Espionage In Icelandic Parliament

bumburumbi writes "An unauthorised computer, apparently running encrypted software, was found hidden inside an unoccupied office in the Icelandic Parliament, Althingi, connected to the internal network. According to the Reykjavik Grapevine article, serial numbers had been removed and no fingerprints were found. The office had been used by substitute MPs from the Independence Party and The Movement, the Parliamentary group of Birgitta Jonsdottir, whose Twiiter account was recently subpoenaed by US authorities. The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks. The reporter for the Reykjavik Grapevine, Mr Paul Nikolov is a former substitute MP, having taken seat in Parliament in 2007 and 2008."

Rogue servers

[HomelessInLaJolla]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Specifically... does anyone have any about Wall Street or Congress?

Re:Rogue servers

[digsbo]

does anyone have any about Wall Street or Congress?

Why bother? They steal openly now.

Re:Rogue servers

[Dachannien]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Well, with regard to Congress, there are roughly 535 of them at any given time.

Re:Rogue servers

[Black+Parrot]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Well, with regard to Congress, there are roughly 535 of them at any given time.

Actually, it's the interns that are under the desks.

But lots of CongressCritters still in the closet, I trow.

Re:Rogue servers

[hitmark]

My favorite is the opposite. It was a unix server at a university that none knew where was physically, but that was happily doing its thing for the network. Eventually they found it by following the network cabling and knocking down a drywall.

Re:Rogue servers

[Tubal-Cain]

Reminds me of this.

Re:Rogue servers

[clockwise_music]

The clue's in the name:

> was found hidden inside an unoccupied office in the Icelandic
>Parliament, Althingi, connected to the internal network

It was Al's thingy wasn't it?

Re:Rogue servers

[TheLink]

The one I remember was a Novell server (not unix).

http://slashdot.org/article.pl?sid=01/04/10/1846258
http://arstechnica.com/civis/viewtopic.php?f=2&t=1824

Original techweb article now gone, but I'm sure you can find other references.

Re:Rogue servers

So good. hahaha

Re:Rogue servers

[Z00L00K]

What's more interesting is that today every CPU has an unique serial number - and many memory modules do too. So eradicating any externally visible serial numbers only serves as a brief delay. And don't forget the MAC address of the network card as well as hard disk serial number in firmware.

All those items can be traced - provided that the manufacturers and some authorities are helpful.

But to figure out what the espionage was about may be tricky.

Re:Rogue servers

[Straterra]

Except all of that can be erased pretty easily. One could rewrite the firmware on the CPU (Yes, people do that..). One could alter the DMI information to get rid of memory manufacturer dates and serial numbers. MAC addresses can't be used as a unique identifying device either. NIC manufacturers produce more than one card with any given MAC address. There simple isn't enough addresses to go around. There was a recent, very informative thread on NANOG about this very thing.

Even if the serial numbers were even remotely useful in tracking the computer's origins, it would track only that : It's origins. Computer hardware changes hands way too often with no form of tracking between private parties. How many people here on Slashdot have rescued a "dead" computer from an employer's trash bin and brought it back to life? How many retail stores do you know of that track every item sold down to its individual serial number? Maybe Best Buy does this, but 90% of your "Mom and Pop" computer stores aren't going to do this.

TL;DR version : Serial numbers on a computer are useless for tracking.

Re:Rogue servers

[hitmark]

heh, time for a fsck-brain i guess.

Re:Rogue servers

[cusco]

I did support for a Russian restaurant POS system for a time, which used DRDOS as the OS. The fellow who trained me had set up a server in a new restaurant (not yet open) in Budapest. He stuck it in a closet because the manager's office, its proposed home, wasn't finished yet.

Two years later he just happens to be in Budapest doing another install and gets a call from Tech Support. The restaurant's server is down but no one will believe that they even HAVE a server. They think something magically happened to all the terminals at once, so could he stop buy? They checked the As-Builts, which says the server is in the manager's office.

As he was walking to the manager's office he passed the closet and wondered . . . Opening the door cases of cans and sacks full of foodstuffs came tumbling out. There, beneath several hundred pounds of rice, noodles and cans of sauces, was the server, still merrily humming away. They had finally packed so much crap into the closet that it had pulled the network cable out of the end of the RJ-45 jack. He relocated the server, plugged a new network cable in, and they were back online. Oddly enough they weren't terribly happy to find that they actually had a server, because now that meant that they were going to have to do backups. Go figure.

Re:Rogue servers

[DarthVain]

The lobbied and legalized it really.

Re:Rogue servers

My favorite is the opposite. It was a unix server at a university that none knew where was physically, but that was happily doing its thing for the network. Eventually they found it by following the network cabling and knocking down a drywall.

A whole university hidden behind a drywall? Can't believe I missed that story.

Re:Rogue servers

[Amouth]

but 90% of your "Mom and Pop" computer stores aren't going to do this.

i wouldn't be too sure of that comment - while they might not store it in an easy to reference way - ALL the "mom and pop" stores around here put the SN (where available) of each component they sell on the invoice/receipt to prevent someone from buying a part to replace a defective one and return the defective.

again while out side of the single incident use and not easily referenced - they do keep it.. and per IRS rules they keep the invoice/receipt for at least 7 years.

Re:Rogue servers

[Z00L00K]

And in some places the requirement is to keep records for 10 years.

Re:Rogue servers

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Specifically... does anyone have any about Wall Street or Congress?

http://warehouse-cinema.ru/

Re:Rogue servers

[Hognoxious]

It's the one where the librarian is some kind of monkey.

Re:Rogue servers

Now you understand all the geolocation hype.

Re:Rogue servers

[RockDoctor]

ALL the "mom and pop" stores around here put the SN (where available) of each component they sell on the invoice/receipt to prevent someone from buying a part to replace a defective one and return the defective.

Which gets you as far as "Someone giving an invoice address of 1600 Downing Street (I forgot the American equivalent) paid cash for this on date X". So now you're down to working from Mom'n'Pop's video surveillence records. Which may or may not work. It's not beyond the state of "trade craft" to break, erase, steal or otherwise circumvent such mechanisms. It's not even particularly high-tech. A little theatrical skill and Bob is not just your uncle, but your ... no hang on, that metaphor doesn't really work. But it's not rocket surgery or brain science.

Re:Rogue servers

[Tubal-Cain]

Ape.

Run by wikileaks ?

[unity100]

An iceland parlementarian's twitter account subpoenaed by u.s. government, yet, the operation to spy on the iceland government, for some godfrigging reason, is proposed to be the operation by wikileaks ?

can anyone provide any actual logic for this proposition ?

Re:Run by wikileaks ?

[icebike]

Go read the full article.

Supporters of wikileaks had access to the office because it was occupied by "WL friendly" MPs previously.

A subpoena does not plant a computer.

You need feet on the ground for that. And if you have a planted computer you wouldn't need a subpoena.

Re:Run by wikileaks ?

can anyone provide any actual logic for this proposition ?

The same logic as was behind the "computer expert" who knew that "A professional would have written any acquired data to a public-key-encrypted disk that would only have been accessible to one who possessed the private key"

...but who then followed up with "- like with Wikileaks 'insurance' file. Having a hacker program 'self-destruct' is something someone who has watched too many spy movies would claim. Not even an incompetent hacker would program something that way. This is much more likely a plant followed up by fairy-tale."

You see, computer experts only have so much RAM. And the more you fill them up with talking points and buzzwords like "Wikileaks" and "hacker programs" and "you can't erase a disk instantly like you can in spy movies", the more likely they're to simultaneously remember how full-disk encryption works, while forgetting that keys can be stored in RAM, and that (some RAM-manufacturer-and-temperature-dependent time interval) after a computer is powered off, the key stored in RAM becomes inaccessible, and with it, the data on the disk becomes permanently inaccessible.

The explanation is that in Iceland, 640K is enough for anybody.

Re:Run by wikileaks ?

[Opportunist]

Because the US government would just have said "bend over" and Jonsdottir would have gladly said "yes master".

So it has to be someone who doesn't have the same easy access to her privates... I mean private information.

Re:Run by wikileaks ?

[heidaro]

The Independence party in Iceland are not Wikileaks friendly at all and the three MPs from The Movement who supposedly could have had access to that office are not exactly likely to do something like this, even if one of them has worked with Wikileaks in the past.

Re:Run by wikileaks ?

[dgatwood]

True, it can be done easily, but the expert didn't say it couldn't be done. The expert said it wouldn't be done. If you store the key in RAM and there's a power failure, your bug will never work again until someone physically goes in and rebuilds the system from scratch. Determining the difference between an actual detection incident and a harmless condition like a blackout is a nontrivial exercise. And if you have regular access to the area, there's probably no good reason to plant a bug there. You generally would plant a bug in places where you don't regularly go so that you can have access to them when you otherwise wouldn't. Therefore, one can assume that when you amortize the damage over a long enough period of time, a self-destructing bug is a poor value proposition.

In short, the computer expert argued that a self-destructing app was foolish---not because it can't be done, nor even because it is difficult, but because it is self-defeating.

Ack! I've been dealing with product marketing people too much! I'm starting to sound like them! Gaaaaaah!

Re:Run by wikileaks ?

[icebike]

But what of their friends, assistants, and political hangers-on?

Re:Run by wikileaks ?

[number11]

I'm trying to think of some government that is less likely than Iceland's to have interesting fodder for WikiLeaks.

Maybe I'm naive and Iceland is really a hotbed of corruption and intrigue, but somehow it seems unlikely that there's anything to leak, aside from political maneuvers and backbiting that would seem tame in almost any other country. The Icelandic financial institution scandal is pretty long in the tooth at this point. Bugging Iceland would probably be a sign of really poor judgment on the part of any aspiring scandal-monger.

Of course, every society probably has its quota of twits who are interested in eavesdropping on their colleagues. But with the new interest in Iceland evidenced by the US gummint, you do gotta wonder.

Re:Run by wikileaks ?

[icebike]

I tend to agree. I doubt Iceland was the target.

It would be a haven, more than a target.

Having a machine on a network beyond the reach of any interested government that you could remotely access would be useful.

Just as likely to be a spammer or a bot net controller, or a disgruntled employee as a wikileaks plant if you ask me.

Re:Run by wikileaks ?

The enemy has been pointed out.
Get. On. Fucking. Board.

Re:Run by wikileaks ?

So you spy on someone, find out what you want to get them for. Then you subpoena them for a pretty weak reason. Then the subpoena magically leads to all these revelations that you already knew, but now you have legally found them and the fruit of the poisoned tree doesn't apply.

      Sounds like a good idea to me.

Re:Run by wikileaks ?

[Beryllium+Sphere(tm)]

Davið Oddson is, to put it objectively, a colorful and polarizing figure. If Iceland had a Fox News, he'd probably be employed there.

Re:Run by wikileaks ?

[bill_mcgonigle]

can anyone provide any actual logic for this proposition ?

Julian Assange had unprotected sex with a woman. Q.E.D.

Re:Run by wikileaks ?

If it's spying operation, and if it's not actually related to wikileaks (both concepts are far from proven at this point)... It strikes me that the only reason the rest of the world would be paying attention to icelandic politics is in relation to the growing "pirate party". Which as I understand it, has some support in Iceland.

Re:Run by wikileaks ?

[cHiphead]

"They" are trying to turn wikileaks into the new imaginary Al Qaeda boogeyman.

Re:Run by wikileaks ?

[PopeRatzo]

can anyone provide any actual logic for this proposition ?

The logic is this:

1. Wikileaks embarrassed us.
2. Let's blame Wikileaks for anything that happens from now on..
3. ????
4. Julian Assange must be eliminated to protect our freedom!

Re:Run by wikileaks ?

Sure, the wikileaks did recently change its name to a more incriminating wikisnoops. Soopy heard this and sued. Then they tried a rename of wikisnookies, only to be sued by Snooki. Wikisnookies retreated in horror and was once again called wikileaks. Meanwhile, the snoops and the snookies raised alarm in the NSA section informing DHS about espionage, treasonous foreign entities, being a dog and general lack of style in choosing dates. The petrified but not naked DHS (they are wearing their black suits) finally contacted the DOJ (who are also wearing their black suits, with the exception of being accompanied by a high class callgirl/boy) to arrange the subpoena for any information systems containing less than humorous messages of no longer than 140 characters long and the said user account of the Icelandic MP. Since everybody in the DOJ knows that the DHS has no sense of humor, they immediately knew the target of the subpoena being a Twitter account. Then Mr. David Oddsson heard all about the snoops and the snooks, became terrified and decided to run the story. It's really very simple, isn't it?

Re:Run by wikileaks ?

[dadioflex]

Couldn't agree more. There's an argument that identifying "Al Qaeda" as a global terrorist network, effectively galvanized disparate groups into making or strengthening informal links. The Power of Nightmares (BBC documentary from years back) made a strong argument for this. Power of Nightmares

Now everyone who wants to justify their own lax security is blaming "Wikileaks" as if they are actively ferreting out their secrets. It also gives a visible "showcase" for drive by hackers to post whatever dirt they happen to dig out in passing, whereas before the information wouldn't have circulated outside a select group.

Re:Run by wikileaks ?

[publicworker]

Maybe I'm naive and Iceland is really a hotbed of corruption and intrigue ...

The Icelandic government is truly a hotbet of corruption and intrigue - only nobody outside Iceland needs to care! If this is espionage (and I doubt it) then it's purely an inside-(Iceland)-job. Amateurish as well, just leaving the computer there. I'm surprised this got to /. - it's hardly making waves in Iceland.

Re:Run by wikileaks ?

[Errol+backfiring]

can anyone provide any actual logic for this proposition ?

They found the server because a document on wikileaks said it would be there?

Re:Run by wikileaks ?

Holy shit, have you or the people who modded you upnot read the news the past two years? Their entire economy and currency collapsed recently because of their governments corruption with the financial industry.

Re:Run by wikileaks ?

It's a smear campaign by Davíð Oddson.

The guy is one of the key players in the privatization of the Icelandic banks and the collapse of the Icelandic economy. When he was a former politician, he ensured that his buddies would get filthy rich. When the tab was left for the taxpayer to pick up, he went on to become the reigning king of Morgunblaðið (or Morgunblather, as it's called now), and he's been using it to rewrite history and spread FUD ever since.

He's probably mortally afraid that Wikileaks might - deliberately or inadvertantly - expose the truth, though, so I'm not in the least bit surprised to see him try to pin this on them. That said, the fact that he's grasping at straws like this also shows he must be desperate.

Re:Run by wikileaks ?

[AmiMoJo]

Wikileaks does not spy anyway. They just publish stuff people give them. They don't go after it themselves.

Re:Run by wikileaks ?

[GameboyRMH]

True, it can be done easily, but the expert didn't say it couldn't be done. The expert said it wouldn't be done. If you store the key in RAM and there's a power failure, your bug will never work again until someone physically goes in and rebuilds the system from scratch.

And what's wrong with that? Are other bugs useful after they're physically discovered?

Re:Run by wikileaks ?

[GameboyRMH]

Mod parent Insightful. I see I didn't miss anything by not RTFAing.

Re:Run by wikileaks ?

[poetmatt]

no, they said birgitta and other people are in the group of those that supposedly had access.

as opposed to the reality, that it's an office in a big ass building and anyone could get in.

it's a joke of a speculation at best.

Re:Run by wikileaks ?

David Oddson is the former leader oft the independence party, that made all the major government decisions in the events preceding the the bank collapse. Now he an editor of a major newspaper and tells the news. If he is the source if this information this looks more and more like a failed attempt to attack Wikileaks.

Re:Run by wikileaks ?

[budgenator]

1. Feet on the ground isn't that hard to come by and

2. because you have the data illegally,
2a you know what your looking for with the subpoena
2b the subpoena provides plausible deniability for the clandestine information gathered

3 the computer could be a ruse for misdirection to cover another operation

4 the computer could have been planted by a wikileaks friendly MP simply to make the US look bad.

some how the magic eight-ball says number 4 is most likely

Re:Run by wikileaks ?

I tend to agree. I doubt Iceland was the target.

It would be a haven, more than a target.

It was supposed to be a haven. The Icelandic people liked wikileaks.

This encrypted server was found - because it was meant to be found. It is pinned on wikileaks "spying", as a way to turn public opinion AGAINST wikileaks.

It's a classic PsyOps, spreading Fear, Uncertainty and Doubt.

Re:Run by wikileaks ?

[LordLimecat]

And you appear to be doing the same with the "they" (shadowy government folk?).

Re:Run by wikileaks ?

[dgatwood]

What's wrong with that is that power failures don't imply discovery. Breakers trip. Fuses blow. Electrical poles get hit by trucks. Small brownouts from four air conditioners starting up at once cause a machine to momentarily lose power. And so on.

Re:Run by wikileaks ?

[molecule1]

I concur. Pointing the finger @ wikileaks instantly raised my red flag for FUD.

Hang on a second...

[AceCaseOR]

So, Wikileaks is SPECTRE now?

Re:Hang on a second...

If we're going to get blamed for random espionage we're going to need a spyjazz theme song to play in the background, as they zoom in on a ream of perforated line printer output on TV with wikileaks printed all over it.

Re:Hang on a second...

I guess they feel the "Hes a terrorist/Traitor" stuff is selling more papers than the "Hes a pervert" stuff.

Re:Hang on a second...

Yes.

captcha: confers

Re:Hang on a second...

More like al-queda if you read the mainstream press.

Re:Hang on a second...

[cyrus0101]

More like KAOS.

Re:Hang on a second...

Two-tone, tractor fed line-printer paper?

Re:Hang on a second...

[rcamans]

No, Wikileaks would be KAOS or THRUSH...

Re:Hang on a second...

So, Wikileaks is SPECTRE now?

Someone get Assange a cat

Re:Hang on a second...

Well it certainly isn't THRUSH (Technological Hierarchy for the Removal of Undesirables and the Subjugation of Humanity)

Re:Hang on a second...

No, Wikileaks is Icelandic for C.I.A.

Re:Hang on a second...

[sjames]

Now if our fine government agents could only manage to be half as competent as Maxwell Smart...

Re:Hang on a second...

[Archangel+Michael]

I was gonna retort one of my favorites* and link it to a Wikipedia Article about it ... but I didn't find one .. but I found this instead. Geek Goodness !

http://en.wikipedia.org/wiki/List_of_fictional_espionage_organizations

.
.
.
*P.A.G.A.N

Wikileaks == scapegoat

[presspass]

The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks.

If nothing else, wikileaks will be valuable to governments as a convenient scapegoat.

--

pass

Re:Wikileaks == scapegoat

[billstewart]

Yup. It could just as easily have been left there by the former third assistant clerk to the Finance Minister, who got sacked when Iceland's banking system collapsed, and who was too polite to take his severance pay in used hardware.

Re:Wikileaks == scapegoat

[Pharmboy]

When, exactly, has Wikileaks actively gathered evidence? Oh, never. Wikileaks just waits for others to the gathering, they just do the publishing. Next, they will be blaming global warming on Wikileaks.

Re:Wikileaks == scapegoat

[CharlyFoxtrot]

They've no evidence whatsoever :

TFA: "The computer was disconnected and taken to the police" and "it is possible police bungled the operation and did not clone the hard drive before disconnecting it"

They might have at least sniffed the network to see what, if anything, the machine was sending and where it was sending it to.

Re:Wikileaks == scapegoat

[blind+monkey+3]

they will be blaming global warming on Wikileaks.
Haven't you noticed all the hot air Wikileaks has been causing?

Re:Wikileaks == scapegoat

[Jonah+Hex]

Can you show me on the doll where Wikileaks touched you?

HEX

Re:Wikileaks == scapegoat

[ScentCone]

When, exactly, has Wikileaks actively gathered evidence?

You'll recall that the guy who says he was chatting with Manning (of the quarter million stolen US State Department documents) said that Wikileaks actually made special arrangements for Manning. Worked actively with Manning to collect and stash all of that stuff. Whether, or to what degree, that's true is one of the things they (the DoD prosecutors) are still digging through.

Re:Wikileaks == scapegoat

[Dunbal]

former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks.

      This, brought to you by the mind that collapsed Iceland's economy.

Re:Wikileaks == scapegoat

[MightyYar]

Next, they will be blaming global warming on Wikileaks.

Well, they ARE wasting a lot of energy with all of these spy servers they leave on around the clock in parliament buildings.

Re:Wikileaks == scapegoat

[tnk1]

Is Wikileaks trying to obtain the lyrics to the next Bjork single? I mean, what does one spy on in Iceland? Geothermal vents in compromising positions?

Re:Wikileaks == scapegoat

[bug]

There's a strong possibility that you're mistaken in your assertions there. There has been some reporting in the press that Wikileaks activists have actively eavesdropped on data by running one or more rogue Tor servers:
http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian?currentPage=all#ixzz0pWdlAepe
There has also been reporting as recently as today that Wikileaks actively gathered data from peer-to-peer file sharing networks:
http://www.bloomberg.com/news/2011-01-20/wikileaks-may-have-exploited-music-photo-networks-to-get-classified-data.html

Re:Wikileaks == scapegoat

They made arrangements to help get them the information he had already taken, they did not seek him out nor did they go and say "please go steal this for us", they were involved after the fact.

Re:Wikileaks == scapegoat

[Pharmboy]

I'm not sure if running a Tor server or gathering via p2p would be "active" in the same sense I would normally consider "active". This is still on the back side, taking what has already been taken. This is different than doing the initial taking. To do that, you have to be on the inside.

I get what you are saying, but to be clear, when I say "active", I am referring to the initial step of getting the info. Going from "secure" to "no longer secure". After that point, it is mainly courier duty.

Just as on P2P, downloading isn't actively obtaining a movie, it is passively obtaining it. Someone else has already done the real dirty work, the heavy lifting.

Re:Wikileaks == scapegoat

[Zorque]

Except that global warming doesn't exist!

I don't actually believe that, but it wouldn't be a proper Slashdot discussion without somebody saying it.

Re:Wikileaks == scapegoat

[ScentCone]

they were involved after the fact

That's the part that is NOT clear, still. Manning didn't have anyplace to put the stuff ... he couldn't complete the theft without help.

Re:Wikileaks == scapegoat

[nomadic]

Wikileaks just waits for others to the gathering, they just do the publishing

Don't forget the taking-all-the-credit part, that takes effort.

Re:Wikileaks == scapegoat

[murdocj]

Just as the United States & Israel are convenient scapegoats. Logic doesn't enter in to it, does it?

Re:Wikileaks == scapegoat

[Zeroblitzt]

Wikileaks just waits for others to the gathering, they just do the publishing Don't forget the taking-all-the-credit part, that takes effort.

If contributors do not want Wikileaks to release their documents and take credit for it, then they should not be going to Wikileaks in the first place.

Re:Wikileaks == scapegoat

[publicworker]

former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks.

      This, brought to you by the mind that collapsed Iceland's economy.

... and he's not getting any less crazy!

Re:Wikileaks == scapegoat

[gknoy]

If he had it on a thumb drive (and he could have), he could have snail mailed it someplace, or done a dead drop - who knows. The breach was done as soon as he burned the discs.

Re:Wikileaks == scapegoat

Newspapers? Newspapers? The term rings a bell. I remember now. They became the Government Department of Propaganda.

Re:Wikileaks == scapegoat

[equex]

Wikileaks would not even have to plant such a device, it already has support in the highest circles of the Icelandic government as well as among the people. This is the country which WL has possibly had the highest positive effect on, so far. Wikileaks has been offered to have it's HQ on Iceland and the country wants to establish itself as the high seat of free press.

Re:Wikileaks == scapegoat

[miffo.swe]

Im very sad to say i concur fully with your statement. Newspapers of today are the governments right hands. The amount of self censoring is pretty depressing.

Re:Wikileaks == scapegoat

[makomk]

He's also claimed the exact opposite, and the actual chat logs with Manning have remained conveniently unreleased.

Re:Wikileaks == scapegoat

I thought China was the fashionable scapegoat these days. I guess it is economically unwise to point a finger at a potential economy-saver, though...

Re:Wikileaks == scapegoat

[ScentCone]

The breach was done as soon as he burned the discs

But it didn't mean anything until he acted to move the data along to where he really wanted it to go - someplace that would generate the 15 minutes of fame he was looking for. He didn't just upload it to WL, he talked with them about being the people who received it, and they made arrangements to receive it, knowing in advance what it was that was going to be coming out of his world/job and into theirs. There are some very fine lines to be drawn there, legally, which is why it's taking some real time to get it squared away in prosecutorial terms.

Re:Wikileaks == scapegoat

[ScentCone]

He's also claimed the exact opposite, and the actual chat logs with Manning have remained conveniently unreleased.

Because they are now part of an intense investigation into what happened. You can bet that his defense lawyers are part of why that information has been kept close. It will all come out in the end, at his trial.

Re:Wikileaks == scapegoat

[blueg3]

"Active" means requiring a particular effort. Passive would be, for example, running Wikileaks and having people simply upload things to you. Each individual thing uploaded to you gets there without any action on your part. Harvesting data from a Tor node that you're running or gathering files from P2P networks (or downloading a movie) is certainly active.

It is, however, impossible to get classified data from a Tor node or a P2P network without it first having been brought -- incorrectly -- into an unclassified domain. As such, you can't be held responsible for exposing the classified data. There may be other laws you are breaking by doing this, but exposing classified data isn't one of them.

Re:Wikileaks == scapegoat

[berbo]

When, exactly, has Wikileaks actively gathered evidence? Oh, never. Wikileaks just waits for others to the gathering, they just do the publishing. Next, they will be blaming global warming on Wikileaks.

... and simultaneously promoting the global warming hoax!

They also know where bin Laden is hiding, but are covering that up.

Re:Wikileaks == scapegoat

[cusco]

Been that way for a while, in the Untied States at least. Read up on Project Mockingbird. Started in the 1950s.

Re:Wikileaks == scapegoat

[KZigurs]

uhm? Wasn't it completed the moment CD left the premises?

Re:Wikileaks == scapegoat

When, exactly, has Wikileaks actively gathered evidence? Oh, never. Wikileaks just waits for others to the gathering, they just do the publishing. Next, they will be blaming global warming on Wikileaks.

It is a well known fact: Wikileaks causes global warming. They do this by only selectively leaking information and hiding details of how the CHinese are polluting the planet. It is a known fact. Pharmboy knows it to be true, but he / she is hiding it behind a veil of cynicism. Down with Assange the polluter.

Re:Wikileaks == scapegoat

I followed your links with an open mind knowing that TOR and peer-to-peer networks are a group of decentralized machines often used to hide file sharing. You clearly do not understand what you have read.

