WikiLeaks reveals sites critical to US security

[Proton Soup]

If it's going to be released anyway, how is it a deterrent? Wikileaks isn't about waiting 50 years for declassification, and neither are their followers. If this is bound to be released, why make a locked file at all, and if it isn't... how DO they square that with their purpose?

i think it's about long-term survival.

not to mention it's great marketing for the brand. it's certainly interesting when people who are in IT security are themselves seeding torrents for the files.

 

[nismaratwork]

i think it's about long-term survival.

not to mention it's great marketing for the brand. it's certainly interesting when people who are in IT security are themselves seeding torrents for the files.

You may be right in the first... maybe this was the best he felt he could do? For the rest, I completely agree, although I'm not sure why IT security folks would be less suspect... in my experience (including time in that field many suns and moons ago) we were by far the most crooked to begin with.

Beyond that, if you enjoy/are good at monitoring large amounts of network traffic, drive sectors and more, then you're probably not dumb, and if this file is ever unlocked you want to be there to see what's inside.

 

[Phrak]

yeah, not really interested in that debate. and as i understand it, hacking originally had to do with hardware reverse engineering. and wasn't even a negative term i think until people started building phone "blueboxes" or whatever kind of boxen they were called. blah blah blah 2600 blah...

You're right about the term's negativity in usage today where it wasn't so before. There were a bunch of MIT AI (artificial intelligence) pin heads I worked with in the mid 80's. To them a 'hack' was the word for a clever or quickly constructed piece of code. 'Hacking' described pounding away at the keyboard.

 

[nismaratwork]

You're right about the term's negativity in usage today where it wasn't so before. There were a bunch of MIT AI (artificial intelligence) pin heads I worked with in the mid 80's. To them a 'hack' was the word for a clever or quickly constructed piece of code. 'Hacking' described pounding away at the keyboard.

Exactly... someone who could take disparate elements no matter what and get the job done. Hacking and a kludge went hand in hand... then phreaking hit, and eventually morphed into computer hacking. The road started with people just writing code though, making their own way through a pretty wild-west period, but not breaking and entering.

Now you have good or bad hackers, but mostly just curious ones. The people who do damage are generally:

"black hat" computer Hackers: People who code viruses or create and distribute scanning tools and bot-kits. In my experience, often a function of youth... younger, darker, older, kinder.

Crackers: Referring to people specializing in the removal or disruption of DRM, or in general any protective measure.

(no longer, but once) Phreakers: People who originally used something as simple as audible tones to make free long-distance calls. Evolved into something more as computers emerged, then become essentially obsolete.

Script-Kiddies: A wide term referring to the pre-written programs they tend to run, and their usual age or competence. These people may do a ton of damage, but they aren't necessarily bright... they just need some basic tools made by the real deal, scan for vulnerabilities across a wide range of IP addresses, create a bot-net and begin to run scams, spam, distribute pirated material, launch DDOS attacks, and of course... scan for more computers to add to your bot-net. This isn't new anymore, but it emerged relatively late in the game when a generation of people used to GUI's finally got their wish in tools made ostensibly to test IT security.

 

[Phrak]

Exactly... someone who could take disparate elements no matter what and get the job done. Hacking and a kludge went hand in hand... then phreaking hit, and eventually morphed into computer hacking. The road started with people just writing code though, making their own way through a pretty wild-west period, but not breaking and entering.

Now you have good or bad hackers, but mostly just curious ones. The people who do damage are generally:

"black hat" computer Hackers: People who code viruses or create and distribute scanning tools and bot-kits. In my experience, often a function of youth... younger, darker, older, kinder.

Crackers: Referring to people specializing in the removal or disruption of DRM, or in general any protective measure.

(no longer, but once) Phreakers: People who originally used something as simple as audible tones to make free long-distance calls. Evolved into something more as computers emerged, then become essentially obsolete.

