Aug 312012
 

There comes a moment in some violent anti-capitalist protests where genuine if illegal protest becomes mindless thuggery; for example turning from daubing slogans on the windows of the nearest bank, to throwing objects through the windows of the small independent shop next door. And you do have to wonder if those “hacktivists” who are supporting Julian Assange’s wish to be given safe passage to Ecuador have reached beyond that point.

First of all, I should point out that whilst I’m a supporter of WikiLeaks – or at least the idea of a website where whistleblowers can responsibly publish leaked material in raw form – I’m no supporter of Julian Assange in his attempt at escaping justice. A mentioned previously, I believe he should go back to Sweden to face the charges that will be made once he arrives.

But neither do I think that Julian Assange’s supporters should be silenced however mistaken they are about the situation. They have a right to protest, and I’m not even opposed to a bit of responsible “hacktivism” – in my private life I’m quite willing to go along with the ideal that sometimes it is ethical to break the law. But I also believe that the current flood of ‘hacktivism” is going just a little bit too far.

Those who have been reading just the mainstream media (and here) may be under the impression that the hacktivists have been attacking just a few places; more relevant media makes it plain that there is something more widespread. The first story mentions Cambridge University; none of the stories mentions that the hacktivists have claimed to have broken into up to 5 universities. The list of victims of this week’s surge seems to include :-

  • Up to 5 UK Universities.
  • One or possibly two UK police forces.
  • A UK recruitment agency (which just so happens to mention a couple of UK government bodies).
  • A Pakistani agency specialising in assisting students to come to the UK, or other English-speaking countries.
  • Plus a few UK government agencies.

And this list looks a little random to me.

It’s not that difficult to break into a website – even I could do it, but the question to ask is just how many websites did they rattle the doorknobs of before they found these low-hanging fruits? And it’s always worth remembering the old classic cartoon by xkcd.com :-

Of course they didn’t just widdle a picture of Julian Assange over the front page of a web site; they also broke into some databases and stole some personal information! That’s a bit more serious. And in the case of the information grabbed from the police, it’s a lot more serious.

But if you look closely at the data stolen from the UK universities involved, it becomes a little less dramatic. It would appear that the hackers have managed to break into a few databases used by various departmental web applications. Web applications often use databases as a convenient place to “stash” stuff including account details, which is what appears to have been leaked here. These account details are normally separate from any other account details (unless of course the owner of the account uses the same password), and give access only to the web application itself.

It does not appear that any core business function data has been exposed by this – i.e. the personal details of all the students for example. If it were not for Julian Assange’s name being attached to the incident, it is very likely that the media would not be interested in the story itself which would make it far less serious for the institutions concerned.

When you come down to it, Julian Assange’s real supporters should probably be a bit dismayed by this mindless thuggery – it doesn’t reflect well on their protests if it appears the best hacktivists that they can get to support them are rather on the low end of the scale. Of course a conspiracy theorist might take this as evidence that the hacktivists here are actually deliberate making the supporters of Julian Assange look bad.

Aug 182012
 

Last night I caught someone droning on about the similarities between the case of Pussy Riot and Julian Assange, and that with the right of freedom of speech comes the responsibility for responsible use of that right. I very quickly turned off as any comparison is ridiculous.

Pussy Riot are in prison today as a direct consequence of their attempted use of their right of free speech; whereas Julian Assange at most is facing legal trouble as an indirect consequence of his use of the right of free speech. Certainly on the face of it, Julian Assange’s legal troubles have nothing to do with the Wikileaks website.

It is certainly true that Pussy Riot’s actions inside the Cathedral of Christ the Saviour in Moscow was to some extent ill-advised. They could well be guilty of some sort of aggravated trespass crime, but it would seem to me that they are being punished for something else – their imprisonment for 2 years is by far out of proportion to what they have done. And it appears that even the victim (the church) also believes this is excessive as they have asked for leniency.

