Anonops #12: Spy on the Spyers

quote:

TERRORIST Facebook pages leaked from CIA.

quote:

Source: Roger Landry WTPNetwork™(312-94876)
Updated List (3/17/12) These groups, pages and websites will be added to the terrorists watch list pending investigation.

quote:

List of Partner Forums

A Free and Voluntary Society
"Action Group to Uphold the Constitution"
Anarcho-Capitalism
Columbia Missouri for Ron Paul 2012
End the War on Drugs
Growing Organic, Eating Organic

quote:

Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits

A clever hacker today has to make tough choices. Find a previously unknown method for dismantling the defenses of a device like an iPhone or iPad, for instance, and you can report it to Apple and present it at a security conference to win fame and lucrative consulting gigs. Share it with HP’s Zero Day Initiative instead and earn as much as $10,000 for helping the firm shore up its security gear. Both options also allow Apple to fix its bugs and make the hundreds of millions of iPhone and iPad users more secure.

But any hacker who happens to know one Bangkok-based security researcher who goes by the handle “the Grugq”–or someone like him–has a third option: arrange a deal through the pseudonymous exploit broker to hand the exploit information over to a government agency, don’t ask too many questions, and get paid a quarter of a million dollars–minus the Grugq’s 15% commission.

That iOS exploit price represents just one of the dozens of deals the Grugq (pictured above) has arranged in his year-old side career as a middle man for so-called “zero-day” exploits, hacking techniques that take advantage of secret vulnerabilities in software. Since he began hooking up his hacker friends with contacts in government a year ago, the Grugq says he’s on track to earn a million in revenue this year. He arranged the iOS deal last month, for instance, between a developer and a U.S. government contractor. In that case, as with all of his exploit sales, he won’t offer any other details about the buyer or the seller.

Even with the $250,000 payout he elicited for that deal, he wonders if he could have gotten more. “I think I lowballed it,” he wrote to me at one point in the dealmaking process. “The client was too happy.”

A six-figure price for a single hacking technique may sound extravagant, but it’s hardly unique. Based on speaking with sources in this secretive but legal trade, I’ve assembled a rough price list for zero-day exploits below.



Each price assumes an exclusive sale, the most modern version of the software, and, of course, not alerting the software’s vendor. Some fees might even be paid in installments, with each subsequent payment depending on the vendor not patching the security vulnerabilities used by the exploit. In some cases the techniques would need to be used in combination to be effective.

An exploit’s price factors in both how widely the target software is used as well as the difficulty of cracking it. A technique that allows a hacker to gain control of a Mac OSX machine after hacking an application might earn only a fraction of one that targets Windows, for instance, because of Windows’ greater market share. But an iOS exploit pays more than one that targets Android devices partly because it requires defeating Apple’s significantly tougher security features. That means most agencies can simply develop their own Android attacks, the Grugq says, while ones that can penetrate the iPhone are rare and pricey. For the Jailbreakme 3 iOS exploit created by the hacker Comex last year, the Grugq says he heard agencies would have been eager to pay $250,000 for exclusive use of the attack.

Who’s paying these prices? Western governments, and specifically the U.S., says the Grugq, who himself is a native of South Africa. He limits his sales to the American and European agencies and contractors not merely out of ethical concerns, but also because they pay more. “Selling a bug to the Russian mafia guarantees it will be dead in no time, and they pay very little money,” he says, explaining that he has no contacts in the Russian government. ”Russia is flooded with criminals. They monetize exploits in the most brutal and mediocre way possible, and they cheat each other heavily.”

As for China, he says that the country has too many hackers who sell only to the Chinese government, pushing down prices. “The market is very depressed,” he says. Other regions like the Middle East and the rest of Asia can’t match Western prices either.

As a result, the Grugq earns 80% of his revenue from the U.S., though occasionally the developers who work with him have asked that he sell only to Europeans. Over more than a decade in the hacker scene, he’s met enough federal agents to have contacts at multiple U.S. agencies, and he knows how to package his developer’s exploits for sale to those buyers, with professional marketing and support. “You’re basically selling commercial software, like anything else. It needs to be polished and come with documentation,” he says. “The only difference is that you only sell one license, ever, and everyone calls you evil.”

One of the most vocal of those critics is Chris Soghoian, a privacy activist with the Open Society Foundations, who has described the firms and individuals who sell software exploits as “the modern-day merchants of death” selling “the bullets of cyberwar.”

“As soon as one of these weaponized zero-days sold to governments is obtained by a ‘bad guy’ and used to attack critical U.S. infrastructure, the shit will hit the fan,” Soghoian warned in a talk at the Kaspersky analyst summit in February. “Security researchers should not be selling zero-days to middle man firms…These firms are cowboys and if we do nothing to stop them, they will drag the entire security industry into a world of pain.”

The Grugq sees no ethical compromise in his work. “The Chinese are conducting espionage on a massive scale. [Soghoian] wants to ban sales of software–sorry, exploits–to the U.S. and European allies?” he asks. “The only possible outcome is that the Chinese will increase their internal production and skills and the…West will fall behind.”

Anyway, he adds, he doesn’t believe banning the sale of exploit code wouldn’t make users more secure. “That’ll work just as well at eliminating exploits as the war on drugs has worked at eliminating drugs,” he says.

The Grugq is hardly alone in his industry. Small firms like Vupen, Endgame and Netragard buy and sell exploits, as do major defense contractors like Northrop Grumman and Raytheon.

Netragard’s founder Adriel Desautels says he’s been in the exploit-selling game for a decade, and describes how the market has “exploded” in just the last year. He says there are now “more buyers, deeper pockets,” that the time for a purchase has accelerated from months to weeks, and he’s being approached by sellers with around 12 to 14 zero-day exploits every month compared to just four to six a few years ago.

Desautels won’t offer much about exactly who his customers are. But he says not every buyer aims to use his zero-days for spying. He claims to have recently sold a browser exploit for $125,000 to a private sector client for who aimed to use it merely as a proof-of-concept for marketing purposes. Other buyers use Netragard’s exploits for penetration testing, he says. “If you test a bullet proof vest, you use a bullet, not a squirt gun,” says Desautels.

Nonetheless, he says that the firm is “extremely careful” about choosing its customers. “We reject a lot more people than we accept,” he says. “Realistically, we’re selling cyberweaponry.”

And what about the option of selling the exploits to the software vendor itself, so that it can patch the targeted program? Firms like Mozilla and Facebook offer developers a few thousand dollars for reporting bugs. Google typically offers a maximum of $3,133.70 for information about the most complex flaws in its software, a number that’s meant to spell out “elite” in hacker slang.

But a four-figure price is hardly elite enough for the Grugq. ”If they want their bugs fixed, they can buy them at market rates like everyone else,” he says. “From each according to their ability, to each according to their needs? That’s communism. If they want the output, they can pay for it like anyone else. They have my email.”

quote:

Planned BitTorrent Pirate Punishments Spark Protest

In a few months, millions of alleged BitTorrent pirates in the US will risk being punished by their Internet providers. While the plan was announced a year ago, protests against it have only started to heat up this week. In just a few days more than 90,000 people have signed a petition asking their Internet providers not to participate, and many more are expected to follow.

Last year the MPAA and RIAA signed a ‘ground-breaking’ deal with all the major Internet providers in the United States.

