Espionage In Icelandic Parliament

bumburumbi writes "An unauthorised computer, apparently running encrypted software, was found hidden inside an unoccupied office in the Icelandic Parliament, Althingi, connected to the internal network. According to the Reykjavik Grapevine article, serial numbers had been removed and no fingerprints were found. The office had been used by substitute MPs from the Independence Party and The Movement, the Parliamentary group of Birgitta Jonsdottir, whose Twiiter account was recently subpoenaed by US authorities. The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks. The reporter for the Reykjavik Grapevine, Mr Paul Nikolov is a former substitute MP, having taken seat in Parliament in 2007 and 2008."

Rogue servers

[HomelessInLaJolla]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Specifically... does anyone have any about Wall Street or Congress?

Re:Rogue servers

[digsbo]

does anyone have any about Wall Street or Congress?

Why bother? They steal openly now.

Re:Rogue servers

[Dachannien]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Well, with regard to Congress, there are roughly 535 of them at any given time.

Re:Rogue servers

[Black+Parrot]

I love reading the stories posted by the readership about all of the odd systems found stuck in closets and under desks which nobody knows what are doing.

Well, with regard to Congress, there are roughly 535 of them at any given time.

Actually, it's the interns that are under the desks.

But lots of CongressCritters still in the closet, I trow.

Re:Rogue servers

[hitmark]

My favorite is the opposite. It was a unix server at a university that none knew where was physically, but that was happily doing its thing for the network. Eventually they found it by following the network cabling and knocking down a drywall.

Re:Rogue servers

[Tubal-Cain]

Reminds me of this.

Re:Rogue servers

[clockwise_music]

The clue's in the name:

> was found hidden inside an unoccupied office in the Icelandic
>Parliament, Althingi, connected to the internal network

It was Al's thingy wasn't it?

Run by wikileaks ?

[unity100]

An iceland parlementarian's twitter account subpoenaed by u.s. government, yet, the operation to spy on the iceland government, for some godfrigging reason, is proposed to be the operation by wikileaks ?

can anyone provide any actual logic for this proposition ?

Re:Run by wikileaks ?

[dgatwood]

True, it can be done easily, but the expert didn't say it couldn't be done. The expert said it wouldn't be done. If you store the key in RAM and there's a power failure, your bug will never work again until someone physically goes in and rebuilds the system from scratch. Determining the difference between an actual detection incident and a harmless condition like a blackout is a nontrivial exercise. And if you have regular access to the area, there's probably no good reason to plant a bug there. You generally would plant a bug in places where you don't regularly go so that you can have access to them when you otherwise wouldn't. Therefore, one can assume that when you amortize the damage over a long enough period of time, a self-destructing bug is a poor value proposition.

In short, the computer expert argued that a self-destructing app was foolish---not because it can't be done, nor even because it is difficult, but because it is self-defeating.

Ack! I've been dealing with product marketing people too much! I'm starting to sound like them! Gaaaaaah!

Re:Run by wikileaks ?

[icebike]

But what of their friends, assistants, and political hangers-on?

Re:Run by wikileaks ?

[number11]

I'm trying to think of some government that is less likely than Iceland's to have interesting fodder for WikiLeaks.

Maybe I'm naive and Iceland is really a hotbed of corruption and intrigue, but somehow it seems unlikely that there's anything to leak, aside from political maneuvers and backbiting that would seem tame in almost any other country. The Icelandic financial institution scandal is pretty long in the tooth at this point. Bugging Iceland would probably be a sign of really poor judgment on the part of any aspiring scandal-monger.

Of course, every society probably has its quota of twits who are interested in eavesdropping on their colleagues. But with the new interest in Iceland evidenced by the US gummint, you do gotta wonder.

Re:Run by wikileaks ?

[cHiphead]

"They" are trying to turn wikileaks into the new imaginary Al Qaeda boogeyman.

Re:Run by wikileaks ?

[dadioflex]

Couldn't agree more. There's an argument that identifying "Al Qaeda" as a global terrorist network, effectively galvanized disparate groups into making or strengthening informal links. The Power of Nightmares (BBC documentary from years back) made a strong argument for this. Power of Nightmares

Now everyone who wants to justify their own lax security is blaming "Wikileaks" as if they are actively ferreting out their secrets. It also gives a visible "showcase" for drive by hackers to post whatever dirt they happen to dig out in passing, whereas before the information wouldn't have circulated outside a select group.

Hang on a second...

[AceCaseOR]

So, Wikileaks is SPECTRE now?

Re:Hang on a second...

[cyrus0101]

More like KAOS.

Re:Hang on a second...

[sjames]

Now if our fine government agents could only manage to be half as competent as Maxwell Smart...

Wikileaks == scapegoat

[presspass]

The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks.

If nothing else, wikileaks will be valuable to governments as a convenient scapegoat.

--

pass

Re:Wikileaks == scapegoat

[Pharmboy]

When, exactly, has Wikileaks actively gathered evidence? Oh, never. Wikileaks just waits for others to the gathering, they just do the publishing. Next, they will be blaming global warming on Wikileaks.

Re:Wikileaks == scapegoat

[Dunbal]

former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks.

      This, brought to you by the mind that collapsed Iceland's economy.

Re:Wikileaks == scapegoat

[bug]

There's a strong possibility that you're mistaken in your assertions there. There has been some reporting in the press that Wikileaks activists have actively eavesdropped on data by running one or more rogue Tor servers:
http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian?currentPage=all#ixzz0pWdlAepe
There has also been reporting as recently as today that Wikileaks actively gathered data from peer-to-peer file sharing networks:
http://www.bloomberg.com/news/2011-01-20/wikileaks-may-have-exploited-music-photo-networks-to-get-classified-data.html

Re:Wikileaks == scapegoat

[Pharmboy]

I'm not sure if running a Tor server or gathering via p2p would be "active" in the same sense I would normally consider "active". This is still on the back side, taking what has already been taken. This is different than doing the initial taking. To do that, you have to be on the inside.

I get what you are saying, but to be clear, when I say "active", I am referring to the initial step of getting the info. Going from "secure" to "no longer secure". After that point, it is mainly courier duty.

Just as on P2P, downloading isn't actively obtaining a movie, it is passively obtaining it. Someone else has already done the real dirty work, the heavy lifting.

Re:Wikileaks == scapegoat

[Zorque]

Except that global warming doesn't exist!

I don't actually believe that, but it wouldn't be a proper Slashdot discussion without somebody saying it.

Re:Wikileaks == scapegoat

[ScentCone]

they were involved after the fact

That's the part that is NOT clear, still. Manning didn't have anyplace to put the stuff ... he couldn't complete the theft without help.

Recovery Fairy Tales again

[scdeimos]

From TFA:

Stephen Christian, a computer expert at Oxymap ehf, told the Grapevine that ... "Information written to disk can be recovered by experts even after being overwritten several times unless you let the computer run for a few hours constantly 'covering up' its information. Computer hackers know this."

I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge, let alone beat it.

Re:Recovery Fairy Tales again

I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge, let alone beat it.

Hahaha, probably because the challenge only offers a reward of $40 USD and they won't let you disassemble the drive, which is a requirement for any of the wiped-data-recovery papers/theories floating around.

Re:Recovery Fairy Tales again

[ladadadada]

There are four problems with the Great Zero Challenge that I could identify at a glance:

1. No incentive. The prize is $40. Data recovery companies charge tens of thousands to recover a drive. (Depending on how hard it is.)
2. No disassembly. Any technique that "reads residual magnetism" is going to require custom read heads and access to the platters.
3. No longer running. The challenge ended in January 2009 and only ran for one year. That blog post is from September 2008.
4. Full disclosure. This is a show-stopper. Data recovery companies guard their secret methods very closely. Those secrets are their only competitive advantage. Telling everyone how they did it for $40 ? I don't think so.

In contrast, the James Randi Paranormal Challenge has a $1,000,000 prize, only has rules that disallow cheating, has been running since 1964 and is still running. The fact that no one has passed the preliminary stage of that challenge means something

Re:Recovery Fairy Tales again

[snowgirl]

"I laugh whenever I see comments like this. Lest we forget that nobody ever accepted The Great Zero Challenge [hostjury.com], let alone beat it."

While the statement itself is incorrect if taken as if it was accurate, traditionally when you delete a file on a partition table it does not delete the file only deletes the first bit of the filename from the file allocation table.

This is what allowed old DOS utilities like undelete or norton undelete to function. Some days I do miss the old days since it seems no one develops quality tools anymore for win XP +.

You're messing up terms. The "partition table" is in the master boot sector (and yes, there's an additional one at the start of an extended partition table, I know.) The partition table is irrelevant to the way in which files are stored.

