Par:AnoIA: Anonymous Launches WikiLeaks-esque Site for Data Dumps

Frustrated by the lack of impact from Anonymous’ otherwise famous hacks and data dumps, and the slow pace of material coming out of WikiLeaks, participants in the Anonymous collective have launched a WikiLeaks-like site called Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency).

Paranoia, which debuted in March, is a new publishing platform built by Anonymous to host Anonymous data leaks that’s trying to find a solution to a problem that plagues news sites, government transparency advocates, and large-website owners everywhere: how to organize more data than any human could possibly read.

The site marks a departure from the groups’ previous modus operandi, where it would publicly drop the documents, make them available in a torrent — usually as a zip file, and then move on. By contrast, the goal of Paranoia is to curate and present content to a hopefully interested public.

Paranoia anons say they don’t gather the data themselves; like WikiLeaks, they take submissions, but from the Anonymous community. The project was created as a response to a year of Anonymous releases where the announcement of document dumps generated plenty of media, but the documents’ content got little coverage.

“The reason no one cares about these leaks, as a general rule of thumb, is that they can’t do anything with [them],” said a Paranoia anon volunteering on document processing for the project in an online chat with Wired. “Basically, [we're] making it accessible to anyone that wants to do something with it, in a proper usable format.”

Part of the motivation to build the leak site, the Paranoia volunteer said, was to get material out faster than WikiLeaks’ long lead times. “I’m pretty sick by these 20-year-plans,” said the founding anon.

In 2012, WikiLeaks, which no longer has a way to publicly upload documents, has leaned on the anarchic collective for its major releases, including Stratfor and the recent Syrian emails. Could Paranoia represent a threat to the beleaguered leaking site’s recent lifeline?

“I don’t know. Guess that… depends on WikiLeaks.” said founding anon, who went on to say that the leaks site has recently contacted Paranoia. “(It) will be interesting to see what they have to say.”

On Friday, WikiLeaks accused one of the main Anonymous Twitter accounts of promoting insecure proxies, hinting that the account was being run at the direction of law enforcement. AnonymousIRC slapped back, including a Tweet alluding to WikiLeaks being dependent on Anonymous for its relevance:

Other efforts at dealing with leaked data, including WikiLeaks, have been built on a similar ideal of citizen participation. The “wiki” in WikiLeaks signaled the project’s intention to leak documents, and have a crowd-sourced equivalent of the CIA analyze the documents. That notion was abandoned after the founders discovered that only themselves, academics and journalists took the time to delve into data sets. (WikiLeaks subsequently began partnering with media organizations, which it soon found came with a different set of complications.)

Even Anonymous’ own Operation Leakspin tried to get organizing and analysis done by engaging crowds with relatively raw data. It too was abandoned for lack of interest.

Paranoia isn’t exactly replicating these experiments, but they are assuming that, with better tools and organization, journalists, researchers, and the interested public in general will eventually engage with leaks in much deeper ways.
Continue Reading “Par:AnoIA: Anonymous Launches WikiLeaks-esque Site for Data Dumps” »

Pages: 1 2 View All

Back to top

Millions Will Flow to Privacy Groups Supporting Weak Facebook Settlement

Privacy and consumer groups are urging a federal judge to sign off on a controversial Facebook settlement over its “Sponsored Stories” advertising program which will net them a combined payout of $10 million, despite indifference to or confusion over the terms of the vaguely written settlement, according to interviews, e-mail and court records.

But groups not getting any money say the settlement does little for the privacy rights of Facebook’s 850 million users and want the deal scuttled, according to court documents and interviews.

Jeff Chester, executive director of the Center for Digital Democracy in Washington, D.C., said the settlement amounts to “just putting some more words in Facebook’s privacy policy that nobody reads.” He added in a telephone interview that, “The proposed changes to the privacy agreement don’t serve the class.”

The Facebook settlement, which needs a judge’s approval, provides a glimpse into the dark side of large class-action settlements: The plaintiff’s lawyers get rich, class members get little and non-profit groups often reap millions by urging judges to approve the deal regardless of its merits.

In this deal, which settles a year-old lawsuit, Facebook is agreeing to give its users the right to “limit” how the social-networking site uses their faces in ads under Facebook’s “Sponsored Stories” program.

But whether the settlement will allow Facebook users to completely opt out of the program, which turns the act of pressing the Facebook “Like” button into a potential commercial endorsement, is totally unclear in the settlement.

The suit, filed in April 2011, claimed Facebook did not adequately inform people of the feature or give them a way to opt out of the advertising program that began in January 2011.

The settlement provides $10 million in fees to the lawyers who brought the privacy litigation and a $10 million donation to charity — earmarked to dramatically boost the budgets of 15 consumer activist groups including the Electronic Frontier Foundation, the Center for Democracy & Technology and the Stanford Law School Center for Internet and Society.