In an attempt to deter online piracy, a third-party company will collect the IP-addresses of alleged infringers on BitTorrent and other public file-sharing networks.

The ISPs will then notify these offenders and tell them that their behavior is unacceptable. After six warnings the ISP may then take a variety of repressive measures, which include cutting off the offender’s connection temporarily.

After the initial announcement things went quiet, but that changed last week when the RIAA and the Center for Copyright Information confirmed that all major ISPs will start warning BitTorrent users this summer.

This renewed attention resulted in wide press coverage, and also sparked massive protests. Activist group Demand Progress quickly switched back to SOPA-style campaign mode and launched a petition asking ISPs to cut out of the deal.

“They’re selling us out,” the group writes.

“Just weeks after Internet users from across the globe came together to beat SOPA, the major ISPs are cutting a deal with Big Content to restrict web access for users who are accused of piracy.”

The call didn’t go unheard, and within 24 hours more than 60,000 people signed the petition. Today this number has swelled to more than 90,000 and the end still isn’t in sight.

Earlier this week the Electronic Frontier Foundation (EFF) also expressed its concerns over the so-called ‘graduated response’ system. They highlight that the agreement puts the burden of proof on the alleged file-sharers, which doesn’t seem fair considering the many wrongful accusations that can occur.

“One key problem is the arrangement shifts the burden of proof: rather than accusers proving infringement before the graduated response process starts against a subscriber, the subscriber must disprove the accusation in order to call a halt to it,” EFF writes.

“Worse, accused subscribers have to defend themselves on an uneven playing field. For example, they have only ten days to prepare a defense, and with only six pre-set options available. Of course, there’s no assurance that those who review the cases are neutral, and the plan sorely lacks consequences for an accuser who makes mistaken or fraudulent claims.”

The EFF informed TorrentFreak that they plan to launch an activism campaign in the near future to raise awareness of these issues.

How ‘bad’ the graduated warning system turns out to be largely depends on what punishments Internet providers intend to hand out. Needless to say, a temporary reduction in bandwidth is less severe than cutting people’s Internet access.

At TorrentFreak we are interested in finding out which third-party company will be hired to monitor people’s BitTorrent downloads, and how solid their evidence gathering methods are.

This is important, because the RIAA’s previous partner MediaSentry used rather shoddy techniques which resulted in many false accusations. The RIAA’s current partner DtecNet also has shortcomings as they fail to understand how BitTorrent works.

As we move closer to the July deadline more details should emerge. At the same time the online protests are also expected to increase, both through public initiatives and various advocacy groups. While it’s doubtful that they will ever get the same exposure as the SOPA revolt, there is no doubt that these protests will be noticed.

quote:

DOJ Signs New Rules To Let Intelligence Officials Access, Store And Search More Info About US Citizens

quote:

The Obama administration is moving to relax restrictions on how counterterrorism analysts may access, store and search information about Americans gathered by government agencies for purposes other than national security threats.

Attorney General Eric H. Holder Jr. on Thursday signed new guidelines for the National Counterterrorism Center, which was created in 2004 to foster intelligence sharing and to serve as a clearinghouse for terrorism threats.

The guidelines will lengthen to five years — from 180 days — the center’s ability to retain private information about Americans when there is no suspicion that they are tied to terrorism, intelligence officials said. The guidelines are also expected to result in the center making more copies of entire databases and “data-mining them” — using complex algorithms to search for patterns that could indicate a threat — than it currently does.

quote:

An Answer to Rose Collins, Mother of Jeremy Hammond

This letter is in response to http://finance.townhall.c(...)for_anonymous/page/2

Hello Rose,

I have read your open letter and would like to provide a response. Before I do that please understand the following: I am merely one Anon of many and I can only speak for myself. I do not know how many fellow Anons do agree with this, some may, others may in part while even more may totally disagree. But this does not matter, this is just the way Anonymous works.

I will not go into my involvement in Anonymous Operations but I can say that I have communicated with both Sabu and the online identity who is alleged to be your son Jeremy on more than one occasion. So the whole situation is not completely alien to me.

As for your first question: Yes, we do have lawyers. Within Anonymous and also outside, which are willing to support and defend Anons who have been arrested. You may have seen the websites http://anonlg.com/, http://freeanons.org/, and http://freehammond.org.

These are just the ones I can think of right now, there are more. Additionally the EFF (Electronic Frontier Foundation, http://www.eff.org) is willing to help. So yes, there is much help on the legal front and if you want to provide your son with additional legal help, I suggest you contact one of these volunteers.

To your second question: "If you do not forget or forgive, are you in agreement with Jeremy regarding imprisonment of those convicted of crimes?"

This is a tough one, but I will give you my own answer: I guess you won't find many lawyers that would argue that AntiSec related actions are not illegal at all, but I do *not* consider them criminal. This is an important difference. I think his actions were morally justifiable because he did not hack for his profit - never. He did it out of conviction, because he believed in a good cause. He is sick of the system we live in, which certainly is a view that many Anons share. While there are a large group of Anons that do not share the methods he used, this is not relevant to me (and my opinion on this does not matter). What is important is that Jeremy - in my belief - acted out of a conviction that is ethically honorable and I respect that.

Coming to Sabu. A very delicate subject, as you can imagine. From what I can see, the majority of Anons despise Sabu with all their guts and some may even want to do him physical harm. I do not consider myself one of them, mostly because there is so much information missing (and some information reported in the media may be outright false) so I dare not judge on this incident without having access to the full facts. Secondly, I believe that Sabu was also fighting for a good cause and I would think (and hope) that he hates himself for what he has done. If what the FBI claims is all true, I am certainly disappointed in him, as I would have never expected that Sabu - of all! - would commit such a treason. It was a very sad day for Anonymous when this came out.

Next question: "Who are you to decide that all government secrets must be exposed?"

Well, I am Anonymous and again, I can only speak for myself. As I said above, many Anons do not condone the actions done by groups such as LulzSec and AntiSec; these operations were certainly controversial. But many Anons believe that governments must become more transparent and less secretive, especially because we learn every day that the Government is filled with corruption, lies and greed. There are very good reasons that almost every Anon is also a strong supporter of Wikileaks.

As for your last question: I agree. While the banks and bankers certainly play a major role in all the problems the system has, and certainly are to blame for much suffering of the majority of the people, they are only part of the machinery. There are also politicians, mighty international companies, manipulating mass media and lobbies - they all have their role in the fuckup we are living in. But in the end it all comes down to money. And this is why bankers are one of the most obvious targets.

I hope this answer helps you in any way. As a final word I wish to say that I hope that Jeremy will have the best possible result in court and I wish you both the very best for the future.

Kindly,

An Anon

quote:

Barendrechter aangehouden voor hacken KPN

De Nationale Recherche heeft vorige week dinsdag in Barendrecht een zeventienjarige jongen aangehouden op verdenking een digitale inbraak bij KPN in januari. Hij zou het computersysteem van het telecombedrijf met kwaadaardige software hebben beschadigd.

De Barendrechter verkreeg zo van enkele honderden servers de hoogste toegangsrechten. Dat meldt het Openbaar Ministerie. Ook werd in Australië een zestienjarige hacker aangehouden die in contact stond met de Nederlandse verdachte.

