The fake certificates aren't signed by a legit CA. It's not actually clear if they're in use or just examples; the code is a mess. The idea is clearly if someone is using packet sniffing tools to monitor their network, they see Kaspersky's name in the cert of an outbound connection and assume either:
1) It's their own AV installs grabbing updates or something similar
2) They've been hacked by teh evil ruskies
Interestingly these example certs aren't in the HEAD of the repository (WikiLeaks provide the entire git repo with history). To find the certs they were talking about I had to look at the first commit. At some point these files were removed. The start of the repo is in 2013, well before the current Red Scare.
It's unclear to me that this is the CIA impersonating Russia for political reasons, as might be assumed from the headline, vs just using Kaspersky and Thawte because these happen to be companies with many customers. However, Wikileaks does say the justification is simply to hide exfiltration. We already knew that western intelligence agencies like to frame their opponents and cause confusion around attribution, like the neat trick NSA/GCHQ use where they send data they want to a server controlled by someone they don't like/some random innocent, which ignores the traffic because it's not actually compromised. They then suck the data they want off the wire as it is transferred.
All that said it is depressing how well US propaganda works. Look at all the people in this thread saying, no no, it can't be true, it's from Wikileaks - even though the code and files themselves are available to download. The analysis they post isn't misleading either. It's pretty much describing what's found in the repo.
edit: lol, just as I was writing this the story is flagged. What a big surprise. We can't have anything interfering with the official narrative, now, can we?
> The start of the repo is in 2013, well before the current Red Scare.
"Well before"? The public part of the current Red Scare started over the annexion of Crimea in March 2014 (and the preceding turmoil in all of the Ukraine). 2013 is precisely the point where I would expect an intelligence agency to start anticipating it.
OK, fair enough. I guess I think of the current Russia related hysteria as primarily about Trump and Clinton, so starting around 2 years ago. But fair point that it goes back further.
I hope people here are paying attention to the tactics being used to discredit wikileaks, even here. Its about numbers. Yeah most of us know you can't prove a negative, etc, but its about subtle influence of bias over time on the $% that are still blinded by their unsupported belief in the Russian narrative.
Because context is everything. It is easy to lead someone to draw the wrong conclusion by only providing part of the picture, when the context would lead one to a very different set of conclusions.
not only has there not been a documented falsehood that WL propagated, but there has not been an example of something leaked to them that was subsequently withheld due to an agenda.
Unless you have evidence of either of these two things happening, you will not change my opinion that they are a force for openness in a very opaque political scene.
The fact that they release more that is anti-whatever says more about who is leaking than it does about WL.
In general, I think most people would agree with a blanket statement like that. But we don't actually know that wikileaks is providing context at all, because you don't know what isn't released. For example, sure, they've got 30k emails pilfered from Clinton. That paints a terribly unappealing picture of the Clinton campaign. But what about emails taken from a GOP-controlled server? What kind of context would those provide? Do they exist? What would they tell us about the other side of that question if they do? And crucially, what would it tell us about Wikileaks themselves if we knew they existed and weren't released?
Because that last scenario is the one I find extraordinarily likely.
Even if the scenario you describe is true (and there is no proof of that so this is purely a thought excersise), would you rather the Clinton emails weren’t released at all? Was there nothing to gain by learning that Clinton and the DNC worked against Sanders? That they had direct access to a very supportive media? At least we know that now.
There's not a good answer for that. Given hindsight and the knowledge that releasing them contributed directly to the election of Trump, yes, I'd say that I'd rather that they had not been released. If the opposing candidate had been a sane Republican the calculus might be a little different.
However, I think its self-deception of the highest order if you think either Wikileaks or the supplier of the Clinton emails is not also sitting on a great deal of incriminating evidence from the Trump campaign and/or the RNC.
My values are consistent regardless of who is involved. More information is always better. I also don’t think it’s worth speculating on what information WL may have. That they exist at all is a huge service, that they’re not releasing the kind of information you imagine exists (and happens to help your political goals) doesn’t make the info they do release any less valuable.
There is no evidence that WikiLeaks has anything to do with Russia. None whatsoever. Whenever I've asked people why they think this, they give two reasons:
1 - WikiLeaks hasn't published leaks about the Russian government.
2 - Assange did some TV interviews on RT years ago.
These are both laughable. Assange himself gave the obvious explanation for (1) - they haven't done that because they didn't receive any. And it's equally obvious why not: WikiLeaks arose to handle leaks of material that the western press were refusing to publish for unsatisfying reasons, like the Iraq war stuff. But the western press would salivate at the opportunity to publish damaging leaks about the Russian government, assuming the original holder wanted the info to appear in the west and not in, say, Russian. So why would anyone with such material care about Wikileaks? There is no reason for them to do so.
Regardless, attempting to divine intent from things that have not happened is hardly a good standard of evidence to use when making serious accusations.
As for the TV interviews, well, RT is a large scale news channel that has interviewed tons of different people over the years. Appearing on a TV channel is hardly evidence of working for the related national government. Otherwise everyone who appears on the BBC works for the British government, anyone who appears on Al Jazeera is in the pocket of Qatar and so on.
I don't see Assange attacking any sources in that Q&A. He does criticise (not attack) the way some journalists handled it, saying they put their own spin on things and that there should have been a bulk release. Otherwise, he argues, the impact would be low. That seems like a reasonable opinion to hold.
