Slashdot Mirror
Wikileaks Was Launched With Intercepts From Tor
The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..."
Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.
I read about this yesterday.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
The summary is written as if Tor is suppose to be secure from eavesdropping. It isn't. It's supposed to offer anonymity. There's nothing to indicate that the _source_ of the documents was compromised.
"National Security is the chief cause of national insecurity." - Celine's First Law
Should rename them WikiThief.
My big question is whether or not their tactic for acquiring the documents is still usable by say, the Chinese Government.
Bureaucracy expands to meet the needs of the expanding bureaucracy.-Oscar Wilde
Sounds like an excellent way to spread disinformation.....even better than say.....the New York Times.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Transparency is what the information age is for. It will be interesting to see how political bodies adjust... on one hand, the leaks are damaging, and truly innocuous or routine things can be spun and blown way out of proportion by opposition groups. On the other hand, they now have to behave to higher ethical standards (or at least the appearance of high ethical standards) because virtually anything could become public knowledge.
those chinese hackers are good for something.. I'm thinking if we ever catch one though.. we'll sentence them to work in that Foxconn plant making iPhones ...
WiliLeaks? Really?
garethw
Personally reading the linked articles made me really, really uncomfortable. Obviously wiki-leaks as a site has its own particular biases and political goals, everyone does, but the way in which they went about gathering this payload fills me with a really agonising ambivalence.
It really strikes to the heart of my feelings about wikileaks itself. Democracies require informed populations and accountability – they’re premised on the fundamental idea that the voting public makes choices based on more than partisan, or self, interest. For the most part, when considered on a population-wide basis, this tends to happen. For every insane extremist there is a balance on the opposite side of the political spectrum leaving those who cluster around the middle to chart a more reasonable course. That being said, moderation is not always the best of all options (only killing half of all people with foreign accents is hardly the ideal resolution to the war on terror) but it’s the best one we have. Wiki gives us a level of information we previously lacked.
However, the fact that they were born out of some ethically questionable actions worries me. It makes me question the source of their information, its reliability, and its purpose to a far greater extent than previously. I am forced to wonder what their goal actually is, and worry that I’ve been naive in believing that they’re interested in mature and reasoned public discourse. Perhaps that’s an over-reaction. Does the idea of Fruit-from-a-poison-tree apply here?
Anyone can set up a wiki and put lulz citationz needed or we will put you on wheels.
Fact, someone used your citations to support the fact that you suck cock.
Would this be a fundamental flaw of the TOR network? If you don't know who's controlling the exit nodes, then you will never know if the information you send is truly secure.
One of the things we were trained for in the Navy-and something in which I got an abject lesson-is "Trust but verify". I "trusted" my senior petty officer when he told me that he'd secured the transmitters when we went to go raise the antennas. When I got back to radio to restore the "secured" transmitters, I found them happily pouring out 1000 watts of power with each ping, which were coming 2-3 per second.
My "Link-11 Sunburn" taught me that very important lesson: Trust but verify.
If you can't verify the network yourself, then don't trust it. Make sure the information you send over it can't be traced back to you in any way. Good luck with that, but do your best anyway.
[End Of Line]
Only the bad guys use P2P. FACT!!
Are you user of P2P?
You are a bad guy !! FACT !!
Commies, go home !!
take him to the greek looks totally gay. lots of slashfags will probably like it.
If you want to see how even Wikileaks volunteers don't know how funds are used in their organization read the following link at Cryptome
http://cryptome.org/0001/wikileaks-funds.htm
Cryptome has also published a lot of Wikileaks founder's personal emails in which, like many of us at different points in time in our lives, he speaks of how broke he is. After founding Wikileaks, he told an Australian newspaper Sydney Morning Herald that he did not use a single cent from Wikileaks for funding his personal expenses, but he has substantial private investments. Where did the money come from?
Cryptome has all the inside information about Wikileaks.
I am a supporter of the site thought. Not of the shady founder. Wikileaks good.
The recent flap over a Pennsylvania school district's use of tracking software on schoolissued laptops, supposedly to locate those that were stolen, makes me wonder how much illegal snooping goes on everywhere, whether initially intended or not.
If you didn't follow this story from the outset, the school district, near Philadelphia, provided students with free Apple laptops that had a theft-protection scheme in place; the laptop cameras could be turned on remotely for security purposes. So if a person stole the laptop, he or she could be identified on the camera. This was the basic justification for the program.
The case took an interesting turn when it turned out that the district had captured 56,000 photos from various laptops. Catching a high school kid naked in his or her room would constitute the collection of kiddie porn, another complication for these boneheads. The school district says none of the images caught anyone naked, though this seems hard to believe.
