On 10/10/2015 12:51 PM, Shelley wrote:
On October 10, 2015 10:16:55 AM Razer <Rayzer@riseup.net> wrote:
From the article:
"He discovered the files when he uploaded the contents of the sticks to the Internet Archive..."
Where the fuck does Michael Best, "researcher", get off publishing material THAT IS NOT HIS WORKS OR PLAINLY PUBLIC DOMAIN to IA?
This is an example of the kind of material IA expects to see:
https://archive.org/details/CabaleNewsServices
With permission of the creator... NOT server logs he just happens to have lying around.
RR
Well, JYA apparently did send them to him :) Apparently by accident.
The Cryptome archives *are* publicly accessible. John limits bots and leechers to a certain number of files per day (as is his right, he is paying for the bandwidth), approx 100 iirc, but anyone who can use search strings can find anything on the site.
Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
In the past, John has given his blessing to uploading the Cryptome archives to the torrents. The files number close to 100K: I would not expect someone to inspect each document and folder of a public archive before uploading it, but Mike Best took the extra step to contact JY when he saw the log files and asked if those were part of the public archive or if they'd been included by mistake. If it had been resolved at that time, the log files would not have been published and we would not be having this particular discussion.
If Mike had uploaded them without full inspection, no problem. But, as I understand the narrative, he knowingly uploaded them. Yes, he asked JYA about it first. And yes, he posted to this list too. But in the end, after getting no help, he went ahead and uploaded them. And that, in my opinion, was unwarranted.
We can see from the hash on coderman's torrent from 2014 that those same log files were indeed included on the USB drives sent out by Cryptome and in the archives John uploaded a few months ago for us to seed on torrents. (Which, incidentally, I'd planned on seeding as well, until my seeder box bit the dust and I have yet to replace it. I can tell you I would *not* have parsed 98,000 files before seeding the torrent.)
That is on JYA's tab, for sure ;)
I haven't yet stated my personal opinion on this because I have wanted this to be about the slide in question. I've been taken aback by the attacks on the researcher and I am worried that it's going to scare off the next person with important info to share. That's a lose/lose situation.
As much as I hate waiting on the team reviewing Snowden's cache, I generally agree on the importance of redaction to protect innocents. Wikileaks redacts too. That's the lesson here, in my opinion.
There is no clear answer here. Yes, we are all responsible for our own opsec. Absolutely. If we access the clearnet without encryption we are leaving digital DNA everywhere and we get to face the consequences. This incident is a good reminder of this fact.
True. We're all responsible for our own OPSEC.
Should access logs be kept for that long? Absolutely not. From what I have read in the email exchange that was posted, the log files were included in a NetSol total restore. My guess is that John/Cryptome did not intentionally keep these files, and did not realize these files were included in the archive.
But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
When I do incremental backups or updates on my own systems, I don't usually go back and check the integrity of files I've already archived in my closed system. I can see where this could be an honest mistake that has gotten blown way out of proportion. It's a good lesson to be more aware of these types of glitches.
I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
Can we collectively agree that it's not an ideal situation, but that we are all human and, as such, make mistakes - and just move on to the real issue of the veracity/provenance of the slide attributed to the GCHQ, which purportedly shows the (illegal) interception of the data of Cryptome visitors?
I don't quite get what this is such a big deal. I've always assumed that the Five Eyes etc intercept everything that they can. But there are so many possible sources. Maybe GCHQ got the data from JYA's ISP. Or maybe from their ISP. Or maybe from Cryptome archives. Or maybe from a bunch of sources. Am I missing something here?
That's the real issue here, and it *does* matter. I implore us all to let the noise die down and get to the matter at hand.
Yes, with UKUSA / five eyes, GCHQ likely gets access to this type of data from the NSA just for the asking. That, too, is not the point in this instance.
So what is the point?
/rant
-Shelley
On 10/09/2015 11:53 PM, Georgi Guninski wrote:
The main question is:
1. Why cryptome sold web logs to their paying customers?
Related questions:
2. Did they do it on purpose? 3. Did LEAs already had the logs via sniffing (at that time cryptome.org didn't have SSL AFAIK)? 4. Is it likely that the web server (and likely all internet connected machines of cryptome operators) was compromised?
In other news JYA talks in nearly prose:
http://www.dailydot.com/politics/cryptome-ip-leak-john-young-michael-best/