Tag Archives: Julian Assange

Taking Shady RAT to the Next Level

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data.

Alperovitch points out that their data goes back to mid-2006:

We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises.

This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard drives were filling up with eavesdropped documents:

We have received over 1 million documents from 13 countries, despite not having publicly launched yet! (Wikileaks Leak, Jan, 2007)

Although Assange has since denied the material came from eavesdropping, it seems clear that it was, until McAfee’s report, the earliest example of a significant trove of documents and emails stolen by China-based hackers. This may have been the same channel stumbled upon a year later by Egerstad (Dan Egerstad’s Tor exit nodes get him arrested and proves a point I made in July | ZDNet).

There were, however, reports in mid 2006 of largescale theft of documents: State Dept (May), and NIPRNet (June), US War College (Sept) and German organisations (October).

I would like to see more data from McAfee and, in the interests of transparency, at least the metadata from the still unrevealed WikiLeaks stash in order to do some note comparing and triangulation. I’d also like to see this material compared with the groundbreaking work by three young Taiwanese white hats, who have sifted through malware samples to try to group together some of these APTs: APT Secrets in Asia – InSun的日志 – 网易博客.

The work has just begun.

A pale white man shows us what journalism is

My weekly Loose Wire Service column.

Is the Internet replacing journalism?

It’s a question that popped up as I gazed at the blurred, distorted web-stream of a press conference from London by the founder of WikiLeaks, a website designed to “protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public”.

On the podium there’s Julian Assange. You can’t make a guy like this up. White haired, articulate and defensive, aloof and grungy, specific and then sweepingly angry. Fascinating. In a world of people obsessed by the shininess of their iPhones, Assange is either a throwback to the past or a gulf of fresh air.

WikiLeaks, which has been around for a few years but has, with the release of mounds of classified data about the Afghan War, come center stage.

Assange doesn’t mince his words. He shrugs off questions he doesn’t like by pointing his face elsewhere and saying “I don’t find that question interesting.” He berates journalists for not doing their job — never

something to endear an interviewee to the writer.
But in some ways he’s right. We haven’t been doing our job. We’ve not chased down enough stories, put enough bad guys behind bars (celebrities don’t really count.) His broadsides may be more blunderbuss than surgical strike, but he does have a point. Journalism is a funny game. And it’s changing.

Asked why he chose to work with three major news outlets to release the Afghan data, he said it was the only way to get heard. He pointed out that he’d put out masses of interesting leaks on spending on the Afghan war previously and hardly a single journalist had picked it up.

Hence the — inspired — notion of creating a bit of noise around the material this time around. After all, any journalist can tell you the value of the material is less intrinsic than extrinsic: Who else is looking for it, who else has got it, and if so can we publish it before them.

Sad but true. We media tend to only value something if a competitor does. A bit like kids in the schoolyard. By giving it to three major outlets — New York Times, The Guardian, Der Spiegel — Assange ensured there was not only a triple splash but also the matchers from their competitors.

So Assange is right. But that’s always been like that. Assange is part of — and has identified — a much deeper trend that may be more significant than all the hand-wringing about the future of the media.

You see, we’ve been looking at media at something that just needs a leg-up. We readily admit the business model of the media is imploding.

But very little discussion of journalism centers on whether journalism itself might be broken. Assange — and others – believe it is.

The argument goes like this.

The model whereby media made a lot of money as monopolistic enterprises — fleecing advertisers at one end, asking subscribers to pay out at the other, keeping a death grip on the spigot of public, official or company information in the middle — has gone. We know that.

But what we don’t perhaps realize is that the Internet itself has changed the way that information moves around. I’m not just talking about one person saying something on Twitter, and everyone else online reporting it.

I’m talking about what news is. We journalists define news in an odd way — as I said above, we attach value to it based on how others value it, meaning that we tend to see news as a kind of product to grab.

The Internet has changed that. It’s turned news into some more amorphous, that can be assembled from many parts.

Assange and his colleagues at WikiLeaks don’t just act as a clearing house for leaked data. They add extraordinary value to it.

Don’t believe me? Read a piece in The New Yorker in June, about the months spent on cracking the code on, and then editing video shot in Iraq.

In a more modest way this is being done every day by bloggers and folk online, who build news out of small parts they piece together —some data here, a report there, a graphic to make sense of it. None of these separate parts might be considered news, but they come together to make it so.

Assange calls WikiLeaks a stateless news organization. Dave Winer, an Internet guru, points out that this pretty much is what the blogosphere is as well. And he’s right. WikiLeaks works based on donations and collaborative effort. Crowd-sourcing, if you will.

I agree with all this, and I think it’s great. This is happening in lots of interesting places — such as Indonesia, where social media has mobilized public opinion in ways that traditional media has failed.

But what of journalism, then?

Jeff Jarvis, a future-of-media pundit, asked the editor of The Guardian, one of the three papers that WikiLeak gave the data too first, whether The Guardian should have been doing the digging.

He said no; his reporters add value by analyzing it. “I think the Afghan leaks make the case for journalism,” Alan Rusbridger told Jarvis. “We had the people and expertise to make sense of it.”

That’s true. As far as it goes. I tell my students, editors, colleagues, anyone who will listen, that our future lies not so much in reporting first but adding sense first. And no question, The Guardian has done some great stuff with the data. But this is a sad admission of failure — of The Guardian, of reporting, of our profession.

We should be looking at WikiLeaks and learning whatever lessons we can from it. WikiLeaks’ genius is manifold: It has somehow found a way to persuade people, at great risk to themselves, to send it reams of secrets. The WikiLeaks people do this by taking that data seriously, but they also maintain a healthy paranoia about everyone — including themselves — which ensures that sources are protected.

Then they work on adding value to that data. Rusbridger’s comments are, frankly, patronizing about WikiLeaks’ role in this and previous episodes.

We journalists need to go back to our drawing boards and think hard about how WikiLeaks and the Warholesque Assange have managed to not only shake up governments, but our industry, by leveraging the disparate and motivated forces of the Internet.

We could start by redefining the base currency of our profession — what news, what a scoop, what an exclusive is. Maybe it’s the small pieces around us, joined together.