Hacker News new | comments | show | ask | jobs | submit login
Snowden Documents Reveal Surveillance and Pressure Tactics Aimed at WikiLeaks (firstlook.org)
273 points by ibsathish 1393 days ago | hide | past | web | favorite | 81 comments



> One classified document shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google.

This is real-time surveillance of website visitors & search terms to websites that governments don't like. I'm guessing it wouldn't take much for them to correlate those visitors to IP addresses, cookies, device IDs and cell tower signals to pinpoint people in real time too?

Knock knock

Who is it?

It's the police. We know you're browsing Wikileaks right now.

Edit: Looks like GCHQ's "ANTICRISIS GIRL" [0], the tool used to monitor Wikileaks visitors in real time, was based on Piwik [1]

[0] https://prod01-cdn01.cdn.firstlook.org/wp-uploads/2014/02/pi...

[1] http://piwik.org/


Ok. The GCHQ affair is making me go crazy, since as soon as i read

>ANTICRISIS GIRL

my brain came to a screeching halt, because I GET THE REFERENCE!

I am possibly the only person on HN go get it, because it is unlikely that anybody else here is a fanatic adherent of the Eurovision Song Contest.

The 2009 entry of Ukraine by Svetlana Loboda is called "Be My Valentine! (Anti-crisis Girl)" and here is a link[1].

WARNING: While not strictly NSFW, that video has a half-naked woman yelling "you are sexy bum", background dancers that can only be described as sex-legionaries and a catchy tune. She starts repeatedly screaming "anti-crisis girl" at about 2:30.

Now back to meaningful discussion about total global surveillance.

[1] http://www.youtube.com/watch?v=iA-HL-EfUbI


Your observation is spot on. The people doing the work for GCHQ and the NSA are just like us. They are geeks and technologists. They are probably members of hacker news.

This is the most believable part of the fantastic film Enemy of the State - the geeks in the van doing the work.


>The people doing the work for GCHQ and the NSA are just like us.

That's the scariest part: it's the banality of evil, updated for the XXI century. Would you turn down a safe and well-paid government job? Would you be a contractor building the Death Star?

(for the record, this is not a new question: http://www.youtube.com/watch?feature=player_detailpage&v=iQd... )


You could always take the job and then build a tiny vulnerability into the exhaust ports. It'd be incredibly difficult for anybody to take advantage of such a vulnerability, so you'd probably get away with it.


Alternatively, you perform the task faithfully and are unfairly blamed when said feature is exploited by a family cabal :

http://www.dorkly.com/article/59234/an-open-letter-from-a-de...


I turn them down in the sense that I have ruled out ever applying for those jobs. I've had enough angst when I thought my guild leadership in WoW was making unfair decisions, there is no way I could live with myself if I worked for one of these agencies.


The Death Star job would be almost impossible to turn down; space, lasers and stuff... but nope, working conditions suck, especially the boss who's a SERIOUS asshole.


A boss that kills of incompetent middle management and leaves the rank and file alone would be an improvement to some places I've worked. ;-)

Demolishing entire planets... not so much an improvement.


Lord Vader simply has high standards.


>The people doing the work for GCHQ and the NSA are just like us. They are geeks and technologists.

Of course they are. What else would they be? And some might even frequent HN -- including certain apologists.

That doesn't make what they do any less disturbing or any less tied to interests against the general population and freedom.

So, the "Banality of Evil" reference below is spot on.


Good catch. I feel slightly uncomfortable when individuals engage in too much superhero / I'm the One fantasy. Just a wee bit too much adrenaline and dopamine sometimes.

I sincerely hope GCHQ don't have superhero costume parties. Even if they think they're something like The Justice League.


It's "funny" how our western system hypocritically decries censorship in China, North Korea et al. when we do the exact same thing, just in a little bit more hidden/less detectable way.


Comparing the UK to North Korea is fucking ridiculous.

http://m.bbc.co.uk/news/world-26223040

http://m.bbc.co.uk/news/world-asia-26223180


Parent comment wasn't comparing UK to NK. Just pointing out that my Prime Minister has spoken in a luke warm sort of way about human rights in China and in a slightly more vigourous way about human rights in NK while knowing all the time that GCHQ were carrying out very detailed observation of oppositional Web sites. My perception was that the parent post was more about the hypocrisy of our political leaders than the UK being a totalitarian country.

I agree that any suggestion that the UK is similar to NK is absurd. However, George Orwell did once point out that a revolution and the subsequent imposition of terror in the UK would actually be very easy to do within our legal system...


He is talking solely about how the governments treat internet users, so your comment makes as little sense as me mentioning that the British empire killed far more innocent people than NK ever did.


Most NK residents don't have any access. The ones that do have very heavily filtered Internet access. North Koreans who watch a prohibited tv show are executed or repeatedly raped while in prison or starved while in prison.

Comparin the treatment of North Korean Internet users to the treatment of UK Internet users is obscene.

It dilutes the actual point: UK government should not monitor the activities of its citizens without judicial oversight and very narrow reasons. That is an abuse of human rights and it is justifiably something to get angry about. But comparing "monitoring what people send to a website that distributes state secrets" with "forcing a woman to drown her new born baby in a bucket because she read the wrong book" is sub-optimal.


Not if you make the comparison repeatedly over time and graph the results.


Well spotted. To be honest, I'd be pissed off if I found out GCHQ had repurposed my project for this sort of thing.

Not really possible to fix this situation either as "do no evil" license clauses are pointless.


If it was GPL you might be able to argue that they violated the derivatives clause. I doubt it would help since this is top secret intel work and I'm sure they have legal loop holes that essentially allow them to ignore things as trivial as copyright when it suits them.



s/GPL/AGPL/

Which raises the question of whether or not a program that passively wiretaps you falls under the provision of network services clause in that :)


Seeing as they talk about the pirate bay as an example of a target I would suspect they care A LOT about copyright issues and would do anything in their power to distribute their source code for the greater good.


This blanket surveillance reminds me of this interview with Pete Seeger:

RetroBites: Pete Seeger - Black List

https://www.youtube.com/watch?v=Y0_IME9WsHQ


A less paranoid interpretation is to recognise that governments think that releasing secret documents poses a risk to the security of the country and so the government security agencies will want to know who is providing information to, not consuming information from, Wikileaks.

This doesn't make it acceptable.


Why do they target Assange then?


So that he will tell them who is providing the source material...


I'm sure this rationale could be used to justify targeting the Pirate Bay, too. And dropbox/file sharing services. And webmail services. Google docs and similar services. Blogs. (...)


So I AM on a list! I feel so warm and fuzzy inside all of a sudden :)


I wonder what Merkel and Hollande's new "European Internet" will do to stop GCHQ from tapping the cables like they do now and then just hand over the info to US.


I'm not sure, but the fact that they want to 'do something' indicates a reaction to the status quo.

In the UK, we have a sort of passive acceptance of high levels of surveillance of the home population going back to the Northern Ireland Emergency starting 1968. It will need a lot to move the politicians away from that.


A suspicious man might notice a recent correlating resurgence in IRA bomb threats being bandied all over the news.


Their problem is that they want to tap the cables too.


How infiltrated is reddit. I'll wager on a scale from zero to one: 1.


How infiltrated is HackerNews? I'll wager on a scale from zero to one: 1.


>Illustrating how far afield the NSA deviates from its self-proclaimed focus on terrorism and national security, the documents reveal that the agency considered using its sweeping surveillance system against Pirate Bay, which has been accused of facilitating copyright violations. The agency also approved surveillance of the foreign “branches” of hacktivist groups, mentioning Anonymous by name.

Good to know that the NSA is on top of that Pirate Bay threat! I was worried for a little bit. Good thing they're keeping tabs on script kiddies too. And of course WikiLeaks; that's just information terrorism. Better go ahead and classify them all as malicious foreign actors:

>any communication with a group designated as a “malicious foreign actor,” such as WikiLeaks and Anonymous, would be considered fair game for surveillance.

>When NSA officials are asked in the document if WikiLeaks or Pirate Bay could be designated as “malicious foreign actors,” the reply is inconclusive: “Let us get back to you.” There is no indication of whether either group was ever designated or targeted in such a way.

Knowing Greenwald, I've got a suspicion that he already knows the answer to that question. Gonna go grab some popcorn. Y'all want anything from the concession stand?

EDIT:

Notice of course that it doesn't really matter if the NSA classifies any of them as malicious foreign actors or not. They can always count on the GCHQ to scrape up US citizens' data for them:

https://prod01-cdn01.cdn.firstlook.org/wp-uploads/2014/02/pi...