Script-Kiddies: A wide term referring to the pre-written programs they tend to run, and their usual age or competence. These people may do a ton of damage, but they aren't necessarily bright... they just need some basic tools made by the real deal, scan for vulnerabilities across a wide range of IP addresses, create a bot-net and begin to run scams, spam, distribute pirated material, launch DDOS attacks, and of course... scan for more computers to add to your bot-net. This isn't new anymore, but it emerged relatively late in the game when a generation of people used to GUI's finally got their wish in tools made ostensibly to test IT security.

Good grief. I've abandoned the software world for a long time. Good riddance. Given the means and opportunity, we are sure to screw each other with it. I don't even want to know, or understand, what sort of predation people perpetuate on other peoplein this venue. I understood less than half of what you said.

 

[nismaratwork]

Good grief. I've abandoned the software world for a long time. Good riddance. Given the means and opportunity, we are sure to screw each other with it. I don't even want to know, or understand, what sort of predation people perpetuate on other peoplein this venue. I understood less than half of what you said.

I don't blame you, and if you want to hear the depressing part... this is current as of: 8 years ago or so. That's the last contact I had with anyone who could reliably inform me about these matters, or that I was in any way involved. I'm sure that in the intervening near-decade the screwing has become truly startling. It was that move from curious snooping to mass abuse that drove me away from everything related to software for years.

 

[Evo]

Mathnomalous pointed out an unsupported assumption that was about as plausible as the unsupported assumption Evo gave. I don't think there's any reason to feel suspense; I doubt either Evo or Mathnomalous intends to support the assumption they proffered.

And you were wrong.

Is it known that wikileaks helped him steal the info? I imagine if the government had enough evidence for that, there wouldn't be any trouble getting a warrant for his arrest.

Looks like they do.

A contradiction emerged today over WikiLeaks' relationship with one of its suspected sources, a dispute that could influence whether Julian Assange ultimately faces conspiracy charges in the United States.

The WikiLeaks editor who was released from a London prison yesterday denied knowing Bradley Manning, the Army private who is behind held in a military brig in Quantico, Va., on charges that include leaking classified material.

"I had never heard of the name Bradley Manning before it was published in the press," Assange told ABC News today.

That contradicts a chat log that appears to show Manning's conversations before his arrest--and before his name ever appeared in the media--in which he described having a close relationship with Assange as a confidential source.

Manning reportedly told ex-hacker Adrian Lamo that he had "developed a relationship with Assange" over many months, according to transcripts posted by BoingBoing and Wired.com over the summer. Lamo told CNET that the transcripts were accurate, but that he doesn't have the computer equipment on which it was saved because the FBI had taken it.

The details are crucial. Federal prosecutors are reportedly exploring filing conspiracy charges against Assange on the theory that he collaborated with Manning on transferring secret documents obtained from the Army's internal computer network.

continued...

http://news.cnet.com/8301-31921_3-20026074-281.html?tag=mncol;txt

 

[Proton Soup]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

 

[Evo]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

What? Oh, you think it's a chat room. No, these where private conversations between Manning and Lamo. Lamo is the hacker contacted by Manning that turned Manning in.

Do you know who Lamo is?

 

[nismaratwork]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

IRC is NOT a secure means by which any hacker would communicate unless they were using a number of bouncers and proxies to shield themselves. Even then, better to use a SSL with a third party (read hacked box) computer. Adrian was just doing what he thought was right, which is exactly what it means to be grey in the first place. It's one thing to peek, it's another to betray your country and disseminate.

I would add however, that tracing someone on IRC is not exactly impossible unless they're extremely careful. You can follow packets and do the drudge work to follow proxies, which you or I would never do, but the government and other hackers sure as hell would. IRC was only a big deal when it worked to disseminate material from USEnet... now it's just people SAYING they're dogs... and then trying to cybersex yah. YECH.

 

[Proton Soup]

What? Oh, you think it's a chat room. No, these where private conversations between Manning and Lamo. Lamo is the hacker contacted by Manning that turned Manning in.

