Wikileaks Embassy Cables

lol, one more

an interesting talk about the motivations behind MasterCard or Visa, and some questions about whether or not Wikileaks is going to, in the end, make the internet more restrictive.

YouTube video

So, in terms of Wikileaks making the web more restrictive, this seems like a mutation of the "Wikileaks is putting people in danger" meme. I see where the argument is coming from, but we really haven't seen any sign of this.

Sure, diplomats may be more tight lipped, or might write less interesting cables, but in terms of "Big Brother" taking away internet freedom, the backlash will be astounding. I think the US gov realizes this, and is thus trying to pressure Wikileaks support mechanisms, but really, I think it is more likely that web users will mutate such that Wikileaks can get funding through non-traditional methods than these traditional methods doing anything to shut them out.

also, talk about Asange being a CIA operative

Originally posted by inimalist
lol, one more

an interesting talk about the motivations behind MasterCard or Visa, and some questions about whether or not Wikileaks is going to, in the end, make the internet more restrictive.

YouTube video

So, in terms of Wikileaks making the web more restrictive, this seems like a mutation of the "Wikileaks is putting people in danger" meme. I see where the argument is coming from, but we really haven't seen any sign of this.

Sure, diplomats may be more tight lipped, or might write less interesting cables, but in terms of "Big Brother" taking away internet freedom, the backlash will be astounding. I think the US gov realizes this, and is thus trying to pressure Wikileaks support mechanisms, but really, I think it is more likely that web users will mutate such that Wikileaks can get funding through non-traditional methods than these traditional methods doing anything to shut them out.

also, talk about Asange being a CIA operative

What the world government realize but will never admit is that for every government IT Security professional, there are literally 100s of hackers.

For every security mitigation techniques,there exists 100s of ways around it.

Waging war against the hacker community is literally impossible as the hacker community is usually years ahead of the professional security community. This is IT Security101.

This is why both the US and China are trying to grow their own hacker communities and China is doing this at about 10 times the rate with about the same quality as the US's graduates. This is the idea behind getting around the hackers being ahead of the security professionals: make all of your security professionals just as good as any black-hat hacker.

So what does this mean? You teach a person how to be a criminal to fight criminals. The war against hacking can only be won by near 100% surveillance.*

It means that you have bots and AI that can immediately pool data and analyze it and set off flags with a near 100% success rate (almost 0 false positives). Every last human would have to be "touchable".

This is the type of system that the world's governments would love and what the majority hate. It is a simle method of slowly changing the opinions of the people enough to add to and obtain each little step of the way towards obtaining the ultimate "Big-Brother" system.

This is why there will be some sort of revolution...even if it is just a social one...not a military one.

Originally posted by dadudemon
So what does this mean? You teach a person how to be a criminal to fight criminals. The war against hacking can only be won by near 100% surveillance.*

It means that you have bots and AI that can immediately pool data and analyze it and set off flags with a near 100% success rate (almost 0 false positives). Every last human would have to be "touchable".

This is the type of system that the world's governments would love and what the majority hate. It is a simle method of slowly changing the opinions of the people enough to add to and obtain each little step of the way towards obtaining the ultimate "Big-Brother" system.

This is why there will be some sort of revolution...even if it is just a social one...not a military one.

so, I've been thinking a lot about how Tor works lately. My lack of computer knowledge probably makes anything I think nieve in the extreme, but even a simple tool like this should put a huge stain on government ability to monitor people online.

I mean, it might be possible, if you took correlations between data input/output on machines running Tor, to eventually build a network of plausible paths that a user might have used to access data, but god, it would be such a mess. And this is from a simple program like Tor (ok, probably not "simple" in terms of how hard it was to make, but in that it is a very clever and simple way to make data access nearly untracable). If the state really started to clamp down on this, there will be new innovations that make their lives that much more difficult.

like, a couple of years ago The Pirate Bay announced it was working on a system that would provide complete encryption of all data transfered on the internet, so long as the computers communicating with eachother were running the crypto software. It hasn't been released, and there haven't been any updates, but there also isn't a huge impetus to get it out there. In a world where the government is literally trying to get into everyone's computer, there would be much more pressure to make programs like these work, and given they are already understood in theory, I can't imagine we are talking about overcoming impossible hurdles in programming.

idk, to me, especially now that technology can produce "uncrackable" encryption and all that, I don't see the state as being in a position where it could conceivably control the internet, short of just turning it off or some of the COICA measures.

Obviously, as this technology becomes more refined, sure, things might swing back toward favouring the state, but this isn't like rifles and aircraft carriers. It is hard to think of software that would ever be so costly or rarified that it couldn't be pirated or used by hackers against the state itself.