What deleting files in DOS and on disks all the way up to FAT32 did was change the first byte of the filename to a known value, which represented a "deleted file". This filename was actually stored directly in the directory listing, not in the file allocation table. The directory listing also included an index into the file allocation table, which was the start of the file. In the file allocation table each entry pointed to the next entry in the table that contained the file.

If you tried to undelete a file of size greater than the block size of the file allocation table, you would not obtain the entire file, because the entries for the file had already been wiped from the file allocation table.

Modern file systems such as NTFS and anything used by the *nix world use a completely different allocation system than FAT, and as a result a simple "undelete" utility would be worthless.

Specifically, the directory listings contain a filename and an "inode" or inode-like pointer, which points to an inode or inode-like entry, which contains information about where the file is stored. If one has deleted all points to the inode or inode-like entry, then the entry is scrubbed, and recovering the point to this inode becomes worthless, because again, the inode entry contains nothing of the file itself.

So, to clarify why "the good old days" can't be brought back for "quality tools", is because FAT was a piece of shit, and undelete was a complete hack exploiting a design failure in the FAT method. It was by no means a "quality tool"...

Re:Recovery Fairy Tales again

[DavidTC]

If the NSA really wanted the data on that drive they may be able to do it.

The point is this is all a nonsense urban legend that actually started on an entirely different type of drive entirely, an MFM drive, with much fuzzier bits, and someone hypothesized that data recover might theoretically be possible even after an overwrite, and you might want to do it with different patterns.

This hypothetical 'might' on much older drives has somehow become the actual literal truth, resulting in people running multiple wipe operations and even physically destroying drives, despite no one ever demonstrating recovery of a once-wiped file in the entire history of computers. Ever. At all. It has never once happened, no actual data recovery firm claims they can do.

In fact, the hypothetical recovery concept is near nonsense anyway. Even if we imagine that hard drives bits are something like ________ wide, and sometimes they write __++++++ and sometimes ------__, resulting in ------++, you can't actually recover from that. You don't know when that ++ got there. For all you know, that was a piece let over from two years ago, and the bit before the wipe was 0. Hell, for all you know, the bit started as +++++++ when the drive was made, and the first low-level format and every single write afterward just wrote to the last 6/8th of the bit, so you don't even know it ever was actually a one at all.

It's the equivalent of asserting that you can look at a dartboard and claim you can find the score of the last game. Uh, no, you can't. You might can see, with a microscope, every single dart that ever hit the board...but that tells you fuck all about the previous score, or who won, or what order they were thrown in.

For data to be recovered from 'before the wipe', you have to imagine that somehow the wipe was fundamentally different than every other write operation that happened before. That all other write operations helpfully left no traces of the previous state behind, but the 0 wipe did.

Before you say 'Well, a lot of places are only written once', I have to point out that a) It's exactly the changing places, the data, that is important. You know, the new stuff that got put over that file you deleted the other day. Recovering a Windows system file that got written to the disk at install and hasn't been written to again is not very useful. And b) all places on a hard drive are written to start with, it's called a low-level format. Before that they hold random 'data', which means there's nice, utterly random 'data' sitting there in the parts of the drive that don't get written to. How you can tell that from parts of the drive that did get written to at some point but somehow not written to in the wipe is a very very very interesting question...

Oh, and it's even worse than that. Because of how hard drives encode data, if you guess on one bit, you'll blow up the entire rest of the byte. If you don't know the value of bit 2, you can't know 3-8 either.

The entire thing is preposterous. The shame is that the only people who've ever called the urban legend what it is were so poorly funded. Someone should set up a Randi Foundation open-donation thing for that...I might kick in $10.

And talking about what the NSA 'might' do is insane. There's all sorts of magical tech the NSA might have, but, as I said, even pretending that hard drives actually had incredibly crappy wandering-all-over-the-drive tracks, which they do not, this would not actually let you put together an actual stream of any particular point in time. All you know is that every bit on the drive was zero at one point (because it was wiped) and not zero at one point (Because it was random before low-level format.). Good job figuring that out.

Re:so ?

[icebike]

Certainly possible.

But but planting a computer on someone's network is pretty much amateur hour don't you think? Unless it was done for "once you find this you will stop looking" purposes.

Who stands to gain?

Gee, let's see. Who would stand to gain by smearing Wikileaks?

Governments, large financial institutions, covert military operations, corrupt diplomats, racketeers... Who among such entities does not have the necessary resources to set up such a smear?

Meanwhile, this "encrypted" system sure sounds like a load of bollocks. It's all, like, secret. Wow. Yet how convenient, considering that it was "hidden", that it showed up exactly where and when it did.

Wikileaks must have hired the CIA to do it

[7-Vodka]

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

1. The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed
2. Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

Re:Wikileaks must have hired the CIA to do it

[TheEyes]

Well, the other possibility is that this is a backup Wikileaks server, running from within the Icelandic parliament.

Re:Wikileaks must have hired the CIA to do it

[Registered+Coward+v2]

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

1. The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed
2. Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

In this case, the most obvious culprit is the fallacy of your argument’s logic.

Re:Wikileaks must have hired the CIA to do it

[snowgirl]

So #2 becomes the most obvious culprit.

Fallacy of the false dichotomy. There are more than just two possibilities here.

Re:Running encrypted software?

[click2005]

I prefer placebo encryption. I tell people its encrypted and any methods they try to decrypt it wont work.

OH NO!

[SinGunner]

They found my CS 1.3 server!

TrueCrypt

[ironicsky]

It is entirely possible to encrypt a hard drive that once powered down the data is "lost". It's called TrueCrypt System Disk Encryption. Where the decrypter is a boot loader and the decrypted key gets stores in ram. Power off, no more key. The key is needed again to unlock the drive after reboot. To take it to the next level one would put an encrypted file container inside the encrypted system that requires a USB key to unlock. It would take a very long time to decrypt both keys without some very very heavy computing power

Re:TrueCrypt

There's also the chance that authorities moved the computer without powering it down.

Re:TrueCrypt

[snowgirl]

I am now officially setting up a background program for my two master servers to ping each other, and should the ping ever fail, they will auto shutdown...

$paranoia++

Re:TrueCrypt

[DavidTC]

That seems easy enough to subvert if you know it exists. Just watch for the unplugging of a keyboard, mouse, monitor, or network, throw up a screen demanding a password, and shut down if it's not given.

It's a neat trick, but if Full Disk Encryption products can't deal with this soon, they're pretty stupid.

Question everything

[heidaro]

This happened one year ago (see article) and what interesting data could one possibly hope to find within the walls of the Icelandic Parliament? And even if there was any, there are easier ways of looking for it than gaining entry to the offices and leaving a laptop there. It's even more silly to think Wikileaks were involved.

Re:Running encrypted software?

I prefer placebo encryption. I tell people its encrypted and any methods they try to decrypt it wont work.

It looks like donkey porn, but I can't decrypt it into the military secrets I know it must be!

What a tangled web we weave

So a strange computer was found in a government office...
... which may have been used by someone affliated with an org that discloses government secrets...
... as insinuated by a newspaper edited by the former head of said government...
... as reported by someone who may also have had access to this office previously, as a government official.

Is this representative of the kind of media bias Iceland has to deal with? Don't get me wrong, it's not like any country has it better, but is it always so blatantly obvious?

Re:Serial numbers removed?

[icebike]

Other than the hard drive, none of those serial numbers are tracked by computer vendors. Serials are tracked by manufacturers only for parts likely to fail, and only for parts which the vendor has a RMA agreement with the supplier.

Even mac addresses are usually not on record for any longer than it takes to print the required label.

If that information isn't on the order and shipping documents, chances are very good that the manufacturer has no clue what MAC is in what Computer, and the best you get is that it was in a particular batch of 300 computers which were sold to the Reykjavik Radio Shack.

Re:Wouldn't be surprised

[icebike]

Really? Does 30 years count?
I've also worked for a computer manufacturer.

They all go out the door with serial numbers.

Re:James Randi is a fraud

[DavidTC]

Many people have accomplished what they've claimed, but then Randi came up with extra tests, until they failed.

Randi very clearly lays out of the bounds of any tests beforehand, and what is considered proof.

If anyone had actually passed that test, they would, you know, sue him, because they were promised payment of a million dollars if they did that. There is an actual contract with actual winning conditions.

But since you've made that claim, you should be able to demonstrate that Randi has, at least once, laid out a test and winning conditions, and then backpeddled once someone actually won.

Or you are a liar and a slanderer who has accused someone of criminal fraud.

He's not interested in "statistics", but demands "undisputable show of magic", but without magic tricks.