Do you know who Lamo is?

apparently, he's the ex-hacker that http://www.nytimes.com/2010/06/08/world/08leaks.html" video decryption, but wikileaks at least doesn't reveal who is on that team.

and there is nothing in the cnet link that indicates assange knew the identity of manning, only that manning knew the identity of assange.

 

[Evo]

apparently, he's the ex-hacker that http://www.nytimes.com/2010/06/08/world/08leaks.html" video decryption, but wikileaks at least doesn't reveal who is on that team.

That was divulged, did you miss that? The part about Assange being a paranoid delusional and not taking off a snowsuit and peering out of curtains?

and there is nothing in the cnet link that indicates assange knew the identity of manning, only that manning knew the identity of assange.

Yeah, the US government isn't stupid enough to say all they know.

 

[Proton Soup]

IRC is NOT a secure means by which any hacker would communicate unless they were using a number of bouncers and proxies to shield themselves. Even then, better to use a SSL with a third party (read hacked box) computer. Adrian was just doing what he thought was right, which is exactly what it means to be grey in the first place. It's one thing to peek, it's another to betray your country and disseminate.

I would add however, that tracing someone on IRC is not exactly impossible unless they're extremely careful. You can follow packets and do the drudge work to follow proxies, which you or I would never do, but the government and other hackers sure as hell would. IRC was only a big deal when it worked to disseminate material from USEnet... now it's just people SAYING they're dogs... and then trying to cybersex yah. YECH.

i'm not trying to imply that it can't be traced. simply that people tend not to use their full names. i would also find it remarkable if wikileaks had the resources to do more than verify his IP.

i don't find this news release to be anything remarkable. it doesn't contradict anything assange has said, it merely shows that manning was in contact with assange.

 

[Proton Soup]

That was divulged, did you miss that? The part about Assange being a paranoid delusional and not taking off a snowsuit and peering out of curtains?

Yeah, the US government isn't stupid enough to say all they know.

so you agree it's an unsubstantiated claim.

 

[Evo]

so you agree it's an unsubstantiated claim.

What's an unsubstantiated claim? The journalist that stayed with him in Iceland is pretty clear on Assange's mental condition.

 

[NeoDevin]

Yeah, the US government isn't stupid enough to say all they know.

Instead they just put everything they know on an under-secured network where any of thousands of people can download the whole thing without raising any flags.

 

[Evo]

Instead they just put everything they know on an under-secured network where any of thousands of people can download the whole thing without raising any flags.

Except no one knows what they currently have.

 

[Proton Soup]

What's an unsubstantiated claim? The journalist that stayed with him in Iceland is pretty clear on Assange's mental condition.

i was thinking about the claim of a contradiction in assange's statement

"I had never heard of the name Bradley Manning before it was published in the press," Assange told ABC News today. "WikiLeaks' technology [was] designed from the very beginning to make sure that we never know the identities or names of people submitting us material."

as for paranoia, it's not being paranoid if they really are out to get you.

 

[nismaratwork]

i'm not trying to imply that it can't be traced. simply that people tend not to use their full names. i would also find it remarkable if wikileaks had the resources to do more than verify his IP.

i don't find this news release to be anything remarkable. it doesn't contradict anything assange has said, it merely shows that manning was in contact with assange.

Proton, you have more resources than are needed to verify an IP address, even if you don't know how right now. You could, if you wanted to waste your time, learn VERY quickly. You're no dummy, and presumably neither are the people who work for Wikileaks... if they have access to packetstorm dotnet and other security sites, they could do more.

That said, I understand your clarification, and yes in any context I would be shocked if people didn't use disposable names (handles).

