Jump to content

Wikileaks

Happy Face

By Happy Face,
in General Chat

 Share

Recommended Posts

Happy Face

Happy Face 29

Posted
  • Author
Posted

That WL tweet clearly says the bug infests the operating system to "bypass" encryption apps. I read it wrong initially too, so they could have reiterated what this meant, as many others did for them immediately, but they aren't inaccurate.

 

Credit cards don't have 6 digit sort codes. They have to come with 4 digit expiry dates & 3 digit ccv numbers.

 

The 22 character numbers in that record are called "bill id" and all start 436, are you sure they aren't unique donator id's rather than credit cards? Bank details are sensitive and should not appear in anyone's emails. I can't believe they would have been so careless as to email those about. None of the bill id's start with a 5 either for example, which you'd expect, being MasterCard.

 

I remain unconvinced that's what they are, though I can see reporters and that assuming it.

Link to comment
Share on other sites
  • Replies 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Park Life
Park Life

The big players all have deals and make back doors available to every single big footprint application. Encryption or no encryption. You'll find that a lot of the seed money for new digital and social

TheGingerQuiff
TheGingerQuiff

Ooof. He's got a black Granddad

Happy Face
Happy Face

4 weeks old but I just caught up with it. V.good.

Park Life

Park Life 71

Posted
Posted (edited)
  • Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA.
  • Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
  • Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
  •  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

 

''The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. :D

Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

As revealed by the British newspaper The Guardian, there have been repeated efforts to crack the Tor Network and de-anonymize its users. The top secret presentations published in October last year show that Tor is anathema to the NSA. In one presentation, agents refer to the network as "the king of high-secure, low-latency internet anonymity". Another is titled "Tor Stinks". Despite the snide remarks, the agents admit, "We will never be able to de-anonymize all Tor users all the time".

 

 

''The former NSA director General Keith Alexander stated that all those communicating with encryption will be regarded as terror suspects and will be monitored and stored as a method of prevention, as quoted by the Frankfurter Allgemeine Zeitung in August last year. The top secret source code published here indicates that the NSA is making a concerted effort to combat any and all anonymous spaces that remain on the internet. Merely visiting privacy-related websites is enough for a user's IP address to be logged into an NSA database.''

 

 

http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html

 

 

''Back in 2007, a Swedish hacker/researcher named Dan Egerstad showed that just by running a Tor node, he could siphon and read all the unencrypted traffic that went through his chunk of the Tor network. He was able to access logins and passwords to accounts of NGOs, companies, and the embassies of India and Iran. Egerstad thought at first that embassy staff were just being careless with their info, but quickly realized that he had actually stumbled on a hack/surveillance operation in which Tor was being used to covertly access these accounts.

 

Although Egerstad was a big fan of Tor and still believes that Tor can provide anonymity if used correctly, the experience made him highly suspicious.

He told Sydney Morning Herald that he thinks many of the major Tor nodes are being run by intelligence agencies or other parties interested in listening in on Tor communication.

“I don’t like speculating about it, but I’m telling people that it is possible. And if you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous? For example, five of six of them are in Washington

 

https://pando.com/2014/07/16/tor-spooks/

 

 

''If you thought the Tor story couldn’t get any weirder, it can and does. Probably the strangest part of this whole saga is the fact that Edward Snowden ran multiple high-bandwidth Tor nodes while working as an NSA contractor in Hawaii.

 

This only became publicly known last May, when Tor developer Runa Sandvik (who also drew her salary from Pentagon/State Department sources at Tor) told Wired's Kevin Poulsen that just two weeks before he would try to get in touch with Glenn Greenwald, Snowden emailed her, explaining that he ran a major Tor node and wanted to get some Tor stickers.

Stickers? Yes, stickers.''

 

 

''So the two of them threw a “crypto party” at a local coffee shop in Honolulu, teaching twenty or so locals how to use Tor and encrypt their hard drives. “He introduced himself as Ed. We talked for a bit before everything started. And I remember asking where he worked or what he did, and he didn’t really want to tell,” Sandvik told Wired.

 

But she did learn that Snowden was running more than one Tor exit node, and that he was trying to get some of his buddies at “work”to set up additional Tor nodes…

H'mmm....So Snowden running powerful Tor nodes and trying to get his NSA colleagues to run them, too?'' :D

 

 

''Dingledine and Mathewson might have been based in Boston, but they — and Tor — were hardly independent.

 

At the time that the Wired article went to press in 2005, both had been on the Pentagon payroll for at least three years. And they would continue to be on the federal government’s payroll for at least another seven years.

In fact, in 2004, at the Wizards of OS conference in Germany, Dingledine proudly announced that he was building spy craft tech on the government payroll:

“I forgot to mention earlier something that will make you look at me in a new light. I contract for the United States Government to built anonymity technology for them and deploy it. They don’t think of it as anonymity technology, although we use that term. They think of it as security technology. They need these technologies so they can research people they are interested in, so they can have anonymous tip lines, so that they can buy things from people without other countries knowing what they are buying, how much they are buying and where it is going, that sort of thing.”

Government support kept rolling in well after that.

 

 

In 2006, Tor research was funded was through a no-bid federal contract awarded to Dingledine’s consulting company, Moria Labs. And starting in 2007, the Pentagon cash came directly through the Tor Project itself — thanks to the fact that Team Tor finally left EFF and registered its own independent 501©(3) non-profit.

How dependent was — and is — Tor on support from federal government agencies like the Pentagon?''

Edited by Park Life
Link to comment
Share on other sites
adios

adios 717

Posted
Posted

That WL tweet clearly says the bug infests the operating system to "bypass" encryption apps. I read it wrong initially too, so they could have reiterated what this meant, as many others did for them immediately, but they aren't inaccurate.

 

Credit cards don't have 6 digit sort codes. They have to come with 4 digit expiry dates & 3 digit ccv numbers.

 

The 22 character numbers in that record are called "bill id" and all start 436, are you sure they aren't unique donator id's rather than credit cards? Bank details are sensitive and should not appear in anyone's emails. I can't believe they would have been so careless as to email those about. None of the bill id's start with a 5 either for example, which you'd expect, being MasterCard.

 

I remain unconvinced that's what they are, though I can see reporters and that assuming it.

Yep, I think you're right, as I stated above, and I trusted the news sources too quickly with just a brief glance at the source material at the time.

 

Since they're failing the Luhn test, I don't think they're any kind of sensitive numbers at all.

 

I'm probably going to email that Gizmodo journalist at some point to get his take, as he's stuck to his guns after Wikileaks rebuked him.

 

SSNs and PPNs shouldn't be freely bandied about, but I don't think there's any regulation stipulating that.

 

I probably owe yourself and Mr Assange an apology.  

 

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

I do think it's naive to think they didn't intend the press to misinterpret that, though I have been wrong before.  Can't remember when.  <_<

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Emailed Michael Nunez, 5% chance he responds or even reads.  Probably made a total pillock of myself, or he'll think I'm working for WikiLeaks.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Responded already :lol:

 

 

Hey Niall,

 

Unfortunately, I can't share private CC info with readers or really anyone beyond the research and verification stage. I tried my best to include as much info as possible in my stories. Hope they help and good luck searching.

 

-Mike

 

 

<_<

Link to comment
Share on other sites
adios

adios 717

Posted
Posted (edited)

He's sticking to his guns anyway.  I'll have to do another search, but this would be a perfect way to deflect/avoid admitting his mistake.

Edited by adios
Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Ok, after another email I'm 95% sure he's either covering his arse after realising his mistake or he's done almost no research.

 

Not sure if I can put the proof up on here.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

This is why I try not to get involved with this kind of shite.  <_<  I can't leave things alone once I'm interested.

 

Trying to decide if it's better to ask him my final question now or in the morning.

Link to comment
Share on other sites
Happy Face

Happy Face 29

Posted
  • Author
Posted

He's blatantly a partisan hack unable to support his claims but unable to admit it and lose face.

 

It's working too, as you say, Maher and that spread these untruths without seeking any evidence.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Well I don't want to be too harsh with him at this point.

 

Have sent him a final question and then will be forwarding my findings to the Guardian. :razz:

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

I got him to "confirm" that the numbers we were looking at are the ones they think are cc numbers:

 

 

 

The numbers below the email address might be CC numbers.

 

You'd have to confirm through a third party.

 

Good luck.

-Mike

 

He's cagey as fuck, ostensibly because he can't release sensitive information.

 

I've ruled out almost all possibilities that these numbers are obfuscated credit card numbers (within my limited ability).  Stripping out any 6 digits, forwards, backwards etc. 

 

Haven't really looked at incrementations, but I'd have to write a program to test more thoroughly.  Which I will fucking do if I have to. <_<

 

Just emailed another journalist that I know was in contact with him regarding this and subsequently published a similar article.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Journalist at The Verge confirms they did no testing :lol:

 

 

 

That was long enough ago that I'd have to go back through details, but as far as I recall we didn't test the numbers, so it could definitely be ambiguous. At this point you're probably more of an expert on it than I am, so I'm not sure how much help I could be with it.

 

Never reading another news source.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Both The Verge and Gizmodo (among others) have reported that the Wikileaks DNC dump included full 16-digit credit card numbers of donors.  Both Assange and Wikileaks have refuted this allegation.  Gizmodo at least doubled down and called him a liar for that.

 

The source seems to be Gizmodo (2 independent sources be damned) but their journalist is being cagey but is 95% full of shit at this point.

 

I'm trying to get someone who ran the story to admit they were wrong.

Link to comment
Share on other sites
adios

adios 717

Posted
Posted

Gizmodo journalist said enough that I know which numbers he claims are the full cc numbers, but unless they're very cleverly obfuscated (or I'm thick as fuck) but somehow not cleverly enough obfuscated that they just can't be read, he either hasn't done his homework or he's covering his arse.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept