Anonymous & Wikileaks beefing - it's bigger than a paywall - Bonus Anonhosting.biz confusions, Cointelpro Spam, Silent Circle, Cryptocat, Federal "Restricted Information" & i2p
A review of the latest internet dickering, with mostly unrelated useful new programs & ideas at the end...
One thing worth pointing out everyone I believe can agree on, that @Wikileaks Twitter recently accused @AnonymousIRC Twitter, a major account run by several folks, of sending out misleading info about insecure proxies, without specifying which proxies so worried them. That was not a good idea, or at least didn't put anything concrete out there, spreading distrust based on incomplete info instead.
[sub note: the oft very substantive @Asher_wolf adds that @anonyops is the only high-follower twitter account really held by one person since its inception]
The whole thing is a mess on a bunch of levels, as another Anonymous related account @PLF2012 just said they had an inch thick of dox on Wikileaks & judging by today's tweets, frustration that indictments keep raining down on people while Assange lectures them & Wikileaks seems to vacillate.
//// UPDATE OCT 16 AFTERNOON: While the pastebin isn't signed by anyone in particular, a pretty substantial "let's move on" kind of statement has been released. Worth Reading: http://pastebin.com/A14bABfq
UPDATE OCT 15 AFTERNOON: A couple more dramas involving 'Project Vigilant' which Lamo was involved with (bonus Sneakers reference via the SETEC ASTRONOMY patch), and the Wikileaks Forum site (and followup). It seems that Assange's mom is on some aggressive patrol to keep people in line. UK Guardian on all this. I haven't even scoped these things out yet, ye gods it goes on and on.... ////
The constructive lesson in here, to really maximize the positive contributions of all involved without getting sucked into drama, is to take what you can learn from things and get new things going, don't just join some unwieldy bandwagon for the drama flow. While Wikileaks comes across as Julian Assange/Lady Gaga/weird international epicfail ego show going on, they have actually been publishing & releasing more data from the Stratfor files and Syria. That's good -- but trolling @anonymousIRC with nothing to back it up, not good..[MEME SOURCE TROLL.ME - yes rly]
Assange just put up a long post lecturing Anonymous about how easy it is for them to get turned into snitches and fail because they lack 'Unity', a word he uses a ton when perhaps he should consider that viable ecosystems really have little lockstep unity at all. He definitely brushed off referencing "the many Bothans that died to bring him this information" so to speak, except to say that it's bad for them to say anything about sources for defendants' legal reasons. Nonetheless he doesn't really seem to venture much explanation of his own responsibility towards the general human wreckage & prosecutors surrounding these very ugly gigabytes...
Overall take it for what it's worth, between the paranoid yet intermittently informative Reddit threads to the review of HBGary and Assange's valid critique that Internet assets (or as 4GW systems theorists can call "bowties") are control points that can get co-opted. In reaction to freeform paranoia over which Anon Twitter accounts are taken over by law enforcement, someone on Reddit added that even when you don't really feel it's sound to assume an account is co-opted, you just don't need to send sensitive info or etc. to them, don't bother freaking out.
Additionally it's not helpful that Texas-based researcher & Project PM police state/contractor research wiki publisher Barrett Brown is incarcerated, awaiting trial [indictment PDF] & some mysterious & unexplored class of "restricted information" has surfaced in his case, & not really been analyzed -- Barrett seems to have been accused of feloniously enticing people to google search for FBI agents, among other things. [FreeBarrettBrown.org]
In Barrett's case, as well as the origin of the Stratfor leak, with Sabu & Lamo in the mix, an infestation of many informants and operatives operates perhaps as "crapflooding", the political hacker scene COINTELPRO counterpart to the paid corporatist trolls filling up & derailing internet discussions everywhere. In all cases the crapflooding ultimately wastes all our time, it buys time for bureaucratic status quo interests, the corrupt & those benefitting from the Power of Ignorance. Interpret gibberish as damage and route around it.
Some background [mixed thoughts about this one]: How (not) to destroy Wikileaks: where it all began… | Darker Net
The original @AnonymousIRC post: Statement on Wikileaks - Pastebin.com - the Reddit Thread: @AnonymousIRC's statement on Wikileaks : anonymous
Oct 12 Reaction to @AnonymousIRC with some good points: Supporter response to @AnonymousIRC's Statement on WikiLeaks - Pastebin.com
Julian Assange's Oct 15th missive, kinda be trollin. Yet its page title is simply: TwitLonger — When you talk too much for Twitter. Fair enough, [maybe the big lesson here?]
Easily Sunday's best move was EncyclopediaDramatica, the high Octane wiki chronicling troll wars & attempting to crowdsource the most offensive possible entries, poaching for Wikileaks style sources & "defectors". [ED's battles to stay online are actually kinda interesting & a little like a Wikileaks/anon combo situation].
The whole thing has explicitly been tied back to the July Beef by Wikileaks in a tweet hours ago - specifically this Reddit: Update to something I previously posted about @AnonymousIRC on Twitter : anonymous. So links on the earlier affairs:
Tweet July 12 saying anonhosting.biz is good for paste services: Twitter / Par_AnoIA: So we heard that Privatepaste ...
July 15 tweet saying AnonymousIRC shouldn't trust Anonhosting.biz Twitter / KiingCobra: @AnonymousIRC Honeypot site,I ...
July 13 tweet implying something sketch about Anonhosting.biz being registered May 9 when @AnonymousIRC was silent around those few days (when twitter accounts go off air, people fear Party Vanning - arrested hackers flipping while getting sweated by Feds, like Sabu did last summer) Twitter / tmichaels1: The domain @AnonymousIRC is ...
3 months ago, the proxy beef: Reddit thread NO war between WikiLeaks and Anonymous : anonymous
July 14: AnonPaste signed by @YourAnonNews @AnonPR_Network @PLF2012 @AnonCollective @Anon_Central "There is no 'War' with Wikileaks": "....The Anonymous account in question (@AnonymousIRC) is angry because all the contents of the "Syria Files" are not being instantly published. This is due to the fact that the individual behind this account is not in the decision loop regarding our handing over these files to WikiLeaks. ....
So @Wikileaks itself is *right now* trying to stir up this old July anonhosting.biz thing, is it a competition for leaking services or what? Why a priority now when the Ecuadorian embassy is surrounded etc., yet also calling for Unity? Not well explained but there you go. We can only hope it's a proxy to some more interesting intrigue?
I2P & Cryptocat: let's learn something handy anyway: Eh & after all this bitching well let me add something possibly useful in the long run. In recent weeks away from writing here, I've been taking a bit of time to review encryption, software, approaches to making open source easily replicated communications techs, which seems like a good field for inquiry and experiments right now.
[Also watched the 1992 film Sneakers, which just celebrated its 20th birthday. It only anticipated the NSA's effort to tap everyone & everything domestically. What is Darpa Plan X anyhow?]
A relatively obscure encryption protocol called i2p (an extension of some earlier Darknet efforts) may be the successor to Tor, the big Cahuna which is also a bit US Government funded & regarded cynically by Cryptome among others. Via one of the reddit threads:
i2p shall prevail where Tor has failed - money quote: "There are too few exit nodes, and many are up to something... Tor therefore forces users to make the bizarre choice between non-anonymous Internet use with only their ISP logging traffic or somewhat anonymous Internet use with a complete stranger logging their traffic.". at some point the story went around that Wikileaks claimed to have a zillion documents early on (where did those go?) because they were copying them off their own malicious Tor honeypot exit node that Chinese hackers were sending goodies back home through. May not be true but would make sense.
Moar programs: And this is cool, from two years ago, Anomos a combo implementation of Bittorrent and i2p. Groovy! Plus, honesty: "Anomos is an experimental anonymity protocol. It has not yet undergone the serious peer-review necessary to consider it safe for general use. Do not rely on it for strong anonymity." The argument in the 'i2p shall prevail' piece was that new protocols are essential, while Tor is kinda tied down in its weaknesses by basically being a proxy network to the existing web.
Firefox 16 got whacked with an exploit right away, [the JS hack here] but imagine how many more bugs would have gotten by if not for open development. So in turn we need to keep good apps with new protocol thinking developing openly. Cryptocat is another new entrant for IM chat with a lot of potential. Source code here, roll yr own! Don't worry about the drama, just code, crack & compile! [And the PGP man Phil Zimmermann has promised to opensource the touted Silent Circle app for review (see @silentcircle, because centralized communications are sooo secure lol]
Just released from EFF, HTTPS Everywhere 3.0 switches your browser to secure HTTPS, at least improving one level of communications on more than 1500 sites. Also the EFF Observatory is really interesting & discusses part of why HTTPS is not good if the upstream certificate generators, the CAs, are weak/shady:
The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web. We have downloaded datasets of all of the publicly-visible SSL certificates on the IPv4 Internet, in order to search for vulnerabilities, document the practices of Certificate Authorities, and aid researchers interested the web's encryption infrastructure.
We are particularly concerned about the role and practices of Certificate Authorities (CAs), which are the organizations that can sign cryptographic certificates trusted by browsers. These certificates can contain statements like, "this public key belongs to EFF.org", "this public key belongs to yahoo.com, paypal.com and mozilla.com", or "this public key should be trusted to also act as a CA, signing certificates for other domains".
Browsers trust a very large number of these CAs, and unfortunately, the security of HTTPS is only as strong as the practices of the least trustworthy/competent CA. Before publishing this data, we attempted to notify administrators of all sites observed vulnerable to the Debian weak key bug; please let us know if your analysis reveals other classes of vulnerabilities so that we can notify affected parties.
Overall, the idea of credible trust in closed source encryption is seemingly pretty much dead. Or if not, major political strides can be made against it on totally practical grounds.
In this insightful TEDtalk Clay Shirky got a lot right about GitHub vs Lawyers in the control structures of our country & government system. Consequently: Demand code audits, if indeed these executive branch & computer systems are both supposed to be Executing Secure Processes... or whatever it is, exactly, they're $UpTo. [Does a subtle programmer joke subvert currency itself via $variables marked by dollar signs? Will time tell as the Fed addMoar($lots) program hits QEInfinityLoop?]
When it comes to what the security establishment is up to, to modify the ultimate conspiracy tweet of Hassan-i-Sabah, leader of the Assassins & the Man in the Mountain, nothing is true, everything is permissible. Also, full of Spam. [& Since Spam will always be part of the problem, Monty Python ultimately wins the meme war.]