 

[Proton Soup]

Proton, you have more resources than are needed to verify an IP address, even if you don't know how right now. You could, if you wanted to waste your time, learn VERY quickly. You're no dummy, and presumably neither are the people who work for Wikileaks... if they have access to packetstorm dotnet and other security sites, they could do more.

yeah, truth is, my level of interest in doing any sort of programming for this is very limited. my level of nosiness is more or less limited to http://www.geobytes.com/iplocator.htm".

if there'd been internet when i was a teen, maybe. but as it were, my hacking activities were pretty much limited to making passkeys for school combo locks.

anyhoo, i tried looking at wikileaks to see what sort of tech they were claiming to use for submissions, but they seem to have taken it all down until they do a rework.

 

[nismaratwork]

Fair enough... in the meantime I found this very amusing. http://news.blogs.cnn.com/2010/12/22/cia-responds-to-wikileaks-wtf/?hpt=T2

 

[Galteeth]

Here is a recent MSNBC interview with Assange (video is after the summary article, scroll down a bit). I'd say he knocks it out of the park. Of course one can't judge someone's mental state solely by an interview, but he certainly comes across lucid and intelligent.

http://www.rawstory.com/rs/2010/12/assange-charges-shock-jock-fox-hosts/

 

[Galteeth]

And you were wrong.

Looks like they do.
continued...

http://news.cnet.com/8301-31921_3-20026074-281.html?tag=mncol;txt

I would like to point out that Manning believing he was communicating with Assange directly does not necessarily mean that he was. Obviously wikileaks has a means for whistleblowers to leak documents, and I imagine there would be some sort of basic process where a whistleblower would reveal some aspect of their identity. He was obviously in communication with someone working for wikileaks, and a "relationship" is pretty ambiguous. Example:

Manning: If I had documents that I wanted to leak, is this the right channel to do so?

Wikileaks: Yes

Manning: Would "x" type of documents be something wikileaks might be interested in?

Wikileaks: Yes

Manning: How would I contact you in the future?

etc.

On another note, are we serious about starting to enforce the Espionage Act? I am frankly amazed this law has not been repealed.

http://en.wikipedia.org/wiki/Espionage_Act_of_1917

Since the United States is engaged in perpetual war, wouldn't enforcement of this act pretty much kill free speech related to foreign policy or domestic terrorism policy? Wouldn't use of this act largely confirm Assange's arguments?

On an interesting historical note, the ACLU was founded largely in response to the Espionage Act.

http://en.wikipedia.org/wiki/National_Civil_Liberties_Bureau

 

[Galteeth]

http://www.cbsnews.com/8301-503543_162-20026419-503543.html

Wikileaks has struck a deal with a Russian newspaper to provide documents relating to Russia. I thought I'd post this, as some have criticized Wikileaks for not targeting regimes like Russia.

 

[Proton Soup]

Here is a recent MSNBC interview with Assange (video is after the summary article, scroll down a bit). I'd say he knocks it out of the park. Of course one can't judge someone's mental state solely by an interview, but he certainly comes across lucid and intelligent.

http://www.rawstory.com/rs/2010/12/assange-charges-shock-jock-fox-hosts/

heh, i had actually been thinking about just this today, but it's more fun to bring up the idea in response to something else. actually, i did sort of bring it up once, but simply called it terrorism.

he's right, of course. what people here have been doing amounts to the crime of making http://www.criminaldefenselawyer.com/crime-penalties/federal/Terrorist-Threat.htm" . but they can expect not to be prosecuted because law enforcement is partial.

 

[Proton Soup]

http://www.cbsnews.com/8301-503543_162-20026419-503543.html

Wikileaks has struck a deal with a Russian newspaper to provide documents relating to Russia. I thought I'd post this, as some have criticized Wikileaks for not targeting regimes like Russia.

yeah, i think Putin has a lot more birthdays in his future.

 

[Galteeth]

yeah, i think Putin has a lot more birthdays in his future.

I'm sorry, I don't understand what you mean.