In the first article, the NYer suggested that Wikileaks used TOR to transfer files anonymously. That is what I would do if I were in their place. This does not indicate eavesdropping, nor does it suggest that they own dedicated servers.

In the second article, a researcher jumps to a conclusion that is very speculative. There is an equally plausible explanation that WL was arranging a drop off via peer-to-peer, and the researcher stumbled upon it. Sorry, your evidence is unrelated to the events in Iceland.

You have proven one thing though, you don't understand the technology that you hold up as evidence. TOR is a subset of peer-to-peer networking, not a separate entity. TOR does not require dedicated servers either. Each client can serve files, and many do by default.

Wouldn't be surprised

[guruevi]

if it was just an old sysadmin's personal download machine. Given that most computers do not have serial numbers but the ones procurement gives them, it could have been a system that was decommissioned and the sticker peeled off. I've got a couple of those myself although they're not hooked up to my companies' gigabit internet service.

Re:Wouldn't be surprised

[icebike]

Given that most computers do not have serial numbers but the ones procurement gives them, it could have been a system that was decommissioned and the sticker peeled off.

I haven't seen a single computer without a factory serial number except for the ones I built myself.

Re:Wouldn't be surprised

[sortius_nod]

You haven't worked in IT then...

Re:Wouldn't be surprised

Where the hell do you work/live? The closest thing to a serial number most OEM boxes have is a service code. Which, by the way, is not a serial number, can't be used like one and usually isn't even unique on a 10 year time scale. I know for a fact that dell reused old service codes from the mid 90's into the early 01's.
 
Laptops are a bit different and tend to have a serial number on the bottom, but we aren't talking about a laptop are we?
 
Serial numbers on hardware are also notoriously worthless for actually tracking the purchase of the hardware. They are fine to figure out which revision you are using, but they are far from useful for tracking ownership. The last time I checked (in 01) Dell and HP didn't put the serial number from the machine (if it has one (mainly laptops)) in the customer file at all. Only the service code shows up. Since I had access to everything else in the files, including unencrypted billing info (don't ask), I have to assume that serial number data (where it exists) is simply not tracked in a significant way. Or at the very least it didn't used to be. It has been a few years.

Re:Wouldn't be surprised

[icebike]

Really? Does 30 years count?
I've also worked for a computer manufacturer.

They all go out the door with serial numbers.

Re:Wouldn't be surprised

[srodden]

Then you're in an environment where you're only buying brand name computers. About half the computers in my office of 25 staff were purchased pre-built from the local no-name computer shop using standard hobbyist materials. No S/N.

Re:Wouldn't be surprised

[icebike]

You find me one Dell computer without a serial number.

(Hint: They are required by FCC regulation).

Re:Wouldn't be surprised

[icebike]

Oooooh, sorry Mr Chief Technology Officer, I guess I've been schooled.

So 12 illegal computers probably running 12 pirated OSs?

Re:Wouldn't be surprised

[Gadget_Guy]

(Hint: They are required by FCC regulation).

I think that you will find that the FCC's jurisdiction doesn't cover Iceland.

Re:Wouldn't be surprised

[Gadget_Guy]

Buying a computer from a small, local shop does not mean for a second that it is illegal or uses pirated software. I think that this is another cultural difference (like your comment about the FCC requirements when talking about computers from another country). In my country, the small, local computer shops are everywhere and account for a sizable proportion of computer sales (I don't know the exact breakdown). It is not uncommon to find computers branded with a company of which you have never heard. They still have to use legitimate software, and Microsoft do occasionally crack down on some shop for selling pirated copies of their software.

I understand that in the US that this is nowhere near as common, that it is the large stores that dominate computer sales. In that case, it is certainly understandable that you would consider a serial number to be the norm.

Re:Wouldn't be surprised

[srodden]

Wow, you sure have been drinking from Ballmer's private stash of kool aid, haven't you?

What exactly is an "illegal computer" in the context of your baseless accusation?

Each of these computers was purchased from a reputable no-name vendor who has been operating from the same premises for over 10 years. Each of these computers has fully licenced software from top to bottom. Each computer is 2/3 the cost of a brand name PC, is just as reliable, is not pre-loaded with two dozen useless "helper" apps and comes with a 3 year warranty instead of the 12mth warranty that the brands want you to pay.

As far as this small business CTO is concerned, they're a good investment.

Re:Wouldn't be surprised

What did he pirate the hardware too ?

Re:Wouldn't be surprised

[icebike]

Its probably not illegal for you to buy it, but I assure you it is illegal for them to sell it.

State and Federal laws require that these things be certified by the FCC for radio emissions, and by UL/CSA for electrical safety (OSHA). And, no, its not sufficient that the components were individually certified.

This pertains to USA and probably Canada has similar regs. In Icelant? Who knows.

Re:Wouldn't be surprised

[icebike]

FCC certified?
OSHA (UL/CSA) certified?

No?

Illegal. Read the law son.

Re:Wouldn't be surprised

[guruevi]

You can still hand-build computers and have a system that passes FCC Class A tests (even Class B). Barebone computers are all FCC certified and can be modified without issues. Same goes for UL certification, as long as your components are UL certified (which I believe is necessary for them to be sold in the US) you can build just about anything you want.

It also doesn't make them illegal if they're not being certified. It's only an FCC regulation that you'll overstep in the very rare case they do not meet specifications and you sell them.

Also, not everybody lives in the US.

Re:Wouldn't be surprised

[srodden]

Wow, you are such an American!

Check every component in the box and you'll find brands like Antec, Seagate, Gigabyte that have FCC and UL/CSA certification.

Since you're such an expert on the law, I'm sure you'll be able to link me to the relevant article that prohibits piece-built computers from be used in American workplaces.

Finally, pull your head out of your nether regions. US law is applicable to about 4% of the world's population. The rest of us only care about it when it runs around turkey slapping things.

Re:Wouldn't be surprised

[icebike]

Wrong on both counts.

Other than for hobby use:

You can not build a computer for sale without FCC certification of the entire machine. Just because the parts passed does not mean the whole thing passes.

You can not build a computer for sale without testing by a certified testing agency (CSA/UL/CE, etc) for electrical safety. Its not enough that the parts (power supply, mother board, etc) pass. The whole computer has to be certified.

I worked for a manufacturer. Certification was my area. Your local neighborhood builder will one day get a call from your State authorities (occupational safety bunch, usually under department of labor for your state).

You simply can not sell anything you want in the US if it has a 110v input unless it is certified by OSHA.

What the hobby builder does is his business, right up to the point that he sells it, or uses it in the work place with employees.

And, BTW, the regulations in the EU are even stricter.

Re:Wouldn't be surprised

[icebike]

Since you're such an expert on the law, I'm sure you'll be able to link me to the relevant article that prohibits piece-built computers from be used in American workplaces.

29 CFR 1910 Subpart S.

Re:Wouldn't be surprised

[KingAlanI]

Manufacturers might put on nation-specific labeling and distribute it anywhere for economy-of-scale purposes as opposed to separate labeling runs. It's like it hurts AFAIK.

Re:Wouldn't be surprised

[astar]

Since you gave a cite, but I knew that in the late 20th and early 21th century in the US, you were really out of step with my reality, I googled around at the regs. I just looked at the Lqbor department stuff.

You have the problem of never having eaten chinese food, if you get the old programming reference.

I figure your employer is a little like this:

He builds pretty much standardized boxes and sells them wherever.

So I might have bought some little odd toy computer for my kid and later laptops and netbooks like that. But my first personal computer was a cpm machine and except for the exceptions cited, I never ever bought a computer of the sort manufactured by your company. So you basically say all my toys are illegal, including the openbsd box I am typing this message upon.

So I go to nearby computer stores of what I called the white-box variety. These are mom and pop sort of places. I claim these people are manufacturing my computer. I specify the components. Hmm, the last tower I bought, I specified 8 nic ports. I specified the memory. I specified the hard disk size. I specified the cpu manufacturer and the number of cores. I specified that the video card have a HDDI out. This machine was thus a custom machine. It was build for a particular customer. So, if you are any good, you now have a clue. But I expect you are so very sure of yourself, so I will spell it out:

If you manufacture custom electrical equipment for an individual customer, your requirement is apparently not really more than keeping some records. Of what...oh, the "tests" you do.

(3) With respect to custom-made equipment or related installations that are designed, fabricated for, and intended for use by a particular customer, if it is determined to be safe for its intended use by its manufacturer on the basis of test data which the employer keeps and makes available for inspection to the Assistant Secretary and his authorized representatives.

On the FCC side I did not bother to check, but I have been very close, sort of on the inside, hah, literally, with a white-box place. I recall hearing that if the case was FCC approved and the electrical components FCC approved, then it was all clean.

Re:Wouldn't be surprised

[DZign]

There may be not 1 serial number, but individual parts will still have them.

As I read the article (no serial numberS) I understand it as the serial on components like the harddisk itself, dvddrive, mobo, .. would all be removed.
When I'd plant a bug like this I would also do this, making it more difficult to track where components were bought..

Re:Wouldn't be surprised

[cusco]

This was my first thought as well. Knowing quite a number of cops I also wouldn't be surprised to find that their idea of "encrypted software" is a Linux box that they don't have the password for.

Re:Wouldn't be surprised

[cusco]

Interesting. One of the world's largest software companies purchases quite a few computers from a local company with no FCC stickers on them, and has for a number of years. I've seen them making deliveries.

Re:Wouldn't be surprised

icebike is correct. Most small mom and pop computer stores are not within FCC compliance.

The basic thing to understand is that SYSTEMS are certified, Not individual circuit boards (though in most cases add-on cards ARE certified), not motherboards, not cases, and not power supplies.

Most small chop shop stores simply do not certify their systems. They are violating federal law and they usually get away with it since the FCC has very limited resources to enforce their rules.

The correct FCC regs are:

FCC Part 15 EMI Certification and UL/CSA/TUV Safety Certification
FCC Part 15 Certification of Computer Equipment

Most add-on cards and peripherals (disk drives, floppy drives, CD-ROM drives, tape drives, etc.) have their own FCC certification. This is so they can be sold separately. They would technically not need to be certified separately if the system in which they are installed is certified as a unit.

Once a SYSTEM has passed FCC certification, a manufacturer may swap or add FCC certified cards and peripherals and retain compliance even though the system may technically exceed the limit with the different peripherals. I believe the FCC still has the right to demand that the system be in actual compliance with the emissions limits.

You may not swap motherboards, power supplies, or cases, without re- certification.

There is no certification requirement for do-it-yourself systems. However if their is a complaint lodged against you and the FCC investigates and finds you to be the cause of excessive emissions, then they can take action against you.

Re:Wouldn't be surprised

Commercial equipment (which your 8 nic custom machine obviously is) falls under a different (and more lax) FCC regulation class than any equipment intended for home use.

Re:Wouldn't be surprised

[astar]

well, maybe

I do have a little sole proprietorship, so this is vaguely credible. But in 2010 and in 2009 and in 2008 it had no revenue. I suppose I could go further back,but who knows and who cares. And this box goes on my home system. Openbsd 4.8 -current and handles some routing, although I ended up also using it as the desktop, which this is composed on.

I am basically retired and rally doing pro-bono web site stuff for non-profits. Ah, sometimes something makes a little revenue but never a profit. I think in six years the revenue is $1000 and that is pretty much for out-of-pocket stuff like buying domain names.

Do you really want to say this is a commercial machine?

And I will guess you might know something about "commercial", but I do not see that from the osha regs I read and I did not even see that "commercial" distinction there. The distinction I saw was custom and for a specific customer. That does sound to me like a corner white-box store. And they do sell a lot of definitely home machines and if you are claiming these machines are "illegal", then, well, you *are* an AC. And I noticed you did not cite to osha regs.

I did not see the earlier hobby claim either. I am a ham and can legally make high-end dangerous in many ways electronics, including a lot of digital silicon. Gosh, let me count the ways I can fry myself. And I can sell that stuff, oh, not "commercially" which does mean something in my license, but the osha emphasis is on "for sale". And, yah, pretty much it is going to be to another ham, but still.

Re:Wouldn't be surprised

[astar]

Hah, aside from the situational errors, you are just plain wrong on this and it is trivial for you to have done better.

Go

OET Bulletin Number 73 (Nov 23, 2010) bar_header.gif
spacer

*

The ILLR Computer Program for Predicting Digital Television Signal Strengths at Individual Locations
(2010)
*

This bulletin publishes the detailed definition on the model for making point-to-point predictions of the intensity of digital television (DTV) signals. This model was adopted by the Commission as prescribed under the Satellite Television Extension and Localism Act of 2010 (STELA).
*

Download:
o oet73.pdf (Adobe® Portable Document Format)

Return to Top

OET Bulletin Number 72 (July 2, 2002)

*

The ILLR Computer Program
*

This bulletin provides a detailed definition of the Independent Location Longley-Rice (ILLR) computer program established in Section 73.683(d) of the FCC rules as the means of predicting the broadcast television field strength received at individual locations. The Commission developed the ILLR Computer Program following the directions of Congress in the Satellite Home Viewer Improvement Act of 1999 (SHVIA). The program computes the predicted signal strength of analog television (TV) stations as received over-the-air at individual viewing locations. Individual locations where a network TV signal is below a certain signal strength level are eligible to receive the network broadcast as subscribers of satellite TV services. The program is used by Satellite TV service providers to determine whether particular TV network signals may be included in the package of channels delivered to individual subscribers. To facilitate use of the program by others, this bulletin provides details for installing the program on other computers.
*

Download:
o oet72.pdf (209 Kb) (Adobe® Portable Document Format)

Return to Top

OET Bulletin Number 71 (April 12, 2000)

*

Guidelines for Testing and Verifying the Accuracy of E911 Location Systems
*

This bulletin clarifies the application of the FCC's wireless Enhanced 911 (E911) rules. Those rules establish a program to ensure that when a wireless telephone caller dials 911, the 911 call center will know the caller's geographical location to help speed the dispatch of help to the scene of the emergency. The FCC's rules require that wireless carriers meet specific accuracy and reliability standards in reporting the location of 911 calls. This bulletin clarifies how the performance of location systems and equipment may be tested and verified for compliance with the accuracy rules.
*

Download:
o

oet71.doc (116 Kb) (Microsoft Word 97)
o

oet71.pdf (51 Kb) (Adobe® Portable Document Format)

Return to Top

OET Bulletin No. 70 (July 1997)

Running encrypted software?

