Discussion is okay. Twitter and Reddit will allow you to post this link. Doxxing (which posting the denial of secrets link that is discussed could be construed as) is not okay. if you linked a pastebin containing all the info from equifax it would be taken down for example.
The Julian Assange "poison pill" link was posted on Twitter, and later the password to the archive was also posted. This provided FULL UNREDACTED versions of all the leaked info.
No, no password for any of the so called "insurance files" was ever released, as far as I know and can google. All I can find are recent (2019, 2020) articles talking about the files and how no password was ever revealed.
Relatedly, Assange described the files not as "dead man switches" to be unleashed in case of his arrest, extradition, killing as the media liked to portrait it, but instead said that the insurance files contained (unredacted) data that wikileaks intended/intents to release later anyway, in redacted form, and that the encrypted unredacted data was put online to be backups if wikileaks lost the data e.g. due to a raid. The remains of wikileaks activists could then recover the files from the torrents or other people who downloaded the torrents, and could decrypt them to get the data back (but wouldn't release the password into the wild).
Of course, that's what he/they said, and he/they might have lied. But so far we don't know, because no password has been released.
Somehow I got the password, but I never decrypted the archive. I remember reading about how it was leaked many years ago. Perhaps somebody has gone through and "cleaned" the archives so it's no longer visible...
>For example, the Northern California Regional Intelligence Center has 29,114 accounts, and each one includes a full name; rank; police department or agency; email address; home address, ...
So that means that anyone with access to the system can get the home addresses of all their co-workers that also have accounts on the system? Why would all this personal information be associated with an account of this type? This isn't an HR database.
> can get the home addresses of all their co-workers
When mammoths roamed the earth, there was this "phone book" thing listing the full name and address of anyone with a phone line in the city, except for unlisted numbers (those could be had by request).
Honestly that's the most interesting part (at least until people sift through the data more) of this story. Why the heck are they storing sensitive data on what appears to be a CMS for e-commerce site?
Home addresses aren't considered sensitive information. If you own your home that information is public. Cops read people's addresses (and SSNs) out over the radio all the time for anyone to hear.
I'm not saying I agree with this, privacy should be protected better, but that's the US.
> Home addresses aren't considered sensitive information.
I wonder what will happen once the first protesters line up at cop houses or pranksters bombard them with spam and fake pizza orders. Not that I'd condone wasting pizza, but in many cases change only happens when the people in power have problems.
Home addresses are "Public PII" under 2 CFR § 200.79 - Personally Identifiable Information (PII), as opposed to "Protected PII." A lot of places don't make the distinction. (We do a semi-annual PII Audit and don't make the distinction.)
Someone had a talk at the DEFCON blue team village about police software and how trivial it was to find something. I think it was like database creds in a DLL and apostrophes in fields causing errors (likely SQLi). I can't remember if it was something they ran in the patrol vehicles or at precincts.
Linecon was terrible in this last convention(my first). Missed out on so many things I wanted to see because Linecon just got out of hand. I guess it is to be expected. :/
CCC being a conference of just ~10k allowed event goers to experience much more.
I'm not sure the CIA counts if this was used as a whataboutism argument by someone. Cyberwarfare is in legit contention as a space for state actors to work against each other. The police hack seemed like a hacktivist thinking doxxing cops was the way to support BLM when it could very easily ruin people's lives without a fair audit/trial.
Why shouldn't it? Putting on a uniform assumes responsibility for the positions and actions of the represented organization - here the various police forces and unions of the United States.
Police officers aren't being judged or punished for the color of their skin, creed, religion, or sexuality but their choices. I find it hard to stomach the idea that people shouldn't be judged for the organizations they choose to represent.
>No, many police officers are now being punished for being police officers.
That's a feature, not a bug; police officers are being punished because of the actions of police officers. Actions they choose to take responsibility for everyday they put on their uniform and step behind the blue line.
Some of the logic is that bad police behavior is widespread enough that every "good" cop works closely enough with at least one "bad" cop, and yet via observation of outcomes, does not correct that bad cop's behavior (or doesn't correct it enough). They're thus complicit AKA bad cops themselves, and thus there are _no_ good police - everyone is sufficiently tainted.
The Godwin's Law version of this logic at work elsewhere is the German saying "if there’s a Nazi at the table and 10 other people sitting there talking to him, you got a table with 11 Nazis."
The folk wisdom encoding "a few bad apples spoil the bunch". Doesn't matter if they were good apples going in, they're all bad apples now: the bunch is spoiled.
