucking douche nozzle with a side of ass goblin. :)
Yes, mark me as a troll for assaulting the precious wikileaks, but really, he's a douche promoting what essentially amounts to corporate espionage in almost every case.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
not quite right. I am a little upset with julian assange over the book he co-authored many years ago called Underground. Alot of what he wrote were pretty much out and out lies and activities assigned to one person or group were actually performed by others. particularly things assigned to the australians and himself. He and the australians claimed they did alot of stuff performed by a good friend of mine who has never gotten the credit he deserved, he doesn't really care as he's not like that but he does get pissed off that people like julian, ropp, phoenix, gandlaf, electron, MoD, 8lgm and others parlayed his exploits into their fame and fortune and he didn't even get more than a few sentences in the book.
In the not so distant past, things like Algebra and Geometry were considered "premium" learning. Now, anyone who has been through high school has been exposed to those concepts and, even if they can't use that math, they have been exposed to it. The internet has become such a pervasive part of our culture that an understanding of how it works and even ethics classes on how to use it should be taught at an early age.
That doesn't preclude idiot bureaucrats without that education from thinking that sending information via tor and expecting the exit node to be secure but, it does put society in a place where basic knowledge about the fundamental structure of the internet is almost common sense.
Probably because my answer was just a different way of saying "so what? just because you read it elsewhere yesterday doesn't make it any less interesting for those who DIDN'T read it elsewhere. Considering the news in question, one day, or even one week, late doesn't make a difference"
I just put it in less words the first time around
"DRM is like the Ford Pinto: it's a smooth ride, right up the point at which it explodes and ruins your day."-C.Doctorow
Films like this deserve to be seen. Anonymous distribution is, so far, one avenue to make that possible. If intercepted at an exit node by more than one party, that just gives more opportunity for an honest publisher and any propagandist a video to deliver to the public. Obviously it would always be best to have the whole unedited film available for reference. Though even then you have to use your critical skills to interpret what you're viewing.
For example: the New Yorker's "compelling points" of the video are, in my opinion, tangential and minor in the context of the shooting. You can ignore the audio and items circled, and still come away with the big picture. Some empty-handed locals, some locals with weapons, and journalists with cameras are walking around. Some foreign guys with weapons, part of an invading and occupying foreign military, are flying around in helicopters. The foreign guys initiate the killing of locals and journalists on the ground. Another group of weaponless locals drives in and tries to rescue the wounded, but are also shot, along with their kids, by the foreign guys. Make of that what you will. Looks like murder of innocents to me.
much less places
many fewer places
Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
Then why didn't you submit it yesterday?
How did kdawson know it was either a "he" or a "she" ?
http://dailycontributor.com/scot-turned-australian-becomes-worlds-first-legal-neutral-gender/12742/
Confirms my suspicions...
Yes but you can in this case have your cake and eat it too. Just go to Daily Rotation, make an account (If you want to have your settings saved and be able to access from more than 1 PC), choose which sites and headlines you care about, add any sites not listed with the handy "add site" at the bottom, hit save, and voila! All the major and minor sites headlines, all served up to you on a single page.
I find it a whole lot easier to have all the sites I like including /. all on a single page. With all the cool new tech coming out it is hard to keep up otherwise, at least for me. Give it a try, I bet you'll like it.
ACs don't waste your time replying, your posts are never seen by me.
Tor lets you collect your porn anonymously, but at a heavy bandwidth price. The three letter agencies are (we guess) providing Tor nodes with lots of bandwidth so as to be able to sniff the exit traffic.
Result? The NSA is subsidising your anonymous porn collection!
You don't have to care about encryption so long as you don't mind if the NSA has sniffed your porn before you do.
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
... it's a Wired article which doesn't suck.
Maybe Wired journalists are okay at writing about journalism?
I'm not sure if I should continue ignoring this publication. It's confusing.
Okay, I have my answer. Continue ignoring Wired.
I read about this yesterday.
I read this first post yesterday.
And the day before that. And the day before THAT. And the day be... well, actually, the day before that was some idiot 13 year old GNAA twit. But the day before THAT...
This is precisely the attack that we are going to see more and more. Discreditation of Wikileaks is a high priority in combating its effects on governmental secrets. Go and read the (leaked) military document on Wikileaks: it explains the method of action quite well. The fact that the attack comes from a prestigious site does not mean that it's not an attack.
Interestingly enough my business law professor skipped the ethics chapter.
Whatever. Go shove your grammar book somewhere cramped and moist and don't bother me.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
because my submissions have a history of being rejected (somewhere around a 12% acceptance rate). Also, I didn't think such a dry profile (as interesting as it was to me) was /. worthy.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Slashdot takes stories from other sources not meant for Slashdot. Wikileaks takes stories from other sources not meant for Wikileaks. Both of which relies on other parties to deliver them goods that they themselves could not produce on their own. Just as Slashdot is the front end for pseudo-geek news from other sites, Wikileaks is the front end for TOR feeds. Pot have you met Kettle?
Another post that says "nothing happened, and rumors that say it happened are false". What idiot poured redbull in kdawson today ?
What a depressingly stupid machine.
I run a TOR node w/ a very generous amount of dedicated bandwidth. However, it's locked up in such a way that it's not an exit node. All it does is relay traffic within the network. That way I can still contribute to TOR, without having the liabilities of running an exit node. So this way the server's IP doesn't end up in all sorts of logs doing all sorts of bad things.
At the very least, this is what most people should be doing to help TOR. Dedicate some bandwidth and only set it up as a relay. Whether on a server or desktop it can still help. All they ask for as a minimum is 20K/s of bandwidth. Anyone on broadband, even with BT running, can afford this.