Known in legal terms as cy pres awards, charity payouts to settle class actions are not unusual. Such arrangements often happen when there are so many members of a class-action suit that compensating them for their damages would literally annihilate a company, which judges are loath to do.

The EFF, known for its online freedom initiatives including ongoing litigation accusing the National Security Agency of vacuuming all of Americans’ electronic communications without warrants, stands to reap $1 million from the deal. That amounts to almost one-fourth of its $4.3 million annual budget last year. The group’s executive director, Shari Steele, told the federal judge presiding over the matter that the group backed the settlement. (.pdf)

The group’s legal director, Cindy Cohn, explained in a telephone interview that the San Francisco-based group supported the plan for budgetary reasons.

“We haven’t taken a position on this settlement, whether it’s a good idea or not,” Cohn said. “In general, EFF is happy to receive cy pres money. We can continue to educate people about privacy.”
Continue Reading “Millions Will Flow to Privacy Groups Supporting Weak Facebook Settlement” »

Pages: 1 2 View All

Tags: , ,
Back to top

FBI Investigating Major Chinese Firm for Selling Spy Gear to Iran

The FBI has launched an investigation into allegations that a top Chinese maker of phone equipment supplied Iran with U.S.-made hardware and software, including a powerful surveillance system, in violation of federal laws and a trade embargo, according to The Smoking Gun.

Investigators, who began their probe earlier this year, have also found evidence that the company planned to obstruct a Department of Commerce inquiry into the contract behind the sales.

Last March, Reuters reported that the Chinese firm had sold the Telecommunications Company of Iran (TCI) a powerful surveillance system as part of a $130 million contract in 2010 and that the equipment was capable of monitoring landline, mobile and internet communications.

Reuters had obtained a 907-page packing list of equipment shipped to Iran, which named hardware and software products from top U.S. firms, including Microsoft, Hewlett-Packard, Oracle, Cisco Systems, Dell, Juniper Networks and Symantec.

According to a non-public FBI affidavit obtained by The Smoking Gun, after Reuters broke the news about the sale of equipment to Iran, ZTE lawyers went into panic mode and allegedly began hatching a plot to shred documents and alter records to cover up the illegal transactions.

ZTE designs and manufactures fixed and mobile communications and is the second largest maker of telecommunications equipment in China.

TCI, which is jointly owned by the Iranian government and a consortium of private entities, has a near-monopoly over Iran’s landline phone and internet services.

Mahmoud Tadjallimehr, a former telecommunications project manager in Iran, told Reuters that the ZTE monitoring system was “countrywide” in Iran and was “far more capable of monitoring citizens than I have ever seen in other equipment” Iran had purchased. He said the system could be used to intercept voice calls, text messaging, e-mails and chats, as well as to locate users.

Inside information about ZTE’s alleged plan to cover up its illegal activity came from a whistleblower named Ashley Kyle Yablon who spoke to the FBI and allowed the agency to copy files from his work computer in the course of their investigation, according to The Smoking Gun. Yablon is a 39-year-old attorney who was hired as general counsel by ZTE’s U.S. subsidiary in Dallas last October. He came to the company from a ZTE rival firm, Huawei Technologies.

Yablon, who still works for ZTE, was exposed as a whistleblower only after The Smoking Gun published the FBI affidavit on Thursday. He told investigators that after the Reuters story published, he saw a copy of the contract for the sale of the surveillance system to Iran and told investigators that it “essentially described how [ZTE] would evade the U.S. embargo and obtain the U.S.-manufactured components specified in the contract for delivery.”

He also told the FBI that he believed ZTE had set up a company named 8 Star Beijing solely to buy “U.S.-made goods subject to the U.S. embargo,” as well as another firm named ZTEC Parsian whose job was to “integrate the equipment for delivery to and installation in Iran.” He learned that the company planned to tell investigators that the equipment either had never been shipped to Iran and was still in warehouses or had been shipped to non-embargoed countries.

When Yablon was told about the alleged plan to coverup ZTE’s dealings, he told the company that he would resign rather than participate in a coverup and was later cut out of internal discussions about the issue.

Several of the U.S. companies whose products were allegedly sold to Iran told Reuters that they were unaware of the sales and were investigating their partnership with ZTE.

An FBI spokeswoman in Dallas declined to comment. ZTE did not immediately respond to a call for comment.

It’s not the first allegation of a company selling surveillance equipment to Iran. In 2009, the Wall Street Journal reported that Nokia Siemens Networks had also sold sophisticated surveillance equipment to Iran.

According to the Journal, Nokia Siemens Networks — a Finland-based joint venture between Nokia and Siemens — provided Iranian authorities with the ability to conduct deep-packet inspection of online communications to monitor the contents and track the source of e-mail, VoIP calls and posts to social networking sites such as Twitter, Myspace and Facebook. The newspaper also said authorities had the ability to alter content as it intercepted the traffic from a state-owned internet choke point.

A spokesman for Nokia Siemens Networks, later told Threat Level that although the company had sold equipment to Iran, the system was incapable of conducting deep-packet inspection of internet communications — or conducting any internet surveillance at all. The company said it installed a cellphone network in Iran, and like all modern telecom switches, the equipment included capability that allows the government to conduct wiretaps of telephone calls made from targeted numbers.

Telecommunication companies in the United States and other countries are required to provide so-called “lawful intercept” capability so that domestic law enforcement agencies can eavesdrop on calls to investigate criminal activity. In the United States, however, such interception generally requires a court order.

Back to top

WikiLeaks Wins Icelandic Court Battle Against Visa for Blocking Donations

Reykjavic, Iceland. Photo: srikanth_jandy/Flickr


The Icelandic partner of Visa and MasterCard violated contract laws when it imposed a block against credit card donations to the secret-spilling site WikiLeaks, a district court there has ruled.

The Reykjavík District Court ruled that Valitor, which handles Visa and MasterCard payments in Iceland, was in the wrong when it prevented card holders from donating funds to the site. The court ruled that the block should be removed within 14 days or Valitor will be fined the equivalent of about $6,000 a day.

WikiLeaks spokesman Kristinn Hrafnsson told the Associated Press that it was “a small but very important step in fighting back against these powerful banks.” He said other lawsuits are ongoing in Denmark and Belgium.

Visa, MasterCard, PayPal, Bank of America and other U.S. financial institutions began to block donations to WikiLeaks in 2010 after the controversial site began publishing more than 250,000 U.S. State Department cables that the group allegedly received from former Army intelligence analyst Bradley Manning. The financial services cited violations of their “terms of service” agreements as the reason for blocking the donations.

The U.S. State Department called the publication of the 250,000 diplomatic cables “illegal,” but no charges have been filed against the site. Publishing government documents, even classified ones, is not explicitly illegal in the United States, though it is in the United Kingdom.

WikiLeaks and its credit card processor, DataCell, sued Valitor in Iceland over the shutdown.

WikiLeaks and DataCell also filed a complaint with the European Commission. The Commission is expected to make a decision about what to do before the end of August, according to a statement from WikiLeaks.

“This is a significant victory against Washington’s attempt to silence WikiLeaks,” WikiLeaks founder Julian Assange said in a statement about the win in Iceland. “We will not be silenced. Economic censorship is censorship. It is wrong. When it’s done outside of the rule of law it’s doubly wrong. One by one those involved in the attempted censorship of WikiLeaks will find themselves on the wrong side of history.”

The Associated Press reports that Valitor can appeal the decision, but even if it chooses to comply with the judgment, it’s not clear that Visa or MasterCard will still allow customers to make donations to DataCell or WikiLeaks.

WikiLeaks received $1.9 million in donations in 2010 but last year announced it was halting publication of documents due to claims that it was running short on funds. The site resumed publication of documents this month when it began publishing more than 2 million e-mails stolen from Syrian officials, government ministries and companies. Members of an Anonymous group have claimed responsibility for stealing the e-mails and giving them to WikiLeaks.

Back to top

Report: Half a Million Yahoo User Accounts Exposed in Breach

Photo: Schill/Flickr

Hackers have published half a million login credentials for what appear to be Yahoo Voices user accounts that were stolen from a server.

More than 453,000 login credentials were posted by a hacking group calling itself D33Ds Company, who say the credentials were stored in plaintext, an amateur security blunder. The hackers said, in a note posted online, that they used a SQL injection attack to grab the credentials, but did not say from which Yahoo service they were taken “to avoid further damage.”

But based on a domain hostname that the hackers left in the data (dbb1.ac.bf1.yahoo.com) they posted, researchers have concluded that the credentials appear to have been stolen from Yahoo Voices, a user-generated content service and blogging platform that was formerly part of Associated Content. Yahoo Voices claims on its website that it has “more than 600,000 contributors and growing.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote in a note accompanying their disclosure. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The page where the hackers originally published the credentials is not currently available, but the credentials have also been posted in a searchable format at Dazzlepod.com, with the passwords redacted. Users who find their credentials on the list can send an email to Dazzlepod requesting that their credentials be removed from the online list. A spokesperson at Dazzlepod, which published the credentials early Thursday morning, says their site has received more than 120 removal requests from account holders so far.

Yahoo said in a statement that it is investigating the breach claim. The breach is the latest in a rash of credential breaches that have occurred in the last few months involving unsecured servers and unencrypted credentials. LinkedIn, eHarmony and Last.fm have all been victims of similar breaches lately.

The attacks highlight the danger of re-using passwords at different websites, as hackers can mine the data and attempt to use the same credentials with more sensitive accounts that users may have, such as online banking and e-mail accounts.

Back to top
« OLDER POSTS