The extent of public interest hacking?

Written By: - Date published: 11:46 am, September 10th, 2014 - 35 comments
Categories: accountability, democratic participation, internet, Spying - Tags:

Digitally-enabled surveillance technologies can be used by both state agencies, and those who wish to hold them to account. The state agencies tend to hold the most power is using those capabilities, but they are not the only ways capable of using sophisticated digital technologies.

In the light of the hacking of Cameron Slater’s emails by the hacker known as Rawshark, this is an interesting bit of news. [h/t disturbed]  Last night One News reported:

High-ranking and powerful New Zealanders are among the 150 million people hit by last year’s hacking of software company Adobe, ONE News has revealed.

ONE News has discovered this includes six workers at our spy agency, the GCSB; 75 Defence personnel; 3,200 Government employees including police; and 60 parliamentary staff, among them, Jason Ede – former adviser to John Key – linked to WhaleOil blogger Cameron Slater who had his emails hacked.

Questions were raised and discounted as to whether Rawshark had got his hacked emails at the same time.

But here’s what happened. Some time last year, a hacker stole the data of 150 million Adobe users and then shared it with other hackers, the same way pirated software is shared.

That hacked information is now stored on hard-drives around the world and anyone with IT knowhow can get it.

“This data has been promulgated across the world, and so the people who are most likely to have access to it are people that have bothered to go and get it, which are hackers,” Mr Ayers says.

Email accounts of six spy agency workers from the GCSB are among the hacked information, exposing their email addresses and passwords.

[…]

The GCSB says it was alerted to the incident at the time and took steps to deal with affected accounts.

This has long been indicated in some discussions about the surveillance society.: it can be used by both the state against it’s people, as well as being used by those wishing to hold state authorities to account.

dilbert terrorist surveillance thumb

Since the Snowden leaks, there has been a lot of concern about the  widespread use of the digitally enabled spying by state services, against ordinary people, and/or people who wish to hold their government to account.

So much data, as indicated by the May 2013 hacks, held by diverse hackers is quite mind blowing.  I’m not sure how this relates to our current political issues and debates in NZ, but it certainly is food for thought.

The best protection against misuse of surveillance capabilities is a strong public service media, on and offline, greater government transparency, and stronger democratic engagement with the general population.

Update: Some 2013 history & Anonymous

It is interesting that when the hack happened in May 2013 and in the months following there was no mention of the hack in the mainstream news.  It is even more interesting, given that there was a lot going on with respect to state surveillance at the time.  in May 2013, the TICS and GCSB Bills were going through parliament. There were protests against these laws in July 2013.

In August, the new GCSB law, extending it’s brief into surveillance of NZ citizens, and to a focus on “economic security” became law.

During the same months last year, there was widespread discussion about the Snowden leaks of NSA capabilities.  in May there were leaks about Thin Thread, and the ability to harvest metadata.  In June, many kiwis were expressing concern about Prism.

Also in August, the hacking group calling themselves “Anonymous” issued a warning to the NZ government, in a chilling video:

Techday reported on it:

Opening with “Greetings citizens of New Zealand”, the eight-minute video launches a full scale attack on Prime Minister John Key, warning Kiwis of the dangers of their country becoming more like the USA.

[…]

“To the citizens of New Zealand: Due to the inevitable corruption of your government we have decided to broaden the scope of our NZ operations.”

During the next week operation kiwi freedom will come in to full affect, with the video transcript ending with:

WE ARE ANONYMOUS.
WE ARE LEGION.
WE DO NOT FORGIVE.
WE DO NOT FORGET.
NEW ZEALAND GOVERNMENT.
YOU SHOULD HAVE EXPECTED US.

There was a DOS attack on some National Party websites was called “juvenile” by John Key.  there was a similar attack on the GCSB website.

There seems to be some sort of digital warfare going on. The public only gets a small amount of information on it, so it is hard to understand exactly what is going on.

 

35 comments on “The extent of public interest hacking? ”

  1. ghostwhowalksnz 1

    If you interested in looking at how easily passwords are hacked read this:

    http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

    Even jumbled letters are no match for the 10 million words plus dictionaries they use on fairly simple graphics card processors

    • wtl 1.1

      Sure, cracking hashes is relatively easy these days (plus I’m sure some servers even store passwords in plaintext, crazily enough). But they will only be able to access sensitive information if:

      1) You use the same password on the hacked site as for a sensitive account.

      2) Don’t use two-factor authentication.

      • ghostwhowalksnz 1.1.1

        Doesnt seem to matter if you use one password or 15, if they can crack thousands per second. The only way seems to be the 5 short random words technique.

        • wtl 1.1.1.1

          Doesnt seem to matter if you use one password or 15, if they can crack thousands per second. The only way seems to be the 5 short random words technique.

          Of course it does. They can’t crack a hash if they don’t have the hash.

          To clarify:
          The way hackers ‘crack’ passwords (as referred to by your article) is by obtaining a list of hashed passwords from a compromised server. A hashed password is the result of applying a one-way function to the password so that it is not possible to directly recover the original password from the hashed one. However, it is relatively trivial to crack a hashed password using a brute force or dictionary attack given the huge amount of computing power available these days. This of course is not the same thing as directly ‘cracking’ a password without a hash. In general the latter is very difficult to do because (1) the number of attempts per second you can perform is limited by the network connection (2) most servers will detect such an attack and cut you off after a few false attempts. So even if they obtain a hashed password from Adobe, it won’t make it easy to hack into your email unless you use the same password for your email.

  2. minarch 2

    wonder if ill get any attention from the GCSB, My mining rigs run into TERRAhashes

    plus plenty of encrypted traffic coming from my place !

  3. You mining bitcoin minarch?, if so smart move. Crypto-currency is the futue. I hope NZ will adopt its own -sooner rather than later

    • minarch 3.1

      bitcoin among others slipery

      the ROI on BTC is very low now so i have moved onto script coins

      Ive done pretty well to date out of BTC

      I started mining when the sell price for BTC was $4.70 NZD

      I weep at the value i spent on a “certain” website pre price spike 🙂

    • The delusions of neckbeards have no bounds. 😉

      • minarch 3.2.1

        Im cleanly shaved thank you very much 🙂

        and my BTC wallet isnt looking to delusional at all my friend !

  4. disturbed 4

    Thanks Karol, Yes It was TV one much to my amazement.

    Another addition to Karol’s vital message is to get folks to sign the petition we have running at almost 5000 now, we want many more to force a proper serious Royal Commissioner report into this dirty politics please.

    Get it spread right throughout the social media cell phone networks any way you can using all Facebook twitter and others please.
    https://secure.avaaz.org/en/petition/Governor_General_of_New_Zealand_Investigate_all_the_allegations_of_corruption_in_the_National_government/sign/?aeArPbb
    A new petition to Share this petition!
    Please circulate!
    Thanks for signing — your name has been added to this petition!.

    Now help reach 10,000 signers — spread the word with Email, Facebook and Twitter below.
    http://www.avaaz.org/en/petition/Governor_General_of_New_Zealand_Investigate_all_the_allegations_of_corruption_in_the_National_government/?ceArPbb

    • the pigman 4.1

      Disturbed – the GG is only a figurehead – he will only convene a royal commission of inquiry on the advice of his government. That is the long and short of it. I know of no precedent where a GG has called for such an inquiry without a recommendation of the government of the time. So I’m sorry, but that petition is going nowhere.

  5. just saying 5

    Mine was one of the 150 million accounts that were hacked. I wasn’t particularly worried. If they found my email even half as boring as I do, it would be a fitting punishment. (But that wasn’t an issue as Iater discovered, because my password didn’t relate to any other password for my computer or any other account).

    What I found interesting was that I was directed to a site where, for “security”, I could store very single password I have. They recommended I make use of it.
    Like that site is never going to get hacked…

  6. disturbed 6

    JS those sites use encryption to simplify your passwords but the problem is they use cloud to store your passwords so really you are very prone to Cloud getting hacked also as it has already been.
    We may need to go back to Shortwave radio and CB’s technologies again eh?
    I recall that around the time of the May 2014 hacker attack Key went to US and never did explain what for just we found later he attended a NSA conference then the digital changeover of TV networks sped up?

  7. disturbed 7

    Serious questions around John Key must be made by MSM as to why the media allowed the Key claim this was a Labour Party conspiracy after all we know now as Key knew then why did he lie to us all when he was advised it came from overseas in may 2013?

    TS should make a focus blog on that side of the “Dirty politics” saga? Key tried now to turn it into a smear campaign blaming Labour for it but now we know better don’t we?

  8. emergency mike 9

    As much as I admire Anonymous, I do wish they wouldn’t put obtrusive ‘end of the world’ music over their message. It makes it hard to take it seriously when you’re flashing back to every Hollywood thriller you’ve ever seen.

    • When their politics is based on a mashup of Ayn Rand and the Star Wars movies, were you expecting great taste in music?

      • emergency mike 9.1.1

        Where do you get that from Tom?

        • Tom Jackson 9.1.1.1

          The plucky rebels vs the evil empire + the cyberlibertarianism.

          Just like all projects born of nerd megalomania, my guess is that this one will end with a vigorous bog washing at the hands of the 1st fifteen.

          • emergency mike 9.1.1.1.1

            The ‘rebel’ analogy I always think of regarding Anonymous is more like The Matrix. But each to their own.

            My question to you was how do you link them with Ayn Rand/Libertarianism? Maybe I wasn’t clear, but the answer you give just rephrased your statement.

          • minarch 9.1.1.1.2

            “Just like all projects born of nerd megalomania, my guess is that this one will end with a vigorous bog washing at the hands of the 1st fifteen.”

            ahhhh were not @ your high school circa 1985 anymore Tom…

            ask your kids …

  9. aerobubble 10

    One way to stop intrusion of your mobile device, which is said to work even when off! Is to put in a Faraday chamber, or better still, a metal casing. And so restrict its ability to communicate.

    • Rich 10.1

      I don’t think that everyone will know what that a Faraday chamber is. And excuse me for asking but putting it into a kind of lead encased fort knox will that not make the device’s useful functionalities (which often double as spy tools) unable to work?

  10. Tracey 11

    Are groups like Anonymous and individuals like Rawshank the modern version of the brick through the bank’s window?

    If people feel/believe/know that things such as a proven by Dirty Politics and subsequent emails are happening, some feel hopeless and resignedly accept “everyone is doing it”, others find a way to fight back?

    When you have tried MSM or other processes and you feel ignored or marginalised you find other ways to get what you need.

    It’s not as exciting as a riot in the street but Snowden, wikileaks, anonymous, rawshank are fighting back, and hard, aren’t they?

  11. Critical Fixes for Adobe, Microsoft Software
    http://krebsonsecurity.com/2014/09/critical-fixes-for-adobe-microsoft-software/

    “Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update!”