 

[Galteeth]

Apparently, if the Espionage Act is used, simple discussion of the content of the cables could be construed as illegal. Of course, from reading the act and the way it was historically enforced, so could criticizing any aspect of the wars or the military.

http://abcnews.go.com/Politics/wiki...ulian-assange-espionage-act/story?id=12369173
http://www.theatlantic.com/national...ge-acts-shameful-and-forgotten-history/68084/

Edit:

This quote from the ABC article

"Only once in the history of the Espionage Act has the U.S. government brought a case against someone other than the thief of secret information. That prosecution failed, Vladeck said."

is contradicted by the wikipedia article, as well as the Atlantic piece.

Here is an old new york times article that references the conviction of Eugene debs and others under the act for "obstructing the draft." This was not an act of physical obstruction, but rather a speech given.

http://query.nytimes.com/gst/abstract.html?res=9B0DE2D71539E133A25757C2A9649D946095D6CF

 

[jreelawg]

I wish wikileaks wouldn't have published the Iraq war logs, Afghanistan war logs, and diplomatic cables. The other things they did I thought were heroic, for example the leaks about toxic waste dumping in the Ivory coast, and the attack on Scientology.

The thousands and thousands of pages of U.S. war logs and diplomatic cables, don't really even expose any corruption or wrongdoing. They actually paint the U.S. in a positive light in my opinion. There are mainstream news sources in the U.S. that routinely make us look worse than wikileaks did. Meanwhile many of those who would be investigating real corruption and abuse, are being distracted.

But the war logs, and diplomatic cables may endanger lives and cause diplomatic problems. If they had something which exposed serious corruption in regard to the wars, and diplomatic cables, I think it might be in the nations best interest to know about it. But posting thousands of classified documents of a mundane and uninteresting nature makes no sense. And all that might come out of it, is that we might need to discuss making compromises to the first amendment, and regulate the internet.

I wonder if wikileaks actually has anything interesting, or if they are just bluffing?

 

[Proton Soup]

I'm sorry, I don't understand what you mean.

Novaya Gazeta correspondent Anna Politkovskaya, who wrote about graft under then-President Vladimir Putin and chronicled abuses by military forces in Chechnya, was shot dead in her Moscow apartment building in 2006, on Putin's birthday.

 

[jreelawg]

Novaya Gazeta correspondent Anna Politkovskaya, who wrote about graft under then-President Vladimir Putin and chronicled abuses by military forces in Chechnya, was shot dead in her Moscow apartment building in 2006, on Putin's birthday.

Funny thing is, that if assassins start taking out wikileaks staff, wikileaks won't know who is behind it. So, whatever wikileaks claims to be willing to release in the event people start to going missing, would have to be incriminating for all their targets. Therefore they logically should only attack organizations, which they have serious dirt on, and which have enough restraint not to retaliate anyways.

Some of the worse targets, probably would be harder to blackmail, as they often could care less what the rest of the world thinks, and often act irrationally and against their own interests, or are so oppressive that public opinion doesn't matter anyways.

On another note, if they actually do have damning information to use against the U.S., then it would be in the interest of the U.S. to protect wikileaks.

 

[Galteeth]

Funny thing is, that if assassins start taking out wikileaks staff, wikileaks won't know who is behind it. So, whatever wikileaks claims to be willing to release in the event people start to going missing, would have to be incriminating for all their targets. Therefore they logically should only attack organizations, which they have serious dirt on, and which have enough restraint not to retaliate anyways.

Some of the worse targets, probably would be harder to blackmail, as they often could care less what the rest of the world thinks, and often act irrationally and against their own interests, or are so oppressive that public opinion doesn't matter anyways.

On another note, if they actually do have damning information to use against the U.S., then it would be in the interest of the U.S. to protect wikileaks.

Damning is relative. i would argue some of the information in the leaks does expose wrongdoing by the US (and other countries). For example, a recent revelation was the UK's training of a Bangladeshi para-military squad that human rights groups have called a "death squad."

http://www.msnbc.msn.com/id/40773855/ns/us_news-wikileaks_in_security/

 

[jreelawg]

Damning is relative. i would argue some of the information in the leaks does expose wrongdoing by the US (and other countries). For example, a recent revelation was the UK's training of a Bangladeshi para-military squad that human rights groups have called a "death squad."

http://www.msnbc.msn.com/id/40773855/ns/us_news-wikileaks_in_security/

The RAB, is called a death squad by human rights groups, but human rights groups often have similar bad things to say about the U.S., the U.K., Israel, etc etc.