[PatPending]

An unauthorized computer, apparently running encrypted software, ...

Well, object code is cryptic but it's not encrypted.

Re:Running encrypted software?

[betterunixthanunix]

Perhaps they are referring to some sort of fully homomorphic cryptosystem, although the publicly known systems are not exactly practical (it would just be foolish to deploy a classified system here, so I doubt this is the case; the point is that it is possible to encrypt software).

Re:Running encrypted software?

[BatGnat]

Did they use ROT13 or XOR 1?

Re:Running encrypted software?

[click2005]

I prefer placebo encryption. I tell people its encrypted and any methods they try to decrypt it wont work.

Re:Running encrypted software?

[billstewart]

If it's actually related to Wikileaks, as opposed to a US-or-Euro-government spook job, it's more likely to be a Tor node. For that matter, even if it is a CIA plant, it could well be a Tor node, and similarly, if it's a fake scapegoat machine that the former bank minister is using to cover his tracks, a Tor node would be a good choice.

Re:Running encrypted software?

I prefer placebo encryption. I tell people its encrypted and any methods they try to decrypt it wont work.

It looks like donkey porn, but I can't decrypt it into the military secrets I know it must be!

Re:Running encrypted software?

Did they use ROT13 or XOR 1?

Much better to encrypt with XOR $FF It's 254 times more secure than XOR 1. ;)

Re:Running encrypted software?

We better watch it again. You know, in case we missed something.

Re:Running encrypted software?

Listen up kids! Sometimes, a piece of donkey porn is just a piece of donkey porn.

Someone's in trouble?

Better call Sportacus!

Re:Someone's in trouble?

[BatGnat]

Are you insinuating that Robby Rotten is guilty of this crime?

Recovery Fairy Tales again

[scdeimos]

From TFA:

Stephen Christian, a computer expert at Oxymap ehf, told the Grapevine that ... "Information written to disk can be recovered by experts even after being overwritten several times unless you let the computer run for a few hours constantly 'covering up' its information. Computer hackers know this."

I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge, let alone beat it.

Re:Recovery Fairy Tales again

[Timothy+Brownawell]

Nobody accepted it because it was stupid, and probably just a publicity stunt for the people running it.

Re:Recovery Fairy Tales again

[norpy]

I like how the article is written in a condescending tone telling you about "hacker myths" and so on, then pulls out the "data can be recovered after being overwritten many times" myth as a fact.

Re:Recovery Fairy Tales again

I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge, let alone beat it.

Hahaha, probably because the challenge only offers a reward of $40 USD and they won't let you disassemble the drive, which is a requirement for any of the wiped-data-recovery papers/theories floating around.

Re:Recovery Fairy Tales again

If I could do this, I wouldn't reveal my methods like the "Challenge" requires. In fact, I'd rather that no-one knew that I could do it at all. It's in the interest of safecrackers everywhere that people believe that their safes are uncrackable.

Re:Recovery Fairy Tales again

[snowgirl]

Apparently, they will allow a properly incorporated company in data recovery or intelligence agency to disassemble the drive, and hold it for 30 days.

However, as you noted, the challenge is only worth $40, you pay postage to have it delivered, and there is a $60 deposit...

It rather sounds like a really bad scam... but then, it's too stupid to even be logically possible as a scam, so it obviously can't be a scam.

Re:Recovery Fairy Tales again

[georgewilliamherbert]

The Great Zero Challenge rules specifically exclude disassembly of the drive; all the bit-recovery mechanisms discussed in the literature require you to disassemble the drive and use custom heads to scan the surface magnetism map.

I.e., the contest is totally missing the point on what data recovery pros (i.e., the NSA and so forth) said they'd do if they had to scan disks to recover overwritten data.

It's hard to think of a less useful contest.

Re:Recovery Fairy Tales again

[dgatwood]

Does unplugging the drive cables from the circuit board count as disassembly? Because you don't really need to have physical access to the inside of the drive, but merely access to the raw analog output of the drive heads on a given track (and, ideally, fractional tracks, which you should be able to fudge by rapidly stepping the drive heads one way and then the other).

Re:Recovery Fairy Tales again

[Dunbal]

Free money is never stupid.

Re:Recovery Fairy Tales again

[ladadadada]

There are four problems with the Great Zero Challenge that I could identify at a glance:

1. No incentive. The prize is $40. Data recovery companies charge tens of thousands to recover a drive. (Depending on how hard it is.)
2. No disassembly. Any technique that "reads residual magnetism" is going to require custom read heads and access to the platters.
3. No longer running. The challenge ended in January 2009 and only ran for one year. That blog post is from September 2008.
4. Full disclosure. This is a show-stopper. Data recovery companies guard their secret methods very closely. Those secrets are their only competitive advantage. Telling everyone how they did it for $40 ? I don't think so.

In contrast, the James Randi Paranormal Challenge has a $1,000,000 prize, only has rules that disallow cheating, has been running since 1964 and is still running. The fact that no one has passed the preliminary stage of that challenge means something

Re:Recovery Fairy Tales again

[blahplusplus]

"I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge [hostjury.com], let alone beat it."

While the statement itself is incorrect if taken as if it was accurate, traditionally when you delete a file on a partition table it does not delete the file only deletes the first bit of the filename from the file allocation table.

This is what allowed old DOS utilities like undelete or norton undelete to function. Some days I do miss the old days since it seems no one develops quality tools anymore for win XP +.

Re:Recovery Fairy Tales again

[snowgirl]

Disassembly was specifically permitted to incorporated businesses, and intelligence agencies.

However, the rest of your argument is not any more weak because they suddenly started permitted disassembly. In fact, the entire point of "can't disassemble the drive" is practically moot compared to the other reasons.

Re:Recovery Fairy Tales again

[snowgirl]

"I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge [hostjury.com], let alone beat it."

While the statement itself is incorrect if taken as if it was accurate, traditionally when you delete a file on a partition table it does not delete the file only deletes the first bit of the filename from the file allocation table.

This is what allowed old DOS utilities like undelete or norton undelete to function. Some days I do miss the old days since it seems no one develops quality tools anymore for win XP +.

You're messing up terms. The "partition table" is in the master boot sector (and yes, there's an additional one at the start of an extended partition table, I know.) The partition table is irrelevant to the way in which files are stored.

What deleting files in DOS and on disks all the way up to FAT32 did was change the first byte of the filename to a known value, which represented a "deleted file". This filename was actually stored directly in the directory listing, not in the file allocation table. The directory listing also included an index into the file allocation table, which was the start of the file. In the file allocation table each entry pointed to the next entry in the table that contained the file.

If you tried to undelete a file of size greater than the block size of the file allocation table, you would not obtain the entire file, because the entries for the file had already been wiped from the file allocation table.

Modern file systems such as NTFS and anything used by the *nix world use a completely different allocation system than FAT, and as a result a simple "undelete" utility would be worthless.

Specifically, the directory listings contain a filename and an "inode" or inode-like pointer, which points to an inode or inode-like entry, which contains information about where the file is stored. If one has deleted all points to the inode or inode-like entry, then the entry is scrubbed, and recovering the point to this inode becomes worthless, because again, the inode entry contains nothing of the file itself.

So, to clarify why "the good old days" can't be brought back for "quality tools", is because FAT was a piece of shit, and undelete was a complete hack exploiting a design failure in the FAT method. It was by no means a "quality tool"...

Re:Recovery Fairy Tales again

[blahplusplus]

I understand what you are saying but quality tools do matter.

I've been annoyed at the crap level of tools for XP and onward for a long time. While Fat was crap disk defragmenting tools for NTFS are still horrid and tedious.

To say that quality tools don't matter is moronic. You as always do the nerd thing and focus on just what I said not rather what was implied in the general sense.

Re:Recovery Fairy Tales again

[bill_mcgonigle]

Well, I bothered to read the post, so:

1. No incentive. The prize is $40. Data recovery companies charge tens of thousands to recover a drive. (Depending on how hard it is.)

The amount of gained business for a successful recovery would be worth considerably more than $40. It's stupid to even offer the $40.

2. No disassembly. Any technique that "reads residual magnetism" is going to require custom read heads and access to the platters.

It says right there that if you're a qualified data recovery company or a spook that you can disassemble the drive.

3. No longer running. The challenge ended in January 2009 and only ran for one year. That blog post is from September 2008.

Right, this should be ongoing.

4. Full disclosure. This is a show-stopper. Data recovery companies guard their secret methods very closely. Those secrets are their only competitive advantage. Telling everyone how they did it for $40 ? I don't think so.

Yes, this is the deal killer. There's no reason to require this unless they feel that their screen image file and their PGP key would be compromised. Hint: put the key in the bank and melt the flash drive it was generated on (or zero it...).

The contest is also flawed in that it could easily produce a false positive due to sector re-allocations. A better contest would require submission of the md5sum of the two large files in the root directory. They could get very un-lucky and have the sector with the root node get re-mapped on them. I don't get at all that those running the contest understand sector re-allocations.

Still it's a generally good idea. Maybe I should re-start the contest with those improvements.

Re:Recovery Fairy Tales again

The money wasn't worth revealing the technique.

Re:Recovery Fairy Tales again

[grilled-cheese]

The Great Zero Challenge only is targeting data recovering businesses, not governments. If the NSA really wanted the data on that drive they may be able to do it. However, if they did the general public wouldn't know.

Re:Recovery Fairy Tales again

[Antisyzygy]

The fact that you can't disassemble the drive is just plain stupid. You would need to read the platters with some higher tech gear that whats in the drive to see if there is any residual information left on it. Im not sure if its been done before but I see no reason its not physically impossible, maybe just too expensive and their are cheaper ways to get intelligence info like bribing a corrupt individual and killing them if they ever seem like they may give up what you are doing.

Re:Recovery Fairy Tales again

[Antisyzygy]

... higher tech gear than whats in it..... .....physically possible......

Re:Recovery Fairy Tales again

[snowgirl]

I've been annoyed at the crap level of tools for XP and onward for a long time. While Fat was crap disk defragmenting tools for NTFS are still horrid and tedious.

That's because NTFS does not have the same fragmentation problems that FAT does, and in particular only has fragmentation problems in a very small set of circumstances that average users will not come across.

To say that quality tools don't matter is moronic. You as always do the nerd thing and focus on just what I said not rather what was implied in the general sense.

And you're doing the idiot thing of not actually reading what I actually wrote. I am not against quality tools, rather "undelete" was never a quality tool.

It's like you're calling for a return to sticks and rocks because you can't find a good stick and/or rock. We don't need that shit anymore.

So, again, to clarify: we never had a good undelete tool.

Re:Recovery Fairy Tales again

[DavidTC]

If the NSA really wanted the data on that drive they may be able to do it.

The point is this is all a nonsense urban legend that actually started on an entirely different type of drive entirely, an MFM drive, with much fuzzier bits, and someone hypothesized that data recover might theoretically be possible even after an overwrite, and you might want to do it with different patterns.

This hypothetical 'might' on much older drives has somehow become the actual literal truth, resulting in people running multiple wipe operations and even physically destroying drives, despite no one ever demonstrating recovery of a once-wiped file in the entire history of computers. Ever. At all. It has never once happened, no actual data recovery firm claims they can do.

In fact, the hypothetical recovery concept is near nonsense anyway. Even if we imagine that hard drives bits are something like ________ wide, and sometimes they write __++++++ and sometimes ------__, resulting in ------++, you can't actually recover from that. You don't know when that ++ got there. For all you know, that was a piece let over from two years ago, and the bit before the wipe was 0. Hell, for all you know, the bit started as +++++++ when the drive was made, and the first low-level format and every single write afterward just wrote to the last 6/8th of the bit, so you don't even know it ever was actually a one at all.

It's the equivalent of asserting that you can look at a dartboard and claim you can find the score of the last game. Uh, no, you can't. You might can see, with a microscope, every single dart that ever hit the board...but that tells you fuck all about the previous score, or who won, or what order they were thrown in.

For data to be recovered from 'before the wipe', you have to imagine that somehow the wipe was fundamentally different than every other write operation that happened before. That all other write operations helpfully left no traces of the previous state behind, but the 0 wipe did.

Before you say 'Well, a lot of places are only written once', I have to point out that a) It's exactly the changing places, the data, that is important. You know, the new stuff that got put over that file you deleted the other day. Recovering a Windows system file that got written to the disk at install and hasn't been written to again is not very useful. And b) all places on a hard drive are written to start with, it's called a low-level format. Before that they hold random 'data', which means there's nice, utterly random 'data' sitting there in the parts of the drive that don't get written to. How you can tell that from parts of the drive that did get written to at some point but somehow not written to in the wipe is a very very very interesting question...

