Syria's brutal Assad government uses censorware from California's Blue Coat System as part of its systematic suppression of dissent and to help it spy on dissidents; 600GB of 2011 logs from Syria's seven SG-9000 internet proxies were leaked by hacktivist group Telecomix and then analyzed by University College London's Emiliano De Cristofaro.
From one of science fiction's most versatile writers comes a caper novel about corporate sleaze and net-savvy guerrilla activists that is as thrilling as it is trenchant. Cory Doctorow reviews Paolo Bacigalupi's The Doubt Factory.
Read the rest
Spain's brutal new copyright/censorship law, passed at the behest of the US Trade Rep, has gone into effect. Spanish hactivists working with a recording artist have flooded the service with copyright complaints, busying it out so that none of the major labels' complaints can be processed.
Threatened with being put on a United States trade blacklist, the Government passed the so-called ‘Sinde Law’ in a rush late last year. The law allows for the blocking of allegedly infringing sites based on reports from copyright holders, a position similar to that proposed by the US SOPA bill.
Today the Sinde law went into effect and immediately it was met with resistance from opponents. The group Hackivistas was quick to organize a rather unique form of protest. They encouraged sites to link to a copyrighted track from the artist Eme Navarro, who’s a member of the music rights group SGAE, but critical of the Sinde law.
While Navarro generally publishes his music under a Creative Commons license, he created an “all rights reserved” track specifically for the protest. Thanks to the hacktivist campaign hundreds of websites are now linking to this copyrighted song without permission, and Navarro reported a first batch of sites to the Ministry of Culture early this morning.
As a result, the commission tasked with reviewing all the requests will be overloaded with complaints. All the reported sites have to be processed on order of arrival, so the protest will significantly slow down this review process.
With help from the international police organization Interpol, Spain and three South American countries today arrested 25 people who are suspected of being Anonymous activist/hacktivist/hackers. They are accused of defacing government and corporate websites. Reuters:
Spanish police also accused one of four suspects picked up in the cities of Madrid and Malaga of releasing personal data about police officers and bodyguards protecting Spain's royal family and the prime minister.
Other arrests were in Argentina, Chile and Colombia, and 250 items of computer equipment and mobile phones were seized across 15 cities, Interpol said. Colombia's Ministry of Defence and presidential websites as well as Chile's Endesa electricity company were among the targets of the hackers, it said.
New Zealand police, responding from a request from the US government, raided MegaUpload today, arresting founder and CEO Kim ”Dotcom” Schmitz and three "associates." The service, which allowed users to upload files that were too big to email, claimed 150 million users. The entertainment industry alleged that the service was primarily intended to facilitate copyright infringement, since people could use it to illegally share music and movies, but the company claimed that while some users might infringe copyright with MegaUpload, others simply used it to share files that belonged to them. For example, I use a comparable service, YouSendIt, to exchange large MP3 files of my podcast with John Taylor Williams, the sound engineer who masters them. At other times, companies that wanted me to review their movies and music have uploaded them to a file locker and supplied me with the link and password to get them.
In response, a large denial-of-service attack ("OpMegaupload") has been launched against the US Department of Justice, the FBI, Universal Music and other entertainment and law-enforcement sites, by activists operating under the Anonymous banner.
Make Magazine's just reprinted my column, "Moral Suasion," in its online edition. It's a discussion of the politics of cloud computing, including denial-of-service attacks against cloud providers who cave to government pressure:
I grew up in the antiwar movement and participated in my first sit-in when I was 12. Sit-ins are a sort of denial of service, but that's not why they work. What they do is convey the message: "I am willing to put myself in harm's way for my beliefs. I am willing to risk arrest and jail. This matters." This may not be convincing for people who strongly disagree with you, but it makes an impression on people who haven't been paying attention. Discovering that your neighbors are willing to be harmed, arrested, imprisoned, or even killed for their beliefs is a striking thing.
