Written By:
karol - Date published:
11:46 am, September 10th, 2014 - 35 comments
Categories: accountability, democratic participation, internet, Spying -
Tags:
Digitally-enabled surveillance technologies can be used by both state agencies, and those who wish to hold them to account. The state agencies tend to hold the most power is using those capabilities, but they are not the only ways capable of using sophisticated digital technologies.
In the light of the hacking of Cameron Slater’s emails by the hacker known as Rawshark, this is an interesting bit of news. [h/t disturbed] Last night One News reported:
High-ranking and powerful New Zealanders are among the 150 million people hit by last year’s hacking of software company Adobe, ONE News has revealed.
ONE News has discovered this includes six workers at our spy agency, the GCSB; 75 Defence personnel; 3,200 Government employees including police; and 60 parliamentary staff, among them, Jason Ede – former adviser to John Key – linked to WhaleOil blogger Cameron Slater who had his emails hacked.
Questions were raised and discounted as to whether Rawshark had got his hacked emails at the same time.
But here’s what happened. Some time last year, a hacker stole the data of 150 million Adobe users and then shared it with other hackers, the same way pirated software is shared.
That hacked information is now stored on hard-drives around the world and anyone with IT knowhow can get it.
“This data has been promulgated across the world, and so the people who are most likely to have access to it are people that have bothered to go and get it, which are hackers,” Mr Ayers says.
Email accounts of six spy agency workers from the GCSB are among the hacked information, exposing their email addresses and passwords.
[…]The GCSB says it was alerted to the incident at the time and took steps to deal with affected accounts.
This has long been indicated in some discussions about the surveillance society.: it can be used by both the state against it’s people, as well as being used by those wishing to hold state authorities to account.
Since the Snowden leaks, there has been a lot of concern about the widespread use of the digitally enabled spying by state services, against ordinary people, and/or people who wish to hold their government to account.
So much data, as indicated by the May 2013 hacks, held by diverse hackers is quite mind blowing. I’m not sure how this relates to our current political issues and debates in NZ, but it certainly is food for thought.
The best protection against misuse of surveillance capabilities is a strong public service media, on and offline, greater government transparency, and stronger democratic engagement with the general population.
Update: Some 2013 history & Anonymous
It is interesting that when the hack happened in May 2013 and in the months following there was no mention of the hack in the mainstream news. It is even more interesting, given that there was a lot going on with respect to state surveillance at the time. in May 2013, the TICS and GCSB Bills were going through parliament. There were protests against these laws in July 2013.
In August, the new GCSB law, extending it’s brief into surveillance of NZ citizens, and to a focus on “economic security” became law.
During the same months last year, there was widespread discussion about the Snowden leaks of NSA capabilities. in May there were leaks about Thin Thread, and the ability to harvest metadata. In June, many kiwis were expressing concern about Prism.
Also in August, the hacking group calling themselves “Anonymous” issued a warning to the NZ government, in a chilling video:
Opening with “Greetings citizens of New Zealand”, the eight-minute video launches a full scale attack on Prime Minister John Key, warning Kiwis of the dangers of their country becoming more like the USA.
[…]“To the citizens of New Zealand: Due to the inevitable corruption of your government we have decided to broaden the scope of our NZ operations.”
During the next week operation kiwi freedom will come in to full affect, with the video transcript ending with:
WE ARE ANONYMOUS.
WE ARE LEGION.
WE DO NOT FORGIVE.
WE DO NOT FORGET.
NEW ZEALAND GOVERNMENT.
YOU SHOULD HAVE EXPECTED US.
There was a DOS attack on some National Party websites was called “juvenile” by John Key. there was a similar attack on the GCSB website.
There seems to be some sort of digital warfare going on. The public only gets a small amount of information on it, so it is hard to understand exactly what is going on.
If you interested in looking at how easily passwords are hacked read this:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Even jumbled letters are no match for the 10 million words plus dictionaries they use on fairly simple graphics card processors
Sure, cracking hashes is relatively easy these days (plus I’m sure some servers even store passwords in plaintext, crazily enough). But they will only be able to access sensitive information if:
1) You use the same password on the hacked site as for a sensitive account.
2) Don’t use two-factor authentication.
Doesnt seem to matter if you use one password or 15, if they can crack thousands per second. The only way seems to be the 5 short random words technique.
Of course it does. They can’t crack a hash if they don’t have the hash.
To clarify:
The way hackers ‘crack’ passwords (as referred to by your article) is by obtaining a list of hashed passwords from a compromised server. A hashed password is the result of applying a one-way function to the password so that it is not possible to directly recover the original password from the hashed one. However, it is relatively trivial to crack a hashed password using a brute force or dictionary attack given the huge amount of computing power available these days. This of course is not the same thing as directly ‘cracking’ a password without a hash. In general the latter is very difficult to do because (1) the number of attempts per second you can perform is limited by the network connection (2) most servers will detect such an attack and cut you off after a few false attempts. So even if they obtain a hashed password from Adobe, it won’t make it easy to hack into your email unless you use the same password for your email.
wonder if ill get any attention from the GCSB, My mining rigs run into TERRAhashes
plus plenty of encrypted traffic coming from my place !
You mining bitcoin minarch?, if so smart move. Crypto-currency is the futue. I hope NZ will adopt its own -sooner rather than later
bitcoin among others slipery
the ROI on BTC is very low now so i have moved onto script coins
Ive done pretty well to date out of BTC
I started mining when the sell price for BTC was $4.70 NZD
I weep at the value i spent on a “certain” website pre price spike 🙂
The delusions of neckbeards have no bounds. 😉
Im cleanly shaved thank you very much 🙂
and my BTC wallet isnt looking to delusional at all my friend !
Thanks Karol, Yes It was TV one much to my amazement.
Another addition to Karol’s vital message is to get folks to sign the petition we have running at almost 5000 now, we want many more to force a proper serious Royal Commissioner report into this dirty politics please.
Get it spread right throughout the social media cell phone networks any way you can using all Facebook twitter and others please.
https://secure.avaaz.org/en/petition/Governor_General_of_New_Zealand_Investigate_all_the_allegations_of_corruption_in_the_National_government/sign/?aeArPbb
A new petition to Share this petition!
Please circulate!
Thanks for signing — your name has been added to this petition!.
Now help reach 10,000 signers — spread the word with Email, Facebook and Twitter below.
http://www.avaaz.org/en/petition/Governor_General_of_New_Zealand_Investigate_all_the_allegations_of_corruption_in_the_National_government/?ceArPbb
Disturbed – the GG is only a figurehead – he will only convene a royal commission of inquiry on the advice of his government. That is the long and short of it. I know of no precedent where a GG has called for such an inquiry without a recommendation of the government of the time. So I’m sorry, but that petition is going nowhere.
Mine was one of the 150 million accounts that were hacked. I wasn’t particularly worried. If they found my email even half as boring as I do, it would be a fitting punishment. (But that wasn’t an issue as Iater discovered, because my password didn’t relate to any other password for my computer or any other account).
What I found interesting was that I was directed to a site where, for “security”, I could store very single password I have. They recommended I make use of it.
Like that site is never going to get hacked…
JS those sites use encryption to simplify your passwords but the problem is they use cloud to store your passwords so really you are very prone to Cloud getting hacked also as it has already been.
We may need to go back to Shortwave radio and CB’s technologies again eh?
I recall that around the time of the May 2014 hacker attack Key went to US and never did explain what for just we found later he attended a NSA conference then the digital changeover of TV networks sped up?
it was May last year: i.e. 2013.
John Key visited the US in June 2103
Damned time travellers.
Is your digital TV converter spying on you ?
http://www.youtube.com/watch?v=TQ4iIM8Eljc
maybe ?
We may need to go back to Shortwave radio and CB’s technologies again eh?
Come the revolution…
semaphore
with a one time pad system 🙂
For most people there’s not much that hackers could get away with. As long as you weren’t negligent, your bank will reimburse you.
Yeah, that was my one qualm – my pay-pal password with my credit-card details.
I wonder if the banks would be so lenient if accounts were emptied en -masse.
Not that I wouldn’t be plotting revolution online – if I could find anyone to join….
If our ability to store value in a digital liquid form is compromised, there’s always barter. 😉
The banks would probably be fine (as they make 20+ % on a fair % of all credit cards they can afford to be). Good luck getting in contact with Paypal though.
What ever system of communication we use is prone to interception. The best idea is to keep to oneself any thoughts you don’t want to make public
Serious questions around John Key must be made by MSM as to why the media allowed the Key claim this was a Labour Party conspiracy after all we know now as Key knew then why did he lie to us all when he was advised it came from overseas in may 2013?
TS should make a focus blog on that side of the “Dirty politics” saga? Key tried now to turn it into a smear campaign blaming Labour for it but now we know better don’t we?
One mans criminal is another mans latest recruit
http://www.tomshardware.com/news/Owen-Thor-Walker-Job-TelstraClear,7509.html
As much as I admire Anonymous, I do wish they wouldn’t put obtrusive ‘end of the world’ music over their message. It makes it hard to take it seriously when you’re flashing back to every Hollywood thriller you’ve ever seen.
When their politics is based on a mashup of Ayn Rand and the Star Wars movies, were you expecting great taste in music?
Where do you get that from Tom?
The plucky rebels vs the evil empire + the cyberlibertarianism.
Just like all projects born of nerd megalomania, my guess is that this one will end with a vigorous bog washing at the hands of the 1st fifteen.
The ‘rebel’ analogy I always think of regarding Anonymous is more like The Matrix. But each to their own.
My question to you was how do you link them with Ayn Rand/Libertarianism? Maybe I wasn’t clear, but the answer you give just rephrased your statement.
“Just like all projects born of nerd megalomania, my guess is that this one will end with a vigorous bog washing at the hands of the 1st fifteen.”
ahhhh were not @ your high school circa 1985 anymore Tom…
ask your kids …
One way to stop intrusion of your mobile device, which is said to work even when off! Is to put in a Faraday chamber, or better still, a metal casing. And so restrict its ability to communicate.
I don’t think that everyone will know what that a Faraday chamber is. And excuse me for asking but putting it into a kind of lead encased fort knox will that not make the device’s useful functionalities (which often double as spy tools) unable to work?
Are groups like Anonymous and individuals like Rawshank the modern version of the brick through the bank’s window?
If people feel/believe/know that things such as a proven by Dirty Politics and subsequent emails are happening, some feel hopeless and resignedly accept “everyone is doing it”, others find a way to fight back?
When you have tried MSM or other processes and you feel ignored or marginalised you find other ways to get what you need.
It’s not as exciting as a riot in the street but Snowden, wikileaks, anonymous, rawshank are fighting back, and hard, aren’t they?
Critical Fixes for Adobe, Microsoft Software
http://krebsonsecurity.com/2014/09/critical-fixes-for-adobe-microsoft-software/
“Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update!”