34 comments

[ 2.8 ms ] story [ 68.5 ms ] thread
Mere mortals trying to understand the inner workings of intelligence agencies make me cringe.

There are no good boys and bad boys here.

I would say there are only bad boys.
Funny how morals don't scale...
Given that https://www.scientificamerican.com/article/how-cia-fake-vacc... happened as well, this allegation is sadly unsurprising and probably true.

Can Kaspersky Lab sue the CIA / the US government for hurting their reputation / business in this manner?

Sure they can try... Chance of winning in a USA court.. near zero. Chance of winning in a foreign court, high, but they'd never get the payout.
Suing the CIA is like trying to get revenge on a table saw for cutting your finger off by punching feeding the rest of your arm into it.
What's the actual technical thing that happened here? Did they manage to trick Thawte into issuing real SSL certificates for Kaspersky's internet domains?
> Did they manage to trick Thawte into issuing real SSL certificates for Kaspersky's internet domains?

Most probably something really simple with the goal to trigger some resonance in media when nobody will ask about SSL certificates and then forget about it.

> Did they manage to trick Thawte into issuing real SSL certificates for Kaspersky's internet domains?

No, that would be huge news. They just created an invalid self-signed certificate with a Kaspersky domain in the CN. This would allow their implant traffic to hide better, as in a program like Wireshark it would just look like a server downloading some anti-virus updates instead of sticking out as a C2 beacon.

Check out the source bundle - Same can be done to create self-signed certificates for stealth in other scenarios which may require a different domain name (For example, if the target uses another program such as Chrome which periodically contacts a server to fetch automatic updates, it would use the domain of that server).

There is no significance of Thawte, other than being the CA which Kaspersky uses. This is to be expected, as the self-signed certificates are naturally going to need to look like the originals, only differing in keys of course.

Here comes Wikileaks to the Russia Rescue again. Their reputation is shot afaik
How is wikileaks a credible source these days? https://www.wired.com/2016/07/wikileaks-officially-lost-mora...
The fact that you don't like what they do doesn't mean that they don't accurately report on the information that they receive.
They don't, though. Their reporting and editorializing of leaks has been inaccurate quite a few times.

That said, there is no evidence indicating the content of their leaks isn't genuine, so it is probably best to look at the leaked content itself rather than the analysis WL writes alongside the leaks.

It’s easy to create a false impression with selective releases of information.

I’ll note that Wikileaks has published absolutely nothing from the fsb.

Maybe FSB has less technologies to leak or less people willing to do so.
Or as Assange himself has said, they have no Russian speaking staff.
These weren’t ‘leaked’ by some whistleblower, come on.
Maybe it has to do with the death threats from the FSB, then the TV deal Assange signed with Putin?
Russia doesn't pretend to be a bastion of freedom and liberty though, so what would be the point?
There seems to be evidence that the Clinton emails released by Wikileaks were edited before release. This would conflict with their stated goals and I think is what's hurting their credibility the most right now.
There is absolutely no evidence to suggest that (outside of the Clinton camp and Podesta) and given Wikileaks track record, it's highly unlikely.
I think some wires are being crossed here, as there has been recent evidence of modifications to earlier leaks from Guccifer 2.0 of DNC documents. These were not published by WL but they are often grouped with WL due to Guccifer 2.0 claiming to be a WL source
"There seems to be evidence that the Clinton emails released by Wikileaks were edited before release."

[citation needed]

For many/most of the released emails, there is evidence that they were NOT edited prior to release. The emails have a DKIM signature. Unless you are claiming that Google's private keys were misused, the emails simply WERE NOT EDITED.

Additionally, there is NO EVIDENCE of a suspicious pattern of emails not being signed.

So please, provide a citation for "evidence that the Clinton emails released by Wikileaks were edited before release". Because the only evidence I'm aware of is evidence which clearly demonstrates the emails COULD NOT HAVE BEEN ALTERED BY WIKILEAKS.

How is Wired a credible source these days?

>In the last two weeks, the font of digital secrets has doxed millions of Turkish women

This is simply a lie. It's still in there, in a year old article, not retracted.

This article is nothing but a particularly poorly written hit piece.

it's propagandish, it's less outlandish to suggest that wikipedia is propaganda than how this article presents the issue, something along the lines of "once they started leaking stuff about DNC it seems fishy!" ... seems silly. why is the line crossed at DNC leaks?
It’s not just propagandish. The author is straight up lying, making entirely fabricated claims about Wikileaks releases. This isn’t something you could get wrong by mistake.

>WikiLeaks has endangered individuals before, but their release of the so-called Erdogan Emails was particularly egregious. The organization said that the infodump would expose the machinations of Turkish president Recep Tayyip Erdogan immediately after the attempted coup against him, but instead turned out to be mostly correspondence and personal information from everyday Turkish citizens. Worse, it included the home addresses, phone numbers, party affiliations, and political activity levels of millions of female Turkish voters.

This is a complete fabrication and something you would expect people to get fired for.

Wikileaks simply never published such data, and the criticism of the emails (which they actually released) is disingenious at best. Nobody attacked them like this when they released private emails of Sony or Hacking Team employees.

>WikiLeaks’ moral high ground depends on its ability to act as an honest conduit. Right now it’s acting like a damaged filter.

Here it seems like she’s suggesting that Wikileaks has been holding back stuff handed to them, I sure hope she has something to back that up!

Somehow I seriously doubt the author would’ve written a similar article had wikileaks been releasing RNC emails instead...

Really easily? Wikileaks never published this material. Go find it on their website, or archive.org version of it. You’re asking me to prove a negative here.

This material was published by @natsecgeek, Zeynep Tufekci is intentionally trying to mislead people.

Besides, I’m pretty sure the db published by @natsecgeek contained both men and women. It is really fucking weird that they’re only singling out women.

If you're talking about the AKP email leaks otherwise being pretty boring, I totally agree.

So, your beef is that you're more concerned whether Wikileaks tweeted a pointer to the doxxing or actually hosted the files? But instead of explaining that, you're just calling things lies. After reading your comments I was left with the impression that a million people weren't doxxed.

Zeynep Tufekci said enough about what happened that they didn't mislead me. I can see that a lot of people were actually doxxed, and where the file was hosted and who tweeted about it.

So who's being misleading here? Wired is being incomplete, you're being incomplete. Zeynep Tufekci ftw.

>So, your beef is that you're more concerned whether Wikileaks tweeted a pointer to the doxxing or actually hosted the files?

Yeah, that seems like a pretty relevant detail when they're accused of "doxing millions of Turkish women".

Wikileaks did not do this. Another journalist, Michael Best published the data on archive.org. Thousands of other parties besides WL pointed to his release.

>So who's being misleading here? Wired is being incomplete, you're being incomplete. Zeynep Tufekci ftw.

How am I being incomplete? The doxing happened, WL didn't do it. End of story.

Tufekcis post is titled "WikiLeaks Put Women in Turkey in Danger, for No Reason". Which is not something Wikileaks did, what is that but a lie?

The article starts with Tufekci explicitly suggesting that it was WL dumped this data.

>But Snowden couldn’t have been more wrong about an act that was irresponsible, of no public interest and of potential danger to millions of ordinary, innocent people, especially millions of women in Turkey.

"an act" being spoken of here is WL releasing AKP emails. That act did not actually involve "millions of women in Turkey".

Another lie.

>However, WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.

All out of sudden the whole premise of the article changes when she finally corrects herself that WL didn't actually release this data, which was unrelated to WLs AKP leak.

"incomplete" suggests missing information, these articles contain fabricated information.

Tufekci also doubled down on her inane claims on twitter. https://twitter.com/zeynep/status/757599082928082944

>Instead of "AKP emails", Wikileaks dumped private info of ALMOST EVERY WOMAN in Turkey Yes. http://www.huffingtonpost.com/zeynep-tufekci/wikileaks-erdog...

Again, clearly a lie.

Here she admits to deliberately misleading: https://twitter.com/zeynep/status/758348011344986113

(comment deleted)
If this is true, the future will be sad. The next time someone will discover a real problem, people will ignore it.
Who trust CIA after all that they lied to us ? - I dont