2. I looked at their IP addresses. They appear to have three datacenters, at least being advertised to me, one in Russia, one in the Netherlands and one in Norway. From a political perspective having servers in a place unfriendly to America, given how many of their leaks are about the US establishment, seems pretty sensible to me. But saying they are "hosted out of Russia" is extremely misleading, a lie of omission.
3. How are they "actively taking sides in political battles"? They leak what they get. If they didn't, leakers would go elsewhere to get their info out, it's not like Wikileaks has a monopoly on leaking. This is just slander and smearing.
You can search by text, attachment filename or email ID. How is that not bulk released?
Do you know that they leak what they get?
It's common sense that they do. These leaks come in the form of digital files, not papers. People give material to WikiLeaks so it gets published. If they gave material to WikiLeaks and nothing happened they'd just find another way to leak the same material - like Snowden when he went to Greenwald and Poitras instead of Assange.
This is why the idea that WikiLeaks is somehow a part of the Russian government is so mind-bendingly stupid propaganda. How would they hold anything back? Not only is there no motive and no evidence with these allegations, there isn't even common sense!
Whay about the change of public keys, tampering with pre-release hashes that occured during a time where no-one could reach Assange for about a month? Coincidentally during one of the larger DDOS events of the past year?
I'm stacking the tinfoil pretty hard but ignoring the history/politics you gotta say the technical side behaved in a weird way.
Wikileaks is compromised. The source of the leaks is beside the point. Their communications on Twitter over the past year or so leave absolutely no doubt that they are willing to bend the truth to support the Russian agenda. Everything Wikileaks and Assange have written on Twitter has been pure unadulterated garbage since the days of the presidential primaries.
Ok I'll rephrase. Given the events of last year (the part with message hashes and public keys changing), what gives you faith in wikileaks and Assange?
Julian Assange continues to be a beacon of freedom, accountability and hope to those who believe in a future not run by the military industrial complex. Evidence enough for me.
No such thing as objective journalism exists, at least nowadays. Surely not in large media editorial lines... They are a crapfest of partisan lies. Reading the NYTimes become harder every day because my eyes keep rolling up in disbelief.
On WikiLeaks' web based repository browser, some files referencing Kaspersky can be found here: [1] (e.g. client.crt and kaspersky.conf). In the dump, the files are in the directory /client/ssl up to commit da81be4.
Shoot the messenger in the hope the message doesn't get out. Look at this story. Flagged. Apparently one yesterday too. Lots of people want the "all Russian people and companies are working together to ensure everything I disagree with happens" line to stick, but US intelligence agencies impersonating Russian firms undermines that angle. So it's gotta go.
Well, enough accounts with enough karma obviously don't want anything favorable about WikiLeaks on HN. But then, HN has no pretensions about impartiality. And I must admit that, overall, the system works quite well.
They attempt to discredit Panama Papers, a leak that uncovered vast volumes of corruption worldwide.
They try to tarnish it by associating with Soros conspiracy, which is near exclusively done by people supporting authoritarian regimes. A good marker on its own.
They present Russia as the target/victim of the Papers, despite them implicating a number of Western European politicians and Ukraine's president.
Unless one tries to be deliberately thick it's fairly clear which side they are on.
I consider myself a fairly reasonable person and it's not as clear as you make it sound without having your own bias influencing it. Saying only facists are against Soros is silly. Soros has inarguably had a massive influence on politics and there are many reasons to dislike the platforms he's supported.
I didn't say only fascists, I said authoritarian types. And I maintain people ambivalent or opposed to them are not prone to Soros conspiracy theories.
Make a thought experiment. Would you say you do not in any way support the policies and rhetoric of Orban, Putin, Trump, Assad, Chavez/Maduro? Without ifs, buts and what-about-Obamas.
OK, if "CIA impersonated Kaspersky" it is of course implied they stole the NSA tools to frame benign Russian government. NSA tools were revealed by Wikileaks in "Vault 7". This revelation comes as WL's "Vault 8".
Does that mean WL got Vault 7 from CIA and Vault 8 from Russian FSB?
The fake certificates aren't signed by a legit CA. It's not actually clear if they're in use or just examples; the code is a mess. The idea is clearly if someone is using packet sniffing tools to monitor their network, they see Kaspersky's name in the cert of an outbound connection and assume either:
1) It's their own AV installs grabbing updates or something similar
2) They've been hacked by teh evil ruskies
Interestingly these example certs aren't in the HEAD of the repository (WikiLeaks provide the entire git repo with history). To find the certs they were talking about I had to look at the first commit. At some point these files were removed. The start of the repo is in 2013, well before the current Red Scare.
It's unclear to me that this is the CIA impersonating Russia for political reasons, as might be assumed from the headline, vs just using Kaspersky and Thawte because these happen to be companies with many customers. However, Wikileaks does say the justification is simply to hide exfiltration. We already knew that western intelligence agencies like to frame their opponents and cause confusion around attribution, like the neat trick NSA/GCHQ use where they send data they want to a server controlled by someone they don't like/some random innocent, which ignores the traffic because it's not actually compromised. They then suck the data they want off the wire as it is transferred.
All that said it is depressing how well US propaganda works. Look at all the people in this thread saying, no no, it can't be true, it's from Wikileaks - even though the code and files themselves are available to download. The analysis they post isn't misleading either. It's pretty much describing what's found in the repo.
edit: lol, just as I was writing this the story is flagged. What a big surprise. We can't have anything interfering with the official narrative, now, can we?