Unfortunately every sort of scheme like this one spirals out of control. Power corrupts, and absolute power corrupts absolutely. So maybe the school officials or their minions or both decide that this ability to turn on cam is more than a tool; it's a fun toy! One kid captured in the images and his family are suing the school district, and the FBI is investigating the situation for illegal wiretapping, with possible criminal implications.
The Need for Ethics 101
Very few schools teach civics or ethics anymore, and apparently few school teachers or administrators know what these terms mean. I have not heard much in the way of outrage by any other schools regarding this practice, which began with monitoring stolen goods and appears to have deteriorated into out-and-out spying and surveillance for fun. What does this tell you about American school systems? They're top heavy with administration and out of touch with reality. No wonder parents want to home-school.
I honestly do not believe that at any point in the surveillance program did the school snoops think they were doing anything wrong or unethical. This is the real problem here. In fact I'm sure some of the folks being rounded up are actually stunned by this investigation. "But we didn't know!"
I'm not sure how anyone can come to the conclusion that you can just turn on computer cameras inside private residences Orwellian-style, just to see what's going on out of curiosity. This is the kind of thinking you might have as a goofy 12-year-old before you learn about legality, and ethics. But these are adults with serious responsibilities. And I think it is the tip of a very big iceberg--one that no one is talking about.
Does anyone seriously believe this is an isolated incident? If you watch TV cop dramas this sort of thing is out-and-out promoted as the way to catch the bad guys. And in the USA lately, the entire public is seen as a potential bad guy, no matter the reality or likelihood. Everyone is a suspect getting on an airplane. Everyone is a suspect walking down the street. And public cameras are everywhere.
So it is not a leap of faith to just spy on everyone; after all, someone is probably doing something wrong, and maybe we can catch them this way. And as expected, someone was doing something wrong: the person surreptitiously viewing the cameras.
I can assure you other schools around the country are erasing their 56,000 photos ASAP as this case unfolds. I can assure you that whatever snooping program was used by the school district wasn't sold to just one customer. It surely wasn't coded in-house. Hopefully some irked supervisors will emerge and blow the whistle on other offenders.
Unless we want to just give up on freedoms and liberties in this country, this sort of Big Brother-is-watching-you nonsense has got to stop. If any leniency is shown toward the school district--any whatsoever-- then the wrong message will be sent. The prosecutors have to throw the book at these jokers. For starters, a school is supposed to exemplify good,
http://www.wired.com/threatlevel/2007/11/swedish-researc/ :)
As people might recall log-in and password information for 1,000 e-mail accounts belonging to foreign embassies where seen in plain text too.
Tor was always one huge honey pot built on the US telco network with all exit nodes collectable to the NSA.
Others are just building their own small data collection services on top.
Another man in the middle data retention story
Domestic spying is now "Benign Information Gathering"
Anybody involved with TOR knows that EXIT nodes are a big potential risk, and not only have there been rumors of official government sponsored (and therefore tapped) exit nodes, but even /. had a story about it a long ass time ago. Recently the TOR guys have been trying to curtail this via a few different methods, but it is nothing new. Regardless, exit node sniffing is a novel way to get information, (for example, allow only .gov or .edu traffic)
"It's ok, I'm completely secure as long as my iron is off"
just like a dick loving faggot.
Almost anyone could get into that game, at least in a small way with one or more Tor exit nodes.
That's the problem with using something that bridges back to the normal Internet: Security can be quite low without painstaking preparation. I2P at least will not pose such a risk because your destinations are all inside the darknet, and even https is discouraged because the connections are considered secure as well as anonymous (your base64 address acts as the public key that pairs with your local identity which is secret).
The author mentions the disk access for deduped primary storage (he points out (rightfully so) that deduped primary storage will perform slower than non-deduped primary storage), but he failed to mention what I think is an important point when discussing deduplication and network performance/bottlenecks.
If you dedupe your backups (the author mentions, for example, a VTL solution), you then gain the ability to replicate only the unique data to your DR site. In terms of saving bandwidth, this can be an absolutely huge savings. Imagine if you backup to a VTL, and with dedupe you get an average 25:1 ratio; that means that, for the purposes of DR, you can replicate 25x more data through your pipe than you would have been able to, without dedupe.
Nemilar http://www.techthrob.com - Visit Me!
No government is innocent. No large group of people are innocent. No Corporation is innocent. The weak exist to be dominated as long as capitalism is the religion of the world.
As long as it's not our weak being dominated, thats the best we can hope for in the current world.
...for getting around the Great Firewall to d/l porn and access facebook, not for doing anything that needs to be secure.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
More precisely, it is not the nodes themselves that are the risk, but the (unencrypted) communication coming from the exit nodes.
While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.
Go look at the list of CAs your browser trusts.
I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.
Maybe some folks here didn't realize that this is how the model works. That's part of the problem.
So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.
Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.
Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives. See the demo. There's a Firefox extension.
Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.
That Julian Assange is a fucking douche nozzle with a side of ass goblin. :)
Yes, mark me as a troll for assaulting the precious wikileaks, but really, he's a douche promoting what essentially amounts to corporate espionage in almost every case.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
not quite right. I am a little upset with julian assange over the book he co-authored many years ago called Underground. Alot of what he wrote were pretty much out and out lies and activities assigned to one person or group were actually performed by others. particularly things assigned to the australians and himself. He and the australians claimed they did alot of stuff performed by a good friend of mine who has never gotten the credit he deserved, he doesn't really care as he's not like that but he does get pissed off that people like julian, ropp, phoenix, gandlaf, electron, MoD, 8lgm and others parlayed his exploits into their fame and fortune and he didn't even get more than a few sentences in the book.
In the not so distant past, things like Algebra and Geometry were considered "premium" learning. Now, anyone who has been through high school has been exposed to those concepts and, even if they can't use that math, they have been exposed to it. The internet has become such a pervasive part of our culture that an understanding of how it works and even ethics classes on how to use it should be taught at an early age.
That doesn't preclude idiot bureaucrats without that education from thinking that sending information via tor and expecting the exit node to be secure but, it does put society in a place where basic knowledge about the fundamental structure of the internet is almost common sense.
Films like this deserve to be seen. Anonymous distribution is, so far, one avenue to make that possible. If intercepted at an exit node by more than one party, that just gives more opportunity for an honest publisher and any propagandist a video to deliver to the public. Obviously it would always be best to have the whole unedited film available for reference. Though even then you have to use your critical skills to interpret what you're viewing.
For example: the New Yorker's "compelling points" of the video are, in my opinion, tangential and minor in the context of the shooting. You can ignore the audio and items circled, and still come away with the big picture. Some empty-handed locals, some locals with weapons, and journalists with cameras are walking around. Some foreign guys with weapons, part of an invading and occupying foreign military, are flying around in helicopters. The foreign guys initiate the killing of locals and journalists on the ground. Another group of weaponless locals drives in and tries to rescue the wounded, but are also shot, along with their kids, by the foreign guys. Make of that what you will. Looks like murder of innocents to me.
How did kdawson know it was either a "he" or a "she" ?
http://dailycontributor.com/scot-turned-australian-becomes-worlds-first-legal-neutral-gender/12742/
Confirms my suspicions...
Tor lets you collect your porn anonymously, but at a heavy bandwidth price. The three letter agencies are (we guess) providing Tor nodes with lots of bandwidth so as to be able to sniff the exit traffic.
Result? The NSA is subsidising your anonymous porn collection!
You don't have to care about encryption so long as you don't mind if the NSA has sniffed your porn before you do.
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
... it's a Wired article which doesn't suck.
Maybe Wired journalists are okay at writing about journalism?
I'm not sure if I should continue ignoring this publication. It's confusing.
Okay, I have my answer. Continue ignoring Wired.
This is precisely the attack that we are going to see more and more. Discreditation of Wikileaks is a high priority in combating its effects on governmental secrets. Go and read the (leaked) military document on Wikileaks: it explains the method of action quite well. The fact that the attack comes from a prestigious site does not mean that it's not an attack.
Slashdot takes stories from other sources not meant for Slashdot. Wikileaks takes stories from other sources not meant for Wikileaks. Both of which relies on other parties to deliver them goods that they themselves could not produce on their own. Just as Slashdot is the front end for pseudo-geek news from other sites, Wikileaks is the front end for TOR feeds. Pot have you met Kettle?
Another post that says "nothing happened, and rumors that say it happened are false". What idiot poured redbull in kdawson today ?
What a depressingly stupid machine.
I run a TOR node w/ a very generous amount of dedicated bandwidth. However, it's locked up in such a way that it's not an exit node. All it does is relay traffic within the network. That way I can still contribute to TOR, without having the liabilities of running an exit node. So this way the server's IP doesn't end up in all sorts of logs doing all sorts of bad things.
At the very least, this is what most people should be doing to help TOR. Dedicate some bandwidth and only set it up as a relay. Whether on a server or desktop it can still help. All they ask for as a minimum is 20K/s of bandwidth. Anyone on broadband, even with BT running, can afford this.