Oh, and it's even worse than that. Because of how hard drives encode data, if you guess on one bit, you'll blow up the entire rest of the byte. If you don't know the value of bit 2, you can't know 3-8 either.

The entire thing is preposterous. The shame is that the only people who've ever called the urban legend what it is were so poorly funded. Someone should set up a Randi Foundation open-donation thing for that...I might kick in $10.

And talking about what the NSA 'might' do is insane. There's all sorts of magical tech the NSA might have, but, as I said, even pretending that hard drives actually had incredibly crappy wandering-all-over-the-drive tracks, which they do not, this would not actually let you put together an actual stream of any particular point in time. All you know is that every bit on the drive was zero at one point (because it was wiped) and not zero at one point (Because it was random before low-level format.). Good job figuring that out.

Re:Recovery Fairy Tales again

[Rick17JJ]

When disposing of my old computer, I used Darik's Boot and Nuke (DBAN) to erase all the data from my old hard drive. I do not recall how long it took to complete that task, although it is possible that it might have taken a while. In that program, I was able to choose which method to use for overwriting everything. I probably chose one of the methods that involved making numerous passes over everything.The choices involved choosing a method based on one of about five different industry guidelines for overwriting everything.

Perhaps in Iceland, they saved time by putting all the important information on a very small separate partition, and only had to repeatedly overwrite just that small partition. Of course, it is quite likely that everything was on an encrypted disk or partition anyway (as the article vaguely mentioned).

When disposing of my old computer, I was only trying to keep average or better than average hackers from accessing my data, after I scrapped my old computer. I was not thinking in terms of the possible capabilities of government agencies such as the NSA in the U.S., or the GRU in Russia, or the Mossad in Israel. I am not an expert, and have no idea what they might or might not be capable of doing. For that purpose, I suspect that just overwriting everything once would have been adequate, although I chose a more thorough method.

Re:Recovery Fairy Tales again

[takev]

Harddrives no longer have stepper motors for positioning the head, they use a voice coil and you can position the head anywhere you want. In all likelyhood the internal electronics uses PWM to drive the voice coil, I am guessing with data retrieval you can get a higher resolution PWM or use an analogue system.

Re:Recovery Fairy Tales again

[gedhrel]

It wasn't that great a challenge. The rules prohibited physical disassembly of the drive; presumably the idea was that the data should be recovered via standard commands issued to the onboard chipset?

"Please do this impossible work for free." Yeah, right.

Re:Recovery Fairy Tales again

[Edam]

1. No incentive.

I don't think this is true. The prestige and publicity gained from being the group to beat the challenge should be sufficient incentive.

2. No disassembly.
3. No longer running.
4. Full disclosure.

No argument here!

Re:Recovery Fairy Tales again

[ladadadada]

Thanks for reading the post. It always cheers me up when someone does that.

Upon thinking further about the no disassembly rule (except for qualified data recovery company or government agency), I realised that it's actually a good rule. It stops teenagers who think they are "good with computers" from pulling the drive apart in their bedrooms and destroying it. The people mentioned would have clean rooms and the required expertise.

I disagree on the publicity. I'd never heard of this challenge so it's not doing too well there for a start. But money creates headlines. I can't see a newspaper running "Data recovery company recovers data for $40" on their front page. Hell, I can't even see Slashdot putting that in idle. A million dollars would definitely get some headlines. You might be able to get away with less money. You might be better off finding a different incentive than money but the money is creating the publicity here.
The publicity argument doesn't work for government agencies either. In fact, I suspect they'd rather people think that it wasn't possible.

The other problem with publicity is that most people already believe it's possible. A successful demonstration that it is possible is rather anticlimactic because it just confirms everyone's suspicions. Making a headline out of an anticlimax is difficult. Proving that it's not possible is impossible as we know you can't prove a negative so the easy, sensational headline just won't happen.

While I'm trying to improve the challenge, two more improvements occurred to me.

1. Have the money and promotional activities put up by someone with a vested interest in the outcome. Say, a company that provides secure deletion services. Once the data is recovered, they can say "See ? You can't just use zeroes. You must use our product to delete your data."

2. Delete some "diplomatic cables" from the drive and accidentally mail it to China. Make sure that one of the cables contains information that the Chinese government would act upon in a detectable manner. (Substitute whichever state you like instead of China.)

Good luck if you do go ahead with a new challenge. I've never seen "proof" of this sort of thing and I'd love to actually see some or at least a compelling challenge that hasn't been accepted.

Re:Recovery Fairy Tales again

[ladadadada]

You're right, and I knew it when I wrote that post but I ignored that inkling I had that I shouldn't have included it in the list.

I posted further down the page that it is actually a good rule. It stops teenagers who think they are "good with computers" from pulling the drive apart in their bedrooms and destroying it while allowing people with clean rooms and the required expertise to still participate in a meaningful way.

Re:Recovery Fairy Tales again

[mrxak]

Yeah, the money offered is rather pathetic, and the rules explicitly prevent anyone from using anything but software to get the data back. Obviously, software alone isn't going to get data back. Yes, you need to disassemble the drive if you want to get at the raw magnetism of the bits.

Of course, has anybody actually ever done such a thing? I'm sure most of us know about the US government's various guidelines on multiple-pass hard drive erasures, and of course now they no longer say such a thing is acceptable... a drive must be degaussed or physically destroyed in the case of certain kinds of classified information.

However, is the government saying this because it's actually possible to get data off of a single-pass overwritten drive, or does the government merely want everyone else to believe that they can? It's really a moot point anyway. Nobody cares enough about the your data to take a magnetometer to your overwritten hard drive.

Re:Recovery Fairy Tales again

[mrxak]

The deposit they require covers the cost of the drive. If somebody destroys the drive in the process, it's no big deal. They shouldn't have any problem letting anybody disassemble the drive. Who cares, if you can get your data back, right?

Re:Recovery Fairy Tales again

[drinkypoo]

NTFS has a defragmenter service which handles the actual defragmentation. The biggest problem with this service is that it cannot defragment files in use, which is why we have Pagedefrag.

Re:Recovery Fairy Tales again

[mrxak]

While I agree with you, it's an urban legend that data written over can be magically recovered, there is one interesting fact about the government that makes it seem like it can. NIST, the DoD, and the various military branches of the US have given guidelines on preventing data remanence. This can only mean one of three things:

1) They fell for the same urban legend, or at the very least, think it's better to be safe than sorry.
2) There's truth to the theory, they know how to do it, and assume foreign governments can too.
3) They want everyone to think they can do it, to force the enemy to waste money trying to achieve the same capacity, or to make the enemy more paranoid (and overlook other ways the can gather data).

Probably some combination of all three. But the point is, the government now prefers to degauss or destroy, rather than overwrite. Take that however you will. But unless you're trading in nuclear secrets, nobody's ever going to try to get at your overwritten data with a magnetometer. One overwrite is plenty.

Re:Recovery Fairy Tales again

[mrxak]

One would have been plenty. If you had anything illegal on there, the police don't have the capacity of getting at it. If you had financial or private items that could harm you financially or socially, there are thousands of other people's hard drives out there that weren't erased at all, and yours isn't worth any criminal's time.

Re:Recovery Fairy Tales again

The point is that magnetism is subject to hysteresis, so that way the magnetic level changes when you apply a field depends on the past history. So by applying a changing magnetic field to a bit you can determine if the previous bit written to that spot was a one or a zero. This is despite the fact that the magnetic field your sensor reads before applying the changing magnetic field was the same. Just look at the picture of a hysteresis loop.

Anyone who thinks you can't recover a disk after one rewrite is wrong.

Re:Recovery Fairy Tales again

The theory of "wide" bits, where some residual of previous data can be found left or right of the current data is indeed useless - the tracks nowadays are essentially as narrow as the magnetic domains, so that spatially, the domain will be flipped entirely. However, the signal level may leave some residual of the previous data, e.g. if you write a "1" over a previous "0", the signal strength may reach just 8 (on an arbitrary scale), but may reach 9 or even 10 if you write a "1" over a previous "1". (Things are more complicated since data is not directly written but encoded in some more modern version of RLL, i.e. encoded in changes of magnetic field direction, but the assumption that the analog signal on the platter may have some component that is influenced by the data written previously still holds. I don't claim to know whether anyone has the technology to restore the original data)

Re:Recovery Fairy Tales again

[cusco]

I still find it impossible to believe that anyone will ever recover data off a drive that I've run my old bulk tape eraser over. For you whipper-snappers that's a four pound electromagnet with a pull strong enough to physically pick the whole damn server up off the floor that we used to use to erase 9-track tapes. If you wanted to be really nasty you could run the eraser with the drive spinning and chatter the heads up and down on the platters.

Oh, and get off my lawn . . .

Re:Recovery Fairy Tales again

[LordLimecat]

Modern file systems such as NTFS and anything used by the *nix world use a completely different allocation system than FAT, and as a result a simple "undelete" utility would be worthless.

Care to explain why a mere week ago, we successfully used piriforms free "recuva" utility to recover around 12GB of data that was wiped out from DFS-- none of those overwritten or corrupted?

Re:Recovery Fairy Tales again

[LordLimecat]

For starters, I dont think you can look at it simply as a series of x many positives and y many negatives, or assume that the drive started out at 0 or 1.

For data to be recovered from 'before the wipe', you have to imagine that somehow the wipe was fundamentally different than every other write operation that happened before

As I understand it, lets say WD drives all start with drive initialized to +0.05% magnetic field on every bit. Now you install windows, and the bits that are zeros read as 0.02% and the ones read as 0.97%. If you zero the drive, the 1s will now read as 0.04% and the former zeros will read as 0.002%. You CAN tell something about the previous state of the data from this, though going back further would get progressively harder-- for example, after 2 alternating "every other bit" overwrites, I dont think you could tell what order the overwrites were applied in, but you could certainly know something about the previous state of the data.

In one sense I will grant that it is likely academic, since it seems to get incredibly hard to gather information very quickly; but let us assume you do a simple zeroing of the drive, I think that it starts to become feasable as you KNOW that all bits had the same magnetic field applied to them, and magnetic fields dont just "disappear" AFAIK. Presumably you could do better with random bits, but whos to say that some govt agency with tons of money to spare couldnt look for patterns and recover SOME files?

At the end of the day, if someone asks me for a way to really securely delete their data, Im not going to lecture them on how a zeroing is sufficient, or caveat that with "but Im not really an expert so I dont really know"; Im just going to hand them Darik's Boot and Nuke, tell them "this is good enough for the government", and let that be the end of the story (3 pass PNRG wipe).

Re:Recovery Fairy Tales again

[DavidTC]

Anyone who thinks you can't recover a disk after one rewrite is wrong.

Yes, anyone who thinks that something that was once hypothesized to be possible under entirely different circumstances with no scientific proof, and has never been demonstrated to ever be possible, despite it being a multi-million dollar business if you could do it, is not actually possible...

...is wrong.

Everyone, please continue to believe this without any facts at all.

Re:Recovery Fairy Tales again

[DavidTC]

Except, again, you can't actually get any data from that. In fact, that's even worse.

So you read a bit with a strength of 9. And that tells you...what, exactly? It was a 1 at least two times in a row at some point in history. (I'm not sure exactly why it would be a 9, as we're talking about overwritten drives, but I'll assume we decided to overwrite with 1s instead of 0s.)

So that means...the original bit was a 4, it got low-level formatted to a 1, and then wiped to a 9? Or maybe it it got written with a 1 several times, making it a 10, and then erased to a 2, and then wiped back to a 9.

Like I said, knowing 'the state of this bit at some random point' is not actually helpful for recovering data. It's like trying to decode a messaged encoded with a one time pad...sure, you can invent unusable data. Any data you want. It's not the original data, but whatever.

Especially because, as you and I know but I bet most people don't, that hard drives do not actually store a byte of 10010110 as the pattern 10010110.

And the 'variable stength' thing is even worse because maybe the platter was running slightly hotter one day so that the magnetic change was more effective.

Re:Recovery Fairy Tales again

[DavidTC]

Well, firstly, there is data that can be recovered from wiped drives. Specifically, reallocated sectors can be recovered. If the drive was using one location, and it was flaky, it will reallocate that location to somewhere else, and leave crap behind.

Those, and the fact it's a hell of a lot faster and can be done in an assembly line without plugging them into computers, make degaussers a quite logical thing to use, or destroying a logical thing.

Although what they should actually do is encryption of the hard drive. If they're using whole-disk encryption with the key stored off the drive, like on a built-in flash drive, all they have to is destroy the flash drive and the drive is utter unreadable, even remapped sectors. But such a system might cost more than simply destroying new hard drives.

But that has nothing to do with what I said, which is talking about the urban myth that multiple wipes are required to erase data. No one denies that hard drives can still have data on them after a wipe because of remapping...I just deny that they have more data on them after one wipe of 0 than after 35 patterned wipes.

Re:Recovery Fairy Tales again

[cusco]

You forgot:
4) Some contractor selling a program to "securely" wipe a drive offered a board position to a soon-to-retire DOD official.

Re:Recovery Fairy Tales again

[DavidTC]

Yes, yes,I know that people keep inventing dozens of hypothetical ways that data might be recovered from a hard drive. It's sorta like intelligence design at this point...people start with a premise, and keep trying to figure out how it could work.

