Cartome AWStats
John
John
Fri Oct 9 08:54:05 PDT 2015
*You were right about AWStats data. Not the stats for Cryptome itself but
for the Cartome sub-directory, for four months, November 2009-February
2010. Included in a full site restoration by ISP NetSol after a full
shutdown in June 2013.The stats have been deleted from the Cryptome
archive. Probably best to not expose visitors' data further but then
nothing can be fully deleted or hidden.Thanks for discovering and reporting
in this.Publish this message if you like.Regards,John*
Immediately after receiving his email, I deleted the stat files from my
website. They were only published to force verification and public
disclosure about the leak. Now that it has been acknowledged, there's no
point in continuing to distribute them. If John provides a new
cryptographically signed Cryptome archive file without those logs, I will
replace the one hosted on Archive.org with the new, sanitized version. Note
that .7z may be best to prevent the archive's deriving process (it makes
individual files within the zip viewable) from making changes to the .zip
file which can cause it to no longer match the hash/cryptographic signature.
What does this mean for the slide that seems to show GCHQ spying on
Cryptome.org?
According to John Young's email, the leak is limited to the Cartome
sub-directory which would not include the Eyeball directory. However, the
time frame matches up perfectly and does include the time period the slide
appears to show. Determining whether or not the leak ever included the
Eyeball directory, and why NetSol's glitch only restored those four months
of the Cartome's stats to the Cryptome archive while trying to view a
random selection of the leaked files on the online server failed, requires
more information from NetSol, Cryptome's ISP. Inquiring about those details
from NetSol and disclosing them falls entirely to John Young and Deborah
Natsios. Presumably, John Young would have disclosed if a similar leak had
been found relating to the Eyeball directory, but it remains possible that
the information might have been deleted from the Cryptome archive prior to
2014-06-02
<https://thepiratebay.se/torrent/11113511/Cryptome_archive_2014-06-02> without
John realizing it had already leaked. More information will be required
before those possibilities can be excluded.
As of the time of this posting (13:45 Eastern October 9, 2015), John Young
has not added anything to his website, twitter account, or mailing lists
disclosing the now confirmed leak to his users. He did remove the graphic
advising his users that the GCHQ was/is allegedly monitoring them.
<http://web.archive.org/web/20151007140432/https:/twitter.com/Cryptomeorg/status/644123971051474944>
--001a114035e6c7bbc40521afa24c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Most up to date version: <a href=3D"http://that1archi=
ve.neocities.org/subfolder1/cryptome-admits-leak.html">http://that1archive.=
neocities.org/subfolder1/cryptome-admits-leak.html</a><br></div><div><br></=
div><div><br></div><div class=3D"gmail_extra"><span style=3D"color:rgb(0,0,=
0);font-family:Verdana;font-size:medium">Before reading this, I recommend r=
eading my first post raising concerns that the alleged GCHQ Cryptome slide =
from=C2=A0</span><a href=3D"http://that1archive.neocities.org/subfolder1/gc=
hq-cryptome-slide.html" style=3D"font-family:Verdana;font-size:medium">coul=
d be a mockup</a><span style=3D"color:rgb(0,0,0);font-family:Verdana;font-s=
ize:medium">, followed by my disclosure of=C2=A0</span><a href=3D"http://th=
at1archive.neocities.org/subfolder1/cryptome-leaked-logs.html" style=3D"fon=
t-family:Verdana;font-size:medium">Cryptome's leaked user logs</a><span=
style=3D"color:rgb(0,0,0);font-family:Verdana;font-size:medium">.</span><p=
style=3D"color:rgb(0,0,0);font-family:Verdana;font-size:medium">After=C2=
=A0<a href=3D"http://web.archive.org/web/20151009170831/https:/twitter.com/=
Cryptomeorg/status/651652489704554497">refusing to comment</a>, denying it,=
accusing it of=C2=A0<a href=3D"http://web.archive.org/web/20151009170829/h=
ttps:/twitter.com/Cryptomeorg/status/651838022909054978">being disinfo</a>,=
accusing me of=C2=A0<a href=3D"http://web.archive.org/web/20151007134316/h=
ttps:/twitter.com/Cryptomeorg/status/651751155962396674">stealing data</a>,=
accusing me of=C2=A0<a href=3D"http://web.archive.org/web/20151009170826/h=
ttps:/twitter.com/Cryptomeorg/status/651890295072755712">being a newbie adv=
ertising for a spy job</a>, declaring that it was=C2=A0<a href=3D"https://c=