(Not expressing an opinion on the correctness of this thinking, just explaining what I know of it)
Another way to look at this... not every natzi personally committed crimes. I would suspect that far less than 50% personally murdered anyone. But they were part of an organization that murdered millions, and did nothing to stop it. That makes them complicit.
There are 700000 cops in America. I can name maybe 200. I've personally worked with maybe 50. I investigated 1, and could find no evidence of crime, though he realistically was likely committing some.
Out of 700000 cops I guarantee some are the scum of the earth who should be locked away forever. I don't know where they are. I can't effect that
It's like getting mad at the manager or an applebee's in Chicago because the waiter spit in your food at an olive garden in Seattle.
What was your process for investigation? Given that process, what crimes, if any, would you have found in the cases of, say, George Floyd or Breona Taylor?
When a teacher is shown to be abusing minors, other teachers and the union doesn't drop everything to defend them, prevent investigation, and lobby for them to get a teaching job a few districts over.
A police officer can arrest you for something they think is illegal but isn't. In the US, they don't need a functioning knowledge of the law to cruise the streets armed to the teeth. They appear to be able to harass, attack, and even kill people in broad daylight without a judge and jury present let alone face punishment for it.
So yeah, the police as a whole are being punished. We can break that down to a push during the war on drugs to lock out public services like mental health care or support for vulnerable youths and families in favor of increased police budgets and using officers as a catch all. We can examine how an all or nothing union may have corrupt incentives for defending members. We can reject the whole 'Blue Line' thought process and recognize that police are still citizens (though even off duty they may get a pass) and not isolated from the rest of us (though they may attend training that explicitly state otherwise).
Police still see a hugely higher rate of domestic violence yet continue to defend their own. Police appear to be working with extremist groups (white supremacists, not the nonexistent national entity of Antifa). Police in the Us have been infiltrated by white supremacists to the point that often the FBI refuses to work with local police.
As a white guy, police have always been mostly fair to or avoided interacting with me. I've seen the opposite for friends and others in my city. Some cops are assholes. If other cops defend the assholes, they are too. It doesn't matter how important their job is to society as that is even less of an excuse for defending problems.
I don't think this logic is beneficial for humanity. If you take the worst parts of any organization or group and generalize it across the entire group, you end up with stereotypes, bias, and discrimination...the very things that led us down this path in the first place. There are better ways to approach this.
When the group in question does everything in its power to resist change and prevent charges and repercussions for the issue officers, it may be broken.
An issue teacher is jailed and ostracized by the entire industry. Why not for cops?
Root Cause Analysis, and comparisons. There was a thread a few weeks ago about how the military doesn't have culture of the "blue-wall" but rather actively roots out bad-actors. The thesis was that this was due to to trust in the institution itself and that this was a relative difference to police in a variety of structural ways. Looking at police departments and cultures in other countries is also instructive, but we need to get the reason's why.
What if there was personal address doxxing of all software engineers claiming we're creepy hackers? Would such be justified because a number of us have had some small degree of indirect or direct contribution toward mass privacy violations?
> If x% of software engineering work is making child porn websites
The issue prompting ACAB (as I understand it) isn't so much "how many cops are bigots" (personal racism) as "how much of the work cops do is racist" (structural & systemic racism).
There's still a degree that as part of a social group with someone, I'm complicit in who they are a person - the German "ten people and a nazi" saying.
"Should" is a funny word. Seems to be used mostly when one's ideas about how reality "should" work come up against how reality "does" work; from orbital procession to the photoelectric effect.
"Should" is an opportunity many don't take to go "huh, that's funny" and learn something about reality.
"Group behavior should not affect individuals in this way" according to what principles and theories? It does - so, which of those principles and theories are wrong or incomplete? What other forces are at work? Are any of these factors the sort that can be effected by human civilization design, or do they arise from things we can't meaningfully effect? If they're designed, what're the Chesterton's Fences around them?
True tho innit? "These code changes _should_ result in these functionality changes, _if_ I have reasoned and programmed correctly, and haven't missed anything."
If you think this is controversial today, the southern police evolved from slave catchers. If you think that cultural history is irrelevant today, I have a confederate flag to sell you. (Not really, I don't actually collect flags from white slavocracies.)
If you had an actual, authentic Confederate battle flag to sell me, at a price I could afford, I would buy it. There are only a few in existence, and it would be an amazing historical artifact I'd love to help preserve.
