Monday, December 13, 2010

Wikileaks rebels plot alternative

<!-- pullout-items--> <!-- Embedding the audio player --> <!-- This is the embedded player component -->
<!-- embedding script -->
<!-- end of the embedded player component --> <!-- Player embedded --> <!-- pullout-body--> <!-- pullout-links-->

Wikileaks' former second-in-command is gearing up to launch an alternative to the high-profile website.

Daniel Domscheit-Berg, who left the site after disagreements with its founder, plans to launch Openleaks in the coming months.

The technology, which can be embedded in any organisation's sites, will allow whistle-blowers to anonymously leak data to publishers of their choice.

Its founders say it will address problems they had with Wikileaks.

"We felt that Wikileaks was developing in the wrong direction," Mr Domscheit-Berg told BBC News. "There's too much concentration of power in one organisation; too much responsibility; too many bottlenecks; too many resource constraints."

He said that the team did not want the responsibility of deciding what was or was not relevant and what would be good for the organisation as a whole to publish.

"This is the wrong question and should never be asked."

Network effect

Unlike Wikileaks, Openleaks will not publish or verify material; leaving that role to newspapers, "NGOs, labour unions and other interested entities".

"We are trying to build a community of various organisations that need or have use for anonymously submitted information," former Wikileaks member Herbert Snorrason told the BBC.

Mr Domscheit-Berg, said the decision to be a "conduit" rather than publisher was made because of the team's experience at Wikileaks.

"That was another constraint we saw - if your website becomes too popular then you need a lot of resources to process submissions," he said.

Instead, Mr Domscheit-Berg said the organisation would be a "technology provider", supplying anonymous online drop boxes for organisations.

"[Openleaks] aims to provide the technological means to organisations and other entities around the world to be able to accept anonymous submissions in the forms of documents or other information," said Mr Domscheit-Berg.

This would form a distributed network of submissions pages across the web, powered by Openleaks technology for keeping sources anonymous and documents secure.

Whistle-blowers would be able to submit documents to an organisation's site, which would then be available for them to use for an exclusive period, specified by the source.

"If after that time you choose not to publish the document yourself the document will be shared with the rest of the subscribers in the system," said Mr Domscheit-Berg.

"If you choose not to publish it, many other parties will receive the document - and we are pretty sure that one of them will publish it."

"Start Quote

We do not think that Openleaks will be in Wikileaks shadow"

End Quote Daniel Domscheit-Berg

In addition to the technology, he said, Openleaks will offer legal advice to organisations about dealing with and publishing sensitive material.

Initially, the team will work with a handful of small organisations, with the aim of growing the project slowly.

Over time, he said, the group hopes the network of participating organisations will become more "diverse, complex and dynamic", which will afford more protection when dealing with sensitive material.

"With each new entity you are adding more nodes to the network; you're adding more complexity to the network so everyone is protecting everyone else."

The result, he said, would be "technically and legally very powerful".

'Evolutionary step'

The project was born out of an idea for a "Wikileaks button" that was developed before Mr Domscheit-Berg left the organisation. All of the team behind the project have now left Wikileaks because of disagreements about how the site was run.

"One of the main issues we see with Wikileaks today is that it has become too much about the project," said Mr Domscheit-Berg, who said he still supports Wikileaks founder Julian Assange.

"It has become too much about self-promoting the project and self-promoting people involved with the project which is rather distracting from the content of the documents."

Mr Assange, in particular, has been criticised for his high-profile role; something he has said was necessary.

"I originally tried hard for the organisation to have no face, because I wanted egos to play no part in our activities," he recently told the Guardian newspaper.

"In the end, someone must be responsible to the public and only a leadership that is willing to be publicly courageous can genuinely suggest that sources take risks for the greater good."

One problem Openleaks may face is increased competition amongst a raft of established sites and new competitors - including Brusselsleaks - for documents from leakers. It may also need to establish its credibility, alongside the highly successful Wikileaks.

But Mr Domscheit-Berg does not think this will be a problem.

"I believe lots of people are aware of some of the issues that Wikileaks has right now and there is already some critical debate."

He said the site was already "drowning in contact requests" and that it would be targeting different material - for example documents from councils that local newspapers may be interested in.

"Way more people are sceptical about the direction Wikileaks are heading and see what we are doing as the right step into the future. So, I don't think credibility will be a problem."

To build further trust, he said, the group would establish a foundation in Germany to handle and publish its finances.

In addition, he said, the model they had chosen to use would mean that Openleaks would rarely be in the spotlight.

"We're not aiming for any front pages," said Mr Domscheit-Berg. "If anything at all, this organisation is to enable others to do that."

It has now launched a website which will detail the evolution of the project before it goes live in the coming months.

"We do not think that Openleaks will be in Wikileaks' shadow," Mr Domscheit-Berg said. "We are a completely different approach. We do not see ourselves as competitors - we are the next evolutionary step."



Powered by WizardRSS | Full Text RSS

Blog attack spawns Twitter spam

An attack on online gossip site Gawker Media has enabled spammers to take over thousands of Twitter accounts.

Gawker said on Sunday its servers had been hacked and 1.3 million user account passwords compromised.

A file containing those details was then published on a file-sharing site by a group allied to the notorious image board 4Chan.

That enabled spammers to break into thousands of Twitter accounts where users had used the same passwords.

Gawker published a statement on its homepage advising its users to change their password after its servers were attacked.

While the stored passwords were encrypted, "simple ones may be vulnerable to a brute force attack", it said.

A group calling itself "Gnosis" subsequently released a 500MB file containing the data taken from Gawker on the file-sharing system Bittorrent.

Harvested passwords

The motivation for the attacks is not yet clear.

Gawker has previously been targeted by hackers after posting blogs critical of 4Chan.

The attackers also took over Gawker-run Twitter accounts to publish messages supporting Wikileaks.

Gawker has also published blogs critical of Wikileaks founder Julian Assange.

And it is not just Gawker's Twitter accounts that have been broken in to.

"Start Quote

Every identity thief, hacker and spammer out there will be attracted to that password file"

End Quote Graham Cluley Sophos

Del Harvey, who heads Twitter's trust and security team said a spam attack on the site appeared to be related to the theft of Gawker's account details.

Hundreds of thousands of Twitter users had seen their accounts compromised and messages sent promoting an Acai Berry diet.

"It's all too common that people use the same password for multiple accounts," Rik Ferguson, a security researcher at Trend Micro told the BBC.

Anybody that has had their Gawker account details published can expect to be targeted by other hackers, said Graham Cluley, a consultant at security firm Sophos.

"Every identity thief, hacker and spammer out there will be attracted to that password file," he said.

The impact would have been more serious if compromised accounts had linked to sites containing bank-credential-stealing malware, he added.

Users could protect themselves by creating complex passwords for each online service that needed a password, said Mr Ferguson.

Complex passwords can be made easy to remember, he said.

He suggested taking a the first letters from the words in a phrase a user is likely to remember, such as "I wandered lonely as a cloud".

Some letters can be replaced by symbols, perhaps using "@" instead of "a".

Finally, adding the first and last letter of the website being visited to that phrase creates a unique but memorable password that is hard to guess, he adds.



Powered by WizardRSS | Full Text RSS

Microsoft Allen&#39;s case dismissed

Microsoft co-founder Paul Allen has had his lawsuit against a number of tech and online retail firms thrown out.

In August, Mr Allen claimed the firms - including Google, eBay, Apple and Facebook - had infringed patents held by his firm Interval Licensing.

But a federal judge said Mr Allen had failed to "indicate with any specificity" which products violated his intellectual property rights.

A spokesman for Mr Allen said he would be filing an amended complaint soon.

Spokesman David Postman also called US District Judge Marsha Pechman's decision "purely procedural".

Others firms named in the lawsuit were Yahoo, Netflix, AOL, Office Depot, OfficeMax and Staples.

Charity pledge

Mr Allen said the firms had infringed a number of web technology patents held by Interval Licensing.

The patents concern using web browsers to find information; letting users know when items of interest appear; and enabling adverts, stock quotes, news update or video images to pop up on a computer screen while the user is engaged in another activity.

Interval had not named a precise figure for damages.

Mr Allen co-founded Microsoft with Bill Gates in 1975, and later started Interval in 1992.

At its height, the company employed over 110 scientists, physicists and engineers.

Mr Allen, who made billions of dollars from his Microsoft shares, recently pledged most of his $31.5bn (�19.8bn) fortune to charity.

Last year, he revealed he had been diagnosed with non-Hodgkin's lymphoma.



Powered by WizardRSS | Full Text RSS

Amazon hit by web service failure

Online retailer Amazon has said its European websites were temporarily offline because of a "hardware failure".

British, French, German, Austrian and Italian sites were down for about 30 minutes on Sunday during a peak pre-Christmas shopping period.

The outage occurred during a time of ongoing threats against major sites by pro-Wikileak activists.

A group known as Anonymous is targeting firms, including Amazon, that withdrew services from the whistle-blowing site.

"The brief interruption to our European retail sites last night was due to hardware failure in our European datacentre network and not the result of a [distributed denial of service] attempt," said a spokesperson for the firm.

Amazon sites ending .it, .de, .uk, .fr and .at - which are all hosted in Dublin - were unavailable for about half an hour at about 2115 GMT on Sunday, according to a Twitter posting by web monitoring firm Netcraft.

However, all servers are now back up and running after a brief delay, the firm says.

Suspended accounts

The outage follows a series of web attacks by Anonymous targeted at corporate websites that had withdrawn services from Wikileaks.

Amazon stopped hosting Wikileaks material on its servers on 1 December saying the site was breaking its terms and conditions.

As part of its campaign, Anonymous had planned to mount a distributed denial-of-service (DDoS) attack on Amazon on Friday, but publicly abandoned the plans, saying they did not have the "forces".

"While it is indeed possible that Anonymous may not have been able to take Amazon.com down in a DDoS attack, this is not the only reason the attack never occurred," read a statement that appeared to be published by the group.

"After the attack was so advertised in the media, we felt that it would affect people such as consumers in a negative way and make them feel threatened by Anonymous.

"Simply put, attacking a major online retailer when people are buying presents for their loved ones would be in bad taste."

DDoS attacks, which are illegal in the UK, involve overloading a website with high numbers of requests so it stops working.

Several Twitter accounts attributed to Anonymous and its campaign have been suspended over the attacks.

The group's Operation Payback Campaign has also targeted the websites of Paypal, Mastercard and Visa, as well as the Swedish Prosecutor's website after a case was brought there against Wikileaks founder Julian Assange.

Mr Assange is in British custody awaiting an extradition hearing after being accused of sex crimes in Sweden. He denies the charges.

Wikileaks has angered the US government by publishing large caches of secret documents online, including US diplomatic cables.

The government has written to Wikileaks, saying it believes its actions are illegal, but it has denied putting pressure on firms such as PayPal to withdraw services.

WikiLeaks has refused to link itself with Anonymous, saying "we neither condemn nor applaud these attacks".



Powered by WizardRSS | Best Membership Site Software