...and, still, no one has ever demonstrated it to be possible ever.

Hard drives store data as dense as possible. If they could actually consistently work like everyone seems to think they worked for data recovery, they would already use that for storing data.

But they can't, because magnetism varies based on the heat of the material, or the speed of the drive, or the previous bits, or how much the damn video card is pulling power. So it's not going to be .02% vs .04%, it's going to be .00% to .40%, mostly randomly.

And at some point in the future they'll get that down to .30%, and then make the drive denser so that it's back up to .40%. See how that works?

Even if you could guess half the bits that way, the other half will be wrong, with no way to tell them apart. (And thanks to the encoding, if you get half the bits wrong, you've functionally gotten all the bits wrong.)

Re:Recovery Fairy Tales again

[snowgirl]

I posted further down the page that it is actually a good rule. It stops teenagers who think they are "good with computers" from pulling the drive apart in their bedrooms and destroying it while allowing people with clean rooms and the required expertise to still participate in a meaningful way.

Definitely with you on this point. The rule against disassembly except for people with clean rooms is a really good rule.

Can't run the challenge very long if your source material is destroyed. :(

Re:Recovery Fairy Tales again

[snowgirl]

Modern file systems such as NTFS and anything used by the *nix world use a completely different allocation system than FAT, and as a result a simple "undelete" utility would be worthless.

Care to explain why a mere week ago, we successfully used piriforms free "recuva" utility to recover around 12GB of data that was wiped out from DFS-- none of those overwritten or corrupted?

SIMPLE undelete utility. As in, "All I had to do was recover the file entry in the directory listing, and mark the starting FAT entry as used again".

This "recuva" utilitiy sounds like it's the quality tools that we do have these days, and didn't have back in the old days.

Re:Recovery Fairy Tales again

[sjames]

It is interesting that there exists no story at all of anyone ever recovering a zeroed drive in any context, including testimonials from data recovery companies. Not even once. It's always an "everyone knows" that "they" can do it sort of thing. Nobody can cite a single paper where someone actually tried it and succeeded by any means at all. There's plenty of speculation as to how it might happen in theory given a few assumptions, but never an actual experiment where it works in practice.

It's right up there with waiting an hour after eating to go into the water. Anyone ever see a report where the coroner determines cause of death is drowning due to cramps brought on by swimming less than an hour after eating?

Re:Recovery Fairy Tales again

[dgatwood]

Even better.

Re:Recovery Fairy Tales again

[bhiestand]

Not disagreeing with you, just making a slight addition:

However, is the government saying this because it's actually possible to get data off of a single-pass overwritten drive, or does the government merely want everyone else to believe that they can?

I doubt it's part of a misinformation campaign to make people falsely believe they have the capability; that really wouldn't be beneficial. All that matters, however, is that the US Govt. feels such techniques are theoretically possible and that the required technique+technology either is or could potentially be available in the future.

That extremely slight potential risk is more than enough to justify the government take the slight additional expense of destroying discs rather than wiping them.

Re:Recovery Fairy Tales again

You are correct. As to their assertion that a drive cannot be quickly erased, this is also false. All one has to do is use an encrypting file system and blow away the 16 byte key and you have a completely useless drive. This happens to computers where I work accidentally from time to time. Our laptops are configured such that a failure to log-in for more than 6 weeks or 10 password attempts blows away the encryption key. Once that has happened there is no recoverable data on the drive to the great dismay of the user.

Re:Recovery Fairy Tales again

[DavidTC]

Indeed, and encrypted filesystems also allow you to avoid the 'bad sector remapping' issue, which could let you get data from wiped drives, although in extremely unlikely circumstances.

If I were in charge of classified information, I'd have every single computer come with a lockable USB port. When the computer is set up, I'd have a random key put on a flash drive, and that flash drive locked in.

Then I'd use full disk encryption based on that key. (Along with whatever other security already exists.) In fact, I'd probably have it boot off the USB key. I'd have no password on the encryption, it wouldn't prompt on startup, it would just transparently encrypt and decrypt all HDD reads and writes.

Then, when I needed to wipe a computer, I'd just take the damn USB drive out and destroy it. Hey, look, the data is completely unrecoverable, and it cost us a 30 cent 1meg USB flash drive instead of a hard drive. We don't have to take the computer apart, we don't even have to run any software at all. Unlock USB bay, take out key, put in new key, computer is good to go, no data is recoverable. Go melt old key.

As an added bonus, we've just made it much more complicated to get the data off if the computer is stolen. Now they need to steal, at minimum, two things, or the entire box.

You could even mandate things like if classified information ever needs to travel physically somewhere, the USB key and the computer travel separately.

It's sorta like the one time pad concept, except not technically 'impossible'. But AES-256 is functionally impossible to break.

so ?

[unity100]

isnt it possible that the third parties, who are extremely irritated by wikileaks, have intended to gather information on them ?

Re:so ?

[icebike]

Certainly possible.

But but planting a computer on someone's network is pretty much amateur hour don't you think? Unless it was done for "once you find this you will stop looking" purposes.

Re:so ?

Unless it was done for "once you find this you will stop looking" purposes.

BINGO!

I am with you.

Re:so ?

[Opportunist]

Maybe because the bullying was too obvious. IIRC it even got out before the vote on the law.

I guess it would have been political suicide for the ruling party if they bent over in such plain view. I mean, would you vote for a party that is a puppet of a foreign regime? And you may rest assured that the opposition would have rubbed it in 'til the next election and beyond.

Re:so ?

Yeah a wallwart computer with networking options would be a better choice for a pro.

Re:so ?

No way. Spaniards fight Bulls. It's in the genome, or something. Usually they just make a really big deal of it. And fight.
I'll talk about all the wine, strong food, edgy music, great poetry and prose, and incandescent women on some other occasion.

Re:so ?

[GameboyRMH]

Not amateur, it just has a poor risk/reward ratio.

Re:so ?

[GameboyRMH]

That's only physically a better option. From a networking standpoint it's still just as brazen.

Re:so ?

[cusco]

A friend was called to do a security audit for a local business who couldn't figure out where their customer data was leaking from. He eventually found a wireless AP affixed under a conference room table with double-faced tape. They had interviewed a salescritter from a competitor several months before and he apparently had been left alone in the office while they changed interviewers. They never did figure out how he got a network login.

Serial numbers removed?

I have worked with production of embedded computers for more than a decade. I wonder if they...

  * Changed the MAC address in the MAC EEPROM
  * Removed other proprietary (serial number) data potentially stored in MAC EEPROM
  * Scratched off about ten or twenty other serial labels put on electronics in various steps of the production procedure
  * Removed serial number information from hard drives

The serial number of the computer can likely be found using any of the above if the factory cooperates.

Re:Serial numbers removed?

Hopefully the person who owned it didn't send in the warranty registration card to actualy track those numbers...

Re:Serial numbers removed?

[icebike]

Other than the hard drive, none of those serial numbers are tracked by computer vendors. Serials are tracked by manufacturers only for parts likely to fail, and only for parts which the vendor has a RMA agreement with the supplier.

Even mac addresses are usually not on record for any longer than it takes to print the required label.

If that information isn't on the order and shipping documents, chances are very good that the manufacturer has no clue what MAC is in what Computer, and the best you get is that it was in a particular batch of 300 computers which were sold to the Reykjavik Radio Shack.

Re:Serial numbers removed?

[icebike]

Its probably gone thru three sets of hands since purchased.

Who stands to gain?

Gee, let's see. Who would stand to gain by smearing Wikileaks?

Governments, large financial institutions, covert military operations, corrupt diplomats, racketeers... Who among such entities does not have the necessary resources to set up such a smear?

Meanwhile, this "encrypted" system sure sounds like a load of bollocks. It's all, like, secret. Wow. Yet how convenient, considering that it was "hidden", that it showed up exactly where and when it did.

Re:Who stands to gain?

[mrxak]

No no, see, Wikileaks wanted to frame themselves! That way, they get more media attention, and if they can convince a few people that it was a conspiracy by governments and financial institutions to frame Wikileaks, that's an even bigger score.

Wikileaks must have hired the CIA to do it

[7-Vodka]

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

1. The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed
2. Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

Re:Wikileaks must have hired the CIA to do it

[TheEyes]

Well, the other possibility is that this is a backup Wikileaks server, running from within the Icelandic parliament.

Re:Wikileaks must have hired the CIA to do it

[Registered+Coward+v2]

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

1. The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed
2. Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

In this case, the most obvious culprit is the fallacy of your argument’s logic.

Re:Wikileaks must have hired the CIA to do it

[bloodhawk]

a single server? and they went to the trouble of ensuring the removal of fingerprints, serial numbers and encryption? I am not a huge fan of wikileaks but this really doesn't seem to fit in at all with how they operate. However it fits in perfectly with more nefarious and far less moral organisations such as the US government.

Re:Wikileaks must have hired the CIA to do it

[Phrogman]

Yes, if it really was the US Government, they would just extraordinary rendition the Icelandic MP to somewhere in Czechoslovakia or Egypt and get all the info they could provide on Wikileaks using officially sanctioned torture, as the US has evidently done many times in the past.

Re:Wikileaks must have hired the CIA to do it

[snowgirl]

So #2 becomes the most obvious culprit.

Fallacy of the false dichotomy. There are more than just two possibilities here.

Re:Wikileaks must have hired the CIA to do it

of the female Icelandic MP

I can see "Icelandic" and "MP" being relevant to this story, but why are you being specific about sex? How is this relevant?

Re:Wikileaks must have hired the CIA to do it

[Jahava]

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

1. The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed
2. Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

Or, of course, agents of any country that stands to gain from espionage conducted this in order to spy on someone in Iceland.

Re:Wikileaks must have hired the CIA to do it

#3: Agents on behalf of the US government conducted this in order to have a shill be able to accuse Wikileaks of spying

Re:Wikileaks must have hired the CIA to do it

[TheEyes]

a single server? and they went to the trouble of ensuring the removal of fingerprints, serial numbers and encryption?

I am not a huge fan of wikileaks but this really doesn't seem to fit in at all with how they operate. However it fits in perfectly with more nefarious and far less moral organisations such as the US government.

I'm not saying it's likely, just that it's possible. Assange does seem to be a big fan of cloak-and-dagger stuff--not that it's unwarranted much of the time!--but it's not entirely out of the realm of possibility that he planted the computer himself.

Granted it would be completely idiotic to do this, but then it wouldn't be the first time someone did something stupid. Jumping to conclusions makes fools of everyone.

Re:Wikileaks must have hired the CIA to do it

[LordLimecat]

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure.

So let me get this straight. Youve set up a dichotomy (its either WL or the US government), then declare one of the options "doesnt fit" with how you view their methods, and thus it is very likely the other.

To quote the simpsons, "thats some fine police work there, Lou."

Re:Wikileaks must have hired the CIA to do it

[7-Vodka]

I understand this, notice I said that two possibilities "come to mind", not that there were only two.

I also did not say at the end that P=0.05 for a null hypothesis that wasn't even stated.
The post I made is clearly just a first reaction.

Ah, Wikileaks...

the new universal boogieman.

Re:Ah, Wikileaks...

[Opportunist]

Finally. Terrorists and pedos really got stale after a while. But I guess "think of the children" isn't gonna work as a catchphrase anymore, we gotta find a new one.

Re:Ah, Wikileaks...

[Dunbal]

Think of the politicians?

Re:Ah, Wikileaks...

[Opportunist]

Well, unlike children, politicians are not generally liked by the majority of the population. Quite the opposite, especially recently. "Think of the politicians" could easily be misunderstood a prompt for ... well, for reference see Tunisia.

What terrible spies.

Physically locating a device? That's so 20th century. Let me guess, one of the janitors was suspiciously talking into his shoe.

OH NO!

[SinGunner]

They found my CS 1.3 server!

TrueCrypt

[ironicsky]

It is entirely possible to encrypt a hard drive that once powered down the data is "lost". It's called TrueCrypt System Disk Encryption. Where the decrypter is a boot loader and the decrypted key gets stores in ram. Power off, no more key. The key is needed again to unlock the drive after reboot. To take it to the next level one would put an encrypted file container inside the encrypted system that requires a USB key to unlock. It would take a very long time to decrypt both keys without some very very heavy computing power

Re:TrueCrypt

There's also the chance that authorities moved the computer without powering it down.

Re:TrueCrypt

[snowgirl]

I am now officially setting up a background program for my two master servers to ping each other, and should the ping ever fail, they will auto shutdown...

$paranoia++

Re:TrueCrypt

[DavidTC]

That seems easy enough to subvert if you know it exists. Just watch for the unplugging of a keyboard, mouse, monitor, or network, throw up a screen demanding a password, and shut down if it's not given.

It's a neat trick, but if Full Disk Encryption products can't deal with this soon, they're pretty stupid.

Re:TrueCrypt

In code like i++, the post increment operator creates a temporary duplicate. (even if it's an int.) (in the c++ language).
To be safe you really should ++$paranoia. Do you really know where that temporary goes after your line is finished? It goes straight to the fbi++.

Re:TrueCrypt

[toddestan]

My favorite way to mess with that would be to wire the outlets where your computers are hooked up to 240 V. Pretty much all computer equipment nowadays won't have a problem with this, but if they try to use a HotPlug on it... BANG. And even if they did realize what you did beforehand, it's unlikely they would have the equipment to do anything about it.

