514 lines
29 KiB
Plaintext
514 lines
29 KiB
Plaintext
==Phrack Inc.==
|
|
|
|
Volume 0x0e, Issue 0x43, Phile #0x03 of 0x10
|
|
|
|
|=--------------------------------------------------------------------=|
|
|
|=-----------------------=[ Phrack World News]=-----------------------=|
|
|
|=-------------------------=[ by EL ZILCHO ]=-------------------------=|
|
|
|=----------------------=[ elzilcho@phrack.org ]=---------------------=|
|
|
|=--------------------------------------------------------------------=|
|
|
|
|
|
|
1. The TJX Case and the Longer Arm of the Law
|
|
|
|
2. Stuxnet, Cyberwar, Hacktivism and Political Hacking
|
|
|
|
3. Wikileaks and Whistleblowing
|
|
|
|
4. Scene Events: the Final Word
|
|
|
|
-------------------------
|
|
|
|
|
|
--[ 1. The TJX Case and the Longer Arm of the Law
|
|
|
|
When the going gets weird: The TJX crew / Probation for the narqs, tough
|
|
sentences for the hard luck crowd / The longer-reaching arm of the law
|
|
|
|
Computer crime and hacking have always made for uncomfortable bed fellows,
|
|
splitting hackers into two general camps; The laissez-fair consideration
|
|
of those who know they commit several technical crimes before even getting
|
|
out of bed in the morning, and those whose fear of the law drives them,
|
|
essentially, straight -- condemned to endless nights in front of a
|
|
debugger with nary an unauthorized rootshell to be seen.
|
|
|
|
So where to draw the fuzzy line under the TJX crew, from the manipulating
|
|
Gonzales, who narqed out #phrack opers early in 2003, to the erstwhile
|
|
seven-foot tall computer programmer the_uT who faces two years in the cage
|
|
and a $172.5 million restitution for the writing of a simple computer
|
|
program that most of us could have written at age fifteen, under the
|
|
influence of ketamine or not?
|
|
|
|
PWN corespondents have viewed the original source code to 'blabla' and can
|
|
attest that it consists of nothing more than a read loop from a raw socket
|
|
on a high port outputting, unformatted and unfiltered, data to a file. To
|
|
say that tcpdump is a far more sophisticated piece of software for data
|
|
thiefing is not an exaggeration.
|
|
|
|
At least we can say with a comforting certainty that the fine old art of
|
|
narqing like a pro will still get you out off the hook in times of phear
|
|
and stress. As many old-timers will attest, narqing has been a fine
|
|
defensive tradition among hackers over the years, with many well-loved
|
|
figures of hacker mythology, from Chris Goggans to Agent Steal, being firm
|
|
believers in the practice.
|
|
|
|
The TJX case has been a prominent reminder of the efficacy of the ancient
|
|
technique of daubing one's mates in, with all sides planting knives
|
|
between shoulder blades with sickening alacrity and producing some truly
|
|
Olympic-grade scores in the Freestyle 100m Narq -- to wit, among others:
|
|
|
|
* Patrick 'eckis' Toey who faced a maximum sentence of twenty-two years,
|
|
reduced to a paltry five years by merit of supplying 'extensive
|
|
cooperation' to the authorities.
|
|
|
|
* Breakout act Jeremy 'horse addict' Jethro -- evidently the star of the
|
|
case -- managing to not only narq out everyone he knew, but then managing
|
|
to find his Saviour in Our Lord Jesus Christ AND being fined less than
|
|
what he actually earned for his crimes (thus earning a nice little
|
|
profit); He also managed to get his sentence commuted to probation, on top
|
|
of everything else! Once again, this is solid proof that God is indeed on
|
|
the side of the just.
|
|
|
|
* Albert 'soupnazi' Gonzales -- the sole failure here, scoring miserably
|
|
by still receiving a massive twenty-year sentence despite having
|
|
implicated everyone he knew up to and including his own grandmother
|
|
|
|
-- and that's just for starters.
|
|
|
|
The most disconcerting element in the entire show so far for anyone in any
|
|
way involved in any sort of criminal activity (or, indeed, anyone who
|
|
involves themselves in anything anywhere near anything resembling criminal
|
|
activity), is the startling comaraderie and friendly interaction between
|
|
international agencies - particularly Interpol and the FBI. Especially the
|
|
FBI.