That blue spot on the "Visitor Countries" map looks familiar...


> Good to know that the NSA is on top of that Pirate Bay threat!

As I've mentioned in another comment already, this reminds me of Pete Seeger's comments on the (anti-communist) Black List:

https://www.youtube.com/watch?v=Y0_IME9WsHQ


I wish they'd release the investigation into TPB. I'm affiliated with a popular search engine site... I want to find out how paranoid I should be >_<

I wouldn't be suprised if the owners of TPB were still the original founders in addition to other people.


Now we know what we've speculated darkly about all long: the NSA and GCHQ actively track users who visit sites they don't like.

Presumably your visit to The Intercept and First Look are similarly tracked and correlated with your other online and offline activity.

I for one will visit this site and open every linked document from each IP I have access to. These tactics of mass surveillance and intimidation must be resisted.


Launch a bunch of t1.micros or tiny dockers or something and have them constantly curl or wget all the links. Setup a spot request with an autoscale script which will constant request spot instances from the cheapest zone where they are spawned and curl/wget to dev null then die and get a new spot spawn.


Or, you know, lease a VPN connection. https://www.privateinternetaccess.com/


I wonder how many of those are either run by spy agencies, or are infiltrated by spy agencies?


They don't even need to run fake VPNs anymore, just go to the host of vpn host, get all the metadata you want http://www.wipeyourdata.com/other-data-erasing/no-logs-earth...


Well, if they already have most of that data (ip/connection metadata from backbone isps) -- and the provider/target site is small enough that traffic analysis is enough to defeat the vpn -- all bets are off anyway. This is a basic problem with VPNs -- you need to assume all data going in and out is logged -- if you're the only one visiting omghowcanimakebombsforeal.com at any given hundreds of a second -- then you're pretty much done for.


A US-based VPN provider? I hope you're being sarcastic.


I don't know about you guys, but these two quotes together with the events in the life of Assange seems to paint some picture.

According to the Post, officials “realized that they have what they described as a ‘New York Times problem’” – namely, that any theory used to bring charges against Assange would also result in criminal liability for the Times, The Guardian, and other papers which also published secret documents provided to WikiLeaks.

USA [...] urged other nations with forces in Afghanistan [...] to consider filing criminal charges against J.A. [...] focus the legal elements of national power upon non-state actor Assange, and the human network that supports Wikileaks (from https://prod01-cdn02.cdn.firstlook.org/wp-uploads/2014/02/as...)

Not that this came as a surprise for people who read things outside NYT.



I am not surprised one bit.

Not directly related to the article, but more to the issue at large: One thing many people fail to realize is that humans can be terribly, terribly corrupt. There are those among us who, without a drop of guilt or compassion, would take the life of another. Given the means, we are capable of carrying out some heinous acts. Many believe that there is some moral or ethical boundary that these spy agencies will not cross. That given all the information that's been leaked, all the lies that've been exposed, there is still an area of corrupt behavior that is off-limits.

I have no doubt in my mind that there are those within these agencies that have abused their access to information for political, financial, and personal benefit, eg insider trading, selling damaging information to political candidates, suppressing journalists, etc. I'm not sure if it'll ever be brought to the public light, but I'm certain it's happened and is happening. The stuff that we read about is peanuts.


>I am not surprised one bit.

I think this is something that Hollywood movies such as Enemy of the State promotes. So that when it does come out non of us are surprised it really exists. We should just make sure that our lack of surprise doesn't turn into disinterest and apathy.


The proportion of sociopaths is usually estimated to be at least around 1%, so that's almost 70 million potential guilt-free killers out there, 3 million of them American.


I find it really interesting that a huge number of GCHQ internal training documents, giving away an awful lot about their operations and systems, was available on demand with no logging to poorly vetted contractors at US sites. They don't even know what he took. Contractors like Booz Allen Hamilton are a huge, soft target with a constantly changing roster of workers.

That lack of any significant firewall between the allies, combined with a huge army of contractors in the US with top secret access, means China/Russia etc have probably had access to this information for years, if not decades, and could feed CGHQ and the NSA misinformation at will, because they'll know exactly what their capabilities and aspirations are.


An ex director of GCHQ has said how disappointed he was at the poor control of information the NSA had.

The way he said it made it sound like things were going to change.