Re:TrueCrypt

[DavidTC]

The easiest way to mess with it...well, the easiest way to use that thing is to plug it into a power strip, right? Which lets it work without having to redo any wiring at all.

So you get a metal power strip, and modify it a little. Run a live naked wire from the switch down the back of the plug outlets, and loosen everything up, so that when someone pushes on a plug, it pushes the wire in contact with the metal outside, shorting the entire thing and instantly throwing the circuit breaker.

You can still use it like normal, you just have to turn the strip off before plugging stuff in. And make sure it's somewhere you won't kick. ;)

I don't know how easy it is to find metal circuit breakers anymore, though. You might have to get a plastic one, install a grounded metal plate on the inside of the bottom, and then run a wire.

Of course, all this is moot, because, frankly, if people are leaving their secure computers on and worried about the police, they really need to install a booby trap. Not just to stop taking the computer, but for something like installing password sniffers and stuff.

A webcam motion sensor for the room that prompts for a password and hibernates if it's not given is simple enough. Or, even better, doesn't 'prompt' for the password...it could simply throw up a window on the screen saying 'click to abort shutdown', and you have to get past the screen saver to see/use it. And the police won't even know they have to do that and have a time limit.

Of course, the best option is to simply not leave secure computers running unattended. Um, duh.

OTOH, some of this automated stuff might be a good idea so you don't get charged with destroying evidence by turning off a computer. If whenever your webcam detects movement by the door, it locks the screen and starts a shutdown count, then if the police do that on their way in, tough shit for them. They can charge you only if you actually do something, they can't make you type a password in for them without a court order. (In fact, if they've said it's evidence, you have good legal grounds for refusing to touch it, period.)

Question everything

[heidaro]

This happened one year ago (see article) and what interesting data could one possibly hope to find within the walls of the Icelandic Parliament? And even if there was any, there are easier ways of looking for it than gaining entry to the offices and leaving a laptop there. It's even more silly to think Wikileaks were involved.

Re:Question everything

[eyenot]

wikileaks IS the newest terroristic fashion a la taliban / al qaeda.

everybody who is using encryption is an honorary member of wikileaks' huge global conspiracy to call people cocksuckers!

herp derp

[eyenot]

"spam? ohhhhhh iiiiiit might have been a hackkeeerrrrrr!!!"

"ohhhh i have a worm in my apple -- ooh! ooooohhhhh wikileeeaaakkkss!!"

"ooh, ohhh i just discovered there's no way i can look at the contents of my son's computer even if i ground his computer to my room, pull the hard drive out and put it in my packard bell... he says it's PGP and hell i dunno i heard that's what wikileeaakkkss is ussiiingg ... uhhhh hrrrmmmmm i can't believe my son is part of their operation! the government should deeewwww something about this!"

*laugh* Wikileaks spying...

[Omnifarious]

This reveals more about David Oddsson than Wikileaks. I bet Mr. Oddsson has some friends who were very deservedly burned by the Icelandic banking scandal that Wikileaks broke the story on. And, of course, that means Wikileaks must be at fault for anything else wrong involving spying or information leakage. It can't possibly be because Mr. Oddsson's friends are nasty people who deserve long jail sentences, no...

It's like a domestic abuse case where the abused refuses to implicate the abuser in anything the abuser has done and it must all somehow be the fault of the abused person or external entities.

*rolls eyes* Get better friends Mr. Oddsson. Accept that you have terrible taste and learn to overcome your shortcoming.

More like the Kennedy assassination

[billstewart]

It's more like the Kennedy assassination - who wouldn't gain by smearing Wikileaks here? Even Wikileaks themselves* might have planted it as a diversion as opposed to surreptitiously leaving it behind. Or maybe it's a Murder on the Orient Express plot, where either a whole bunch of players conspired together to do it, or else some stranger walked in the door, planted it, and walked out unseen.

*Yes, I do reject any of the conspiracy suggestions that say Kennedy himself was behind it, except the one on Red Dwarf which might have been true, but between several Mafia families, the CIA, Cuba, anti-Castro Cubans, the Pentagon, Military-Industrial Complex businesses, several jealous ex-husbands, Bobby, Jackie, Frankie, Marilyn, J.Edgar, J.Edgar's dress-maker, and the Lone Gunmen, it really was a race to get there first....

What a tangled web we weave

So a strange computer was found in a government office...
... which may have been used by someone affliated with an org that discloses government secrets...
... as insinuated by a newspaper edited by the former head of said government...
... as reported by someone who may also have had access to this office previously, as a government official.

Is this representative of the kind of media bias Iceland has to deal with? Don't get me wrong, it's not like any country has it better, but is it always so blatantly obvious?

"Running encrypted software"?

[Opportunist]

Call the MAFIAA, they've been searching for that for ages! If that's true, the money worries of Iceland are at an end, they'll happily pay big bucks for such a technology!

Snideness aside, I guess I needn't mention that no computer on this planet is able to run "encrypted software". The OS has to be able to load the executable, hence it has to conform to standard. CPUs are only able to run instructions that match their instruction set, so that has to conform to that standard. It may be runtime encrypted, but every halfway decent game cracker has been stripping those for ages, and every halfway decent malware analyst for even longer (I sometimes wonder how much these groups overlap, considering how many problems they both have to overcome... but I digress).

Maybe the file system is encrypted (to some degree, the system has to run after all...), but it's hardly possible that the software is running "encrypted".

Re:"Running encrypted software"?

Running encrypted software is possible but no Intel machine can do that, there are some special processors that can encrypt and decrypt programs at fly, they have a minimum of one key burned in a internal ROM to decrypt and encrypt the software/data and the memory controller encrypt and decrypts the external memory plus they only decrypted data is in the cache.

They said that about some other operations, too...

> But but planting a computer on someone's network is pretty much amateur hour don't you think?

They said the same thing about the mistakes made in the assassination of that Hamas leader by Israel and about the mistakes made in that virus that attacked Iran's nuclear program. "Wouldn't real spies be more professional than this?"

I think we're seeing the CSI effect applied to spies. In other words, people are so used to seeing perfect operations in James Bond movies and they have absolutely no idea what real spy operations are like.

Floating license server?

[sourcerror]

It would be funny if it turned out that this is just some licensing server.

so ?

[unity100]

then why did it not happen with the censorship law in spain, after all that bullying ?

Interesting

[Dunbal]

As a side note a spokesman from CCP hf announced today that the EVE Online Tranquility server has gone offline unexpectedly and they are working on the problem...

(PS: Yes I know EVE is hosted from London, but I couldn't resist!)

Wikileaks because?

[He+who+knows]

"A professional would have written any acquired data to a public-key-encrypted disk that would only have been accessible to one who possessed the private key - like with Wikileaks 'insurance' file" This is basically saying that the best way the commentator says of doing it is how wikileaks has encrypted their file. There is not even how the harddrive was encrypted

James Randi is a fraud

[Steeltoe]

In contrast, the James Randi Paranormal Challenge has a $1,000,000 prize, only has rules that disallow cheating, has been running since 1964 and is still running. The fact that no one has passed the preliminary stage of that challenge means something

It means nothing. James Randi is a con man and a fraud. The whole "challenge" is a setup. Only James Randi is judge and jury, there are no independent experts involved. The rules are not set in stone beforehand at all. He alters the rules at any time of predicament. He also intimidates and harasses those going for the challenge, making for an exceptional hard environment to perform anything successfully. He's a total prick. Many people have accomplished what they've claimed, but then Randi came up with extra tests, until they failed. Randi also rejects many many applicants based on his own suspicions wether they might actually pull it off or not. He's not interested in "statistics", but demands "undisputable show of magic", but without magic tricks. He reserves all rights to explain away any "magic", being an accomplished magician, there is no lack of knowledge and creativity in that area, on the contrary. He demands the super-natural, but in reality, nothing is beyond nature, so he can always reject the results on the premise that it is still natural in some way. So the challenge is unbeatable.

Being one who has actually had Out Of Body experience, seen auras, and experienced that there is more to this universe than the judgement of sciencific-minded people. These experiences are not enough to win the "challenge" by far, because it is designed to reject everything. I just have to both giggle and pity people, when I see them falling for the same traps that overly religious and superstitious people do. Superstitious people accepts prematurely, while supersceptics rejects prematurely. You're all in the same boat, unable to open your mind to more possibilities than the one you've already decided for. It's extremely limiting, just imagine a history without such people! Of course you're going to miss what's happening on a subtle level. There are rare moments in life one has the possibility to experience such things, but it's easy to fall into either camps (superstitious / supersceptical) and become deluded that one knows more than one really does.

One of the most spiritual and scientific statements is: "I don't really know, but I would like to know". Then there is suddenly NO CONFLICT AT ALL between them, but rather, complementary vehicles of broading the mind.

Re:James Randi is a fraud

"Being one who has actually had Out Of Body experience, seen auras,"

Where's -1 Crackpot when you need it?

Re:James Randi is a fraud

[DavidTC]

Many people have accomplished what they've claimed, but then Randi came up with extra tests, until they failed.

Randi very clearly lays out of the bounds of any tests beforehand, and what is considered proof.

If anyone had actually passed that test, they would, you know, sue him, because they were promised payment of a million dollars if they did that. There is an actual contract with actual winning conditions.

But since you've made that claim, you should be able to demonstrate that Randi has, at least once, laid out a test and winning conditions, and then backpeddled once someone actually won.

Or you are a liar and a slanderer who has accused someone of criminal fraud.

He's not interested in "statistics", but demands "undisputable show of magic", but without magic tricks.

Yeah, you moron, because that's what he's testing.

If he let people win by 'statistics', he'd have a constant stream of people claiming they could predict a coin toss 75% of the time....and eventually one of them would happen to do that. Because that's how statistics work.

Re:James Randi is a fraud

[Steeltoe]

Moderation abuse. Too hard to be able to relate to a different opinion than a preconcieved notion about something I guess.

How "scientific"..

Re:James Randi is a fraud

[Antisyzygy]

Being one who has actually had Out Of Body experience, seen auras, and experienced that there is more to this universe than the judgement of sciencific-minded people.

Science isn't about rejecting all possibilities. It about accepting that anything could be true or could occur but only being interested in the things that do occur as evident by a physical observation and evidence. That is physical evidence that you can verify repeatedly to other people and it is also subject to our senses we actually have. Even your aura seeing and out-of-body experience had senses involved such as sight, sound, etc., so go try to devise a method to repeat this event and share it with people so they can try it out for themselves. A dream you had or some "precognition" you experienced doesn't constitute physical evidence because there is no way to record these things or repeat them at will so other people can experience it and verify your claim. There have been many other plausible causes proposed for out-of-body experiences and seeing "auras". Why is your hypothesis that its simply "beyond our understanding" the correct one? Prove it. Assholes have come up with all sorts of crap-explanations over the generations and have been proven wrong time and time again. Examples? The Earth is the center of the Universe. Witches exist and should be burned at the stake. Humans were created by god out of dirt. Etc. Etc.

Re:James Randi is a fraud

You should consider the roles that science, engineering, and rational thought play in allowing you to sleep in a comfortable bed free of fear of predators with promise of food in the morning (assuming you dont piss off everyone you meet by putting your problems on them) vs. ??? that magical thinking has provided for you. (yea I know its a good way to make people work together towards something). Please turn your out of body experience into something useful for the rest of us. Like make us die less often or at least more comfortable. Something a little bit more substantial than just "death is not the end."

Re:James Randi is a fraud

[Steeltoe]

Randi very clearly lays out of the bounds of any tests beforehand, and what is considered proof. ...And then changes those parameters at any time. If you Google this you'll see many independent complaints about this.

If anyone had actually passed that test, they would, you know, sue him, because they were promised payment of a million dollars if they did that. There is an actual contract with actual winning conditions.

No can do, as per the contract, which is designed to benefit James, not the applicant:
http://www.associatedcontent.com/article/89173/exposing_the_unfair_truth_about_the.html

But since you've made that claim, you should be able to demonstrate that Randi has, at least once, laid out a test and winning conditions, and then backpeddled once someone actually won.

Except it's no contract in the lawful sense. Seek and Ye shall find:

http://www.associatedcontent.com/article/89173/exposing_the_unfair_truth_about_the_pg2.html?cat=17

Video: James Randi Challenge Exposed - A Lawyer Explains:
http://www.debunkingskeptics.com/forum/viewtopic.php?t=1442

Professor Michael Prescott found that James Randi’s million dollar challenge is very much an illusion that have fooled people for decades:
http://torbjornsassersson.wordpress.com/2010/05/02/james-randi-and-his-one-million-dollar-challenge-fraud/
http://michaelprescott.freeservers.com/challenge.htm

Examples (hard to find these days as SEO or litigations have made sites disappear, they used to be easy to find):

Rico Kolodzey
http://www.rense.com/general50/james.htm

Riley G Matthews
http://www.rileyg.com/pressdir.htm

Serios
http://michaelprescott.typepad.com/michael_prescotts_blog/2006/08/lets_get_serios.html

Or you are a liar and a slanderer who has accused someone of criminal fraud.

These are not my claims, and there are many many more, however hard to find now. Some is to be found in articles, some in books. I'll let the reader make the good judgement wether this is true or false, I don't have the time or interest to investigate it in detail for you.

You missed my point entirely though. Since everything "supernatural" can be explained away with magic tricks or similar mundane tricks, then it is impossible to prove that you just did something "supernatural". If you read more about James Randi, you'll see his argumentation is dismissive of diversity of people, intolerant and arrogant. So the "Challenge" then quickly turns into a fight for survival, and often end up in the courts. Not very nice.