|
|
|
|
Recent international busts involving novel interaction between agencies
|
|
has lent heavy weight to previously unfounded concerns of privacy
|
|
advocates. The mere idea of a foreign national's being arrested overseas
|
|
and renditioned/transferred to the custody of American civilian agencies
|
|
purely on the basis of American testimony and evidence is enough to turn
|
|
the stomachs of anyone, and yet it seems to have gone largely under the
|
|
radar -- especially among American Citizens.
|
|
|
|
The pseudo-criminal actions necessitated by the various agencies involved
|
|
in order to bring down Gonzales would stagger even the most ardent
|
|
Republican waterboarder. To wit, the hard drives belonging to Ukrainian
|
|
carder Maksym 'Maksik' Yastremskiy were cloned during his trip to Dubai
|
|
and yet again when he was coerced into visiting someone in Turkey (all the
|
|
while while US agencies tried to tote the party line that they caught him
|
|
while he was taking "vacation" -- conveniently ignoring the fact that they
|
|
lured him to visit) and his movements tracked throughout Europe and Asia
|
|
over an extended period of time. We can be sure that Interpol had not the
|
|
gumption nor Ukrainian officials the interest (or resources) to bring
|
|
about this level of interplay. With the evidence in hand, surely only the
|
|
FBI can be to blame? The Turkish officials got to crow about a 30 year
|
|
prison sentence -- in a Turkish prison, no less -- and the US got to cross
|
|
one more name off their "to do" list, case closed, job done -- success all
|
|
around.
|
|
|
|
Further confirmation of such a hearty and hale level of cooperation was
|
|
provided just this past October by the FBI, who affirmed that the break-up
|
|
of a major Zeus botnet ring was the result of an "unprecedented"
|
|
partnership between the FBI and police forces around the world including
|
|
the UK's Metropolitan Police, the Security Service of Ukraine (SBU) and
|
|
the Netherlands Police Agency. So far the international Operation Trident
|
|
Breach effort has yielded more than 150 arrests across the US, the UK and
|
|
Ukraine, the FBI said. One can assume that's only "so far" and that once
|
|
the narq ball gets rolling, yet more waves of arrests -- and yet more
|
|
international cooperation -- will commence in earnest.
|
|
|
|
Perhaps you are wondering what this has to do with you, at this point.
|
|
Perhaps you ARE merely doing your job as a whitehat, researching these
|
|
transglobal "criminal conspiracies", reversing malware, sticking to only
|
|
machines you have permission to access, maybe even contributing to some
|
|
open source projects and communicating giddily about 0day bugs on bugtraq
|
|
and full-disclosure, or releasing exploit information on your twitter
|
|
feed; after all, in this wired global age, the opportunities for
|
|
collaboration are indeed unprecedented. But where does one's level of
|
|
responsibility for the use of one's research end and begin? Dig Sklyarov
|
|
and the DMCA brouhaha. Witness certain unnamed Linux distros suddenly
|
|
being unwilling to allow tools such as SQL Ninja to be included in their
|
|
source code repositories.
|
|
|
|
At what point might YOUR code be considered a munition? At what point
|
|
might your totally legitimate work as a whitehat (or greyhat, or what have
|
|
you) researcher, or pentester, or even systems administrator or website
|
|
developer be called into question? While it is certainly difficult to
|
|
argue that putting identity thieves behind bars is a quote-unquote "bad
|
|
thing", it is also difficult to refute that code itself is being seen as a
|
|
munition (just as crypto was not so long ago, and probably will be
|
|
increasingly so again, as time passes and the reins tighten up in only
|
|
somewhat predictable ways).
|
|
|
|
If you mistakenly introduce an error into your codebase at work and it
|
|
creates a security hole, can you prove it was not intentional? There
|
|
really are no guarantees. An overly aggressive legal system will at the
|
|
very least threaten to steal time, money, resources, and quite probably
|
|
your reputation.
|
|
|
|
If you're very unlucky you might wind up in jail, or in trouble for
|
|
something someone you know was involved in, in hopes that you will be the
|
|
next hacker willing to daub in his (or her) mates to be set free, thus
|
|
maintaining the cycle of narqing and providing an always-revolving door of
|
|
the Usual Suspects to lay blame to. That's not even including the Patriot
|
|
Act and wiretaps (an issue pretty much deserving of its own article some
|
|
other time).