"Rapid Action Battalion or RAB is an elite anti-crime and anti-terrorism unit of Bangladesh Police constituted amending the Armed Police Battalion Ordinance, 1979. Under the command of Inspector General of Police (IGP) it consists of members of Bangladesh Police, Bangladesh Army, Bangladesh Navy, Bangladesh Air Force, Border Guards Bangladesh and Bangladesh Ansar. It was formed on 26 March 2004 and started its operations from 14 April 2004. Additional Inspector General of Police Anwarul Iqbal is the founding Director General of this elite unit.
Since its inception, the RAB has seized a total of 3,149 illegal arms and more than 36,000 rounds of ammunition. It has also had many notable arrests. Although the RAB has been successful in apprehending several high-profile terrorists, including the infamous Bangla Bhai, Amnesty International has criticised the RAB's lack of accountability as it has been responsible for numerous deaths which have been attributed to crossfire.[1][2] In March, 2010, the battalion leader stated that they have killed 622 due to 'crossfire', while some human rights organizations claim that over 1,000 extra-judicial killings are the product of the battalion.[3] There have also been many reports of torture.[4][5]"

http://en.wikipedia.org/wiki/Rapid_Action_Battalion

1. (C) The leadership of Bangladesh's Rapid Action Battalion (RAB) has pledged to provide additional information about alleged human rights violations committed by members of the force since its inception in 2004. This pledge came during two days of intensive fact-finding and discussions with members of an interagency USG team that visited Bangladesh to assess both the RAB's current operating procedures regarding human rights violations as well as possibilities for engagement. The RAB seeks a broad engagement with the USG including human rights and counterterrorism training and recognizes the need to address allegations of past abuses. While there are lingering concerns about the RAB's human rights record, there is a widespread belief within civil society that the RAB has succeeded in reducing crime and fighting terrorism, making it in many ways Bangladesh's most respected police unit.

http://www.guardian.co.uk/world/us-embassy-cables-documents/187025

The fact that some of the RAP had received training from the UK is neither strange, or particularly damning. Actually, it is something you would expect. After reading what was leaked about it, I think it actually makes the UK look good because it shows their concern for RAP human rights violations, and presents arguments for why they are necessary in the war on terror. The RAP would exist without UK training, but UK training and support puts pressure on the RAP to conform to human rights expectations.

I could go on all day posting much more damning news strait out of mainstream news sources, especially under the subject of bad guys who had received training from, or had been funded, by a particular government or military branch.

 

[jreelawg]

I have one question in my mind I would like to resolve. What is the difference between wikileaks reporting classified information, and MSNBC, or the Guardian reporting it? I just noticed that the mainstream media seams to feel free to report anything wikileaks puts out. Wikileaks doesn't steal the information, they only publish it. It seams that if the Guardian can repost what wikileaks has, than there must be laws protecting this right.

In this way, would assassinating wikileaks staff be any more justifiable than assassinating MSNBC staff, or the Guardian's staff? Therefore before wikileaks can be prosecuted in the U.S., or assassinated as many here think is legally justifiable, free speech laws would need to be amended.

 

[nismaratwork]

http://www.cbsnews.com/8301-503543_162-20026419-503543.html

Wikileaks has struck a deal with a Russian newspaper to provide documents relating to Russia. I thought I'd post this, as some have criticized Wikileaks for not targeting regimes like Russia.

Well, there's one problem solved... The Russians do NOT play games when it comes to espionage, and the old 2nd Directorate KGB vets are some of the ones who Putin and others have the most pull with. The USA might try to put you in jail... the Russians will feed you some nuclear waste, or a ricin pellet.