EDIT: in terms of data pooling software, I was at a conference where someone had built something that could browse through millions of documents, searching for themes, and put together all the important data related to those themes. I asked them about the possible implications for privacy from such a system, they said "not our issue", which seemed pretty short-sighted. These things seem like they would have an obvious flaw anyways. If you are worried someone would use one against you, just spam every piece of information you send with the relevant search terms, and the ability of the software to cut down on document load, or find relevant messages, becomes little better than having a human sort through them.

Originally posted by inimalist
so, I've been thinking a lot about how Tor works lately. My lack of computer knowledge probably makes anything I think nieve in the extreme, but even a simple tool like this should put a huge stain on government ability to monitor people online.

I mean, it might be possible, if you took correlations between data input/output on machines running Tor, to eventually build a network of plausible paths that a user might have used to access data, but god, it would be such a mess. And this is from a simple program like Tor (ok, probably not "simple" in terms of how hard it was to make, but in that it is a very clever and simple way to make data access nearly untracable). If the state really started to clamp down on this, there will be new innovations that make their lives that much more difficult.

like, a couple of years ago The Pirate Bay announced it was working on a system that would provide complete encryption of all data transfered on the internet, so long as the computers communicating with eachother were running the crypto software. It hasn't been released, and there haven't been any updates, but there also isn't a huge impetus to get it out there. In a world where the government is literally trying to get into everyone's computer, there would be much more pressure to make programs like these work, and given they are already understood in theory, I can't imagine we are talking about overcoming impossible hurdles in programming.

idk, to me, especially now that technology can produce "uncrackable" encryption and all that, I don't see the state as being in a position where it could conceivably control the internet, short of just turning it off or some of the COICA measures.

Obviously, as this technology becomes more refined, sure, things might swing back toward favouring the state, but this isn't like rifles and aircraft carriers. It is hard to think of software that would ever be so costly or rarified that it couldn't be pirated or used by hackers against the state itself.

EDIT: in terms of data pooling software, I was at a conference where someone had built something that could browse through millions of documents, searching for themes, and put together all the important data related to those themes. I asked them about the possible implications for privacy from such a system, they said "not our issue", which seemed pretty short-sighted. These things seem like they would have an obvious flaw anyways. If you are worried someone would use one against you, just spam every piece of information you send with the relevant search terms, and the ability of the software to cut down on document load, or find relevant messages, becomes little better than having a human sort through them.

Yeah, Tor is a good example of how far ahead the hacker community is from the security one.

On top of that, in order to circumvent things like Tor, all internet traffic would need a hearty certificate system with every connection be authenticated. They could accomplish this with a universal certificate authority and this would not be very hard to do.

It would require, however, TCP/IP v2 to accomplish (my own invention...that isn't actually invented) and an international law that forces compliance.

Obviously, it would be impossible, at that point, to be "anon". Repudiation would be invalid and all traffic lacking some sort of certificate would be dropped. Bogus certificates could be generated or spoofed, however, but this is easily circumvented by making every device that wishes to connect to the internet, hard coded with their NIC key portion.

Spoofing is still possible, however, and that will be a problem for my system. But it would eliminate the ability for most people to be "anon."

That said, yes, you're right: short of monitoring ever last person's use, physically, it would be impossible to enforce any sort of laws at 99% compliance.

Originally posted by dadudemon
Yeah, Tor is a good example of how far ahead the hacker community is from the security one.

On top of that, in order to circumvent things like Tor, all internet traffic would need a hearty certificate system with every connection be authenticated. They could accomplish this with a universal certificate authority and this would not be very hard to do.

It would require, however, TCP/IP v2 to accomplish (my own invention...that isn't actually invented) and an international law that forces compliance.

Obviously, it would be impossible, at that point, to be "anon". Repudiation would be invalid and all traffic lacking some sort of certificate would be dropped. Bogus certificates could be generated or spoofed, however, but this is easily circumvented by making every device that wishes to connect to the internet, hard coded with their NIC key portion.

Spoofing is still possible, however, and that will be a problem for my system. But it would eliminate the ability for most people to be "anon."

That said, yes, you're right: short of monitoring ever last person's use, physically, it would be impossible to enforce any sort of laws at 99% compliance.

wouldn't a system like this essentially control the sale and service of computers in almost the same way liquor is distributed in Ontario?

(that being, the state is the only one allowed to sell liquor, through special store, known as LCBOs)

Or could these physical tracking codes just be built into the hardware? or am I missing your point, could this be done just with software?

EDIT: I think Tor might be crackable, if for no other reason than it only redirects data through systems already running Tor. I don't know if it has the same number of "jumps" for each data request (like, how many computers it sends data through) [blah, excuse my lack of jargon], but the concept is almost identical to how an fMRI can be used to infer what regions of the brain are connecting with others to produce behaviour. The problem would be more of having the ability to monitor all Tor users, constantly, analyizing every packet of data, and building models out of correlations between data in and out through the Tor network. The fact the data is randomly sent to various other systems would increase the difficulty exponentially, but it seems like it is something that could be accomplished in theory.

Originally posted by inimalist
wouldn't a system like this essentially control the sale and service of computers in almost the same way liquor is distributed in Ontario?

(that being, the state is the only one allowed to sell liquor, through special store, known as LCBOs)

Or could these physical tracking codes just be built into the hardware? or am I missing your point, could this be done just with software?

Without getting into how security certificates, security keys, and hashing algorithms work, you could hard code the keys, used in the certificate granting/creation/authentication processes, right into the "board." Just like MAC addresses are.

Originally posted by inimalist
EDIT: I think Tor might be crackable, if for no other reason than it only redirects data through systems already running Tor. I don't know if it has the same number of "jumps" for each data request (like, how many computers it sends data through) [blah, excuse my lack of jargon], but the concept is almost identical to how an fMRI can be used to infer what regions of the brain are connecting with others to produce behaviour. The problem would be more of having the ability to monitor all Tor users, constantly, analyizing every packet of data, and building models out of correlations between data in and out through the Tor network. The fact the data is randomly sent to various other systems would increase the difficulty exponentially, but it seems like it is something that could be accomplished in theory.

The security in this mechanism comes from the deletion of the logs or relevant "traceable" information in the relays of the traffic.

Anonymous proxies already accomplish this because they usually purge all log information from only 2 days prior. By the time an investigation begins into a cyber event, the proxies have already been purged and using forensic tools to retrieve data from the storage devices that hold the log files would fail because the storage drives would have overwritten themselves, many times over, exceeding the 5 re-write retrievable limitations of digital forensics. (That's right: if you don't want people reading you hard drives after you're done with them, use wiping tools that re-writes everything 7 times so that nothing can be retrieved.)

I'm not sure about Tor, but it may not even keep log files and immediately purges information as soon as power is lost because it only is stored in the RAM of the OS being used. (As soon as RAM loses it's power, it loses all stored information.) Even during standard use, the information stored in RAM replaces itself due to a finite amount of RAM being available. This also applies to the random proxy servers I mentioned: even during a session when a private relay is being used, the space allocated to relay will lose all relevant data very shortly...depending on how heavy traffic is. This is why law enforcement does not like onion anon proxy nets: it makes it literally impossible to pull out information for prosecution or just plain analysis.

And, you're doing just fine with your words: one of the douchiest things someone can do is make fun of another for not being intimately familiar with a specialized area of study.

And for those of you that think this discussion is off topic, revisit the topics of Wikileaks, how things are distributed to Wikileaks, and the hacker group call "anon."

Originally posted by dadudemon
Without getting into how security certificates, security keys, and hashing algorithms work, you could hard code the keys, used in the certificate granting/creation/authentication processes, right into the "board." Just like MAC addresses are.

but for PCs, barring some type of "coming together" of all board manufacturers to do this themselves, it would essentially require the government to be involved in the sale of every computer motherboard, period?

what would they do about old boards without the certificate hardware?

Originally posted by dadudemon
The security in this mechanism comes from the deletion of the logs or relevant "traceable" information in the relays of the traffic.

Anonymous proxies already accomplish this because they usually purge all log information from only 2 days prior. By the time an investigation begins into a cyber event, the proxies have already been purged and using forensic tools to retrieve data from the storage devices that hold the log files would fail because the storage drives would have overwritten themselves, many times over, exceeding the 5 re-write retrievable limitations of digital forensics. (That's right: if you don't want people reading you hard drives after you're done with them, use wiping tools that re-writes everything 7 times so that nothing can be retrieved.)

I'm not sure about Tor, but it may not even keep log files and immediately purges information as soon as power is lost because it only is stored in the RAM of the OS being used. (As soon as RAM loses it's power, it loses all stored information.) Even during standard use, the information stored in RAM replaces itself due to a finite amount of RAM being available. This also applies to the random proxy servers I mentioned: even during a session when a private relay is being used, the space allocated to relay will lose all relevant data very shortly...depending on how heavy traffic is.

fascinating... So, the kids who have just gotten picked up in NL over these Operation Payback attacks, were they just sloppy and didn't take the proper precautions? In a complete hypothetical, would you be able to use the LOIC without being tracable? or is there something about the ddos program itself that causes it to be tracable?

Originally posted by dadudemon
This is why law enforcement does not like onion anon proxy nets: it makes it literally impossible to pull out information for prosecution or just plain analysis.

whats interesting is that the Wiki for onion routing lists exactly what I was describing as a weakness (albeit, one that is possible to correct). Correlated timing of incomming and outgoing messages could be used to identify who is sending things where, but I can see trying to isolate a single data transfer, that happened in the past, even if the data were saved, as being incredibly difficult, especially considering Tor has what, 20 000 active users now?