It is true that insulting someone’s religion in their place of worship is perhaps going too far for a protest, and perhaps should be punishable by a couple of days in prison. But sending them to prison for two years looks to everyone like an excuse to put them away to stop them protesting against Putin‘s autocratic rule. The funny thing is that Putin’s minions could not have done something more effective at demonstrating that his regime is a repressive one.

Julian Assange on the other hand is effectively charged (the UK courts have made it plain that he can be regarded as being charged with the crime even though a peculiarity of the Swedish justice system means he hasn’t as yet been charged) with some sort of sexual misconduct. Which on the face of it has absolutely nothing to do with his Wikileaks activities. Whilst there may be some oddities about the case, the only possible action for an honourable man would be to go to Sweden to answer the charges.

The conspiracy theorists would argue that this is all just a way of the US getting their hands on Julian Assange to rush through their own court system to punish him for “treason”, espionage, or some other crime. It is highly unlikely that Julian could be legally extradited for treason (which is likely to cause a considerable amount of laughter considering that Julian is no a US citizen) or espionage (which is after all at an international level purely a political crime). But it is just about possible that there is some US involvement in the charges he faces in Sweden – perhaps simply as a way of harassing someone whom the US government has a certain amount of anger with.

It is really rather extraordinary that Julian is claiming political asylum with Ecuador in preference to relying on the justice systems in the UK and Sweden; frankly he has better protection in either Sweden or the UK from any US actions than he would do in Ecuador which although has granted him asylum for publicity reasons is far more likely to let the US quietly grab him in exchange for a few billion in foreign aid.

Dec 082010
 

If anyone has been following the news closely over the last few days, they will be aware of the attempt that the Swedish authorities are making to extradite Julian Assange to face an assortment of sex charges including rape. Even by itself, there is enough suspicion about the timing of this given previous history of the charges to cause any neutral observer to wonder just what is going on here.

For those who have not dug into the details, the charges were first investigated in August 2010 and then dropped before being re-opened. All the while Julian Assange was either in Sweden, or willing to talk to the prosecutor although not prepared to travel to Sweden at his own expense. The escalation to a request for extradition was unfortunately timed happening at the same time as the latest WikiLeaks (linking to a mirror as the main site is mysteriously down) publications.

By itself it is just about enough to cause a sensible to person to say to themselves … “I wonder … Nah!”, but there are other things happening to WikiLeaks.

WikiLeaks appears to be under a continual distributed denial of service attack where many computers are used to send traffic to the WikiLeak servers. There are two sets of servers involved in hosting the WikiLeaks sites – the actual web servers themselves, and the DNS servers hosting the name.

In the case of the web servers, the servers were first moved to the Amazon cloud service in the middle of a denial of service attack – so Amazon can hardly complain about this as it was known about at the time. Yet after less than a week, the site was booted off the Amazon cloud without a public explanation. The suspicion is that political pressure was brought to bear especially given one of the earliest statements about the issue was from a certain Joseph Lieberman – a US Senator.

WikiLeaks then went to a French hosting company – OVH – who have stated that they will honour their contract. Presumably providing that the French courts do not insist that they terminate the contract, which is possible given that the case is under review.

Separately to this, the Wikileaks domain (or “name”) has itself been under attack. Large scale distributed denial of service attacks took place against the EveryDNS infrastructure servers that provide the name wikileaks.org, and every other name hosted by the same infrastructure. EveryDNS took the step of terminating their domain hosting. As of now, the domain wikileaks.org is not available via the DNS servers I run, indicating that either they have not found another hosting company for the name, or their alternative arrangements are under sufficiently serious attack.

Those are the technical attacks.

In addition, a number of financial companies have frozen WikiLeaks accounts preventing funds from being used, or donations being made – PayPal (who admit that their decision was influenced by the US Government) and Mastercard amongst them.

Add all the attacks together and you start to think that there is some kind of conspiracy behind all this – perhaps the US government is waging cyberwar against WikiLeaks. It is almost certain that they have this capability and there are indications that they are annoyed enough with WikiLeaks to do this.

However it is still more probable that this is a combination of :-

  1. Annoyed US (and possibly other) “hackers” making denial of service attacks against the WikiLeaks infrastructure and the associated infrastructure.
  2. Various commercial organisations deciding that it is too much hassle to “help” WikiLeaks and deciding to terminate their contracts.

Probably the harshest criticism should be directed at PayPal who have just said in a TV interview that they received advice from the US State Department that the WikiLeaks site was probably illegal under US law. Well the opinion of a government in a free society should not be enough to condem an organisation, and the directors of PayPal could deservedly be called chickenshit arse-lickers for their actions.

Perhaps you do not believe that WikiLeaks is in the right here. I’m not entirely sure myself – leaking US diplomatic cables is one thing, but perhaps publishing a list of potential targets the US government feels are critical to its security was a step too far. But there is a bigger issue here than “merely” WikiLeaks itself. We are seeing a situation where a website that has not been condemned for their actions in any court of law has been pushed around and to some extent off the Internet by the actions of a few – both people engaged in illegal activities (denial of service attacks) and people making commercial decisions (terminating contracts).

Imagine if you will, this website is something controversial in a country that is considered a pariah by most of the world – Iran perhaps; perhaps they publish allegations with evidence of widespread government crimes and corruption. Iran and supporters of Iran undertake to destroy that website with “cyberwarfare”. Wouldn’t we want that website to be protected in some way ? Perhaps you are thinking that Iran doesn’t have the resources to undertake such an attack; well think again. Many of the largest botnets capable of carrying out widespread denial of service attacks are under the control of organised criminals (spammers) who have less resources than any government – it takes little more than a spotty teenager in a basement to control tens of thousands of compromised machines and target whatever they like.

In such a situation, it would seem to make sense to provide a hosting service of last resort. Presumably a volunteer effort as it would have to be immune to commercial interests, and presumable massively parallel to ensure that there are many servers providing service so that a distributed denial of service attack would fail to hit everywhere.

Lastly, the US reaction to WikiLeaks seems to me to be a little over the top. And I am not talking about the lunatic fringe who are likely to jump and down screaming at the slightest criticism of the US, but at more respected figures. Some of the reactions verge on coming close to events such as the Fatwwā against Salman Rushdie way back in the 1980s.

For example :-

  • Jeffrey T Kuhner wrote in an editorial in the Washington Times that Julian Assange should be treated “the same way as other high-value terrorist targets” and be assassinated.
  • Gordon Liddy has suggested that Julian Assange should be added to a “kill list” of terrorists to be assassinated without trial.
  • Mitch McConnell has called Julian Assange a “high-tech terrorist”.
  • Newt Gingrich has stated “and Julian Assange is engaged in terrorism. He should be treated as an enemy combatant.”. Well it would be a start to treat any terrorist as an enemy combatant (the US doesn’t as enemy combatants have rights).

Calling for the assassination of Julian Assange is no better than a radical Islamist calling for the assassination of Salman Rushdie – we’re supposed to be better than the knuckle dragging fundamentalists frothing at the mouth. Seems that some in the US aren’t. A reminder to those people – we supposedly live in countries where the rule of law is supposed to be followed, and nobody has tried and convicted Julian Assange of anything in relation to WikiLeaks.

As for calling Julian Assange a terrorist, that is blatantly ridiculous. However annoyed you may be with him, none of his actions equate to driving a truck packed with explosives into a crowded shop entrance, or hijacking a plane and flying it into a large city killing thousands. Even if any information published by WikiLeaks has led to the death of anybody (and nobody has managed to demonstrate this – merely raised ill-founded concerns about the possibility), the responsibility for those deaths belongs to those carrying out the killings and not WikiLeaks. At most (in such circumstances), WikiLeaks might be guilty of incitement to murder – and in a much less obvious way than those calling for the head of Julian Assange to be delivered to them on a platter.

The US is beginning to look like the fool in all of this – their information security is a joke, and their reaction to their inability to keep secrets is to shoot the messenger in a way that makes them look no better than those rogue regimes they complain so much about.