punks.org/pipermail/cypherpunks/2015-October/009681.html">"a campaign&=
quot; against them</a>, accusing me of=C2=A0<a href=3D"http://web.archive.o=
rg/web/20151008125804/https:/twitter.com/Cryptomeorg/status/651777707873837=
056">faking data</a>, declaring that all logs leak and=C2=A0<a href=3D"http=
://web.archive.org/web/20151009170824/https:/twitter.com/Cryptomeorg/status=
/652067337621929984">they pay for the internet</a>, and=C2=A0<a href=3D"htt=
ps://twitter.com/NatSecGeek/status/651907692081115137">deleting my post</a>=
=C2=A0to the Cryptome=C2=A0<a href=3D"https://cpunks.org/pipermail/cypherpu=
nks/2015-October/009684.html">mailing list</a>=C2=A0alerting them to the le=
ak, Cryptome has acknowledged that the leaked logs I found were legitimate.=
John Young/Cryptome then thanked me, which is apology enough for all the a=
ccusations.</p><br style=3D"color:rgb(0,0,0);font-family:Verdana;font-size:=
medium"><blockquote style=3D"color:rgb(0,0,0);font-family:Verdana;font-size=
:medium">Date: Fri, 09 Oct 2015 11:54:05 -0400<br>To: Michael Best<br>From:=
John Young<br>Subject: Cartome AWStats=C2=A0<br><br><i>You were right abou=
t AWStats data. Not the stats for Cryptome itself but for the Cartome sub-d=
irectory, for four months, November 2009-February 2010. Included in a full =
site restoration by ISP NetSol after a full shutdown in June 2013.<br><br>T=
he stats have been deleted from the Cryptome archive. Probably best to not =
expose visitors' data further but then nothing can be fully deleted or =
hidden.<br><br>Thanks for discovering and reporting in this.<br><br>Publish=
this message if you like.<br><br>Regards,<br><br>John</i></blockquote><p s=
tyle=3D"color:rgb(0,0,0);font-family:Verdana;font-size:medium">Immediately =
after receiving his email, I deleted the stat files from my website. They w=
ere only published to force verification and public disclosure about the le=
ak. Now that it has been acknowledged, there's no point in continuing t=
o distribute them. If John provides a new cryptographically signed Cryptome=
archive file without those logs, I will replace the one hosted on Archive.=
org with the new, sanitized version. Note that .7z may be best to prevent t=
he archive's deriving process (it makes individual files within the zip=
viewable) from making changes to the .zip file which can cause it to no lo=
nger match the hash/cryptographic signature.</p><h3 style=3D"color:rgb(0,0,=
0);font-family:Verdana">What does this mean for the slide that seems to sho=
w GCHQ spying on Cryptome.org?</h3><p style=3D"color:rgb(0,0,0);font-family=
:Verdana;font-size:medium">According to John Young's email, the leak is=
limited to the Cartome sub-directory which would not include the Eyeball d=
irectory. However, the time frame matches up perfectly and does include the=
time period the slide appears to show. Determining whether or not the leak=
ever included the Eyeball directory, and why NetSol's glitch only rest=
ored those four months of the Cartome's stats to the Cryptome archive w=
hile trying to view a random selection of the leaked files on the online se=
rver failed, requires more information from NetSol, Cryptome's ISP. Inq=
uiring about those details from NetSol and disclosing them falls entirely t=
o John Young and Deborah Natsios. Presumably, John Young would have disclos=
ed if a similar leak had been found relating to the Eyeball directory, but =
it remains possible that the information might have been deleted from the C=
ryptome archive=C2=A0<a href=3D"https://thepiratebay.se/torrent/11113511/Cr=
yptome_archive_2014-06-02">prior to 2014-06-02</a>=C2=A0without John realiz=
ing it had already leaked. More information will be required before those p=
ossibilities can be excluded.</p><p style=3D"color:rgb(0,0,0);font-family:V=
erdana;font-size:medium">As of the time of this posting (13:45 Eastern Octo=
ber 9, 2015), John Young has not added anything to his website, twitter acc=
ount, or mailing lists disclosing the now confirmed leak to his users. He d=
id remove the graphic advising his users that the GCHQ was/is allegedly mon=
itoring them.</p><center style=3D"color:rgb(0,0,0);font-family:Verdana;font=
-size:medium"><a href=3D"http://web.archive.org/web/20151007140432/https:/t=
witter.com/Cryptomeorg/status/644123971051474944"><img src=3D"http://that1a=
rchive.neocities.org/subfolder1/cryptome-should-admit-compromise.png"></a><=
/center></div></div>
--001a114035e6c7bbc40521afa24c--
More information about the Testlist
mailing list