On October 10, 2015 10:16:55 AM Razer wrote:

From the article:

...

"He discovered the files when he uploaded the contents of the sticks to the Internet Archive..."

Where the fuck does Michael Best, "researcher", get off publishing material THAT IS NOT HIS WORKS OR PLAINLY PUBLIC DOMAIN to IA?

This is an example of the kind of material IA expects to see:

https://archive.org/details/CabaleNewsServices

With permission of the creator... NOT server logs he just happens to have lying around.

RR

The Cryptome archives *are* publicly accessible. John limits bots and leechers to a certain number of files per day (as is his right, he is paying for the bandwidth), approx 100 iirc, but anyone who can use search strings can find anything on the site. In the past, John has given his blessing to uploading the Cryptome archives to the torrents. The files number close to 100K: I would not expect someone to inspect each document and folder of a public archive before uploading it, but Mike Best took the extra step to contact JY when he saw the log files and asked if those were part of the public archive or if they'd been included by mistake. If it had been resolved at that time, the log files would not have been published and we would not be having this particular discussion. We can see from the hash on coderman's torrent from 2014 that those same log files were indeed included on the USB drives sent out by Cryptome and in the archives John uploaded a few months ago for us to seed on torrents. (Which, incidentally, I'd planned on seeding as well, until my seeder box bit the dust and I have yet to replace it. I can tell you I would *not* have parsed 98,000 files before seeding the torrent.) I haven't yet stated my personal opinion on this because I have wanted this to be about the slide in question. I've been taken aback by the attacks on the researcher and I am worried that it's going to scare off the next person with important info to share. That's a lose/lose situation. There is no clear answer here. Yes, we are all responsible for our own opsec. Absolutely. If we access the clearnet without encryption we are leaving digital DNA everywhere and we get to face the consequences. This incident is a good reminder of this fact. Should access logs be kept for that long? Absolutely not. From what I have read in the email exchange that was posted, the log files were included in a NetSol total restore. My guess is that John/Cryptome did not intentionally keep these files, and did not realize these files were included in the archive. When I do incremental backups or updates on my own systems, I don't usually go back and check the integrity of files I've already archived in my closed system. I can see where this could be an honest mistake that has gotten blown way out of proportion. It's a good lesson to be more aware of these types of glitches. Can we collectively agree that it's not an ideal situation, but that we are all human and, as such, make mistakes - and just move on to the real issue of the veracity/provenance of the slide attributed to the GCHQ, which purportedly shows the (illegal) interception of the data of Cryptome visitors? That's the real issue here, and it *does* matter. I implore us all to let the noise die down and get to the matter at hand. Yes, with UKUSA / five eyes, GCHQ likely gets access to this type of data from the NSA just for the asking. That, too, is not the point in this instance. /rant -Shelley

On 10/09/2015 11:53 PM, Georgi Guninski wrote:

...

The main question is:

1. Why cryptome sold web logs to their paying customers?

Related questions:

2. Did they do it on purpose? 3. Did LEAs already had the logs via sniffing (at that time cryptome.org didn't have SSL AFAIK)? 4. Is it likely that the web server (and likely all internet connected machines of cryptome operators) was compromised?

In other news JYA talks in nearly prose: http://www.dailydot.com/politics/cryptome-ip-leak-john-young-michael-best/

On October 10, 2015 12:30:08 PM Razer wrote:

On 10/10/2015 11:51 AM, Shelley wrote:

...

The Cryptome archives *are* publicly accessible.

Imho It's NOT his (Best's) material to decide to post without permission of the creator. Publicly available or not, at Archive.org.

You don't take the permission to upload the same information JY allowed to be uploaded to public torrents as implied permission to post the *same* files on archive.org? Also, before Best posted anything at all, he contacted John. Twice. JY could have expressed his disapproval at that time. We know about it because Best posted it to the list: how many other mirrors are there? Will you find them, check them all for the log files in question and chastise those posters as well? Cryptome has never endorsed the authenticity of any specific mirrors, but has never discouraged the mirroring of the archives (at least not to my knowledge, and I've been around for a while.) As I've stated, I'm fairly certain my info is in the dataset and it's on me for not employing better personal browsing security. I'm not angry with any of the parties involved; sunlight is the best disinfectant, and this discussion can become a positive thing if serves to remind us that despite best intentions, someone, somewhere, is always watching and it is up to us to protect ourselves. -S

On 10/10/2015 12:51 PM, Shelley wrote:

On October 10, 2015 10:16:55 AM Razer wrote:

...

