Donal's picture

    Hacking, Phreaking, Carding and ... Leaking?



    WikiLeaks is still hot, and the top story at the New Republic today is Game Changer - Why Wikileaks will be the death of big business and big government. Noam Scheiber predicts that WikiLeaks will both survive and will shrink overbearing organizations until they are no longer Big Anything.

    Now consider what happens when you plug Wikileaks into this equation. All of a sudden, the very same things that made it more efficient to work with your colleagues—the fact that everyone had a detailed understanding of the mission and methodology—become enormous liabilities. In a Wikileaks world, the greater the number of people who intimately understand your organization,* the more candidates there are for revealing that information to millions of voyeurs.

    Wikileaks is, in effect, a huge tax on internal coordination. And, as any economist will tell you, the way to get less of something is to tax it. As a practical matter, that means the days of bureaucracies in the tens of thousands of employees are probably numbered. In a decade or two, we may not only see USAID spun off from the State Department. We may see dozens of mini-State Departments servicing separate regions of the world. Or hundreds of micro-State Departments—one for every country on the planet. Don’t like the stranglehold that a handful of megabanks have on the financial sector? Don’t worry! Twenty years from now there won’t be such a thing as megabanks, because the cost of employing 100,000 potential leakers will be prohibitive.


    Such predictions are too glib for my tastes. I could more easily see penalties for whistleblowing becoming much more severe than see megacorporations just giving up and downsizing. There will be blood.

    An Adbusters article, Democracy's Napster Moment, led me to the book Underground, written by Suelette Dreyfus but researched by one Julian Assange. According to Adbusters, Mendax, one of the hackers referenced in the book was also rumored to be one Julian Assange. The first chapter concerns a worm, WANK, attacking the VMS network at NASA as they prepared to launch the nuclear-powered Galileo towards Jupiter:

    The tension quietly rolled into black humour. The team couldn't help it. The head-slapping stupidity of the situation could only be viewed as black comedy.

    The NASA site had a password of SYSTEM for their fully privileged SYSTEM account. It was so unforgivable. NASA, potentially the greatest single collection of technical minds on Earth, had such lax computer security that a computer-literate teenager could have cracked it wide open. The tall poppy was being cut down to size by a computer program resembling a bowl of spaghetti.

    The first thing any computer system manager learns in Computer Security 101 is never to use the same password as the username. It was bad enough that naive users might fall into this trap ... but a computer system manager with a fully privileged account.

    Who wrote that virus?

    Likely as not, only an Australian would see the worm's link to the lyrics of Midnight Oil. .... Even as investigators sniffed around electronic trails leading to France, it appears the perpetrator was hiding behind his computer and modem in Australia.

    A vigorous hacking community was flourishing on the BBSs in and around Melbourne.

    Mainstream and respectful of authority on the surface, Bowen possessed the same streak of anti-establishment views harboured by many in the underground. His choice of name for Zen underlined this. Zen came from the futuristic British TV science fiction series `Blake 7', in which a bunch of underfunded rebels attempted to overthrow an evil totalitarian government. Zen was the computer on the rebels' ship. The rebels banded together after meeting on a prison ship; they were all being transported to a penal settlement on another planet. It was a story people in the Australian underground could relate to. One of the lead characters, a sort of heroic anti-hero, had been sentenced to prison for computer hacking. His big mistake, he told fellow rebels, was that he had relied on other people. He trusted them. He should have worked alone.

    I believe that is called foreshadowing.

    Back in early 1988, Mendax was just beginning to explore the world of hacking. He had managed to break through the barrier from public to private section of PI, but it wasn't enough. To be recognised as up-and-coming talent by the aristocracy of hackers such as The Force and The Wizard, a hacker had to spend time inside the Minerva system. Mendax set to work on breaking into it.

    Minerva was special for a number of reasons. Although it was in Sydney, the phone number to its entry computer, called an X.25 pad, was a free call. At the time Mendax lived in Emerald, a country town on the outskirts of Melbourne. A call to most Melbourne numbers incurred a long-distance charge, thus ruling out options such as the Melbourne University dial-out for breaking into international computer systems.

    Emerald was hardly Emerald City. For a clever sixteen-year-old boy, the place was dead boring. Mendax lived there with his mother; Emerald was merely a stopping point, one of dozens, as his mother shuttled her child around the continent trying to escape from a psychopathic former de facto. The house was an emergency refuge for families on the run. It was safe and so, for a time, Mendax and his exhausted family stopped to rest before tearing off again in search of a new place to hide.

    Sometimes Mendax went to school. Often he didn't. The school system didn't hold much interest for him. It didn't feed his mind the way Minerva would. They Sydney computer system was a far more interesting place to muck around in than the rural high school.

    Whether Assange was Mendax or not, it's a fascinating read, though not edited well for spelling. The entire book is online now, and can be downloaded as well.

    Topics: 

    Comments

    And of course there are going to be the inevitable copy-cats. Some better than others.


    And of course the inevitable blow back.

    The United States and EU are at odds over Washington's drive for increased access to European citizens' bank and flight records. European authorities don't believe that their US counterparts are adequately protecting consumer rights.

    "From the outset, we have noted an apparent lack of interest on the US side to talk seriously about data protection," Reding said in a statement released on Monday, just two weeks after holding talks with high-level American officials, including with US attorney general Eric Holder and Janet Napolitano, the Secretary of Homeland Security.

    In the same statement, Reding described those officials as "unprepared" and "uninterested" in data privacy issues.

    "They have not even appointed a negotiator," she added in the statement, but noted that she "expects" the telephone number of the negotiator before year's end.

    Meanwhile, the European Union has designated Françoise Le Bail, the director general of the Commission's department for justice, as its negotiator.


    I think you're exactly right about this:

    "Such predictions are too glib for my tastes. I could more easily see penalties for whistleblowing becoming much more severe than see megacorporations just giving up and downsizing. There will be blood."

    Assange seems to agree when he says that these institutions will become more paranoid and insular.  But ultimately, they'll use punishment and fear of being ostracized as a way to change the culture to counter these technologies.  You already see this from time to time as the media warns everyone about "oversharing" online.  Don't sign that medical marijuana petition or write that nasty review of a restaurant unless you want a future employer to see it!  Take down those party photos if you want a job at a bank.  There's already something of a backlash against personal, consensual sharing.  That could become outright hostility to the leakers of other people's secrets.  Notice that not too many people are up in arms over the government's abuse of Bradley Manning.  I bet that to the extent people even care they think he's getting what he deserves.  Even the most righteous whistleblowers get treated to something of a "well of course you're going to lose your job" response.

    But I could definitely see a world where the worst thing would be to be labeled a filthy leaker.  How popular are stool pigeons in prison?


    We don't know if the government intentionally leaked this information.

    We don't know what's up with Lamo and Manning.

    We don't know if anyone will pay attention to the actual leaks, vs. Assange, Swedish condoms and Saturday Night Live.

    We don't know if people give a damn about anything.

    As far as I can tell, torture's okay, war in Afghanistan is okay, supporting corrupt druglords is okay, running after anyone as long as you've proclaimed them a terrorist first is okay. But showing the US government is lying in all of our names is not okay.

    A public that blithely went along with the Iraq invasion seems down with secrecy as well. The Daddy state has been anointed - "do anything you want, Daddy, just keep me safe at night". Of course defining "safe" might have been prudent.


    Greenwald asks an interesting question though.

    Or consider the theme that framed last night's segment:  Assange is profiting off classified information by writing a book!   Beyond the examples I gave, Bob Woodward has become a very rich man by writing book after book filled with classified information about America's wars which his sources were not authorized to give him.  Would Yellin ever in a million years dare lash out at Bob Woodward the way she did Assange?  To ask the question is to answer it (see here as CNN's legal correspondent Jeffrey Toobin is completely befuddled in the middle of his anti-WikiLeaks rant when asked by a guest, Clay Shirky, to differentiate what Woodward continuously does from what Assange is doing).


    Donal, nice, although I will share something with you, I am a big Cliff Stoll fan, and always assigned the Cuckoos Egg to my graduate students. Over the years, as a data admin/manager and also as a Professor, we have a serious code that protecting information from people like Martin Hess (the original Assange) is our goal. I know most folks feel Assange is some great outlaw who is saving everyone from the evil times one million government, but when it comes to their own personal information they feel it should be protected above all and when it isn't they seek government action to protect it, so much irony... it was a great topic last quarter.

    When they're suffering from delusions that their personal information is safe, then it's even better when an Assange comes along.

    Wellpoint and Wells Fargo have all this info, while Sprint & Verizon help the gov dragnet all communication.

    This "government action" is by the biggest offenders.


    To many of you this issue is black and white, to many of us, who have devoted  the better part of our lives to this issue it is not, I don't gather my information on this subject from opinionators and blogs, my  opinion was developed over years of study and research and teaching in the field.  I find the blogosphere repleat with misinformation and blog readers sorely misinformed. I rarely write about this issue, because I  and my collegues are clearly in the minority. For you, Assange is some Jesse James, that is cool with me you can think that, you can believe he is a great man exposing information you needed to have. I believe quite differently than you, Assange is a mere blip in this war, relatively meaningless, except it exposes serious weaknesses in the system, a system that has been allowed to grow out of control with little or no real security controls. There are many reasons for this weakness, much stems from certain  departments  within the government  were  major failures, no cohesive plan for informaiton security with in many departments, in particular  now, the  military, DOD, etc.  I won't go on, most people don't think critically about this issue as a whole, this Manning-Assange stuff is merely the tip  of the iceburg of the larger cyber war going on, no one is the hero here, no one, at least this is how I present the issue to my classes.

    But hell, you all just want to argue and make sure no one else is "right" except for the current blogosphere outrage about Assange as hero and Manning as hero, that is fine, it is your choice, but I get to have another opinion and  when you are teaching your  grad students, you can present it as you like.


     I have participated in the argument about whether Manning is or is not a hero and probably will again. I don't, though, recall ever commenting on cyber- security and whether it is out of control and how that will affect the world going forward even though I read with interest when someone such as yourself does. That is because I don't feel qualified to add anything to that conversation.

    I respect your opinion on the two subjects but I see them as that, two separate and distinct subjects.
     I may think wrongly about the state of cyber-security, or not think about it at all, and that does not give evidence one way or the other about my opinion of whether or not Manning is a hero.


    Lovely for you to brazenly take over my brain cells.

    Sorry you don't consider my study and research and ability to read worth a shit.

    Jesse James robbed banks - not much righteous there. Assange is exposing government malfeasance, carefully, with peer review. Sorry, a whole lot of cool there.

    In short, you're obnoxious under you're "I'm so academic" flag. We went into Iraq, and none of our free press safety valves worked. Protests were held and ignored. Someone's sticking out the info a little harder - videos, texts, carefully curating info. But you can act smug. Be jolly, life's good.


    My pappy always told me that some people's degrees are worth more than other people's degrees.  See?


    Dunno who Martin Hess is ... but from an admin standpoint, what exactly would you be protecting against from people like "the original Assange"? There is nothing Wikileaks does that IT professionals could possibly impact. They aren't hackers acquiring information by leveraging system exploits. I guess by this token, admins are equally trying to protect information from people like Bob Woodward.

    Sure in the Manning example, the (complete lack of) security countermeasures he describes on a network supporting an active military operation in the combat theater are brutal. There are dozens of important security failures that can be identified and analyzed from what facts revealed say of our national data security. But that doesn't have anything to do with Wikileaks. Wilikeaks relies on people possessing legitimate access to information who decide they have a public duty to release it so any security issues are related to the source not Wikileaks.

    This is a very, very difficult topic to address from a systems security standpoint. There's that old saying "Sure, I can design you a completely secure system .... but users won't be able to access it." The only way to entirely prevent authorized users from releasing information - if they set their minds to it - is by restricting access or implementing physical countermeasures. That gets to be a balance between the security needs and maintaining a policy that doesn't cripple the effectiveness of systems for the users (and let's not forget that the users themselves start to bypass excessively intrusive security protocols at some point - which can lead to even bigger problems).

    I'm also not getting the "irony" bit as it relates to people approving of "what Assange does". It seems wrong to assert someone who believes in government transparency can't also believe in individual privacy. Wikileaks doesn't even publish personal details of individuals - just corporations and governments, so one could support Assange just fine and still expect personal privacy without any hypocrisy at all. But in the larger picture there are publications that *do* print tons and tons of private details every single day - scores of tabloids and gossip rags pick through every tidbit of personal information they can secure. Why don't these publications which *really* print intimate private details extracted from inside sources trigger the same type of irony response? Isn't whatever irony exists in this more derived from the nature of publishing than anything related to hacking or data security?

    Regarding the "serious code" ... I think everybody holding the technical capacity to access large stores of personal/sensitive information without any true restraint ultimately must establish one (even within the microcosm of administering an email server and setting policy for accessing user's accounts). Hackers have 'em too - sometimes quite elaborate and formalized ones. Like it or not, some hackers possess access on a grand scale which raises very deep philosophical issues in a concrete way that must be answered which a professor would rarely ponder even in the abstract - beliefs run very deep. Just because one adopts a code does not intrinsically make that code meritorious - be it a conservative code or an anarchistic one. Adopting the "we" frame like this certainly does put words in the mouths of an awful lot of above-board professionals (not to mention most "gray" and "black" hats) who don't exactly agree with you.


    Even my VERY conservative family seems to get that if the media had been doing their jobs, Wikileaks wouldn't have been needed. And ditto me up on the 'irony' comments. People love the crazy-eyed rape-hacker storyline and believe it has something to do with their opposition to what he's doing to governments and corporations. All this after whining non-stop about Government secrecy this past decade, and a media overly fascinated by personal stuff like political and celebrity sex lives.

    Don't confuse liberals with private sex lives - they'll go all Clinton on you.


    Great highlight. That was a totally enjoyable read ... fun to walk back in time to the BBS days. Kind of neurotic-Aussie-centric, but all and all that was an excellent little snapshot. One thing interesting that jumps out at me, the people focused on in this book appear to have a very common trait - they all seem to have aspects of their lives with MAJOR problems largely outside their own control. While they often wrapped it in philosophical frames common to the community at that time, it jumps out at me that the emotional aspect that was driving the folks highlighted here were all tied up in a strong sense of the ability/need to assert control ... they didn't want to do anything with it, they just wanted to feel they could have it.

    Oh, and Assange is definitely Mendax. He was convicted in court and everything - it's public record.


    I figured he had to be, given the detail about hacker life.


    Latest Comments