These findings illustrate the difference between surveillance and a surveillance state. The GCHG and by relation the NSA had plenty of information about who visited or donated to Wikileaks, but did not act on any of that information [1]. These documents could easily be construed as a vote of confidence for the agencies in question. People love to throw around the phrase "Orwellian" these days, but his seminal work does not appear to be relevant here. We all know that the government could be surveilling us at any time. We should all be afraid of it taking widespread action based upon that information. This day has not come yet.

The government can listen to what you say and watch what you do all they want. The moment they move from surveilling to censoring, from watching to interfering, the average citizen will come down on them with righteous fury. No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people. It's a testament to the strength of our ideals that government agents can tap your phone and hear you say how much you hate them, and yet still not lift a finger against you [1].

Keeping an eye on quasi-legal websites and organizations is the government's job. Using force to harm them is a line that we cannot allow them to cross. There are many, many more documents that have yet to come to light and I'm sure that this community will be the first to point out any serious abuses of power.

[1] "That we know of"


Assuming that the government reaction would be to beat down your door is naive. The government knows, as you do, that down that path lies insurrection. Beating down doors and imprisoning dissidents is a crude tool.

There are other tools for influencing individuals and controlling society, much more targeted, silent and insidious.


I'd love to see some brain-storming on what those techniques might be; together with civil-society countermeasures.


There's the MLK method: spy on a meddlesome soul, discover his infidelity, tell him to commit suicide or you'll tell his wife:

http://studentactivism.net/2012/01/15/the-fbis-attempt-to-bl...

http://news.firedoglake.com/2013/01/21/the-fbi-wrote-a-lette...

http://www.lettersofnote.com/2012/01/king-like-all-frauds-yo...

Or just general COINTELPRO: http://vault.fbi.gov/cointel-pro

(Yes, that's the FBI's own archives, happy reading.)


See: Parallel construction


That's complete naive.

Fascism is not one big step. It is a step at a time.

Kill foreign people using drones.

Even assassinate people of your own country.

Huge graph databases storing everything about your life forever.

Military equipment for police.

Life sentences for minor crimes.

Torture.

High security prisons outside the usual law system.

Getting no government job because you read Wikileaks.

Access to only censored information for government workers.

Journalists are manipulated to report about war in positive ways.

Piece by piece. Each step brings you nearer a form of fascism.

Mass surveillance is just another tool.


The words of someone who has no appreciation (and likely no knowledge) of what COINTELPRO were, or the FBI's hounding of Martin Luther King:

http://vault.fbi.gov/cointel-pro

http://www.pbs.org/now/politics/cointelpro.html

MLK:

http://www.lettersofnote.com/2012/01/king-like-all-frauds-yo...

http://news.firedoglake.com/2013/01/21/the-fbi-wrote-a-lette...

There's far more than beating down doors.


To some extent I agree... but this seems wrong:

It's a testament to the strength of our ideals that government agents can tap your phone and hear you say how much you hate them, and yet still not lift a finger against you

Parallel Construction is widely abused (or so it has been reported). So while it may not be about, 'government haters', and they may not be publicly abusing the information collected from wiretapping, it is being abused none the less.


>No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people.

Actually they do it all the time. In the EU country I'm from it's a regular occurence -- using surveillance like this to arrest and harass people the government don't like, and it has only been getting worse in the past years.

In what parallel universe do people live, who think that the government does not do such things? Perhaps they are not kept current on stuff that's not on the 9 o clock news, but either appears on the middle pages in newspapers or only registers in smaller circles.


Can you list any cases of people arrested for viewing websites the government doesn't like?


So, as he put it "No one is coming to your door or telling you what lawful websites you can and can't look at or what you can say to people".

Well, the key word here is "lawful".

We have for example cases where people were arrested and tried for merely linking to another website (e.g a news aggregator operator was arrested for the content of a linked news article).

We also have made up charges for people viewing "child pornography". For example one well known activist had such charges made up against him by the police for revenge, AFTER he had testified and provided evidence of police involvment in sexual trafficking.

There are also cases of people arrested for having a blog with religious satire.

We have cases where a advisor to the PM threatens people contributing donations to a certain news site.

Or the same advisor giving the real name of an anonymous (critical to the government) blogger on Twitter.

We had a case (recently) of a politician suing (and getting injunction measures) against a Wikipedia editor, for mentioning a well known fact about him (already published in numerous newspapers and books).