Verdachte hackte ook universiteitsnetwerken

De Nationale Recherche legde beslag op een versleutelde computer, twee laptops en gegevensdragers van de Nederlandse verdachte. Ze kwamen hem op het spoor nadat hij in een chatkanaal tegen studenten van de Korea Advanced Institute of Science and Technology (Kaist) had opgeschept over zijn inbraak. De verdachte is vermoedelijk ook binnengedrongen in computers van de Tokohu University in Japan, de universiteit van Trondheim in Noorwegen en de Kaist in Zuid-Korea. Bovendien lijkt de jongen een website te beheren waarop gegevens van gestolen creditcards worden verhandeld.

Volgens het OM blokkeerde KPN na de ontdekking van de hack uit voorzorg twee miljoen e-mailaccounts. Volgens het telecombedrijf staan de twee zaken los van elkaar. De inloggegevens van klanten die toen op internet verschenen bleken afkomstig van thuiswinkel baby-dump.nl, meldt persbureau Novum. KPN keerde een ton aan schadevergoedingen uit aan klanten die gedupeerd werden door het afsluiten van de mailaccounts.

Het voorarrest van de Barendrechter werd vrijdag met twee weken verlengd. Het OM kwam er vanwege het belang van het onderzoek niet eerder mee naar buiten. Volgens KPN laat de leeftijd van de verdachte Barendrechter en of er al dan niet sprake is van kwade opzet onverlet dat de beveiliging optimaal moet worden georganiseerd.

quote:

The disappearing virtual library

The shutdown of library.nu is creating a virtual showdown between would-be learners and the publishing industry

Los Angeles, CA - Last week a website called "library.nu" disappeared. A coalition of international scholarly publishers accused the site of piracy and convinced a judge in Munich to shut it down. Library.nu (formerly Gigapedia) had offered, if the reports are to be believed, between 400,000 and a million digital books for free.

And not just any books - not romance novels or the latest best-sellers - but scholarly books: textbooks, secondary treatises, obscure monographs, biographical analyses, technical manuals, collections of cutting-edge research in engineering, mathematics, biology, social science and humanities.

The texts ranged from so-called "orphan works" (out-of-print, but still copyrighted) to recent issues; from poorly scanned to expertly ripped; from English to German to French to Spanish to Russian, with the occasional Japanese or Chinese text. It was a remarkable effort of collective connoisseurship. Even the pornography was scholarly: guidebooks and scholarly books about the pornography industry. For a criminal underground site to be mercifully free of pornography must alone count as a triumph of civilisation.

To the publishing industry, this event was a victory in the campaign to bring the unruly internet under some much-needed discipline. To many other people - namely the users of the site - it was met with anger, sadness and fatalism. But who were these sad criminals, these barbarians at the gates ready to bring our information economy to its knees?

They are students and scholars, from every corner of the planet.

Pirating to learn

The world, it should not come as a surprise, is filled with people who want desperately to learn. This is what our world should be filled with. This is what scholars work hard to create: a world of reading, learning, thinking and scholarship. The users of library.nu were would-be scholars: those in the outer atmosphere of learning who wanted to know, argue, dispute, experiment and write just as those in the universities do.

Maybe they were students once, but went on to find jobs and found families. We made them in some cases - we gave them a four-year taste of the life of the mind before sending them on their way with unsupportable loans. In other cases, they made themselves, by hook or by crook.

So what does the shutdown of library.nu mean? The publishers think it is a great success in the war on piracy; that it will lead to more revenue and more control over who buys what, if not who reads what. The pirates - the people who create and run such sites - think that shutting down library.nu will only lead to a thousand more sites, stronger and better than before.

But both are missing the point: the global demand for learning and scholarship is not being met by the contemporary publishing industry. It cannot be, not with the current business models and the prices. The users of library.nu - these barbarians at the gate of the publishing industry and the university - are legion.

They live all over the world, but especially in Latin and South America, in China, in Eastern Europe, in Africa and in India. It's hard to get accurate numbers, but any perusal of the tweets mentioning library.nu or the comments on blog posts about it reveal that the main users of the site are the global middle class. They are not the truly poor, they are not slum-denizens or rural poor - but nonetheless they do not have much money. They are the real 99 per cent (as compared to the Euro-American 1 per cent).

They may be scientists or scholars themselves: some work in schools, universities or corporations, others are doubly outside of the elite learned class - jobholders whose desire to learn is and will only ever be an avocation. They are a global market engaged in what we in the elite institutions of the world are otherwise telling them to do all the time: educate yourself; become scholars and thinkers; read and think for yourselves; bring civilisation, development and modernity to your people.

Sharing is caring

Library.nu was making that learning possible where publishers have not. It made a good show of being a "book review" site - it was called library.nu after all, and not "bookstore.nu". It was not cluttered with advertisements, nor did it "suggest" other books constantly. It gave straight answers to straightforward searches, and provided user reviews of the 400,000 or more books in the database.

It was only the fact that library.nu included a link to another site ("sharehosting" sites like ifile.it, megaupload.com, or mediafire.com) containing the complete version of a digital text that brought library.nu into the realm of what passes for crime these days.

But the legality of library.nu is also not the issue: trading in scanned, leaked or even properly purchased versions of digital books is thoroughly illegal. This is so much the case that it can't be long before reading a book - making an unauthorised copy in your brain - is also made illegal.

But library.nu shared books; it did not sell them. If it made any money, it was not from the texts themselves, but from advertising revenue. As with Napster in 1999, library.nu was facilitating discovery: the ability to search deeper and deeper into the musical or scholarly tastes fellow humans and to discover their connections that no recommendation algorithm will ever be able to make. In their effort to control this market, publishers alongside the movie and music industry have been effectively criminalising sharing, learning and creating - not stealing.

Users of library.nu did not have to upload texts to the site in order to use it, but they were rewarded if they did. There were formal rules (and informal ones, to be sure), concerning how one might "level up" in the library.nu community. The site developed as websites do, adding features here and there, and obviously expanding its infrastructure as necessary. The administrators of the site maintained absolute control over who could participate and who could not - no doubt in order to protect the site from skulking FBI agents and enthusiastic newbies alike.

Even a casual observer could have seen that the frequent changes to the site were the effects of the cat-and-mouse game underway as law authorities and publishers sought to understand and eventually seek legal action against this community. In the end, it was only by donating to the site that law authorities discovered the real people behind the site - pirates too have PayPal accounts.

Shutting down learning

The winter of 2012 has seen a series of assaults on file-sharing sites in the wake of the failed SOPA and PIPA legislation. Mega-upload.com (the brainchild of eccentric master pirate Kim Dotcom - he legally changed his name in 2005) was seized by the US Department of Justice; torrent site btjunkie.com voluntarily closed down for fear of litigation.

In the last few days before they closed for good, library.nu winked in and out of existence, finally (and ironically), displayed a page saying "this domain has been revoked by .nu domain" (the island nation of Niue). It prominently displays a link to a book (on Amazon!) called Blue Latitudes, about the voyage of Captain Cook. A story about that other kind of pirate branches off here.

So what does the shutdown of library.nu mean? One thing it means is that these barbarians - these pirates who are also scholars - are angry. We scholars have long been singing the praises of education, learning, mutual aid and the virtues of getting a good degree. We scholars have been telling the world of desperate learners to do just what they are doing, if not in so many terms.

So there are a lot of angry young middle-class learners in the world this month. Some are existentially angry about the injustice of this system, some are pragmatically angry they must now spend $100 - if they even have that much - on a textbook instead of on themselves or their friends.

All of them are angry that what looked to everyone like the new horizon of learning - and the promise of the vaunted new digital economy - has just disappeared behind the dark eclipse of a Munich judge's cease and desist order.

Writers and scholars in Europe and the US are complicit in the shutdown. The publishing companies are protecting themselves and their profits, but they do so with the assent, if not the active support, of those who still depend on them. They are protecting us - we scholars - or so they say. These barbarians - these desperate learners - are stealing our property and should be made to pay for it.

Profiteering

In reality, however, the scholarly publishing industry has entered a phase like the one the pharmaceutical industry entered in the 1990s, when life-saving AIDS medicines were deliberately restricted to protect the interests of pharmaceutical companies' patents and profits.

The comparison is perhaps inflammatory; after all, scholarly monographs are life-saving in only the most distant and abstract sense, but the situation is - legally speaking - nearly identical. Library.nu is not unlike those clever - and also illegal - local corporations in India and Africa who created generic versions of AIDS medicines.

Why doesn't the publishing industry want these consumers? For one thing, the US and European book-buying libraries have been willing pay the prices necessary to keep the industry happy - and not just happy, in many cases obscenely profitable.

Rather than provide our work at cheap enough prices that anyone in the world might purchase, they have taken the opposite route - making the prices higher and higher until only very rich institutions can afford them. Scholarly publishers have made the trade-off between offering a very low price to a very large market or a very high price to a very small market.

But here is the rub: books and their scholars are the losers in this trade-off - especially cutting edge research from the best institutions in the world. The publishing industry we have today cannot - or will not - deliver our books to this enormous global market of people who desperately want to read them.

Instead, they print a handful of copies - less than 100, often - and sell them to libraries for hundreds of dollars each. When they do offer digital versions, they are so wrapped up in restrictions and encumbrances and licencing terms as to make using them supremely frustrating.

To make matters worse, our university libraries can no longer afford to buy these books and journals; and our few bookstores are no longer willing to carry them. So the result is that most of our best scholarship is being shot into some publisher's black hole where it will never escape. That is, until library.nu and its successors make it available.

What these sites represent most clearly is a viable route towards education and learning for vast numbers of people around the world. The question it raises is: on which side of this battle do European and American scholars want to be?

quote:

Tim Kuik: 'De echte boosdoeners zijn de Pirate Bays en Megauploads van deze wereld'

Vanuit Hoofddorp bindt de stichting Brein de strijd aan met illegale downloaders. Niet tot ieders genoegen.

'Sorry voor mijn kortademigheid', excuseert Tim Kuik zich met een wat gepijnigd gezicht. Op zijn kantoor in Hoofddorp, in het pand bij Buma/Stemra, zet hij thee neer voor zijn gast. 'Ik heb met skiën drie ribben gebroken, maar zet dat maar niet in de krant want dan wensen bepaalde groepen op internet me weer toe dat ik nog veel harder had mogen vallen.'

Welkom in de gezellige wereld waarin Tim Kuik (54), directeur van antipiraterijclub Brein zich al jaren beweegt. De stichting, bij het grote publiek vooral bekend van de waarschuwingsfilmpjes voorafgaand aan elke dvd of videofilm, bestrijdt sinds 1998 de inbreuk op auteursrechten. Dat doet ze namens en op kosten van de partijen die belang hebben bij handhaving van het auteursrecht. Naast de makers van bijvoorbeeld films en muziek zijn dat ook de uitvoerende kunstenaars, uitgevers, producenten en distributeurs.

Brein, waar elf mensen werken, zette zich de afgelopen jaren in om het overweldigende aanbod van illegaal materiaal via internet te verkleinen. Met succes. Er waren talloze rechtszaken voor nodig, maar uiteindelijk kreeg Brein vaak waarop het uit was.

De meest tot de verbeelding sprekende overwinning was de blokkering begin dit jaar van de immens populaire site The Pirate Bay. De uitspraak vormde het voorlopige sluitstuk van een jarenlange juridische strijd. De rechter beval internetproviders Ziggo en Xs4all de site te blokkeren. Het kat-en-muisspel dat Brein met zijn tegenstanders speelt, houdt nooit op, bleek afgelopen week alweer. Met de Pirate-Bay-uitspraak in de hand meldde Brein zich bij een aantal Nederlandse websites die internetters nu helpen het gerechtelijk verbod te omzeilen.

De activiteiten van Brein, en die van voorman Kuik in het bijzonder, maken hem tot vijand nummer één van velen die hun films en muziek graag gratis van internet betrekken. Ook in de wereld van voorvechters van een 'vrij en open internet' wordt hij door velen persoonlijk gehaat. De - vrijwel altijd anonieme - scheldpartijen aan het adres van Kuik op allerhande internetblogs liegen er niet om. 'We zijn maffia, we zijn nazi's, we zijn van alles. Ik kan me er niet druk om maken', aldus Kuik. Buiten schijnt de eerste echte lentezon.

quote:

Doet de heftigheid van de reacties u helemaal niets?
'Ach, zolang ze op al die blogs dit soort teksten zitten te tikken, zijn ze in ieder geval niet illegaal aanbod aan het downloaden.'

quote:

Maar het moet toch bijzonder onprettig zijn om doorlopend doodgewenst te worden.
'We hebben die reacties een tijd lang gevolgd en het is een vrij kleine club mensen die dat soort taal bezigt. Weet je wat het ook is? Ik vind dat soort reacties getuigen van zo'n grote domheid, dat ik het niet eens meer als storend ervaar.'

quote:

Er is ook meer inhoudelijke kritiek van serieuzere partijen. De strijd tegen The Pirate Bay won Brein bijvoorbeeld door internetproviders Xs4all en Ziggo voor de rechter te slepen. Zijn dat nou echt de boosdoeners?
'Nee, zij zijn het sluitstuk van onze strategie. De echte boosdoeners zijn de aanbieders van illegale content, dus de Pirate Bays en Mega-uploads van deze wereld. Wij spreken in eerste instantie altijd die partijen aan. Maar vaak reageren zij niet of ze laten weten dat ze niet van plan zijn om te stoppen met wat ze doen. In zulke gevallen stappen we naar de hostingprovider. Dat is de partij die, zeg maar, onderdak biedt aan die sites. Reageert die ook niet, of verplaatsen de aanbieders hun sites naar een andere hostingprovider - in het buitenland bijvoorbeeld - dan pas komen we bij internetproviders terecht, Ziggo en Xs4all in dit geval. Die werkwijze heeft de rechter nu al meerdere malen goedgekeurd.'

quote:

Financial services firms fear being shamed by Anonymous

Professionals in the financial services sector view reputational damage as one of the worst consequences of a successful cyber attack, a new report from PricewaterhouseCoopers (PwC) has revealed.

Based on the responses of 3,877 companies across 78 countries, PwC found that half of the respondents from the banking sector believed the risk cybercrime posed had increased over the past 12 months.

Exceeding the 36 per cent figure recorded in other industries, the report revealed that half of financial services professionals are primarily concerned over potential damage to their company's brand and reputation.

"Cybercrime puts the financial service sector's customers, brand and reputation at significant risk" said PwC partner Andrew Clark.

The increased number of 'shame' attacks by hacktivist groups such as the Anonymous collective was highlighted as a key dilemma facing FS companies.

"The impact of social media, hacktivism and activism are widening all the time," PwC director William Beer told V3.

"Reputational damage is far more difficult to shrug off than financial."

The professionals' fears follow a marked increase in the number of online attacks targeting the financial services industry.

PwC analysts revealed that cybercrime now accounts for 38 per cent of all reported crime incidents in the finance sector. This compared to the 16 per cent average recorded in other sectors.

The paper follows on from a research paper by Verizon reporting an increase in the number of politically motivated cyber attacks being mounted against companies and governments.

quote:

U.S. Agency Seeks Tougher Consumer Privacy Rules

The government’s chief consumer protection agency said on Monday that it intended to take direct aim at the vast industry that has grown up around the buying and selling of information about American consumers.

The agency, the Federal Trade Commission, called on Congress to enact legislation regulating so-called data brokers, which compile and trade a wide range of personal and financial data about millions of consumers from online and offline sources. The legislation would give consumers access to information collected about them and allow them to correct and update such data.

The agency also sent a cautionary signal to technology and advertising companies regarding a “Do Not Track” mechanism that allows consumers to opt out of having their online behavior monitored and shared. It warned that if companies did not voluntarily provide a satisfactory Do Not Track option, it would support additional laws that mandate it.

The recommendations, part of a sweeping set of guidelines in an F.T.C. report on Monday, represent the government’s latest move to address the issue of consumer privacy.

On one side of the debate are data brokers like Experian and Acxiom, which collect and sell information, and the huge ecosystem of technology and online advertising companies — including Google, Microsoft and Facebook — that target consumers based on their personal preferences.

On the other side are consumer groups and privacy advocates that are concerned about the volume of data being collected and how little control consumers have over that information.

The government’s Do Not Track efforts are likely to collide with the desire of companies to continue the lucrative business of collecting, using and sharing information about the people who use their services. Although these businesses say they support limits on using this information, they generally still want to be able to collect it.

One official from a prominent technology company, who declined to be named because the discussions with the government were continuing, said that “do not collect is basically death for online advertising.”

But the trade commission said unequivocally that it believed consumers who said they did not want to be tracked meant just that — no tracking at all. It said it would support legislation to require it.

“Do Not Track from our perspective certainly means ‘do not collect’ — not ‘do not advertise back,’ ” said Jon Leibowitz, the chairman of the F.TC. “If a real Do Not Track option doesn’t come to fruition by the end of the year, there will be, I don’t want to say a tsunami of support for Do Not Track legislation next Congress, but certainly a lot of support.”

The F.T.C. said it intended to work with the White House and the Commerce Department on proposals they unveiled last month to develop voluntary industrywide codes of conduct that the F.T.C. can enforce.

Mr. Leibowitz said the commission did not endorse any specific Congressional legislation, but he mentioned a bill introduced in the Senate in April 2011 by John Kerry, Democrat of Massachusetts, and John McCain, Republican of Arizona. That bill seeks to require companies to tell consumers what data is being collected and allow them to opt out of the practice.

At least two other bills have been introduced in Congress. But none of that legislation is likely to make it into law in this Congressional session, however, given the heavy schedule of pending matters and re-election campaigns.

Many data broker companies say much of the information they collect is available from public documents like property and voter registration records. Companies can sell their data to a variety of clients, including marketers, telecommunications companies, retailers and political campaigns.

Jennifer Barrett Glasgow, the chief privacy officer for Acxiom, said the focus on data brokers in the F.T.C. report was not a surprise. “It’s not an unreasonable request to have more transparency among data brokers,” Ms. Barrett Glasgow said. The company collects data from public records, surveys and consumer purchasing behavior both online and offline.

quote:

Europees Parlement zal ACTA niet voorleggen aan Hof van Justitie

Een commissie van het Europees Parlement heeft dinsdag in een stemming besloten om het omstreden antipiraterijverdrag ACTA niet voor te leggen aan het Europese Hof van Justitie. Het parlement zal nu zelf een oordeel moeten vellen.

De Commissie Internationale Handel van het Europese Parlement heeft met 21 stemmen tegen en vijf voor een Brits voorstel verworpen om het ACTA-verdrag voor te leggen aan het Europese Hof van Justitie. Door deze stap zal het Europese Parlement zelf een besluit moeten nemen over het omstreden antipiraterijverdrag. Als het verdrag toch aan het Hof van Justitie zou zijn voorgelegd, dan zou de behandeling van ACTA circa 1,5 jaar vertraging hebben opgelopen.

Naar verwachting zullen de parlementariërs in juni tijdens een stemming definitief een oordeel geven over ACTA. Alleen als het Europees Parlement groen licht geeft, kan het verdrag door de Europese Commissie geratificeerd worden.

Tegenstanders van het ACTA-verdrag zijn tevreden over het besluit. Doordat de stap naar de Europese rechter nu wordt overgeslagen, verwachten de tegenstanders dat het brede verzet tegen ACTA, dat in een groot aantal landen wordt gedragen, intact blijft.

Ondanks de kritische geluiden zou de Europese Commissie nog steeds voor implementatie van ACTA zijn, zo meldt het Duitse Heise Online op basis van een rapport dat zij in handen hebben gekregen. In het rapport is een citaat te lezen van Eurocommissaris van Handel, Karel de Gucht: "Er heerst een erg agressieve pan-Europese campagne tegen het ACTA-verdrag, wat ook cyberaanvallen op Europese instanties tot gevolg heeft."

De Europese Commissie zou bang zijn voor het imago van de Europese Unie mocht het antipiraterijverdrag worden afgewezen. Ook wordt de kritiek op ACTA bestempeld als 'niet onderbouwd'. Desondanks is het verzet in veel EU-lidstaten groot: zo wil Polen niets weten van ratificatie en zijn er bedenkingen in Nederland, Duitsland en Tsjechië.

quote:

Entertainment Industry Was Eager to Work With Megaupload

Considering the aggressive stance taken by the MPAA against Megaupload, one might be forgiven for thinking the Hollywood-backed group and file-hosting service were sworn enemies. But behind the scenes things were quite different, with companies including Disney, Warner Brothers and Fox courting Megaupload to set up content distribution and advertising deals.

“By all estimates, Megaupload.com is the largest and most active criminally operated website targeting creative content in the world,” said the MPAA in a statement issued immediately after Mega was shutdown in January.

As statements go, they don’t get much more harsh than that, so one might think that hostilities between Megaupload and the member companies of the MPAA are a long-standing thing.

But as we know, despite all the rhetoric the likes of the usually-aggressive Disney never sued the Hong Kong based file-hosting service, and instead opted to let the FBI do their work for them.

While this government-financed approach will have proven substantially cheaper than dragging Megaupload through civil court, some potentially embarrassing things would have inevitably come out in such a case – such as this selection of emails just obtained by TorrentFreak.

In an eyebrow-raising email penned by Disney attorney Gregg Pendola, the counsel contacts Megaupload not to threaten or sue the company, but to set up a deal to have Disney content posted on the Megavideo site.

quote:

Spanish Recording Industry Lobbyists Sue Professor For Highlighting Its Monopolistic Practices

Yet again, we're left scratching our heads at the basic failure of recording industry lobbyists to think about the consequences of their actions. The latest is that Promusicae, the Spanish recording industry lobbying group that is associated with the IFPI (which, itself is associated with the RIAA) has sued Spanish professor Enrique Dans for daring to state, in his opinion, that Promusicae violated Spanish antitrust laws. The blog post in question (Google translation) is actually mostly about the legal troubles of SGAE, the Spanish collection society which was accused of being involved in a massive criminal fraud operation. In the post, he also mentioned Promusicae and how it set up a system that he believes violated antitrust laws in effectively limiting access to radio airtime to members of Promusicae.

In response, Promusicae sued him for "violating their honor," demanding either 20,000 or 50,000 euros. Professor Dans explains the details on his own site (Google translation).

It seems pretty clear that this is nothing more than a SLAPP-style lawsuit -- with the recording industry lobbyists suing Dans to shut him up and to create chilling effects to silence other critics. It's a shameful way of dealing with critics, and, as Rick Falkvinge notes in his story (the first link up top), even if Dans is legally in the right, a court battle is very costly. Again as Falkvinge notes, perhaps it's time for the EU to start setting up anti-SLAPP laws to avoid these kinds of lawsuits as well.

But, more to the point, all this really does is call much more attention to Dans' original blog post from July, and the accusations he made about Promusicae. In what world does an industry lobbyist think that it's a smart move to call attention to a respected professor's blog post that describes some of their questionable behavior? A normal, thinking, individual would either respond directly to the charges with a detailed explanation for why it's wrong, or just let it go away. Suing only makes it worse in almost every way. Not only does it call worldwide attention to this blog post and the claims against Promusicae, but it also will likely make more people look more closely at Promusicae and what it's done... all the while showing off Promusicae lobbyists for the obnoxious bullies that they are. It's really quite incredible. As Falkvinge notes:

. Perhaps what amazes me most is that the public backlash to this kind of behavior is as predictable as a grandfather clock. How can the copyright monopoly lobby’s lawyers live in so completely disconnected an ivory tower, that they thought it was a good idea to file lawsuit against a reputable professor for claiming they’re a monopoly, using monopolistic practices – when this fact is not only well-established to the point of being in dictionaries, but even legislated? What kind of survivability would such a parasitic misantropic business have in the wild, if it were not protected by obsolete laws?

Of course, I guess they're thinking that the resulting chilling effects scaring away others from commenting might be worth any backlash. Or they're so focused on protecting "their honor" that they never bothered to think at all. I am curious, of course, how "honorable" it is to sue a respected professor for expressing his opinion? How can you sue someone for violating your honor when you have no honor at all?

quote:

Op dinsdag 27 maart 2012 01:02 schreef Papierversnipperaar het volgende:

Anonymous: Message to YouTube

quote:

UPDATE! Earlier this afternoon, YouTube decided to heed the warning and unlock TheAnonMessage's account. No Censorship. Knowledge is Free. We are Anonymous.

quote:

Death of a data haven: cypherpunks, WikiLeaks, and the world's smallest nation

A few weeks ago, Fox News breathlessly reported that the embattled WikiLeaks operation was looking to start a new life under on the sea. WikiLeaks, the article speculated, might try to escape its legal troubles by putting its servers on Sealand, a World War II anti-aircraft platform seven miles off the English coast in the North Sea, a place that calls itself an independent nation. It sounds perfect for WikiLeaks: a friendly, legally unassailable host with an anything-goes attitude.

But readers with a memory of the early 2000s might be wondering, "Didn't someone already try this? How did that work out?" Good questions. From 2000 to 2008, a company called HavenCo did indeed offer no-questions-asked colocation on Sealand—and it didn't end well.

HavenCo's failure—and make no mistake about it, HavenCo did fail—shows how hard it is to get out from under government's thumb. HavenCo built it, but no one came. For a host of reasons, ranging from its physical vulnerability to the fact that The Man doesn't care where you store your data if he can get his hands on you, Sealand was never able to offer the kind of immunity from law that digital rebels sought. And, paradoxically, by seeking to avoid government, HavenCo made itself exquisitely vulnerable to one government in particular: Sealand's. It found that out the hard way in 2003 when Sealand "nationalized" the company.

For the last two years, I've researched the history of Sealand and HavenCo. I used the Wayback Machine to reconstruct long-since-vanished webpages. I dug through microfilm of newspapers back to the 1960s. I pored over thousands of pages of documents, only recently unsealed, from the United Kingdom's National Archives.

My findings have just been published in a new 80-page article in the University of Illinois Law Review, one called "Sealand, HavenCo, and the Rule of Law" (PDF). It tells the full—and very weird—story of how this micronation happened to be in the right place (the North Sea) at the right time (the late 1990s) to provide some cypherpunk entrepreneurs with the most impractical data center ever built. Here, I'll give the condensed version of the tale, hitting the important points in HavenCo's history and explaining what went wrong.

quote:

U.S. Outgunned in Hacker War

WASHINGTON—The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said.

Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said.

His comments weren't directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren't likely to better protect computer networks.

Mr. Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington, said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy. Too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks, he said.

"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,'' Mr. Henry said.

James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, said that as gloomy as Mr. Henry's assessment may sound, "I am actually a little bit gloomier. I think we've lost the opening battle [with hackers].'' Mr. Lewis said he didn't believe there was a single secure, unclassified computer network in the U.S.

"There's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated,'' he added.

High-profile hacking victims have included Sony Corp., SNE +1.73%which said last year that hackers had accessed personal information on 24.6 million customers on one of its online game services as part of a broader attack on the company that compromised data on more than 100 million accounts. Nasdaq OMX Group Inc., NDAQ -0.71%which operates the Nasdaq Stock Market, also acknowledged last year that hackers had breached a part of its network called Directors Desk, a service for company boards to communicate and share documents. HBGary Federal, a cybersecurity firm, was infiltrated by the hacking collective called Anonymous, which stole tens of thousands of internal emails from the company.

Mr. Henry has played a key role in expanding the FBI's cybersecurity capabilities. In 2002, when the FBI reorganized to put more of its resources toward protecting computer networks, it handled nearly 1,500 hacking cases. Eight years later, that caseload had grown to more than 2,500.

Mr. Henry said FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.

"We have found their data in the middle of other investigations,'' he said. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''

Mr. Henry said that while many company executives recognize the severity of the problem, many others do not, and that has frustrated him. But even when companies build up their defenses, their systems are still penetrated, he said. "We've been playing defense for a long time. ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' he said.

Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added.

In one such incident in 2010, a group of Chinese hackers breached the computer defenses of the U.S. Chamber of Commerce, a major business lobbying group, and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

In the congressional debate over cybersecurity legislation, the Chamber of Commerce has argued for a voluntary, non-regulatory approach to cybersecurity that would encourage more cooperation and information-sharing between government and business.

Matthew Eggers, a senior director at the Chamber, said the group "is urging policy makers to change the 'status quo' by rallying our efforts around a targeted and effective information-sharing bill that would get the support of multiple stakeholders and come equipped with ample protections for the business community."

The FBI's Mr. Henry said there are some things companies need to change to create more secure computer networks. He said their most valuable data should be kept off the network altogether. He cited the recent case of a hack on an unidentified company in which he said 10 years worth of research and development, valued at more than $1 billion, was stolen by hackers.

He added that companies need to do more than just react to intrusions. "In many cases, the skills of the adversaries are so substantial that they just leap right over the fence, and you don't ever hear an alarm go off,'' he said. Companies "need to be hunting inside the perimeter of their network," he added.

Companies also need to get their entire leadership, from the chief executive to the general counsel to the chief financial officer, involved in developing a cybersecurity strategy, Mr. Henry said. "If leadership doesn't say, 'This is important, let's sit down and come up with a plan right now in our organization; let's have a strategy,' then it's never going to happen, and that is a frustrating thing for me,'' he said.

quote:

Megaupload proves users were legit

In light of Megaupload's upcoming court case in which the US Government has accused Megaupload of being a hotbed for illegal users, Mega has proved the majority of it's users were legitimate. Megaupload has released that a large sum of it's users were actually belonging to US Officials including over 15,000 accounts held by US Military. Of the accounts held by US Officials these included accounts held by members of the FBI, Homeland Security, NASA and the Senate.

Megaupload attorney's and users are fighting hard for the data to not be deleted at this time however there is no certainty at this time if the information will be saved.

In other Megaupload news Kim Dotcom and his wife Mona welcome their twin baby girls into the world. The twin girls are reported to be a healthy weight at 5.3 and 6.2lbs however their names have not yet been released.
This is the fourth and fifth children for the couple. While Kim Dotcom is still under house arrest leading up to his extradition case the founder can live comfortably with his $50,000 a month spending limit. When doctor's asked if the couple would like to keep the placenta Kim Dotcom responded "yes, and please send it to the FBI for forensic analysis so they can verify there is no pirate DNA ;-)". If nothing else Megaupload founder has kept his sense of humour.

quote:

Hackers in Europa straks strenger gestraft - maar alleen als ze crimineel zijn

Hackers die inbreken in ict-systemen moeten in de toekomst strenger worden gestraft. Tenminste, als het gaat om inbraken met een crimineel doeleinde. 'Ethische' hackers die alleen beveiligingslekken willen aantonen, moeten juist vrijuit gaan.

Dat staat in een herziening van een Europese richtlijn, die deze week met 50 stemmen vóór, één stem tegen en drie onthoudingen ruimschoots werd goedgekeurd in het Europees Parlement. In veel landen, waaronder Nederland, staat nu nog 1 jaar cel op computervredebreuk, maar dat moet minstens twee jaar gaan worden. Op het uitvoeren van grootschalige cyberaanvallen komt minimaal vijf jaar te staan, aldus het voorstel.

Klokkenluiders
Maar vooral het amendement waarin staat dat hackers met goede bedoelingen voortaan gevrijwaard moeten worden van vervolging, betekent een belangrijke verandering in het beleid dat tot nu toe werd gevoerd. Op dit moment lopen deze klokkenluiders het risico vervolgd te worden op basis van verschillende andere wetten. Met de vernieuwde cybercrime-wet zal dat niet langer het geval zijn, mits kan worden aangetoond dat de hack geen schadelijke gevolgen heeft gehad.

Ook in Nederland is het onderwerp 'ethisch hacken' al meermalen voorbijgekomen. Verschillende hackers wisten aan te tonen dat er instanties zijn die wel persoonsgegevens beheren, maar niet goed in staat zijn om hun websites, databases en websites te beveiligen. De website Webwereld riep de maand oktober 2011 uit tot 'lektober', waarin iedere werkdag een privacylek aan het licht werd gebracht.

In september vorig jaar kon een wetsvoorstel van de PvdA om bescherming te bieden aan goedbedoelende 'hacktivisten' al rekenen op steun van een meerderheid in de Tweede Kamer. Tot nu toe is dat er echter nog niet van gekomen - terwijl het goedbedoelende deel van de hackerswereld met smacht op een dergelijke maatregel wacht.

Whitehats
De Europese richtlijn is voor hen dus zeer welkom. Niet alleen worden goedbedoelende hackers ('whitehats' in het hackersjagon) gespaard, de kwaadwillenden ('blackhats') worden strenger aangepakt. Zo moet ondermeer ook het verspreiden van software die is bedoeld om hacken mogelijk te maken, strafbaar worden gesteld, evenals het online aannemen van de identiteit van een ander.

Helemaal definitief is het voorstel overigens nog niet. Het Europees Parlement moet de richtlijn nog intern behandelen, en vervolgens moeten ook de Europese Commissie en de Raad van Europa zich er nog over uitspreken. Tenslotte wordt de herziene richtlijn aan de individuele lidstaten voorgelegd, die er allemaal mee moeten instemmen.

quote:

Kan Anonymous morgen het hele internet platleggen?

Kan de hackersgroep Anonymous het hele internet platleggen? Dat is de vraag die nu de gemoederen op IT-sites en social media bezighoudt onder de hashtag #OpGlobalBlackout. Het beruchte hackerscollectief heeft vorige maand aangekondigd op 31 maart, morgen dus, de DNS-servers te hacken die het belangrijkst zijn voor het wereldwijde web. Of gaat het hier om een publiciteitsstunt? Zo is het op 31 maart in de Verenigde Staten in de meeste landen tenslotte allang 1 april...

Anonymous stelt dat 'Operation Global Blackout' een protest is tegen de Stop Online Piracy Act (SOPA), tegen politieke leiders die daarvoor verantwoordelijk zijn en tegen de financiële mensen van Wall Street. Maar waarom doen ze zo'n aanval, die als doel heeft financiële instituten en beursgenoteerde bedrijven plat te leggen, op een zaterdag als er niet wordt gehandeld? En kunnen ze het eigenlijk wel voor elkaar krijgen?

De kracht van Anonymous
De groep Anonymous verrees in 2003 en staat bekend om zijn cyberaanvallen op hooggeplaatste websites, zoals die van de overheid en CIA, miljoenenbedrijven, credit card-aanbieders en banken. Zelfs het Vaticaan moest er deze maand aan geloven, toen de website van de katholieke kerk in Rome gehackt werd. Alle aanvallen zijn waarschuwingen, om de kracht van hackers te laten zien.

Volgens de videoboodschap van Anonymous, waarvan de authenticiteit niet kan worden nagegaan, zullen alle websites morgen een foutmelding geven. Zelfs als ze het voor elkaar krijgen, is de actie tijdelijk. De stem van Anonymous belooft dat gewone individuen niet gedupeerd worden: 'Vergeet niet dat het om een protestactie gaat en dat we niet de dood van internet willen'. Waarom zouden ze ook? De organisatie zelf bestaat uitsluitend op het internet.

Hoe het werkt
De website techzine.nl, die het nieuws over de black-out in februari bracht, denkt dat zo'n aanval best mogelijk is. De site schrijft: 'De capaciteit van het aantal DNS-rootservers is inmiddels al meerdere malen uitgebreid om ervoor te zorgen dat ze niet allemaal offline gehaald kunnen worden. Op dit moment zijn er dus 13, hoewel we mogen aannemen dat al deze knooppunten over een flinke capaciteit beschikken moet ook Anonymous niet onderschat worden.' De dertien DNS-rootservers zorgen dat domeinnamen worden omgezet naar IP-adressen en geven er de juiste extenties aan, zoals .net, .com, .org, .eu .nl, etcetera.

Als die hoofdservers niet werken, kan niemand de gevraagde website dus meer vinden, zelfs als die onder een lagere server hangt. Maar om de hoofdservers te demobiliseren, moet je honderdduizenden IP-verzoeken tegelijk op ze afschieten, door duizenden verschillende DNS-servers. Heeft Anonymous wel zo'n groot bereik? Bovendien zijn de hoofdservers, volgens de experts die ze hebben ontwikkeld, ingesteld op constante cyberaanvallen en maken ze gebruik van een omweg, waardoor ze nooit direct zelf het doelwit zijn.

Operatie 'Ontmasker'
Het kan ook nog zijn dat de mensen achter Operation Global Blackout inmiddels al achter de tralies zitten. Internationale opsporingsdienst Interpol kondigde eind vorige maand in een persbericht aan dat het in vier landen 25 individuen had opgepakt die ervan worden verdacht bij hackerscollectief Anonymous te horen. Operatie 'Ontmasker' ging halverwege februari van start met als doel een serie cyberaanvallen op doelen in Latijns Amerika en Europa een halt toe te brengen. En Anomymous heeft zijn #OpGlobalBlackout-dreigingen sindsdien niet herhaald...

quote:

White Supremacist Hacks Trayvon Martin’s Email Account, Leaks Messages Online

The racist smear campaign against Trayvon Martin, the unarmed black teen shot to death last month in Florida, has reached a new level of ghoulishness. A white supremacist hacker says he's broken into Martin's email and social networking accounts, and leaked his private Facebook messages. We've been able to confirm that at least one email account that belonged to Martin was cracked.

The hacker, who goes by the name Klanklannon, posted what he said were Martin's private Facebook messages to the politics section (NSFW) of the anarchic message board 4chan—called "/pol/"—Tuesday afternoon at around noon. The messages were posted on four slides, strategically arranged to back up the insane racist argument that Trayvon was a Scary Black Teenager and so somehow deserved to be killed by neighborhood watch captain George Zimmerman that night.

A slide titled "Trayvon Martin Used Marijuana Habitually," features an exchange between Trayvon and a friend about getting high. Another slide, "Trayvon Martin was a Drug Dealer" features Facebook messages and photos that supposedly prove Martin dealt drugs, including a picture of Martin posing "aggressively with a large amount of cash in his hand." It's impossible to verify the hacked messages' authenticity—like other anti-Trayvon Martin propaganda, they're probably a mix of real and fake content— but they are now being passed around as gospel among the racist underbelly of the internet, including message boards like the neo-Nazi hive Stormfront, which Klanklannon apparently frequents.

In addition to the Facebook messages, Klanklannon posted a list of usernames and passwords for Martin's social media and email accounts as proof of his exploits. All of the passwords had been changed to racist slurs. (Gmail: "niggerniggernigger" Twitter: "coontrayvonnigger")

"I realize that some of this information might be to (sic) extreme to believe," Klanklannon writes in a copy of the original 4chan thread we've obtained. "That's why I offer you evidence. Here are my sources."

The list included login details for Martin's Gmail, Yahoo, MySpace, and Twitter accounts. A source who came across the 4chan post when it was live was able to use the information to log onto Martin's Gmail account Tuesday night. Our source panicked upon seeing that trolls had started using the account to send emails under Martin's name, and deleted the account. (An email sent to Martin's Gmail address bounced back today; Martin's Twitter account has also been deactivated. His MySpace page is still up, showing that the last login was Tuesday.)

On 4chan, Klanklannon made clear their intention to smear Trayvon. Klanklannon introduces the post with, "Today /pol/, tomorrow CNN." One 4chan user told us Klanklannon had been attempting to break into Martin's accounts for days, posting periodic updates to the board.

"Where did all the liberals go?," Klanklannon taunted after posting his slides. "Did they run off because they can't handle the facts?"

But Klanklannon included none of Martin's emails in his leak, because the picture they paint is of a normal high school junior preparing for college. A screenshot of Trayvon's Gmail inbox our source provided us is heartbreaking. Martin apparently used his Gmail account for his college search, and it's filled with emails about upcoming SAT tests and scholarship applications. ("Trayvon, now is the best time to take the SATs!") One email included the results of a career aptitude test, our source said. It "talked about his interest in aeronautics and stuff."

Klanklannon has proven nothing more than the depths to which the racist amateur detectives who have spent days obsessing over every aspect of Trayvon Martin's short life will sink in their horrible quest to vet a dead teenager.

quote:

Russia's Interior Minister Pushes For Extreme Internet Censorship Measures

Russia’s Ministry of the Interior plans to set up special centers to assess hate-mongering and extremism in mass media, including online publications, YouTube, and Facebook pages, Interior Minister Rashid Nurgaliyev said on Friday, according to Ria Novosti.

Nurgaliyev wants to open a center in each Russian district. Two already operate in Moscow and St. Petersburg. "We are working on creating special interregional centers with expertise in electronic media, printed, audio and video features to check them for any indications of extremism," he told Gazeta. The monitoring will be done by bureaucrats who are part of the presidential administration.

The initiative is the latest in the government’s crackdown on extremism on the Internet. And while politicians and activists alike believe it needs to be dealt with, this measure seems to have touched a nerve with everyone. So much so that even those expected to implement it have washed their hands of it.

“I'm afraid it may create the total surveillance of the Russian segment of the internet," Pavel Chikov, a lawyer and head of Agora human rights watchdog, told Gazeta. He said the initiative would lead to political censorship and an increase of criminal cases against bloggers on "invented accusations connected to extremism," something Russia has been accused of before.

Duma members were also skeptical, saying it was unclear how plenipotentiaries, who are political institutions, were supposed to help fight extremism. The plenipotentiaries themselves seem surprised, too. "This idea is definitely not ours. This is important, but the Ministry of the Interior and the Federal Supervision Agency for Information Technologies and Communications already do this expertise," a Far Eastern representative said.

Read more: http://www.businessinside(...)2012-3#ixzz1qgRVQPiT

quote:

China blokkeert sites en sociale netwerken na coupgeruchten

Geruchten over een ophanden zijnde coup hebben in China geleid tot de sluiting van zestien websites en de blokkade van twee sociale medianetwerken. Ook zijn zes mensen gearresteerd en is een onbekend aantal mensen ondervraagd.

Op de websites en twee Twitter-achtige diensten doken volgens staatspersbureau Xinhua berichten op over militaire voertuigen die de hoofdstad zouden binnenrijden.'Er gaat iets mis in Peking', zo werd daarin geconcludeerd.

De actie, die vrijdagavond laat werd aangekondigd door verschillende staatsmedia, onderstreept de vrees van de autoriteiten voor de groeiende toegang tot internet van de Chinese bevolking en de gretigheid waarmee Chinezen, ondanks de censuur en mogelijke straffen, de politiek bespreken.

Reinigen
De twee sociale medianetwerken die getroffen zijn door de maatregelen hebben elk meer dan driehonderd miljoen gebruikers. Voor het 'reinigen' van de sites hebben de sites drie dagen uitgetrokken.

In China woedt momenteel een van de ergste politieke crises in jaren. De machthebbers zijn druk bezig om de nalatenschap van Bo Xilai uit te wissen, het politieke kopstuk dat eerder deze maand werd ontslagen als partijchef in de stad Chongqing.