And that's a crucial difference between a DDoS and a sit-in: participants in a sit-in expect to get arrested. Participants in a DDoS do everything they can to avoid getting caught. If you want to draw a metaphor, DDoSers are like the animal rights activists who fill a lab's locks with super glue. This is effective at shutting down your opponent for a good while, but it's a lot less likely to draw sympathy from the public, who can dismiss it as vandalism.
James Nixon at thinq.com: "NATO leaders have been warned that Wikileaks-loving 'hacktivist' collective Anonymous could pose a threat to member states' security, following recent attacks on the US Chamber of Commerce and defence contractor HBGary - and promise to 'persecute' its members." Here's a draft report by General Rapporteur Lord Jopling which claims Anonymous "is becoming more and more sophisticated", and "could potentially hack into sensitive government, military, and corporate files".
Taking a news organization effectively offline to protest the content of its coverage is not exactly supporting free speech—but this was about lulz, not logic. And as I said on Twitter when news of the attack first broke: PBS doesn't operate like CNN or Fox News, with a centralized news production process. Attacking PBS like this because one episode of one show wasn't A+ is like firebombing an entire grocery store because one apple you bit was bad.
Of course, unlike a firebombing, PBS will recover just fine. While the hack was ongoing last night, the organization coped by publishing to Tumblr and interacting more directly on Twitter with viewers. But a bunch of poor IT admins at PBS HQ, and affiliate stations around the country whose logins and passwords were exposed, probably had a really crappy Memorial Day (and will have a lot of cleanup and stress in weeks ahead). None of this helps Wikileaks, Manning, or journalism.
After hacking PBS.org, Lulzsec posted fake news stories, including one claiming Tupac was alive and living in New Zealand. They also exposed the site's inner workings and posted the login information for PBS member stations across the country.
Last week, hackers operating under the Anonymous banner broken into servers for HBGary, a security firm whose COO, Aaron Barr had declared his intention to reveal the identities of key people operating as Anonymous. The hackers released 50,000-some emails from HBGary, including a series of slides presented to Bank of America by HBGary and two other security firms, Palantir Technologies and Berico Technologies.
The slide presentation proposes a series of dirty tricks to neutralize Wikileaks and its supporters, including targetted attacks on Salon's Glenn Greenwald, as well as infrastructure attacks, disinformation campaigns, and sabotage. There's no indication that Bank of America signed off on this plan.
Update, 1:02pm PT: The Visa.com site is now unavailable. Goodness, that was fast. Post updated with a screengrab of the response I get when attempting to access visa.com. Below, a video released when Operation Payback began back in October (only recently did the focal point become companies cutting off the lifeblood of funding or internet services to Wikileaks).
Operation Payback is a bitch. "Anonymous" is retaliating against Mastercard for denying payment processing services to WikiLeaks, and Mastercard.com is currently down as a result.
The apparent US government efforts to cut Wikileaks' lifeblood—cashflow and web services—kicked into high gear this week. On Monday, Swiss bank PostFinance closed the defense fund account for WikiLeaks founder Julian Assange. PayPal shut down donation processing after receiving a State Department letter, and most recently, Visa and Mastercard have suspended Wikileaks' accounts. Did the credit card companies do so in response to the same pressures? And, further, in part because the cables show the US lobbied Russia on their behalf? A Guardian report today suggests so.
Amazon.com, which provided some hosting services to Wikileaks, and DNS service provider EveryDNS.net, have also cut off service to the secret-leaking website. Both companies cite technical reasons: the burden of too many anti-Wikileaks hacking attacks, in the case of EveryDNS, and a violation of TOS in Amazon's. But perhaps they, too, are reacting to explicit or implicit government pressure. Wikileaks' latest response is here.
"Their servers have been shut down and they will remain so for as long as there is no true freedom of information and data," read an Anonymous open letter related to Operation Payback. "[We] will target any website bowing down to government pressure."
The US hasn't pressed charges against Assange or Wikileaks, but all the noose-tightening is concurrent with increasingly blunt statements characterizing Wikileaks as a criminal or terrorist organization.