Yeah, you moron, because that's what he's testing.

Wow, where did that come from?

If he let people win by 'statistics', he'd have a constant stream of people claiming they could predict a coin toss 75% of the time....and eventually one of them would happen to do that. Because that's how statistics work.

But how can you ever dismiss statistics? It is crucial to make discoveries and validate them in any field. Nothing is ever as black and white as some people want the world to be..

This has been discussed to death in other forums. If a basketball player misses the hoop 1 in 100 shots, is she no longer a basketball player? This is the way statistics is being misused to dismiss any results in the JRF chalenge. In the

Re:James Randi is a fraud

[Steeltoe]

How true!

Real science has nothing against religion generally, but yes, we should e.g. always oppose subverting schools to teach ID as "The Truth".. ID can be taught of course, but from a objective bias. If you ponder on this example: How something is done *can* be profoundly more powerful than just What.

How has more to do with the mind and spirit, and What is more to do with the material.

For most people who've had out of body experiences, their understanding and relationship with themselves and the world have changed profoundly. Personally, this can't be explained to anyone who have not experienced something like that. Some who have such experiences, especially when it's often and extreme, can also be delusional, and start to fantasize.

But on the more practical plane: If we finally understand that we may be reborn as the "enemy" in the next lifetime, maybe we'll want to treat other people better? There are numerous benefits, but more subtle than just X amounts of food or Y kgs of materials.

Material and spirit can go hand in hand. I'll leave the discovery as an exercise to the reader instead of spoonfeeding. That's the way it has to be. What I regard as "my truth", may not be in alignment with what other's truth to be, and since both are also always changing, why become stuck with a viewpoint too much?

Re:James Randi is a fraud

[NeutronCowboy]

If he let people win by 'statistics', he'd have a constant stream of people claiming they could predict a coin toss 75% of the time....and eventually one of them would happen to do that. Because that's how statistics work.

Here's the problem: even an event that happens 100% of the time under the tested conditions is a statistic. It's just that the probability of a random event happening the same way 100 times in a row is so small that it is considered a guaranteed event in common life. Just because something happens every time in the past doesn't mean that it will happen like that every time in the future.

Re:James Randi is a fraud

[Steeltoe]

Spirituality has nothing to do with "magical thinking" though, and it has absolutely no conflict with science. In fact, any real spiritual path will encourage to go through all your doubts, and not reject them, but really investigate.

Spirituality has more to do with humanism, and knowledge about our very existence, which can elevate neighbourly colloboration to higher levels than "just for the money or convenience factor".

Spirit is that very energy which makes you feel comfortable among friends, makes you want to share something good, help people when they're in trouble etc, that which elevates you.

There's so much confusion and ignorance about it though, and people are so stuck to dogmas still.

Re:James Randi is a fraud

One of the most spiritual and scientific statements is: "I don't really know, but I would like to know". Then there is suddenly NO CONFLICT AT ALL between them, but rather, complementary vehicles of broading the mind.

Sounds good.

He demands the super-natural, but in reality, nothing is beyond nature, so he can always reject the results on the premise that it is still natural in some way. So the challenge is unbeatable. Being one who has actually had Out Of Body experience, seen auras, and experienced that there is more to this universe than the judgement of sciencific-minded people.

huhwha?

You're an idiot. Go get a fucking psych exam. "seen auras". What the fuck, a hundred years ago no one would have tried to make that kind of bizarre claim, but it's all the rage now.

Re:James Randi is a fraud

Randi doesn't pursue breatharians because the whole point of their ridiculous egocentric "claim" is that Randi has to martyr them to prove them wrong.

He's not allowed to do that. So every single such claim will end in "and then the JREF unfairly dismissed my claim because I needed medical care" or "The JREF didn't tell me X wasn't allowed" for every conceivable bullshit "breatharian" value of X from cups of tea to room service. It's a complete waste of time.

You can work this out for yourself. Imagine Bob says he can survive being decapitated. He wants the JREF to slice off his head, whereupon, he says, he will grow a new one.

Of course they can't test this, because if they slice off his head he will die and that's murder.

So he gets to dance around saying the JREF won't assess his claim.

In a way you're right, the JREF reward is a failure. But it's a failure because it turns out a greater than expected proportion of these people are liars and cheats. It was expected that a lot of people would come forward, be shown they can't do what they claim and go away grateful. And that does happen, but only to a handful, mostly dowsers.

And even the dowsers come back. They get persuaded that no, they can't detect gold. They go away, and a few months later they've convinced themselves that it's because they weren't wearing their lucky amulet that day and on weeks when it hasn't rained they need the lucky amulet for their power to work. They want another go.

Failed again? Turns out the amulet doesn't work during full moon. Another go please, but this time it must not be scheduled for full moon. Or 5 days either side, just in case.

So yes, a failure. It's a mediocre PR success (as we can see from it being cited here in Slashdot) but it can't do anything to shine a light inside people's heads.

Re:James Randi is a fraud

[drinkypoo]

For most people who've had out of body experiences, their understanding and relationship with themselves and the world have changed profoundly.

You mean, their understanding of the world has changed profoundly. It doesn't mean they've learned anything profound.

Re:James Randi is a fraud

[Antisyzygy]

Out of body experiences have been induced in people. http://en.wikipedia.org/wiki/Out-of-body_experience#Induced . Interestingly enough, the explanation is due to something changing in your brain's operation, not some spiritual occurrence. What even is spirituality? Can you define it at all so that it is distinct from mind? It is simply something that exists as part of a natural physiological occurrence in your mind. Its related to a similar mechanism that convinces people they are possessed by animal spirits or the holy spirit an causes them to to weird shit like speak in tongues or run around in an animalistic rage.

Re:James Randi is a fraud

"Being one who has actually had Out Of Body experience, seen auras, and experienced that there is more to this universe than the judgement of sciencific-minded people."

Oh my god, you floated and saw some colors! You could experience ten times as much by dropping acid and you'd have the added benefit of not being full of shit.

Re:James Randi is a fraud

[DavidTC]

Yes, and if you can do it 100% of the time, you win.

What Randi doesn't take is people who claim to be able to slightly manipulate probability, who want to do a 50/50 test a hundred times and win 60 or 70 of those times and call it victory.

Because statically, eventually, one of them would succeed just because of probability.

Eventually, someone could succeed with 100% probability via bland chance, too, which why Randi demands the 'undisputable show of magic' the GP was whining about, with enough tests that's extremely unlikely. (But unlike what the GP appears to think, he explains what they are and how many they are in advance.)

Re:James Randi is a fraud

[DavidTC]

Professor Michael Prescott found that James Randi’s million dollar challenge is very much an illusion that have fooled people for decades: http://torbjornsassersson.wordpress.com/2010/05/02/james-randi-and-his-one-million-dollar-challenge-fraud/

I VERY STRONGLY urge everyone to read that article, (The first I randomly clicked) to actually see what sort of utter nonsense this poster is sprouting.

In short, apparently you can dismiss Randi because the article hypothesizes that Randi randomly turns away people just because he calls classes of claims 'absurd' (With absolutely no evidence at all he won't test those claims.), and that you can't be an asshat by repeatedly screaming obscenities or delaying the test you scheduled with them.

Wow, it's almost a microcosmic of the goddamn loons, right there in the article, written by the loons and they somehow missed it. Claims that he turns away applicants without proof, absurd behaviors and conditions on their 'powers'. It is truly an epic read.

Another article claims the reason he won't take the test is you have to sign a personal liability waiver. No shit, really? You mean they're worried about frauds claiming injury during the test and suing? I wonder why he'd worry about that.

Re:James Randi is a fraud

[endymion.nz]

What most people call 'spirituality' is really a combination of mirror neurons, critical thinking (through good or flawed methodologies), and the fact that humans are social animals.

The reason it seems weird and spooky to some people is because to make it in a capitalist democracy, you kind of need to be a sociopath - there is no room for compassion.

It's not encrypted software

[93+Escort+Wagon]

It's just perl!

Why subpoena a Twitter account?

[NotQuiteReal]

...Twiiter [sic] account was recently subpoenaed...

I don't use it, but wouldn't one just "follow" someone on Twitter to see everything they "tweet"?

Re:Why subpoena a Twitter account?

[KingAlanI]

Did that person protect their tweets?
Did the powers that be want info that webmasters of any sort might have?

Speaking off general knowledge, not knowledge of that particular case.

Re:Why subpoena a Twitter account?

[blueg3]

They didn't want the tweets or even the private messages. They wanted any personal information Twitter happened to have, such as real name, e-mail address, payment information, etc.

Nothing here

""An unauthorised computer, apparently running encrypted software, was found hidden inside an unoccupied office in the Icelandic Parliament, Althingi, connected to the internal network. According to the Reykjavik Grapevine article, serial numbers had been removed and no fingerprints were found. The office had been used by substitute MPs from the Independence Party and The Movement, the Parliamentary group of Birgitta Jonsdottir, whose Twiiter account was recently subpoenaed by US authorities."

Ah the joy of deconstruction.

An unauthorised computer = lots of these, even billions around, several million lurking around Microsoft campus at any time.

apparently running encrypted software = all have some form or another.

was found hidden inside an unoccupied office = someone forgot all about it except the cleaning crew (see below).

connected to the internal network = needed to use a printer.

serial numbers had been removed = it was bought by someone from another someone (could have been stollen) for real cheap bucks.

no fingerprints were found = the nightly clean crew knew where it was all along and did their job to keep it clean anyway.

The rest of the guck is just spectulative BS to get a story in the local papers (i.e. the local papers payed for the copy).

Like I said, nothing here.

-308

Re:They said that about some other operations, too

[PopeRatzo]

They said the same thing about the mistakes made in the assassination of that Hamas leader by Israel and about the mistakes made in that virus that attacked Iran's nuclear program. "Wouldn't real spies be more professional than this?"

And don't forget: "Professionals wouldn't have left John Wheeler's body in the garbage. Hey, look over there...WIKILEAKS!"

What that is...

[KingAlanI]

http://www.osha.gov/pls/oshaweb/owastand.display_standard_group?p_toc_level=1&p_part_number=1910

I scroll down to "Subpart S"...

General electrical regulations it seems; can you point to which part of the subpart you refer to?

if you can't beat them

[kubitus]

denounce them ( Wikileaks )

Conspiracy theories

[publicworker]

The police have apparently given up so it's up to us conspiracy theorists to solve the problem (yet again)!

First of all this is clearly a cover-up involving both the parliament security forces and the police. The computer was discovered over a year ago, but nobody was the wiser until now when the story was leaked. Nobody was questioned and the investigation seems to have dead-ended immediately. Also, the security cameras near the room in question were "unfortunately out of order" at the time.

Keep in mind also that the office where the computer was found was being shared by the Movement and the Independence Party. The former are known around here as the friends of Wikileaks while the latter are known in Iceland as simply "The Party". They are the single most powerful entity in Iceland and have in the last 50 years or so controlled both parliament and government as well as having strong influences over the police and judiciary (and the parliament security forces). During the cold war party membership could guaranty work while not being a member could loose you your job. It's also a documented fact that the Independence Party had a very effective local espionage network during the cold war and I doubt they just stopped such a successful operation when the Berlin wall fell.

Finally the daily Morgunbladid is run by one David Oddsson who is the godfather of the Independence Party; what he says goes. Wrongfully accusing someone to divert the attention away from the Party is just his MO, but because Morgunbladid is widely read it will probably work.

Put the pieces together and we see that this was a botched Party spying operation covered up by the police and parliament security. ... as conspiracy theorys go this one's actually not that unlikely!

idiots

[meerling]

Wikileaks lets people deliver info to them, they definitely don't sneak into the parliament buildings of foreign countries to install hidden computers loaded with crypto.
They should really be looking at political parties, both foreign and domestic.

Re:idiots

[blueg3]

So, Wikileaks's stated goals and behaviors must be exactly what they're doing, right?

Just stupid

This is just stupid. Wikileaks doesn't do spying, that's what governments do. This is just childing accusations and shouldn't merit attention.

Why would they? They are recieving more in-depth stuff than any spy can find.

Worth noting is that at the exact same timing a different publication comes with a similar accustion of spying. In the US!

How Atrociously Macchiavelian

I am well and truly aghast! Have such people no morals? No scruples? And their gardens are so, well, to put it mildly, bleak. And perhaps shoddy. Should they not care for those, first? Truly shocking!
How fortunate it is that chance favours the virtuous - to the point of revealing this otherwise unassailable artifice of these, latter-day, scandalous Moriarties.

subject

[Legion303]

"suggested that this might be an operation run by Wikileaks."

Or far more likely, a Karl Rove type of maneuver, bugging yourself and blaming someone else.

How convenient!

[Lazy+Jones]

Just when you thought they couldn't treat an icelandic MP like an ordinary citizen of countries where the US would like their own jurisdiction to apply whenever they feel like it, they find a suspicious computer somehow connected to that MP! I guess it's up to the usual media conglomerates now to convince everyone it's just a coincidence and Wikileaks is baaaad.

Operation in support of bank collapse

Iceland is the only country to date to default on the banks, unlike all the other countries who have bent over for the banks.

Large powerful banking interests would have had a great deal of interest in the period leading up to the default in seeing how the govt felt about defaulting.

Blaming Wikileaks is absurd. Either US or some other pawn of the banks.