Tupac the Kiwi
May 30, 2011 8:04 PM   Subscribe

The Wikisecrets link should go here. Sorry.
posted by IvoShandor at 8:06 PM on May 30, 2011

The (interesting) claim was that PBS was hacked by a previously unreleased (0-day) vulnerability in Moveable Type 4. [via].
posted by These Premises Are Alarmed at 8:09 PM on May 30, 2011

All these fake Tupac resurrections are going to make the real one seem anticlimactic.
posted by ThePinkSuperhero at 8:09 PM on May 30, 2011 [20 favorites]

Also, early reports were linking the Lockheed hack to a flaw with their RSA tokens. More bad press for RSA. I hope* a lot of RSA sales reps are going to be asked a lot of questions come next contract renewal.

* But really, I doubt it. It's so easy to auto-renew those contracts. RSA servers are frequently years behind in software and system patching. Ownership of these systems is often with corporate IT, not security, and they aren't prioritized for patching any more than your internal Sharepoint server.
posted by These Premises Are Alarmed at 8:12 PM on May 30, 2011 [1 favorite]

Boy is the cult of St. Assange tiresome.
posted by Artw at 8:26 PM on May 30, 2011 [10 favorites]

I'm starting to like the guy.
posted by clavdivs at 8:28 PM on May 30, 2011 [8 favorites]

Atrocities being performed in the name of "St. Assange"? Sounds like his cult is getting downright Christian.
posted by oneswellfoop at 8:32 PM on May 30, 2011 [2 favorites]

`·.,¸,.·*¯`·.,¸,.·*¯[;::;](ᵒᴥᵒ )

All your metafilter are belong to nyansec.
posted by Ad hominem at 8:38 PM on May 30, 2011 [11 favorites]

Has anyone else noticed the striking resemblance between Tupac Shakur and Julian Assange??WAKE UP SHEEPLE
posted by swift at 8:38 PM on May 30, 2011 [1 favorite]

I watched the PBS report and do not understand what made the LULZ angry unless it was the prominent footage of Adrian Lamo who (imho is not really a hacker but like me a URL archeaologist) turned Manning in. I felt like the treatment of Manning was forgiving..
posted by maggieb at 8:51 PM on May 30, 2011

It doesn't matter how frontline actually treated Wikileaks at all. Any mass media outfit that isn't 100% behind Assange and Wikileaks will be hacked.

Personally, I' waiting for the Guardian, Le Monde and The New York Times to get hacked by Anonymous for being insufficiently pro-Wikileaks.
posted by happyroach at 9:02 PM on May 30, 2011 [3 favorites]

CYBERWAR!!!!

This totally justifies the billions the government is spending on CYBERWAR. I mean. Except for the fact they weren't able to stop any of this crap.
posted by delmoi at 9:04 PM on May 30, 2011

This hack made my absolutely livid, and I've been raging over it all day.

First, you do not attack journalists. Anyone who attacks a journalist is, to me, an enemy of real democracy. Be it physical or digital. I don't care if you agree or disagree with what they are saying, I will defend every journalist out there to my dying breath. When you attack someone for reporting something you don't like, you've attacked the very foundations of free society. Those who attack the foundations of a society's freedom deserve none.

Second, the false article was posted on the PBS NewsHour. This was absolutely stupid. Frontline is created by WGBH in Boston, while the NewsHour is produced completely independently by MacNeil/Lehrer Productions in Arlington, VA. Attacking the NewsHour for something Frontline showed would be like attacking Berkeley because a research lab at Yale published something in Nature. Sure both schools have researchers publishing in the same journal but that's it. Anyone who mistakes the two is an idiot of the highest caliber.

If the folks at Wikileaks want to be seen as an honest source of journalism (which I think they are) and not just a bunch of anarchists (which is what many people see them as), there should be an effort in their community to denounce this attack. It goes against everything they stand for.
posted by thebestsophist at 9:04 PM on May 30, 2011 [43 favorites]

So what was the 0day in MT4? They used havij but it wasn't a SQL injection?
posted by Ad hominem at 9:11 PM on May 30, 2011

Personally, I' waiting for the Guardian, Le Monde and The New York Times to get hacked by Anonymous for being insufficiently pro-Wikileaks.

Well, the site for Le Monde Diplomatique was also hacked last weekend, briefly showing a front page article claiming that la longue durée was insufficiently nuanced as an historical model to explain the current willingness of the Chinese to absorb US debt.

It is unclear whether or not this was related to the Wikileaks affair, or anything else.
posted by TheWhiteSkull at 9:14 PM on May 30, 2011 [4 favorites]

Personally, I' waiting for the Guardian, Le Monde and The New York Times to get hacked by Anonymous for being insufficiently pro-Wikileaks.

Soon The Lulz Boat will be making another round ...
posted by octobersurprise at 9:15 PM on May 30, 2011

delmoi: USCYBERCOM is not set up to defend against this type of attack, their purview is not about defending every single piece of software installed on every single server. They're about watching over large scale attacks on infrastructure-oriented systems such as nuclear power plants, stock markets, government DNS servers, and satellites. It would be both inefficient and actually impossible for a single entity to watchdog over every server in America (and a major breach of privacy if it was even possible).
posted by thebestsophist at 9:21 PM on May 30, 2011 [1 favorite]

Atrocities being performed in the name of "St. Assange"? Sounds like his cult is getting downright Christian.

where were you last year? I didn't use my Mastercard to buy any Christmas presents off Amazon because both those sites treated Assange badly and I knew he'd be a target.

In related news, the first play about Julian Assange premieres soon in Sydney. I'm a bit sad it isn't just a straight Stainless Steel Rat adaptation.
posted by Lovecraft In Brooklyn at 10:22 PM on May 30, 2011

That's weird, I didn't think WikiSecrets was particularly hostile to Assange. I mean, yeah, people critical of Assange got to speak...

What's also weird: I had assumed someone hacked PBS just to show they could and put up the fake Tupac story just because they thought it was funny -- so it's odd to notice I've lost respect for the hackers after knowing the real reason.
posted by Nattie at 10:25 PM on May 30, 2011 [2 favorites]

The Lockheed incident doesn't seem to be in the same category as the PBS incident. the first hacking incident is probably driven by state intelligence agencies and/or criminal syndicates while the second is driven by misguided hacker activists.
posted by Bwithh at 10:27 PM on May 30, 2011

@thebestsophist: I think it's a big mistake to equate the actions of lulzsec with the actions of wikileaks. The transliteration happens too quickly and suddenly everyone can't believe how Wikileaks hacked PBS. I think asking for their condemnation is fair, though.

@Nattie: If you watch both clips, you can see a couple points that got cut out of the official interview that seem pretty salient: 1) Assange claims that the chats are doctored - he says they're not sure if they're mostly falsified or mildly contaminated. 2) Assange also claims that none of the people named in any documents Wikileaks has ever published has ever been harmed. That seems like a pretty salient detail.

I also think Frontline got too excited building a narrative of how a homosexual Manning rebelled against a gay bashing military, and ignored their own sources - the chats - that repeatedly claimed that he was trying to release these documents to do good for the world, not in revenge.

When I just watched the official Wikisecrets I didn't think it was that unfair either, but after watching the full interview, I totally thought they created a biased narrative. I recommend you watch both before deciding.
posted by OrangeDrink at 10:36 PM on May 30, 2011 [1 favorite]

in other news, it's been revealed that tupac had 3 clones made before he died and they're now recording their first album as sixpac
posted by pyramid termite at 10:45 PM on May 30, 2011 [6 favorites]

About Lockheed Martin.

Hackers may have got past LMT’s defenses by using duplicate SecurID electronic keys produced by the RSA unit of EMC Corp., EMC 0.00%  the paper reported. EMC had said in March that a sophisticated attack on its RSA products had been launched.

Some said a master list of the serial numbers of fobs sold to various companies was stolen from EMC a couple months back. With the serial number you can seed the algo on a software implementation of the fob and predict the sequence of numbers that would pop up on a given fob. What does this attack on Lockheed bode for companies still using old fobs? Are we going to see more attacks? Are they unconnected?
posted by Ad hominem at 10:49 PM on May 30, 2011

If the folks at Wikileaks want to be seen as an honest source of journalism (which I think they are) and not just a bunch of anarchists (which is what many people see them as), there should be an effort in their community to denounce this attack. It goes against everything they stand for.

False flag.
posted by Blazecock Pileon at 11:26 PM on May 30, 2011

I also think Frontline got too excited building a narrative of how a homosexual Manning rebelled against a gay bashing military, and ignored their own sources - the chats - that repeatedly claimed that he was trying to release these documents to do good for the world, not in revenge.


I haven't watched the Frontline documentary but just wanted to suggest that even if Manning had no intention to take revenge on the military for personal reasons, whistleblowers are usually outsiders within an organization - on the inside but feeling that they're not really fitting in or being subject to subtle (doesn't have to be overt or severe), systematic discrimination in their organizational culture: women, minorities, homosexuals. The US Army has a very strong organizational culture that its members ethically identify with and bond through its values and sense of community - it has to, as a fighting force. this also means organizational members may tend not towards whistleblowing-type activities. But in such a situation someone who felt that he or she was an outsider on the inside would probably feel the difference especially acutely.
posted by Bwithh at 11:35 PM on May 30, 2011 [1 favorite]

where were you last year? I didn't use my Mastercard to buy any Christmas presents off Amazon because both those sites treated Assange badly and I knew he'd be a target.

Eh, worrying about the security of your credit cards is a waste of time IMO. These hackers steal millions of cards but how many do they actually use? Credit card companies have sophisticated algorithms to search for fraud, and ultimately you should be aware of any unusual activity. This is really the least of my concerns personally.

1) Assange claims that the chats are doctored - he says they're not sure if they're mostly falsified or mildly contaminated.

How would he know? I mean, Adrian Lammo hardly seems like a reliable witness, and the chat logs would be easy to modify. But how would Assange know, unless he is admitting that he knows Manning is the source?
posted by delmoi at 11:38 PM on May 30, 2011

thebestsophist, I agree that genuine journalists shouldn't become targets for attacks. But posting a fake story about a dead rapper from years ago doesn't seem like much of an attack to me. More a prank. Are we allowed to play pranks on journalists?

If they'd really wanted to so some damage, some financial story designed to get people selling certain shares would have been a more serious intervention.

But they're in it for the lulz, evidently.
posted by memebake at 12:10 AM on May 31, 2011

But how would Assange know, unless he is admitting that he knows Manning is the source

It seems like we like to assume Assange got the files via some sort of drop, but it seems like Manning and Assange were in some sort of continuous contact. This is probably not uncommon though, don't legit journalists spend time getting sources to trust them?

(8:01:30 AM) Lamo: Does Assange use AIM or other messaging services? I’d like to chat with him one of these days about opsec. My only credentials beyond intrusion are that the FBI never got my data or found me, before my negotiated surrender, but that’s something.
(8:01:53 AM) Lamo: And my data was never recovered.
(8:02:07 AM) Manning: no he does not use AIM
(8:02:37 AM) Lamo: How would I get ahold of him?
(8:02:59 AM) Manning: he would come to you
(8:03:26 AM) Lamo: I’ve never failed to get ahold of someone.
(8:03:29 AM) Manning: he does use OTR though… but discusses nothing OPSEC
(8:03:42 AM) Lamo: I cornered Ashcroft IRL, in the end.
(8:04:19 AM) Manning: he *might* use the ccc.de jabber server… but you didn’t hear that from me
(8:04:33 AM) Lamo: gotcha

So Manning knew Assange used OTR as well as the CCC jabber server. The open question is what was discussed during the conversations between Manning and Assange.
posted by Ad hominem at 12:13 AM on May 31, 2011

It is kinda strange that Lamo, who had donated to WikiLeaks, and undoubtedly knew Assange from EFNET #hack as well as Bugtraq, and through Assange's authorship of strobe ( C'mon, an Assange email address is still on the man page) is asking Manning how to get in touch with Assange. It is almost like Lamo is fishing.
posted by Ad hominem at 12:18 AM on May 31, 2011

@memebake: thebestsophist, I agree that genuine journalists shouldn't become targets for attacks. But posting a fake story about a dead rapper from years ago doesn't seem like much of an attack to me. More a prank. Are we allowed to play pranks on journalists?

My understanding is that they released usernames, passwords, email addresses, and system logins. That's an invitation for chaos on the site, not just some harmless stories.

@OrangeDrink: I also think Frontline got too excited building a narrative of how a homosexual Manning rebelled against a gay bashing military, and ignored their own sources - the chats - that repeatedly claimed that he was trying to release these documents to do good for the world, not in revenge.

I felt that their treatment of Manning was focused around highlighting that the military let this obviously unstable person with authority issues have access to tons of classified data. In retrospect, it seems pretty clear that this was bound to happen. And I'm not saying that Manning was portrayed as being loony -- his troubles are the troubles of many people his age -- but that the military should have recognized that there's a higher standard for people with so much access.

I wanted to feel sorry for Manning after watching the episode, I really did. But I couldn't get past the fact that he released information where the only purpose could have been to embarrass the US government. War videos like the Collateral Murder that raise serious issues, sure. But all the diplomatic cables? That was plain voyeuristic.

@Ad hominem: It is kinda strange that Lamo, who had donated to WikiLeaks, and undoubtedly knew Assange from EFNET #hack as well as Bugtraq, and through Assange's authorship of strobe ( C'mon, an Assange email address is still on the man page) is asking Manning how to get in touch with Assange. It is almost like Lamo is fishing.

Maybe Lamo did know how to get ahold of Assange, but he was trying to test the voracity of bradass's claim. Hackers are, by and large, a suspicious bunch.
posted by The Supreme Dominar at 12:33 AM on May 31, 2011

Heh, the voracity of a claim.
posted by Mooseli at 1:00 AM on May 31, 2011

veracity, voracity... whatever :)
posted by The Supreme Dominar at 1:02 AM on May 31, 2011

It seems pretty clear, from following Lulzsec on Twitter, that this has turned into nothing more than black-hat one-upmanship, since their prime focus now seems to be poking fun at Anonymous, and, in the last few hours, DDOSing 2600's servers.
posted by Jimbob at 2:04 AM on May 31, 2011

It surely would have been more polite of them to report the zero-day flaw to the people in charge of Movable Type. But expecting politeness from a group calling itself "lulzsec" is probably too much.
posted by LogicalDash at 3:27 AM on May 31, 2011

Boy is the cult of St. Assange tiresome.

You think their mad now? They are going to be super-pissed when Manning pleads not guilty by reason of insanity.
posted by Ironmouth at 3:33 AM on May 31, 2011

If the folks at Wikileaks want to be seen as an honest source of journalism (which I think they are) and not just a bunch of anarchists (which is what many people see them as), there should be an effort in their community to denounce this attack. It goes against everything they stand for.

Why are the only two options for Wikileaks either journalists or a bunch of anarchists? Why do they have to fit into some pre-existing box for you to take them seriously?

Them standing up and denouncing this is going to piss off a group that supports them to appease a group that think they are traitors, regardless of their journalistic credibility. It's a no-win situation, all for the benefit of being taken seriously by a country who are either ready to anoint or behead them, with few in between.
posted by dflemingecon at 3:45 AM on May 31, 2011

I actually have another problem with that argument; it's akin to expecting fundamental Muslim groups to denounce acts of terrorism by extremist groups in order to not be considered terrorists. Wikileaks didn't carry out the attacks, why should they have to defend their fundamental beliefs because a few extreme people decided to do a bad thing?
posted by dflemingecon at 3:50 AM on May 31, 2011 [1 favorite]

How about denouncing it because they'd be supporting freedom of speech and it's the right thing to do?

But they won't because they're spineless and PBS hurt their feelings.
posted by Anything at 4:44 AM on May 31, 2011 [1 favorite]

Well, I don't really have an opinion about how the Frontline program portrayed Assange, but it sure made it clear that Adrian Lamo is a total fucking asshole.
posted by crunchland at 5:42 AM on May 31, 2011

@OrangeDrink: I'm not trying to equivocate LulzSec and Wikileaks, I'm saying that people are acting in their name whether or not they want them to. As such, they need to be dissuading people from acting this way in their name.

@memebake: they released user passwords and system logins as well. Further, even if it was a hack. How pissed would we be if someone hacked into MSNBC and Fox and posted an article that said "Obama is dead." A hoax aimed at a news agency's website is not just an attack on the news agency, it misleads the public…potentially dangerously. Wrong is wrong.

@dflemingecon: I'm not talking about options about what they are, I specifically said what they are perceived as. While there are many of us (who know more about the situation) will have a more nuanced view of Wikileaks, those that just hear the soundbites (likely the majority of people) will not be as informed to do the same. Oftentimes, this results in an oversimplified view of what Wikileaks is, as well as a conflation people's minds of the hackers and wikileaks themselves.

Alternative journalism—such as Wikileaks—is still a new idea. A lot of people don't understand it and many fear it. As a young medium, its methods and purpose are susceptible to abuse and it only takes one bad egg to ruin a reputation. And in journalism reputation is what makes people accept your reports as trustworthy and worthwhile. Good reputations take years to build but can be destroyed with a single error and once people perceive something as bad, they may never shake that view no matter how much evidence is presented.
posted by thebestsophist at 6:52 AM on May 31, 2011

@delmoi - In the unedited version of the video, Assange claims that Wikileaks looked at the chats after Lamo (so aptly named) released them, and found inconsistencies there, such as reversed time stamps and a few other things.

It's interesting what Assange says about Lamo, too. He says that Lamo calls himself a Wikileaks supporter, but that he only signed in, donated 20 bucks, and immediately signed out without looking at anything else. Assange is a crazy paranoid person (with the CIA, NSA and FBI after you, I guess it's not surprising), but Assange paints Lamo as someone who only donated so he could claim to be a Wikileaks supporter. He also basically calls Lamo a fameball who was only motivated by the limelight.
posted by OrangeDrink at 8:00 AM on May 31, 2011

He also basically calls Lamo a fameball who was only motivated by the limelight.

If anyone would know, it would be St. Assange.
posted by Ironmouth at 9:25 AM on May 31, 2011 [1 favorite]

Why are the only two options for Wikileaks either journalists or a bunch of anarchists

They are anarchists, that doesn't preclude them from being journalists.

They are not going to denounce attacks, Assange is fundamentaly a hacker.
posted by Ad hominem at 9:40 AM on May 31, 2011

From the Guardian: WikiLeaks accused Bradley Manning 'should never have been sent to Iraq': Soldier held over US intelligence leak was known to be mentally fragile and unsuited to army life
posted by homunculus at 10:53 AM on May 31, 2011

If anyone would know, it would be St. Assange.

Just to underscore how deeply and well-thought out your objections to WikiLeaks are, you guys should replace the letter "s" with a dollar sign, like $t. A$$ange. You'll lend a lot more credibility to your position, that way.
posted by Blazecock Pileon at 2:22 PM on May 31, 2011 [3 favorites]

I think even anonymous would admit that Assange has a hell of an ego on him.
posted by Artw at 3:27 PM on May 31, 2011

Curious.
posted by scalefree at 3:29 PM on May 31, 2011

L3 also apparently had a Lockheed-like attack.
posted by These Premises Are Alarmed at 5:12 PM on May 31, 2011

If anyone would know, it would be St. Assange.

Just to underscore how deeply and well-thought out your objections to WikiLeaks are, you guys should replace the letter "s" with a dollar sign, like $t. A$$ange. You'll lend a lot more credibility to your position, that way.

Perhaps you could look through my voluminous commenting on the subject here and let me know exactly where my objections are not well thought out. Since they mirror those of Amnesty International, many other NGOs, Daniel Domscheit-Berg (the man who actually designed the application and left Wikileaks with the keys to the application and all the data), and Stephen Colbert, I think that they are quite well thought out, and center around the risks associated with mass document dumps and the fundamentally undemocratic nature of attacking systems of secrecy supported by years of democratic voting for such programs by citizens and tons of polling data showing that US voters disapprove of Assange's actions and disruptions to the US system of keeping information secret. Similarly, the mass disclosure of diplomatic cables make it difficult for the President to receive the confidential, frank information he needs to guide the nation's foreign policy. Finally, many of the interlinks created and barriers that were removed after 9/11 are designed to make sure that decision-makers in the military, diplomatic, intelligence and political sectors are fully informed of potential terrorist threats. Attacking those links will result in security compartmentalization denying us the benefits of those links.

The fact that Mr. Domscheit-Berg, and in a much smaller way myself and others here have pointed out that Assange's titanic ego is part of the reason he has taken these interperate acts, sometimes in a lighthearted way, in no way lessens the strength of these criticisms, which have never been fully addressed by Mr. Assange's defenders here or elsewhere, who seem lost in a fantasy world where criminal dissemination of mass numbers of government source documents is supposed to win some sort of victory at the ballot box. The polling shows that the majority of Americans disagree with this position and their voting in of successive governments who have continued to seek a balance between information disclosure and keeping important secrets.

So if you've got something substantive to say on these points that I've made repeatedly on this site since wikileaks appeared, I'd appreciate it, instead of pretending that the fact I make fun of Assange's titanic ego somehow lessens my long record here of bringing up substantive criticism of his actions and those of his supporters.
posted by Ironmouth at 9:17 PM on May 31, 2011

I should have rtfa
posted by memebake at 1:08 AM on June 1, 2011

Stephen Colbert

We've been over this so many times I've lost count, but Stephen Colbert does not share your views about WikiLeaks.
posted by Blazecock Pileon at 4:35 AM on June 1, 2011

Stephen Colbert

We've been over this so many times I've lost count, but Stephen Colbert does not share your views about WikiLeaks.

Your disagreeing with me on the subject does not make it so. Dude was straight up asking real, actual, difficult questions of Assange, not fake ones designed to make the right-wing viewpoint look dumb.
posted by Ironmouth at 9:06 AM on June 1, 2011

Judy Woodruff wrote a post on the NewsHour blog about her reaction to the hacking.

If we were a newspaper and someone threw a small bomb through the window, crippling our printing press and shutting down operations until we could get a replacement, we'd call the police. But what's the equivalent of 911 when a cyber attack happens? Who will reimburse us for lost man and woman hours and reports that didn't get published when actual news was breaking? And will it undermine the trust our viewers and readers place in us? How to place a value on that? This breach wasn't done to steal national secrets or money from us, but to express anger over the work of the free press.

The NewsHours also did a segment on the hacking.
posted by thebestsophist at 6:39 PM on June 1, 2011

LulzSec hits FBI affiliate InfraGard.
posted by scalefree at 8:42 PM on June 3, 2011

I used to go to Infragard meetings when I lived in Cleveland. They were fun, but, wow, am I not surprised. The audience was mostly cops and some especially antique compliance women from NASA.

I wonder what vulnerabilities might exist on the (ISC)2's websites.
posted by These Premises Are Alarmed at 7:20 AM on June 4, 2011

And the wheel turns. LulzSec exposed.
posted by scalefree at 9:38 AM on June 6, 2011 [1 favorite]

And the wheel turns. LulzSec exposed.

Was it really a brute force attack against SSH? So no 0day in Mt4. I guess the salient point is don't allow remote root logins and set up your keys.
posted by Ad hominem at 10:08 AM on June 6, 2011

The Guardian: One in four US hackers 'is an FBI informer'

The FBI and US secret service have used the threat of prison to create an army of informers among online criminals

The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.

posted by Anything at 2:20 PM on June 7, 2011

My in-the-shower hairbrained theory this morning is that Lulzsec are either feds or sanctioned, on an awareness-raising and recruiting bender.
posted by These Premises Are Alarmed at 6:16 AM on June 8, 2011