And numerous other, even more crazy situations...


> We all know that the government could be surveilling us at any time. We should all be afraid of it taking widespread action based upon that information.

Now thats positively orwellian. I recommend you read the book first.


They don't need to come to your door... It's enough to charge you with phony charges and lock you up in an embassy!


Who are you, Jim Hacker[1]? We are to believe that the government is spending millions on collecting information that they are then not going to use? That sounds completely wasteful of tax money.

We also already know that the US do use the information they collect. It is called "background check" and is performed in airports and government job applications. They might not be so open about it that they go and break down peoples door, but is secret files hidden in bunkers better?

1: Yes, Minister, episode 4, first 5 minutes.


"The moment they move from surveilling to censoring, from watching to interfering, the average citizen will come down on them with righteous fury"

And nothing of consequence will happen. ..You don't build tools so as to never use them.


"discovering that an American has been selected for surveillance must be mentioned in a quarterly report, “but it’s nothing to worry about.”"

This is so bad. Just when you think it can't get any worse.

The worst part is that more leaks with probably even more depressing revalations are on the way.


Who gave the order to monitor Wikileaks and its visitors? What I'd like to see at the very least is that these agencies get reformed to the point where if we do find out about an abuse of theirs, we can put pressure on the so called "oversight committees" who clearly aren't doing their jobs, to uncover exactly who monitored Wikileaks and who gave the order to do it. And then fire them.

Right now even if there was such a pressure on them, there's probably no way to link to who did it, because NSA and GCHQ seem to be run in a very chaotic way and that's on purpose, so there are no ties for specific operations to anyone.


I guess that bitcoin donation to wikileaks I sent a few years back means I should probably dump my computer's bios and ssd firmware physically out of flash with a logic analyzer and compare it with others of the same model.

Fuck.


I know this guy, let's call him hypothetical Fritz, who was seen talking in public to a WL spokesperson after an event a few years back. I don't know if he should be worried, but from listening to him when he talks of it, I know that he is.


Ah, page 19 (18 for context) of this presentation is kind of interesting:

https://firstlook.org/theintercept/document/2014/02/18/psych...

Firefox: browser of choice for neurotic introverts!

(I use Firefox:)

Actually that whole slide deck is interesting. Watch how "Squeaky Dolphin" help us go from "real-time" monitoring of likes on facebook and youtube/blogger views to splunk powered(?)[1] "Battle Damage Assessment Demonstrator - City Activity"...

[1] Slide 26-32. Splunk is namedropped, wonder if NSA are big customers of http://www.splunk.com ? I guess all PR is good PR...


Related:

The Press Freedom Index by Reporters Without Borders has the U.S. ranked #46 in their 2004 report [0] - just above Haiti and just below Romania.

[0] http://rsf.org/index2014/en-index2014.php


On The Media last week had a great piece on why this index is pretty bunk http://www.onthemedia.org/story/press-freedom-not-decline/

OTM is a pretty great podcast, by the way. Covers lots of stuff about the Snowden leaks with a very level head.


Click through to the actual WaPo article. It isn't exactly a huge endorsement of US press freedom.

The article has a graph showing US press freedom bouncing between sort of OK down to "less than Lithuania" levels over a period of decades. In other words, mediocre levels of press freedom happen regularly in the US. That does not actually contradict the notion that, currently, it sucks.


Are we surprised by this?

What Snowden taught us, the lesson we all have now, is that those with that level of internet/computer skills are not citizens of a single country but RATHER citizens of the Internet and its our actions that determine the future of the internet and its freedom.


That screenshot of how they tracked WikiLeaks visitors... isn't that Piwik?

Edit: Oh never mind, should have kept on reading.


And the Wiki software they're running is MediaWiki. Viva la Open Source!


Piwik works in the same way as Google Analytics and uses an injected JavaScript to report the stats back to the server. If they didn't modify Piwik a lot it means that the script should be visible and the address of the server too.

Just tested, not seeing any suspicious JavaScript tags from inside the UK.


Javascript is only needed for more detailed information about their browser. The analytics appear to collect only header information and the ip address suggesting that they don't require Javascript to be injected.


The interesting thing is this is getting massive headlines here, but when the IRS targets conservative groups, there's barely a peep.

I'd say government overreach is starting to get to a fever pitch. People have good reason to fear their government and that's pretty scary.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: