You may have no online privacy, then too bad for you.
If you refer to the recent cancellation of a US law before it came into effect that would have reverted ISP selling customer data. Well you got it backwards.
Anyways I'm not from the US and you'll be shocked to learn that I'm part of my own federated ISP[1] and that each subscriber has a say and is aware of what the ISP does, and privacy protection is a priority even when it is a governmental or police probe.
Interesting to see people downvote you, just a week ago the top comment here on HackerNews (on Macron winning), mentioned how there was "Russian metadata" in the hack [1].
Just goes to show you how people will believe what benefits them and downvote what's inconvenient.
Put away the persecution fantasies, he's being downvoted because he's wrong. There were two separate incidents here: weev is behind the phony finance documents, not the account hacks, which are still believed to be Russian in origin.
He is not wrong in general, though. Russia and China do have kids doing it for the lulz, as well as criminal groups.
So if you have clues on the country of origin of an attack, you still need additional evidence (such as methods used and choice of target) to be reasonably sure of state sponsorship.
Provided the Macron campaign had a competent chief security officer (coming straight from the industry) and was paranoid about security, and given the scale of the leak, it seems unlikely that it was the job of skiddies doing it for the lulz.
Macron campaign had a competent chief security officer ? Seems unlikely.
-edit-
well then downvote me instead of providing a name and explanation that this guy was competent, macronleak was depicted as poor security practices and probably low level attacks[1]. Let's not forget that they got breached at least once beforehand during the campaign and the trend micro report[2] explained what to do to protect against these attacks which obviously was not applied (assuming the leak has not been orchestrated).
I don't know how accurate it is, but the wikipedia entry on weev indicates he is in the Ukraine, not sure in the Russian occupied part or sovereign Ukraine.
>Put away the persecution fantasies, he's being downvoted because he's wrong
Wrong about what, exactly?
I simply stated that instances exist in which an American or Chinese hackers may do wrong without having any connection to the government. If you disagree..you're quite obviously wrong.
Except both countries are well known for sponsoring such hackers. The "state-sponsored" part often factors in largely in the sophistication and scale of attacks. You don't need that to badly forge documents.
When did I ever say that? I was actually going to mention Stuxnet in my comment (http://i.imgur.com/ZPcpudl.png) but decided not to for whatever reason. Don't be so quick to assume things.
It is quite interesting from a strategy perspective of the agreeing third party security companies. If (for this or the alleged Russia DNC hack) clear evidence arises that completely contradict the reports they have put out (paid for by whom?) it could potentially be catastrophic to their business.
In these circumstance then at some point the company would have had to essentially doctor evidence to support the required conclusion. If unequivocal evidence arises that is contrary to this, then it would be a massive deal. How could they explain away their findings?
I am not making any judgements on if the above happened, but it will be interesting to follow in this particular case which appears to clearly point to weev.
I think a big problem is that when a powerful politician calls a security expert to provide an opinion, the expert might feel pressured into giving a binary answer, even if the best answer is "I don't know," or "not enough information."
Ultimately the root problem is politicians/media/people demanding certainty from experts who are used to dealing in probabilities.
Security is inherently a cat and mouse game. Nothing is ever certain. It's frustrating to see these stories play out in the media, and it's unfortunate how many people are so willingly uninformed. But I digress.
Two things happened in the French election. First, someone created a forged document, purporting to show that Macron had a secret offshore bank account, and published it on 4chan. (The forgery was poorly done, and was recognized immediately). Second, someone hacked the Macron campaign's computers and published all their emails. (Possibly with fake emails mixed in, though I haven't heard of any specific emails from that dump being fake).
This article claims that the first of these, the forged document, was done by Weev (aka Andrew Auernheimer). However, the second of these - the email data dump - has not been attributed to Weev and was likely done by someone else.
You know full well these aren't leaks. Private information was stolen illegally. Don't pretend like this was a whistleblower. This forum needs a rule against this kind of fained ignorance.
Which isn't as terrible as it sounds, France has a law that does not allow campaigning or reporting on candidates for 24 (or 48?) hours before an election.
The law is intended to give people time to reflect and think for themselves without being influenced before they go to vote.
Here is the actual law[1], article 49 of electoral code:
Starting the day before voting at zero hour, it is
forbidden to distribute bulletins, circular and other
documents
Starting the day before voting at zero hour, it is also
forbidden to broadcast electoral propaganda messages using
an electronic public communication.
This explains with an election day newspaper still had a full cover titled "Do as you want but vote macron"[2], but does not explain why there were official legal threats used to deter reporting on the leak.
To be clear they were invited by the National Commission for the Control of the Presidential Campaign not to diffuse the leak without verifying if the documents were genuine.
They reminded them that if they did diffuse fake documents they risked legal action against them.