|
|
|
|
The exposure of Google's Street View Wifi data gathering fiasco is likely
|
|
only the tip of the iceberg -- what we were told was the accidental coding
|
|
error of a single engineer (who probably will wear that virtual scarlet
|
|
letter on his resume for life). And yet again, in that case, other
|
|
countries were first to protest; only lately has there been a strange and
|
|
questionable desire TO have those records retained -- for what purpose who
|
|
only knows.
|
|
|
|
The question to wrap all of this up with, here, probably isn't "Does it
|
|
affect you now?" (unless you are indeed a blackhat, in which case, no
|
|
doubt, this will impact you tremendously). The question is "can you be
|
|
sure it never will?"
|
|
|
|
|
|
--[ 2. Stuxnet, Cyberwar, Hacktivism and Political Hacking
|
|
|
|
It's no secret that, with the US economy in a state of planned poverty,
|
|
conventional sense. But the growing speculation, that Iran's nuclear
|
|
power plant at Bushehr will turn into a weapons program, is a timely
|
|
excuse for governments to exercise their newfound cyber warfare tactics.
|
|
Iran believes Stuxnet was intended to derail its nuclear ambitions; and
|
|
"analysts" expect us to believe that a string of numbers, the name of some
|
|
shrubbery, futbol domains, and weird 2012 shit... somehow indicates Israel
|
|
was behind it all. The reality is probably this: as much as Israel's
|
|
super star hacking squads would love to take down Bushehr, Russia is
|
|
standing in the way, defending its plan for a return on investment.
|
|
|
|
Stuxnet represents just one of a few big events in this arena since last
|
|
issue. We've also had Aurora and that whole Google scandal in China.
|
|
Hildawg has been bitching about China from the start, and it came as no
|
|
surprise that pressure would be put to bear on big companies, like Google,
|
|
to defame China's government in the midst of a GFC. More recently,
|
|
Europe's cyberwar simulation has been hailed as a success, with countries
|
|
across the EU learning to defend against over 300 attacks. This marks
|
|
another milestone in the EU's attempt at coordinating intraregional
|
|
cybercrime investigations. Across the Atlantic, USCYBERCOM has finally
|
|
gone live. While governments prefer to keep their military hax a secret,
|
|
there exists a necessity for them to demonstrate their power. Welcome to
|
|
a whole new wave of terror, hackers.
|
|
|
|
The majority of high profile attacks in the last year show a trend towards
|
|
highly skilled and targeted hacks that take a lot of time and/or money to
|
|
develop. In these cases there is minimal collateral damage, months may
|
|
pass before detection, the hackers are anonymous, and the vector is
|
|
unique. While these are still large-scale attacks, they're not intended
|
|
to affect the entire internet -- just a select few major players, and
|
|
sometimes only for a short while. As corporations and governments throw
|
|
big bucks into cyber warfare we're going to start to see some of the big
|
|
names in the IT industry get left behind.
|
|
|
|
The continued DDoS of Burma, in the lead-up to its first election in over
|
|
20 years, showed a recent and unwelcome return to stupidity and ignorance
|
|
at a rate of 10-15gbps, easily dwarfing the Estonia DDoS of 2008. Amnesty
|
|
International had been working hard to get radios into Burma, so that
|
|
people could keep up with the election news from across the border. Days
|
|
after the election, their Hong Kong website was compromised and visitors
|
|
were attacked with an IE exploit that Microsoft knew about, but blatantly
|
|
refused to patch early.
|
|
|
|
On the same day that the Burma DDoS began, the Iranian Cyber Army
|
|
announced its "botnet for hire", though it is rather unlikely that there
|
|
is a substantial link between the two. Their admin system is some kind of
|
|
honeypot, their stats are fake, and surely the very idea should have
|
|
screamed of an obvious trap. But as the news started to spread, bloggers
|
|
began recycling news media, and slower reporters started relying on those
|
|
bloggers, until we started coming across reports that ICA was renting out
|
|
"the same botnets that took down Twitter and Baidu". Uh, sorry? Last
|
|
time I checked, social engineering a dude at Register.com didn't require a
|
|
botnet.
|
|
|
|
But hey, maybe there is a botnet, or at least one in development. It's
|
|
hardly as though ICA are the first to do so. But their treatment by news
|
|
media is ridiculous. I mean, if these guys really are an "army" then just
|
|
where were they when Honker struck out in retaliation for Baidu's
|
|
defacement earlier this year? Unfortunately the media still clings to
|
|
them because of a handful of high profile defacements. And because they
|
|
tend to pop up every time something big happens, some journalists actually
|
|
think these kids are an officially sanctioned military force that reports
|
|
to Ahmadinejad himself! I don't believe, for a second, that they're even
|
|
Iranian to begin with.
|
|
|
|
On the related note of poor-man's hacking, we're also seeing a rise in
|
|
grassroots hacktivism. Social networking sites are making it increasingly
|
|
easy to inspire angry mobs of ordinary computer users to take part in a
|
|
DDoS by clicking a link. Years ago we laughed at those kinds of methods
|
|
(remember the cDc's hacktivismo?). But we're not on dialup anymore, and
|
|
there's not a lot you need to get your own "human-net" started -- just a
|
|
persuasive cause and a handful of idiot-proof programs. LOIC is popular
|
|
for this, as are websites that send GET requests in iframes over and over
|
|
and over. Next thing you know, there's thousands upon thousands of stupid
|
|
tweeters, staggering forth like something out of Resident Evil. This
|
|
isn't even including the more normal botnets that use sites rely on
|
|
Twitter for commands. Throw that into the mix and Twitter becomes some
|
|
kind of pluralistic middle-class pseudo-political force to be reckoned
|
|
with. Law enforcement seem to just give up in those cases. Too many
|
|
people to chase. Not enough resources to prosecute them all. The most we
|
|
see is the instigators of these human-nets being hunted down. As the RIAA
|
|
and MPAA attacks showed us, Anonymous ain't so anonymous when they plan
|
|
their attacks in the open, in front of feds, on 4chan and Darknet.
|
|
|
|
The trend toward military-directed cyber attacks is prompting some
|
|
academics to call for a change to the laws that regulate the conduct of
|
|
hostilities in war. They are questioning whether a country can remain
|
|
neutral in a cyber war if the data carrying the attack travels along that
|
|
country's pipelines. Some militaries insist that for hackers to qualify
|
|
for "prisoner of war" status, these geeks must wear a special hacker
|
|
uniform and carry a sidearm (I like to think this uniform would look like
|
|
TRON Guy).
|
|
|
|
And then there's the question of whether something like Stuxnet can be a
|
|
legal impetus for conventional war. The real beauty of Stuxnet isn't just
|
|
in the code (as specialised and 0-day as it may have been) -- it's also in
|
|
the attack vector. If you conveniently lose your malicious USB key in a
|
|
parking lot, and some "unscrupulous person" picks it up and decides to use
|
|
it at work... YOU are not committing an attack -- at least not directly
|
|
(one could argue, after all, that they had no business picking up the usb
|
|
key in the first place). Moreover, philosophical arguments aside, if
|
|
you're a civilian, the likelihood of you being charged with anything is
|
|
extremely remote. Add all of this to the essential argument that hacking
|
|
cannot be considered an act of war necessitating self-defense unless the
|
|
hack can be compared to a substantive and conventional military attack,
|
|
and conventional arguments are essentially thrown out the window. In other
|
|
words, in the case of Stuxnet, while Iran recognises there was espionage,
|
|
and possibly an intentional attack, the worm was not an "armed attack"
|
|
sufficient to qualify self-defense under the UN Charter.
|
|
|
|
In sum, if the events occurring since the last issue has been anything to
|
|
go by, the next decade will see a growing disparity between the nature of
|
|
high-profile hacks, but at the end of the day the bulk of it is the same
|
|
old same old, with some new shit thrown in. Militaries are fast becoming
|
|
a cyber-force to be reckoned with, but in the absence of laws to regulate
|
|
their actions, don't expect bombs to fall as a result. While it is most
|
|
probably that the recent spate of uniquely targeted high-profile attacks
|
|
will go unpunished, what we can expect is the government to play an
|
|
increasing role in regulating the Internet and hunting down ordinary
|
|
hackers in the name of a "war on cyber terrorism".
|
|
|
|
|
|
--[ 3. Wikileaks and whistleblowing
|
|
|
|
But what of Wikileaks? While it is undeniable that it has had some impact,
|
|
one must ask oneself if we are not just raucously accepting as a date to
|
|
the prom the only girl who asked us out and considering ourselves lucky to
|
|
have found anyone at all. One could argue that when a society needs a
|
|
hero, someone will always be willing to show up fighting, but the same
|
|
could be said of most movements, even including the upstart 'Tea Party'
|
|
being cawed about on Fox News to cheers by the same people who would have
|
|
voted for Obama if they'd been Democrats instead of Republicans. Perhaps
|
|
it's unfair to tilt this article so specifically in the direction of the
|
|
US -- after all, Wikileaks has shed some light on some tremendously
|
|
important stories in the three or four years since its inception -- but
|
|
it's hard to argue that 2010 was the year that Wikileaks came to true
|
|
nation-wide attention, due in no small part to a certain "redacted" video
|
|
going by the sobriquet "Collateral Damage", and then fueled by the
|
|
document dumps ostensibly leaked by US insiders concerning Iraq and
|
|
Afghanistan that came not long thereafter.
|
|
|
|
Yes, we have a responsibility to make information acceessible, or at least
|
|
make the knowledge of how such information is stored and used more public,
|
|
less draconian and redolent of a country poised to curtsy/bow to 'Mein
|
|
Fuhrer' but we also have a responsibility to treat that information with
|
|
respect, and more importantly to be able and willing to filter that data
|
|
through the sieve of common sense and reason: Data should be valuable
|
|
because it is valuable data (and in some cases the releases by Wikileaks
|
|
have indeed been valuable data) and not valuable simply by the reasoning
|
|
that "they don't want us to have it."
|
|
|
|
By the same token, sometimes the very act of sticking the proverbial
|
|
middle finger up at The Man serves as a call to arms -- or at the very
|
|
least a rate limiter: A way to urge the current Powers That Be to think a
|
|
little more before trying to instituting even further privacy eroding
|
|
measures. Conversely, it is all too easy for any country to consider any
|
|
"leak" -- righteously whistleblowing or not -- as an act of war, or an
|
|
excuse to add a few zeros to a department's line budget.
|
|
|
|
And there's something else we all need to be thinking about:
|
|
|
|
Every country, every war, every movement has secrets. We may tell
|
|
ourselves that information wants to be free, but freedom comes with a
|
|
price and some secrets are GOOD secrets. More importantly there OUGHT to
|
|
be some secrets in the world.
|
|
|
|
To completely submit to Wikileaks' vision is almost more akin to Big
|
|
Brother than anything the US government -- or any other government --
|
|
could possible create on its own: A culture where your every move may be
|
|
exposed, your every thought may be tallied, your every minutiae published
|
|
for the whole world to see, in a world where Google gambols giddily in the
|
|
grasses of greed and Facebook and Twitter announce to the world your every
|
|
move to a perceived audience of enthralled onlookers all willing to say
|
|
'you!' when you say 'ah, me!'. In a way we're already most of the way
|
|
there, and that's a very dangerous thing. When your baseline gets reset
|
|
and you don't REALIZE that your privacy is being invaded, then the great
|
|
big "They" has already won -- and you have just let yourself do the dirty
|
|
work for Them.
|
|
|
|
One could argue that if PFC Manning did indeed leak what has been
|
|
attributed to him, he may have done a heroic thing, but the fact that he
|
|
may have also broken a trust that he covenanted into in advance with the
|
|
US government is difficult to completely discount. The Manning case having
|
|
received the attention it has gotten this year has brought up a lot of
|
|
grey areas in peoples' political belief systems, but it has also begged
|
|
the question: What *is* "whistleblowing" and what is "disloyalty"? What is
|
|
"patriotism" and what is "narqing"? When can one trust one's judgment
|
|
about another person's true intentions and is it truly as cut-and-dry as
|
|
we all wish it would be? Adrian Lamo snitched, but it is always possible
|
|
that he thought he was protecting himself or his country even as he may
|
|
have also been trying to cobble together some newfound publicity for a
|
|
receding career that has been inarguably past its prime for years now. At
|
|
some level this isn't about government or whistleblowing or privacy --
|
|
it's about society and about interpersonal trust, and perhaps that is
|
|
where things get the murkiest. Naive or not, trust is dealt out
|
|
increasingly to total strangers on the internet. One could argue that
|
|
Manning, if indeed that was Manning, was naive in trusting a veritable
|
|
stranger, but most of us do this on a regular basis now; the difference
|
|
here is, Manning paid.
|
|
|
|
Without an explicit agreement of nondisclosure one cannot truly and
|
|
totally scorn somebody for "squealing", but by the same token our very
|
|
society has been built up on such simple and implicit bonds of trust: I
|
|
will not hurt you, I will not steal from you, I will not betray you. I may
|
|
not agree with what you do, but I respect your choices as an individual.
|
|
At what point does that trust need to be broken off? Some secrets are
|
|
good, if they contribute to the greater good of society -- and that goes
|
|
*both* ways -- at times in favour of the individual, at other times in
|
|
favour of government. As a species we always want to root for the Underdog
|
|
(and nowhere is this more true than the US, perhaps), but given the fast
|
|
fluxing nature of the Internet, who the Underdog is can flip at a second's
|
|
notice: At first Wikileaks was the cause celebre of people everywhere,
|
|
then came the backlash. All movements have backlashes, and Wikileaks was
|
|
bound to not be the exception.
|
|
|
|
Perhaps one reason so many scorn Wikileaks has to do with the closed-book
|
|
nature of a site so overtly and devoutly espousing transparency; at some
|
|
point it becomes difficult not to interpret all sides as playing with
|
|
similar playbooks. But it's difficult to win at poker at a table where
|
|
everybody knows your cards, especially when the rest of the players have
|
|
bankrolls that far eclipse your own. Again, the question arises: When is
|
|
transparency necessary, and when is secrecy a requirement to make any
|
|
progress at all? On the one hand, one must worry about too much
|
|
transparency; on the other hand, one must worry about too much lurking in
|
|
the shadows. In the past we had journalists to expose corruption; now it
|
|
is often journalists themselves fighting off corruption charges, hiding
|
|
facts, skewing evidence.
|
|
|
|
It's incredibly difficult to deny that some transparency, and indeed
|
|
Wikileaks itself, can have a positive impact -- and it's hard to imagine a
|
|
world where SOME sunshine shouldn't be shed; The trick here is to remember
|
|
that such increased levels of exposure demand we be a more responsible,
|
|
measured animal -- something as homo sapiens we have really never learned
|
|
how to do or be.
|
|
|
|
There is no way to shove the genie back into the bottle, and old rumours
|
|
on the Internet never really die -- they just get archived til someone
|
|
else manages to come along and dig them up from their temporary graves.
|
|
This holds great promise for the future of integrity, but it also creates
|
|
issues when the possibility of outright falsehoods are introduced,
|
|
especially through an anonymous third party, or in cases where a split
|
|
exists between haves and have-nots; who really has time to monitor their
|
|
reputation online to that level? And if someone does besmirch your name,
|
|
what can be done?
|
|
|
|
If your data shows up on a whistleblower site care of a third party, then
|
|
it also becomes yet another way to show a display of power: The
|
|
Vice-Presidential hopeful breaks the rules -- nay, the law -- and walks
|
|
free while the college student who guesses at her password gets sentenced
|
|
to a year of supervision or prison. If there is to be light shed, then it
|
|
should be an equally penetrating (and perhaps softer) light -- not a light
|
|
meant to shine in the victims' faces and hide the face of the perpetrators
|
|
-- especially when the label of 'victim' and 'perpetrator' is so murky and
|
|
grey (as in the Palin case; one could argue both sides committed some form
|
|
of fault).
|
|
|
|
Julian Assange likes to say 'speak truth to power" but this is a tall
|
|
order; to first be able to speak ANYTHING to power, you must basically
|
|
gain the ear of the powerful, or you just get thrown
|
|
into an eddy, left to whirl around with a bunch of kooks and nutjobs (as
|
|
any federal agent handling walk-ins will likely attest to, and too, so
|
|
must whistleblowing sites contend with; with fame
|
|
comes your own raft of nutjobs to weed out).