From the article:

...

"He discovered the files when he uploaded the contents of the sticks to the Internet Archive..."

Where the fuck does Michael Best, "researcher", get off publishing material THAT IS NOT HIS WORKS OR PLAINLY PUBLIC DOMAIN to IA?

This is an example of the kind of material IA expects to see:

https://archive.org/details/CabaleNewsServices

With permission of the creator... NOT server logs he just happens to have lying around.

RR

Well, JYA apparently did send them to him :) Apparently by accident.

The Cryptome archives *are* publicly accessible. John limits bots and leechers to a certain number of files per day (as is his right, he is paying for the bandwidth), approx 100 iirc, but anyone who can use search strings can find anything on the site.

Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.

In the past, John has given his blessing to uploading the Cryptome archives to the torrents. The files number close to 100K: I would not expect someone to inspect each document and folder of a public archive before uploading it, but Mike Best took the extra step to contact JY when he saw the log files and asked if those were part of the public archive or if they'd been included by mistake. If it had been resolved at that time, the log files would not have been published and we would not be having this particular discussion.

If Mike had uploaded them without full inspection, no problem. But, as I understand the narrative, he knowingly uploaded them. Yes, he asked JYA about it first. And yes, he posted to this list too. But in the end, after getting no help, he went ahead and uploaded them. And that, in my opinion, was unwarranted.

We can see from the hash on coderman's torrent from 2014 that those same log files were indeed included on the USB drives sent out by Cryptome and in the archives John uploaded a few months ago for us to seed on torrents. (Which, incidentally, I'd planned on seeding as well, until my seeder box bit the dust and I have yet to replace it. I can tell you I would *not* have parsed 98,000 files before seeding the torrent.)

That is on JYA's tab, for sure ;)

I haven't yet stated my personal opinion on this because I have wanted this to be about the slide in question. I've been taken aback by the attacks on the researcher and I am worried that it's going to scare off the next person with important info to share. That's a lose/lose situation.

As much as I hate waiting on the team reviewing Snowden's cache, I generally agree on the importance of redaction to protect innocents. Wikileaks redacts too. That's the lesson here, in my opinion.

There is no clear answer here. Yes, we are all responsible for our own opsec. Absolutely. If we access the clearnet without encryption we are leaving digital DNA everywhere and we get to face the consequences. This incident is a good reminder of this fact.

True. We're all responsible for our own OPSEC.

Should access logs be kept for that long? Absolutely not. From what I have read in the email exchange that was posted, the log files were included in a NetSol total restore. My guess is that John/Cryptome did not intentionally keep these files, and did not realize these files were included in the archive.

But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?

When I do incremental backups or updates on my own systems, I don't usually go back and check the integrity of files I've already archived in my closed system. I can see where this could be an honest mistake that has gotten blown way out of proportion. It's a good lesson to be more aware of these types of glitches.

I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.

Can we collectively agree that it's not an ideal situation, but that we are all human and, as such, make mistakes - and just move on to the real issue of the veracity/provenance of the slide attributed to the GCHQ, which purportedly shows the (illegal) interception of the data of Cryptome visitors?

I don't quite get what this is such a big deal. I've always assumed that the Five Eyes etc intercept everything that they can. But there are so many possible sources. Maybe GCHQ got the data from JYA's ISP. Or maybe from their ISP. Or maybe from Cryptome archives. Or maybe from a bunch of sources. Am I missing something here?

That's the real issue here, and it *does* matter. I implore us all to let the noise die down and get to the matter at hand.

Yes, with UKUSA / five eyes, GCHQ likely gets access to this type of data from the NSA just for the asking. That, too, is not the point in this instance.

So what is the point?

/rant

-Shelley

...

On 10/09/2015 11:53 PM, Georgi Guninski wrote:

...

The main question is:

1. Why cryptome sold web logs to their paying customers?

Related questions:

2. Did they do it on purpose? 3. Did LEAs already had the logs via sniffing (at that time cryptome.org didn't have SSL AFAIK)? 4. Is it likely that the web server (and likely all internet connected machines of cryptome operators) was compromised?

In other news JYA talks in nearly prose:

http://www.dailydot.com/politics/cryptome-ip-leak-john-young-michael-best/

...