TFA says this could compromise user's password. I worked for a City and handled the police dept. You could go far by just using username as password...
System/network security. I guarantee physical security would get someone's attention at a police department. The police in my family are paranoid and have even broken lesser laws to increase their own physical security.
I suspect this mismatch is because police (like average consumers) don't know the impact of a network security breach. It's a failure of imagination. Hopefully BlueLeaks helps to change this.
Does it seem a little disjointed between the article's content (exposing overuse and misuse of Fusion centers via a hack) and the headline/inline focus of "700,000 Law Enforcement Officers Exposed"?
Almost like they were allowed to run the article but editor didn't like the angle or something.
"After the BlueLeaks data was published, Twitter has permanently suspended the DDoSecrets Twitter account, citing a policy against distributing hacked material. Twitter has also taken the unprecedented step of blocking all links to ddosecrets.com, falsely claiming, to users who click that the website may be malicious."
Funny that Twitter had no problem with the Wikileaks dump from Bradley/Chelsea Manning.
Oh please, of the hundreds of thousands of police officers who've done far more for the good of their society than you have, you're saying 100% of them deserve to be doxxed. That would be like saying "because x% of software engineers are pedophiles with child porn that they share around with others on their secret servers, all 100% of them are disgusting and deserve the mercy of the mob because they can't seem to fix the problem."
> Oh please, of the hundreds of thousands of police officers who've done far more for the good of their society than you have, you're saying 100% of them deserve to be doxxed.
If you are getting paid by tax dollars then your personal data is a matter of public record. It is vital for prevention of corruption for the public to know where the tax dollars actually go.
If you get direct mailers or telemarketing phone calls, your address and phone number are not private.
California already has laws that require some transparency of who works for the government (I'm not exactly sure which data points), but allows a few classes of workers (eg. police, judges) to opt out for security reasons. For anyone who gets a phone, you have to pay to opt out of your contact info being publicly sold.
Modern society doesn't make it easy to avoid leaving a trail of contact info with lots of different vendors. This is exactly the same reason BlueLeaks was possible -- a fusion center vendor collected too much info and didn't bother to sufficiently secure it.
Could this be a problem? Yes, naturally. But the good of preventing government corruption outweighs the bad in this case. There are existing laws against harassment that provide recourse.
I would argue we are already way too far down the road of "redundant statutes".
According to the book "3 Felonies a Day", there are well over 300,000 crimes in US jurisdictions, which is far beyond what any person could read, know, understand, and internalize. At this point, if you're not a convicted felon, it's simply because the government isn't efficient at prosecuting, not because you haven't broken a law.
There should be periodic de duplication of laws. And also removal of laws are are now archaic —like being able to sue a spouse for abandonment or laws that impinge on civil liberties but aren’t enforced.
For every new law they should remove one or two that are redundant or archaic.
Theft is illegal but then they have other provisions to make sure it really is illegal. Once is enough.
I agree. There needs to be more maintenance effort to reduce the "technical debt" of accumulated laws.
Sadly I think it's not done because there is no incentive. Voters don't vote out incumbents who add too many news statutes or who don't remove outdated/irrelevant/unconstitutional ones. I think it's a lot like refactoring code without the ability to write unit tests or know if the change had any secondary side effects for years or decades after.
Real Name -> Address is already public information, due to the combination of real estate deeds, campaign finance reports, etc.
Real Name -> Phone number is nearly public information, being easily looked up in commercial surveillance databases. I've gotten phone calls from businesses on a associated numbers that I don't even consider mine due to this.
Framing a list of public servants as "doxing" is just a thinly-veiled power play to prevent accountability over the rest of the contents.
My company does work for local, state, and federal governments but 90% of our work is private. Should my details be public information? I work on projects paid for with government money.
Doubtful that second order payments would be worth tracking. If a judge tips a waitress $5 from his wallet, the waitress is getting paid with private funds, not tax dollars. If a judge tips a waitress with the county court house credit card, that might be something worth tracking, esp if the tip was $5000.
> Doubtful that second order payments would be worth tracking.
Oh sweet summer child. First order corruption happens in banana republics. The vast majority of corruption in OECD countries happens one or two orders out (or has been legalized like lobbying in the USA).
It's an interesting position to take. If you can discussion of all leaked data dumps do you draw the line when it is about state actors?
Can you discuss Equifax hack, that is about personal information as well, but was done by state actors?