Cryptome admits they leaked their logs (WAS: [cryptome] Cryptome has been leaking its user logs for over a year)
Most up to date version: http://that1archive.neocities.org/subfolder1/cryptome-admits-leak.html Before reading this, I recommend reading my first post raising concerns that the alleged GCHQ Cryptome slide from could be a mockup <http://that1archive.neocities.org/subfolder1/gchq-cryptome-slide.html>, followed by my disclosure of Cryptome's leaked user logs <http://that1archive.neocities.org/subfolder1/cryptome-leaked-logs.html>. After refusing to comment <http://web.archive.org/web/20151009170831/https:/twitter.com/Cryptomeorg/status/651652489704554497>, denying it, accusing it of being disinfo <http://web.archive.org/web/20151009170829/https:/twitter.com/Cryptomeorg/status/651838022909054978>, accusing me of stealing data <http://web.archive.org/web/20151007134316/https:/twitter.com/Cryptomeorg/status/651751155962396674>, accusing me of being a newbie advertising for a spy job <http://web.archive.org/web/20151009170826/https:/twitter.com/Cryptomeorg/status/651890295072755712>, declaring that it was "a campaign" against them <https://cpunks.org/pipermail/cypherpunks/2015-October/009681.html>, accusing me of faking data <http://web.archive.org/web/20151008125804/https:/twitter.com/Cryptomeorg/status/651777707873837056>, declaring that all logs leak and they pay for the internet <http://web.archive.org/web/20151009170824/https:/twitter.com/Cryptomeorg/status/652067337621929984>, and deleting my post <https://twitter.com/NatSecGeek/status/651907692081115137> to the Cryptome mailing list <https://cpunks.org/pipermail/cypherpunks/2015-October/009684.html> alerting them to the leak, Cryptome has acknowledged that the leaked logs I found were legitimate. John Young/Cryptome then thanked me, which is apology enough for all the accusations. Date: Fri, 09 Oct 2015 11:54:05 -0400 To: Michael Best From: John Young Subject: Cartome AWStats *You were right about AWStats data. Not the stats for Cryptome itself but for the Cartome sub-directory, for four months, November 2009-February 2010. Included in a full site restoration by ISP NetSol after a full shutdown in June 2013.The stats have been deleted from the Cryptome archive. Probably best to not expose visitors' data further but then nothing can be fully deleted or hidden.Thanks for discovering and reporting in this.Publish this message if you like.Regards,John* Immediately after receiving his email, I deleted the stat files from my website. They were only published to force verification and public disclosure about the leak. Now that it has been acknowledged, there's no point in continuing to distribute them. If John provides a new cryptographically signed Cryptome archive file without those logs, I will replace the one hosted on Archive.org with the new, sanitized version. Note that .7z may be best to prevent the archive's deriving process (it makes individual files within the zip viewable) from making changes to the .zip file which can cause it to no longer match the hash/cryptographic signature. What does this mean for the slide that seems to show GCHQ spying on Cryptome.org? According to John Young's email, the leak is limited to the Cartome sub-directory which would not include the Eyeball directory. However, the time frame matches up perfectly and does include the time period the slide appears to show. Determining whether or not the leak ever included the Eyeball directory, and why NetSol's glitch only restored those four months of the Cartome's stats to the Cryptome archive while trying to view a random selection of the leaked files on the online server failed, requires more information from NetSol, Cryptome's ISP. Inquiring about those details from NetSol and disclosing them falls entirely to John Young and Deborah Natsios. Presumably, John Young would have disclosed if a similar leak had been found relating to the Eyeball directory, but it remains possible that the information might have been deleted from the Cryptome archive prior to 2014-06-02 <https://thepiratebay.se/torrent/11113511/Cryptome_archive_2014-06-02> without John realizing it had already leaked. More information will be required before those possibilities can be excluded. As of the time of this posting (13:45 Eastern October 9, 2015), John Young has not added anything to his website, twitter account, or mailing lists disclosing the now confirmed leak to his users. He did remove the graphic advising his users that the GCHQ was/is allegedly monitoring them. <http://web.archive.org/web/20151007140432/https:/twitter.com/Cryptomeorg/status/644123971051474944>
I feel obligated to clarify. Cryptome has said ""Admission of leaked logs" is rather generously overstated of what we specifically understated." and "Rigged and disinfo remain valid. You overstated the disclosure. Leaking is press exaggeration." https://twitter.com/Cryptomeorg/status/652581186036989953 https://twitter.com/Cryptomeorg/status/652581918215684096 Not sure how I was right AND the info is rigged and disinfo... On Fri, Oct 9, 2015 at 1:51 PM, Michael Best <themikebest@gmail.com> wrote:
Most up to date version: http://that1archive.neocities.org/subfolder1/cryptome-admits-leak.html
Before reading this, I recommend reading my first post raising concerns that the alleged GCHQ Cryptome slide from could be a mockup <http://that1archive.neocities.org/subfolder1/gchq-cryptome-slide.html>, followed by my disclosure of Cryptome's leaked user logs <http://that1archive.neocities.org/subfolder1/cryptome-leaked-logs.html>.
