What do you think happened here?

Steve Kinney admin at pilobilus.net
Mon Mar 25 11:56:21 PDT 2019

On 3/25/19 7:53 AM, Mirimir wrote:
> On 03/24/2019 01:03 PM, Ryan Carboni wrote:
>> https://mchap.io/that-time-the-city-of-seattle-accidentally-gave-me-32m-emails-for-40-dollars4997.html
>>> Somewhere towards the end of the call, I asked them if it was okay to keep the emails. Why not at least ask, right?
>>> Funny enough, in the middle of that question, my internet died and interrupted the call for the first time in the six months I lived in that house. Odd. It came back ten minutes later, and I dialed back into the conference line, but the mood of the call pretty much 180’d. They told me:
>>> 1. All files were to be deleted.
>>> 2. Seattle would hire [Kroll](https://www.kroll.com/en-us/default.aspx) to scan my hard drives to prove deletion
>>> 3. Agreeing to #1 and #2 would give me full legal indemnification.
>>> This isn't something I'm even remotely cool with, so we ended the call a couple minutes later, and agreed to have our lawyers speak going forward.
>> Sudden DDOS attack after attempt to stall for time?

>> I tried writing an email about this before, but my Linux machine suddenly froze.
>> Tempting to claim that naive implementations of IP stacks should be used for home users and authentication servers (with the rest using standard implementations). Journalists certainly should use a VPN, NAT isn’t a firewall, but it is pretty close.
>> Sent from ProtonMail Mobile
> FYI: https://news.ycombinator.com/item?id=18257867
> It's a little odd that someone mucking about with ~iffy FOIA requests
> doesn't have a decent firewall, and isn't using at least a VPN.
> But at least he had a lawyer on retainer.
> It's a little hard to imagine that the City of Seattle IT folks would
> try to pwn his computer. Or even have his ISP disconnect him. At least,
> in the time frame of a few minutes.

Even harder to imagine, considering that the City of Seattle's IT folks
would include the ones who accidentally sent tons of /obviously/
sensitive and privileged information out in response to an FOIA request.

I find it more than easy to imagine that the NSA 'noticed' a giant
exfiltration of stored government-related communications crossing the
networks from their proper home to a residential IP, and flagged it for
immediate human attention.  That's kind of their job.  If so, they would
have placed both sender recipient under heel to toe electronic
surveillance, likely including implants in the firmware of relevant
phones and computers.  Collect now, ask questions later.

Given that possibility, I also find it easy to imagine that "people"
listened in on the phone call about the accidental exposure with great
interest - via a toolkit that gave them entire control of the call's
infrastructure from end to end.  When the question of the receiver
keeping all the excess data came up, I can picture somebody pulling the
plug on his connection, vs. breaking into the call and saying "oh no you
don't" or some such, both to prevent things from getting "way worse" and
to buy time for remedial action.

Ten minutes sounds about right for the NSA guise to explain their
presence on the line to the Seattle guise, scare the living shit out of
them, tell them what to say when contact was restored, and turn things
back on.

In this context, a "Linux machine" freezing while the user was writing
an e-mail about this stuff sounds like a shot across the bow, telling
the writer that Big Brother Is In Ur Box Watching U Type.  Maybe not,
but in common experience GNU/Linux rarely freezes except under loads
that exceed the capacity of the hardware.  Maybe the above mentioned
malware malfunctioned when the user's typing kept tripping filters
telling it to start copying keystrokes and phone them home "now instead
of later".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20190325/be9f5188/attachment-0002.sig>

More information about the cypherpunks mailing list