Originally posted by inimalist
but for PCs, barring some type of "coming together" of all board manufacturers to do this themselves, it would essentially require the government to be involved in the sale of every computer motherboard, period?

what would they do about old boards without the certificate hardware?

Both good points. I briefly mentioned them here:

Originally posted by dadudemon
It would require, however, TCP/IP v2 to accomplish (my own invention...that isn't actually invented) and an international law that forces compliance.

In other words, international and universal compliance would be required. On top of that, the countries (I think the US owns 3 and china owns 1 and someone owns another somewhere else) that owned the 5 or 6 major internet backbones would have to make it mandatory and all internet traffic would have to be upgraded to the new TCP/IP system which I almost satirically called TCP/IP 2.

Here's what WILL happen if the current path of "in your ass about everything internet relate" continues: the people will create their own "internet", have their own backbone/DNS systems, and networking infrastructure. Especially with white space being opened up, alternatives to "internet" can be created with that....no need to rent bandwidth on the internet backbone. 🙂 It would just be endpoint hardware that provides all of the bandwidth that makes everything "wireless." They could have "vpn" type of systems that encrypt all traffic which would REALLY piss off the governments that are trying desperately to be big brother.

For example...the governments:

"What's this? They got pissed off at us being assholes about the internet, so much, that they decided not to use OUR internet and are making their own? It's better than ours? It also, by default, encrypts all of their traffic? Damn bastards and their systems. 😠"

Originally posted by inimalist
fascinating... So, the kids who have just gotten picked up in NL over these Operation Payback attacks, were they just sloppy and didn't take the proper precautions? In a complete hypothetical, would you be able to use the LOIC without being tracable? or is there something about the ddos program itself that causes it to be tracable?

I suspect that those kids bragged somewhere about it that was NOT anonymous. In fact, I think that kid in Europe that got arrested over this did exactly that: bragged about it on his blog, facebook, or some shit.

And, yeah, you could use LOIC to be untraceable. That wouldn't be a problem. I am not sure about the networking interface, but you could pass all of your LOIC traffic through a custom gateway that you built for Tor that then delivers your payload through the anonymous system Tor offers. In fact, isn't that how LOIC is supposed to be used? (I do not and cannot use those systems (for reasons I've already told you...indirectly), so I do not know much about them.)

Originally posted by inimalist
whats interesting is that the Wiki for onion routing lists exactly what I was describing as a weakness (albeit, one that is possible to correct). Correlated timing of incomming and outgoing messages could be used to identify who is sending things where, but I can see trying to isolate a single data transfer, that happened in the past, even if the data were saved, as being incredibly difficult, especially considering Tor has what, 20 000 active users now?

Yeah, morons, called script kiddies in the hacker community, really do stupid stuff because they do not understand that fundamental workings of traffic relays and proxies.

Tor would not work with LOiC, it would deliver far to slowly... The node would become blocked, it would be like using bit torrent with ToR. ****ing slow...

Originally posted by Thanusisback
Tor would not work with LOiC, it would deliver far to slowly... The node would become blocked, it would be like using bit torrent with ToR. ****ing slow...

1000 computers each delivering small amounts of requests that could be handled by the "node", together = DDoS attack.

Looks like he's out on bail.

Originally posted by Symmetric Chaos
Looks like he's out on bail.

Not so fast.

Is it even lawful for them to keep Assange in solitary confinement for the crime of surprise sex?

Originally posted by Liberator
Is it even lawful for them to keep Assange in solitary confinement for the crime of surprise sex?

Originally posted by 753
The accusation wouldn't actually matter as he's not serving time and the solitary confinement is probably being justified as a security measure for a high profile figure, not as any kind of punishment.

This.

Though the media, seen amongst some as a Robin Hood*, is playing on the "solitary confinement" thing in the hopes of making things seem worse than they are.

That does not make sense. I mean that some members of the press see Assange as a "Robin Hood" type of character.

Originally posted by Liberator
Is it even lawful for them to keep Assange in solitary confinement for the crime of surprise sex?

There's no such thing, as already mentioned in this thread. Check your facts.

It's certainly legal to keep someone locked up on a sexual assault charge.

Anyway, the bail is all set and he'll be out soon, though the idea that any other outcome was evidence of conspiracy or the like was simply pathetic.

Originally posted by Liberator
Is it even lawful for them to keep Assange in solitary confinement for the crime of surprise sex?

It's been established that "surprise sex" thing was either made up or overblown.

On a related note the US Navy has been keeping Bradley Manning (the guy who made the leaks) in solitary confinement for months now.

Assange is now out on bail and confined to a 600-acre estate. Where did he get an estate?

Originally posted by Symmetric Chaos
Assange is now out on bail and confined to a 600-acre estate. Where did he get an estate?

Martha Stewart