After refusing to comment <http://web.archive.org/web/20151009170831/https:/twitter.com/Cryptomeorg/status/651652489704554497>, denying it, accusing it of being disinfo <http://web.archive.org/web/20151009170829/https:/twitter.com/Cryptomeorg/status/651838022909054978>, accusing me of stealing data <http://web.archive.org/web/20151007134316/https:/twitter.com/Cryptomeorg/status/651751155962396674>, accusing me of being a newbie advertising for a spy job <http://web.archive.org/web/20151009170826/https:/twitter.com/Cryptomeorg/status/651890295072755712>, declaring that it was "a campaign" against them <https://cpunks.org/pipermail/cypherpunks/2015-October/009681.html>, accusing me of faking data <http://web.archive.org/web/20151008125804/https:/twitter.com/Cryptomeorg/status/651777707873837056>, declaring that all logs leak and they pay for the internet <http://web.archive.org/web/20151009170824/https:/twitter.com/Cryptomeorg/status/652067337621929984>, and deleting my post <https://twitter.com/NatSecGeek/status/651907692081115137> to the Cryptome mailing list <https://cpunks.org/pipermail/cypherpunks/2015-October/009684.html> alerting them to the leak, Cryptome has acknowledged that the leaked logs I found were legitimate. John Young/Cryptome then thanked me, which is apology enough for all the accusations.
Date: Fri, 09 Oct 2015 11:54:05 -0400 To: Michael Best From: John Young Subject: Cartome AWStats
*You were right about AWStats data. Not the stats for Cryptome itself but for the Cartome sub-directory, for four months, November 2009-February 2010. Included in a full site restoration by ISP NetSol after a full shutdown in June 2013.The stats have been deleted from the Cryptome archive. Probably best to not expose visitors' data further but then nothing can be fully deleted or hidden.Thanks for discovering and reporting in this.Publish this message if you like.Regards,John*
Immediately after receiving his email, I deleted the stat files from my website. They were only published to force verification and public disclosure about the leak. Now that it has been acknowledged, there's no point in continuing to distribute them. If John provides a new cryptographically signed Cryptome archive file without those logs, I will replace the one hosted on Archive.org with the new, sanitized version. Note that .7z may be best to prevent the archive's deriving process (it makes individual files within the zip viewable) from making changes to the .zip file which can cause it to no longer match the hash/cryptographic signature. What does this mean for the slide that seems to show GCHQ spying on Cryptome.org?
According to John Young's email, the leak is limited to the Cartome sub-directory which would not include the Eyeball directory. However, the time frame matches up perfectly and does include the time period the slide appears to show. Determining whether or not the leak ever included the Eyeball directory, and why NetSol's glitch only restored those four months of the Cartome's stats to the Cryptome archive while trying to view a random selection of the leaked files on the online server failed, requires more information from NetSol, Cryptome's ISP. Inquiring about those details from NetSol and disclosing them falls entirely to John Young and Deborah Natsios. Presumably, John Young would have disclosed if a similar leak had been found relating to the Eyeball directory, but it remains possible that the information might have been deleted from the Cryptome archive prior to 2014-06-02 <https://thepiratebay.se/torrent/11113511/Cryptome_archive_2014-06-02> without John realizing it had already leaked. More information will be required before those possibilities can be excluded.
As of the time of this posting (13:45 Eastern October 9, 2015), John Young has not added anything to his website, twitter account, or mailing lists disclosing the now confirmed leak to his users. He did remove the graphic advising his users that the GCHQ was/is allegedly monitoring them.
<http://web.archive.org/web/20151007140432/https:/twitter.com/Cryptomeorg/status/644123971051474944>
Here is Cryptome's full set (so far) of post-admission replies. I'm unable to make anything consistent out of it. "Admission of leaked logs" is rather generously overstated of what we specifically understated. https://twitter.com/Cryptomeorg/status/652581186036989953 Me: You understated things? As in, left something(s) out?? Cryptome: Told what was needed to defuse your exaggeration and resist your demands to auth visitors. https://twitter.com/Cryptomeorg/status/652585088912355328 Note that Cryptome doesn't dispute the email that I quoted, which was copy and pasted in it's entirety. Rigged and disinfo remain valid. You overstated the disclosure. Leaking is press exaggeration. https://twitter.com/Cryptomeorg/status/652581918215684096 Nothing is ever deleted, that is subterfuge to escape culpability. You ratted Cryptome visitors. Not the first or last. https://twitter.com/Cryptomeorg/status/652582251805474816 *Note that Cryptome is definitely NOT using subterfuge to escape culpability or advising users of the data leak/breach/compromise/whatever spin word Cryptome wants to use. Still refusing to validate what you faked, rigged and released. And will not, it's your story, run with it. https://twitter.com/Cryptomeorg/status/652583921352355840 Our claims remain valid despite the biased cherry-picking so beloved of childish argumentum ad hominem -- Cicero's bitch. https://twitter.com/Cryptomeorg/status/652579919340421120 On Fri, Oct 9, 2015 at 4:45 PM, coderman <coderman@gmail.com> wrote:
On 10/9/15, Michael Best <themikebest@gmail.com> wrote:
... Not sure how I was right AND the info is rigged and disinfo...
QUANTUMSQUIRREL casts suspicion, just like shade, too.
Cryptome just deleted all the quoted tweets for some reason. Weird, right? Well, here are the archived versions. http://web.archive.org/web/20151009203031/https://twitter.com/Cryptomeorg/st... http://web.archive.org/web/20151009204359/https:/twitter.com/Cryptomeorg/sta... http://web.archive.org/web/20151009204359/https://twitter.com/Cryptomeorg/st... http://web.archive.org/web/20151009203916/https:/twitter.com/Cryptomeorg/sta... http://web.archive.org/web/20151009210749/https://twitter.com/Cryptomeorg/st... Looks like I forgot to archive https://twitter.com/Cryptomeorg/status/652582251805474816. Oh well. You get the idea. On Fri, Oct 9, 2015 at 4:51 PM, Michael Best <themikebest@gmail.com> wrote:
Here is Cryptome's full set (so far) of post-admission replies. I'm unable to make anything consistent out of it.
"Admission of leaked logs" is rather generously overstated of what we specifically understated. https://twitter.com/Cryptomeorg/status/652581186036989953 Me: You understated things? As in, left something(s) out?? Cryptome: Told what was needed to defuse your exaggeration and resist your demands to auth visitors. https://twitter.com/Cryptomeorg/status/652585088912355328
Note that Cryptome doesn't dispute the email that I quoted, which was copy and pasted in it's entirety.
Rigged and disinfo remain valid. You overstated the disclosure. Leaking is press exaggeration. https://twitter.com/Cryptomeorg/status/652581918215684096
Nothing is ever deleted, that is subterfuge to escape culpability. You ratted Cryptome visitors. Not the first or last. https://twitter.com/Cryptomeorg/status/652582251805474816 *Note that Cryptome is definitely NOT using subterfuge to escape culpability or advising users of the data leak/breach/compromise/whatever spin word Cryptome wants to use.
Still refusing to validate what you faked, rigged and released. And will not, it's your story, run with it. https://twitter.com/Cryptomeorg/status/652583921352355840
Our claims remain valid despite the biased cherry-picking so beloved of childish argumentum ad hominem -- Cicero's bitch. https://twitter.com/Cryptomeorg/status/652579919340421120
On Fri, Oct 9, 2015 at 4:45 PM, coderman <coderman@gmail.com> wrote:
On 10/9/15, Michael Best <themikebest@gmail.com> wrote:
... Not sure how I was right AND the info is rigged and disinfo...
QUANTUMSQUIRREL casts suspicion, just like shade, too.
participants (2)
-
coderman -
Michael Best