Yeah, you moron, because that's what he's testing.

If he let people win by 'statistics', he'd have a constant stream of people claiming they could predict a coin toss 75% of the time....and eventually one of them would happen to do that. Because that's how statistics work.

Re:Wouldn't be surprised

[astar]

Since you gave a cite, but I knew that in the late 20th and early 21th century in the US, you were really out of step with my reality, I googled around at the regs. I just looked at the Lqbor department stuff.

You have the problem of never having eaten chinese food, if you get the old programming reference.

I figure your employer is a little like this:

He builds pretty much standardized boxes and sells them wherever.

So I might have bought some little odd toy computer for my kid and later laptops and netbooks like that. But my first personal computer was a cpm machine and except for the exceptions cited, I never ever bought a computer of the sort manufactured by your company. So you basically say all my toys are illegal, including the openbsd box I am typing this message upon.

So I go to nearby computer stores of what I called the white-box variety. These are mom and pop sort of places. I claim these people are manufacturing my computer. I specify the components. Hmm, the last tower I bought, I specified 8 nic ports. I specified the memory. I specified the hard disk size. I specified the cpu manufacturer and the number of cores. I specified that the video card have a HDDI out. This machine was thus a custom machine. It was build for a particular customer. So, if you are any good, you now have a clue. But I expect you are so very sure of yourself, so I will spell it out:

If you manufacture custom electrical equipment for an individual customer, your requirement is apparently not really more than keeping some records. Of what...oh, the "tests" you do.

(3) With respect to custom-made equipment or related installations that are designed, fabricated for, and intended for use by a particular customer, if it is determined to be safe for its intended use by its manufacturer on the basis of test data which the employer keeps and makes available for inspection to the Assistant Secretary and his authorized representatives.

On the FCC side I did not bother to check, but I have been very close, sort of on the inside, hah, literally, with a white-box place. I recall hearing that if the case was FCC approved and the electrical components FCC approved, then it was all clean.

Conspiracy theories

[publicworker]

The police have apparently given up so it's up to us conspiracy theorists to solve the problem (yet again)!

First of all this is clearly a cover-up involving both the parliament security forces and the police. The computer was discovered over a year ago, but nobody was the wiser until now when the story was leaked. Nobody was questioned and the investigation seems to have dead-ended immediately. Also, the security cameras near the room in question were "unfortunately out of order" at the time.

Keep in mind also that the office where the computer was found was being shared by the Movement and the Independence Party. The former are known around here as the friends of Wikileaks while the latter are known in Iceland as simply "The Party". They are the single most powerful entity in Iceland and have in the last 50 years or so controlled both parliament and government as well as having strong influences over the police and judiciary (and the parliament security forces). During the cold war party membership could guaranty work while not being a member could loose you your job. It's also a documented fact that the Independence Party had a very effective local espionage network during the cold war and I doubt they just stopped such a successful operation when the Berlin wall fell.

Finally the daily Morgunbladid is run by one David Oddsson who is the godfather of the Independence Party; what he says goes. Wrongfully accusing someone to divert the attention away from the Party is just his MO, but because Morgunbladid is widely read it will probably work.

Put the pieces together and we see that this was a botched Party spying operation covered up by the police and parliament security. ... as conspiracy theorys go this one's actually not that unlikely!

Re:James Randi is a fraud

[DavidTC]

Professor Michael Prescott found that James Randi’s million dollar challenge is very much an illusion that have fooled people for decades: http://torbjornsassersson.wordpress.com/2010/05/02/james-randi-and-his-one-million-dollar-challenge-fraud/

I VERY STRONGLY urge everyone to read that article, (The first I randomly clicked) to actually see what sort of utter nonsense this poster is sprouting.

In short, apparently you can dismiss Randi because the article hypothesizes that Randi randomly turns away people just because he calls classes of claims 'absurd' (With absolutely no evidence at all he won't test those claims.), and that you can't be an asshat by repeatedly screaming obscenities or delaying the test you scheduled with them.

Wow, it's almost a microcosmic of the goddamn loons, right there in the article, written by the loons and they somehow missed it. Claims that he turns away applicants without proof, absurd behaviors and conditions on their 'powers'. It is truly an epic read.

Another article claims the reason he won't take the test is you have to sign a personal liability waiver. No shit, really? You mean they're worried about frauds claiming injury during the test and suing? I wonder why he'd worry about that.