Translated from french newspaper:
The National Commission for the Control of the Presidential Campaign (CNCCEP) on Saturday called on the media and "citizens" not to relay the contents of these internal documents. The proceeding had been seized, in the evening of Friday, by En marche !. After meeting on Saturday morning to "take stock", she stresses in a statement that "the dissemination or the re-broadcasting of such data, obtained fraudulently and in all likelihood, may have been misinterpreted, is likely To receive a criminal qualification for several reasons and to engage the responsibility of its authors ". The CNCCEP warns: "On the eve of the most important election deadline for our institutions, it calls on all actors present on websites and social networks, first and foremost the media, but also all citizens, In order not to alter the sincerity of the ballot, not to violate the prohibitions laid down by law and not to expose oneself to the commission of criminal offenses "
The french media are still reporting on it. Mostly to say they couldn't find anything damaging, and that it was most likely meant to push a conspiracy agenda ("press is hiding scandals").
I've also heard it was pretty bad in term of privacy with personal details of Macron supporters being published in the dump (and at least in some screenshots I've seen, there were random person address including their building access code).
The link you provide states that the leak contains no breaking news revelation because email was not the communication canal used for important matter. But despite the absence of such revelation does not mean the leak is void of significant content.
This echoes what other media have reported, that nothing illegal has been found in the financing of the campaign but it shows that it got its money from banking networks and start-ups exposing the link between Macron and banks which has been denied during the campaign[1].
There are a number of other legitimate questions raised by the data found in the leak such as how Macron got access to parti socialiste's budget for the 2012 presidential campaign for example. Link this with the fact that parti socialiste pulled the rug under the feet of its own candidate while parti socialiste's current president Hollande was not a candidate and secretly suported Macron and you get a behind the scene glimpse on this french presidential election.
The late came out too late to have an effect on the outcome of the election. And Macron's campaign handled the leak very professionally which led to little media fallout.
The timing of the release of the leak is suspicious. Just in time to be too late to have an effect, and right before the "période de réserve". Maybe a last push to demonize Macron's opponent ?
This leak happened at the end of an election where pretty much everything seems to have been orchestrated to turn a two rounds election into a one turn plebiscite for Macron:
- small irrelevant candidates easily got their required 500 signatures (cheminade, lasalle, etc.) while serious candidates struggled (mélenchon, lepen)
- the outsider (fillon) had scandals made public all over the media while what he did is politics as usual and other candidates scandals got no coverage
- the direct contender (hamon) had his own political party pull the rug under his feets with rumors that the party was preparing for macron's victory.
- media gave a lot of attention to lepen both pushing her by reporting it was inevitable she'll qualify for second round and demonizing her at the same time to make sure she would not win.
And the list of suspicious things continues, the last one and not the most significant being macronleaks being released with a weird timing.
Isn't weev supposed to be at least somewhat technically competent? The first leaked document seems to have been produced by someone with very little knowledge of image manipulation, or what actually happens under the hood of technology, given how trivial it was to prove that it was fake.
I think if you asked my fellow (and often far-more) technically competent engineers many would be hard-pressed to create any chops, let alone realistic ones that pass the gaze of the crowd.
Obtaining access to a system, and faking the information you'd get from obtaining access to a system, are very different skills; being good at one does not automatically translate to being good at the other.
And producing convincing fake information is in general a pretty specific skill (and one that, thankfully, even very dedicated people are usually quite bad at).
From what I read this was also muddied by the fact that Macron's team had honeypot email accounts set up with fake emails inside too. Talk about a mess!
I was reading some of the leaked emails. They are awful. Purchasing "legal highs" off the dark web. Cocaine. All sorts of horrendous stuff.
I think the En Marche! leak has many similar properties to the DNC leaks. Once many very incriminating emails were leaked, many "invested" parties jumped on the opportunity to inject fakes to discredit the whole.
If I was Podesta or Macron, and a bunch of private emails were leaked to show corruption, pedophilia, illegal drug use, etc., what would be my first port of call? Discredit the authenticity with fakes.
54 comments
[ 3.7 ms ] story [ 112 ms ] threadIf you refer to the recent cancellation of a US law before it came into effect that would have reverted ISP selling customer data. Well you got it backwards. Anyways I'm not from the US and you'll be shocked to learn that I'm part of my own federated ISP[1] and that each subscriber has a say and is aware of what the ISP does, and privacy protection is a priority even when it is a governmental or police probe.
[1]: https://www.ffdn.org/
Just goes to show you how people will believe what benefits them and downvote what's inconvenient.
[1] https://news.ycombinator.com/item?id=14286630
So if you have clues on the country of origin of an attack, you still need additional evidence (such as methods used and choice of target) to be reasonably sure of state sponsorship.
-edit- well then downvote me instead of providing a name and explanation that this guy was competent, macronleak was depicted as poor security practices and probably low level attacks[1]. Let's not forget that they got breached at least once beforehand during the campaign and the trend micro report[2] explained what to do to protect against these attacks which obviously was not applied (assuming the leak has not been orchestrated).
[1] https://www.nextinpact.com/news/104217-edito-macronleaks-ou-... [2] https://documents.trendmicro.com/assets/wp/wp-two-years-of-p...
Wrong about what, exactly?
I simply stated that instances exist in which an American or Chinese hackers may do wrong without having any connection to the government. If you disagree..you're quite obviously wrong.
And the US doesn't? Where have you been? Stuxnet blowing up Iranian nuclear plants? The pages upon pages of NSA documents?
The implication that the US is innocent of state-sponsored hacking is patently absurd.
It will be interesting to see how, if at all, this changes the widely-held APT28 attribution hypothesis.
In these circumstance then at some point the company would have had to essentially doctor evidence to support the required conclusion. If unequivocal evidence arises that is contrary to this, then it would be a massive deal. How could they explain away their findings?
I am not making any judgements on if the above happened, but it will be interesting to follow in this particular case which appears to clearly point to weev.
- State sponsored email hacking
- A kid on 4chan faked a document
Ultimately the root problem is politicians/media/people demanding certainty from experts who are used to dealing in probabilities.
Security is inherently a cat and mouse game. Nothing is ever certain. It's frustrating to see these stories play out in the media, and it's unfortunate how many people are so willingly uninformed. But I digress.
This article claims that the first of these, the forged document, was done by Weev (aka Andrew Auernheimer). However, the second of these - the email data dump - has not been attributed to Weev and was likely done by someone else.
The law is intended to give people time to reflect and think for themselves without being influenced before they go to vote.
[1]: https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte... [2]: http://monde.taibaweb.com/wp-content/uploads/2017/05/arton45...
Translated from french newspaper: The National Commission for the Control of the Presidential Campaign (CNCCEP) on Saturday called on the media and "citizens" not to relay the contents of these internal documents. The proceeding had been seized, in the evening of Friday, by En marche !. After meeting on Saturday morning to "take stock", she stresses in a statement that "the dissemination or the re-broadcasting of such data, obtained fraudulently and in all likelihood, may have been misinterpreted, is likely To receive a criminal qualification for several reasons and to engage the responsibility of its authors ". The CNCCEP warns: "On the eve of the most important election deadline for our institutions, it calls on all actors present on websites and social networks, first and foremost the media, but also all citizens, In order not to alter the sincerity of the ballot, not to violate the prohibitions laid down by law and not to expose oneself to the commission of criminal offenses "
(fr link) http://www.lemonde.fr/idees/article/2017/05/17/les-macronlea...
I've also heard it was pretty bad in term of privacy with personal details of Macron supporters being published in the dump (and at least in some screenshots I've seen, there were random person address including their building access code).
This echoes what other media have reported, that nothing illegal has been found in the financing of the campaign but it shows that it got its money from banking networks and start-ups exposing the link between Macron and banks which has been denied during the campaign[1].
There are a number of other legitimate questions raised by the data found in the leak such as how Macron got access to parti socialiste's budget for the 2012 presidential campaign for example. Link this with the fact that parti socialiste pulled the rug under the feet of its own candidate while parti socialiste's current president Hollande was not a candidate and secretly suported Macron and you get a behind the scene glimpse on this french presidential election.
[1]: http://www.liberation.fr/elections-presidentielle-legislativ... and https://www.mediapart.fr/journal/international/130517/la-pis...
This leak happened at the end of an election where pretty much everything seems to have been orchestrated to turn a two rounds election into a one turn plebiscite for Macron:
- small irrelevant candidates easily got their required 500 signatures (cheminade, lasalle, etc.) while serious candidates struggled (mélenchon, lepen)
- the outsider (fillon) had scandals made public all over the media while what he did is politics as usual and other candidates scandals got no coverage
- the direct contender (hamon) had his own political party pull the rug under his feets with rumors that the party was preparing for macron's victory.
- media gave a lot of attention to lepen both pushing her by reporting it was inevitable she'll qualify for second round and demonizing her at the same time to make sure she would not win.
And the list of suspicious things continues, the last one and not the most significant being macronleaks being released with a weird timing.
And in case this reads as ex-post-facto justification, there is in fact this article from 10 days before the leaks: http://www.thedailybeast.com/articles/2017/04/25/fighting-ba...
And producing convincing fake information is in general a pretty specific skill (and one that, thankfully, even very dedicated people are usually quite bad at).
I think the En Marche! leak has many similar properties to the DNC leaks. Once many very incriminating emails were leaked, many "invested" parties jumped on the opportunity to inject fakes to discredit the whole.
If I was Podesta or Macron, and a bunch of private emails were leaked to show corruption, pedophilia, illegal drug use, etc., what would be my first port of call? Discredit the authenticity with fakes.