|
|
|
|
It'd be hard to deny that whatever else Wikileaks has accomplished in the
|
|
past year, it has gotten someone's attention. Whether that will be a good
|
|
thing or a bad thing remains to be seen... But one imagines any call to
|
|
arms must bring about some force for good, even if that force is something
|
|
as simple as a renewed spirit of vigour and willingness to be involved
|
|
among an otherwise sluggish populace juggling its own sense of
|
|
powerlessness in a country demanding what essentially constitutes sexual
|
|
assault merely in order to board an airplane. To make an omelet you must
|
|
first break some eggs; To create a change you must first gain the ear of
|
|
not just power but the people itself -- and then you must charge them with
|
|
the duty to act.
|
|
|
|
The true collateral damage may wind up being Manning himself, here;
|
|
basically judged guilty already, his name forever stored, his
|
|
acquaintances being hassled, his personal life bared open to the
|
|
world, he serves as both an example of what to strive for and a
|
|
cautionary tale for a new age. What the future holds for him remains to be
|
|
seen, but with any luck he will receive a fair trial by a jury of his
|
|
peers -- if any such people even exist.
|
|
|
|
Wikileaks may not be perfect -- in fact, it may be deeply flawed -- but
|
|
for now it's probably all we're going to get. And we should probably be
|
|
grateful for it -- but wary. Always wary. The danger of mixing the message
|
|
up with the messenger is always great, and there is no real way for any
|
|
whistleblowing site to always be 100% correct. Even governments have an
|
|
incredible amount of difficulty verifying the veracity of any information
|
|
or separating rumours from fact; to put this level of blind trust in a
|
|
volunteer organization with no oversight is bound to be fraught with a
|
|
whole host of issues we haven't seen the likes of yet... For instance,
|
|
what happens when a non-governmental entity views it as a potential source
|
|
of information? Once any whistleblowing site gets information, it is out
|
|
there; what is done is done; At this point, false flags and disinformation
|
|
is also an issue; the possibility of tricking any whistleblower site to
|
|
publish false information would destroy not only its credibility if found
|
|
out but possibly be used to forward some governmental or non-governmental
|
|
party or agenda. Additionally, to believe everything that any organization
|
|
says is as short-sighted as believing everything your government tells you.
|
|
|
|
Ultimately your conscience will have to be your guide -- and likely no two
|
|
consciences will ever completely agree, especially about anything as
|
|
at-times agit prop as Wikileaks can be, or as secretive as governments
|
|
have always been.
|
|
|
|
|
|
--[ 4. Scene Events: the Final Word
|
|
|
|
To be sure, many other events have taken place this past year and a half
|
|
(the whitehat-vs-blackhat wars forever raging (cue zf05 and the
|
|
never-ending arguments about disclosure-vs-nondisclosure); the global
|
|
emergence of a harsher, more organized form of cybercrime (and the many
|
|
busts that resulted); etc, etc), but several basic themes emerge: There
|
|
has been fraud -- but there has always been fraud. There have been
|
|
invasions of privacy -- but there have always been invasions of privacy.
|
|
There have be governments overstepping their bounds -- but there have
|
|
always been governments overstepping their bounds. That doesn't make any
|
|
of it acceptable, but it also doesn't make any of it new -- nor does it
|
|
give any of us an excuse to pretend it has nothing to do with us (no
|
|
matter where you reside or what flag you fly (or choose not to fly,
|
|
whatever the case may be)). If anything, there has been an amplification
|
|
of all of the above, but none of it is truly 'new'. Read past issues of
|
|
Phrack: All of the above has existed in some form or another, just on a
|
|
smaller scale. It's still existed.
|
|
|
|
Judging by the drive for wealth or fame or infamy displayed in so many of
|
|
this year's stories, it bears mentioning that we cannot let a few key
|
|
players make us forget how important it is to treat technology
|
|
responsibly, reasonably -- to love it, to hack it, to, please, take risks,
|
|
but to do so with heart
|
|
|
|
-- with CONSCIENCE --.
|
|
|
|
In the end it all starts and ends with you.
|
|
|
|
[EOF]
|
|
|
|
|
|
|