Streetwise Professor

March 12, 2012

CC Rider, Oh see, what you have done

Filed under: Uncategorized — The Professor @ 2:31 pm

People associated with Wikileaks appear to be very anxious about the prospect that Jules Assange will be implicated in the Stratfor criminal hack.  One example: Christiane Assange, Jules Assange’s mother tweeted me: “Perhaps u are unaware that the U.S.Doj will try to indict Julian using the term ‘hacker’ not ‘journalist’.”  This in response to her earlier tweet in which she said there was a difference between hacking and journalism, to which I asked about the Wikileaks-Stratfor connection.

The complaint against alleged Stratfor hacker Jeremy Hammond contains many tidbits that suggest, as I suspected as soon as the LulzSec bust was revealed, that anyone associated operationally with Wikileaks has a lot to worry about.

The highlights:

  • Hammond chatted with Sabu about a “new target”-apparently Stratfor-on 6 December, 2011.
  • The hack was evidently completed by 14 December.  Sabu asked Hammond whether the target was Stratfor, and Hammond acknowledged it.
  • Sabu provided Hammond access to servers thoughtfully paid for and monitored by the FBI onto which Hammond downloaded all the Stratfor material.
  • A “co-conspirator”-“CC-1”-upload all the information on 19 December. That was the only time the information was accessed.
  • Wikileaks announced that it had the Stratfor material on 27 February, 2012, and hyped an email that claimed that Stratfor’s Fred Burton knew that Assange had been indicted.
  • The FBI began physical and electronic surveillance on Hammond’s residence on 28 February.  Hammond made their lives easy by using wifi.
  • Although Hammond used Tor to conceal his tracks, a “Tor network expert” helped the FBI verify that Hammond was connecting to Tor.  Those operating Tor servers can identify the IP addresses connecting to them.  (“Tor sniffing.”)

It is clear that CC-1 has to be someone associated with Wikileaks.  So Wikileaks is a co-conspirator.  The entire transfer of the Stratfor information was monitored by the FBI, and even if the downloader [fixed-had said uploader] had used Tor, the FBI would presumably know the IP or IPs used to connect to the server on which the information was stored.

Some interesting issues.

  • The complaint is very hazy-certainly deliberately so-on the communications between Hammond and CC-1.  Presumably they have it all, or most of it. This raises the questions: when did the conversations start?  Was CC-1 in communication before the hack, or just afterwards? Who initiated the contact? In some respects, it’s moot whether CC-1 was an accessory/conspirator before or after the fact, but it is interesting nonetheless.
  • Even though the information in the Hammond complaint makes it quite clear that the FBI had sufficient information, based on Hammond’s revelations as early as July, 2011 about his various arrests in multiple cities, to identify Hammond as the hacker soon after they turned Sabu, they did not begin physical surveillance until 2/28/2012.  (The complaint does say it began “continuous physical surveillance” on that date, leaving open the possibility of intermittent surveillance earlier.)  Why the delay? And is it merely a coincidence that the continuous physical surveillance began the day after Wikileaks /Assange released the Stratfor emails?
  • Who is the “FBI Tor network expert” mentioned on p. 31 of the complaint?  Various Anonymous-types started asking Appelbaum whether he was involved.  Appelbaum went silent on twitter for a couple of days, returning today saying: “Huh? I’ve been announcing hack meetups at Noisebridge in the last few days. For you know, hacking, not twittering.” Whether or not Appelbaum (and recall that Tor gets virtually all its funding from the USG) is the expert, suspicions have been aroused, and those can take on a life of their own. (Generally, the relation between Tor-and Appelbaum-and the government is quite ambiguous, which is probably in the interests of all involved.  But as the LulzSec case shows, Tor could be just one big cyber Venus Flytrap.)

Right now there are more questions than answers, but there is more than enough to conclude that Wikileaks and Assange indeed have much to fear from the Stratfor/LulzSec events.  The FBI watched at least some of the transaction involving the transfer of stolen information to someone at Wikileaks.  As the “man in the middle” they presumably know very much indeed about those at either end-including Wikileaks-most of which has to be inferred right now.  But not for too long, I’m guessing: and if Christiane Assange’s tweet means anything, it means that people very close to Assange are guessing the same.

Print Friendly, PDF & Email


  1. I guess there must not be any darn honor among cyber thieves or as they say similarly down south-
    Entre putas y cabrones, no hay fijones .

    Comment by pahoben — March 12, 2012 @ 6:25 pm

  2. Actually, “Tor sniffing” refers to the recording of unencrypted traffic between an exit node and a destination server. A malicious node operator can also record IP addresses of connections, but they’re not useful by themselves – a Tor circuit contains many nodes, chosen by the client, and they’d all have to collude to associate a client IP address with its exit traffic.

    If someone is sitting between the client and the rest of the Internet – listening to its wifi, say – they can see the IP address of the first node in the circuit. There’s a public directory of node addresses (from which clients build their circuits,) so it’s quite possible to infer that a given flow is Tor traffic. Note that they can’t see which other nodes the client chose for its circuit, or the destination server, or the data being transferred, because these are encrypted (one layer of encryption per node, hence “onion routing.”)

    The complaint illustrates a timing attack – roughly, “this guy was using Tor on his wifi on or about the time this other guy conspired with our informant, and he did so repeatedly and consistently, so it’s probably the same guy.”

    Comment by nil — March 12, 2012 @ 8:58 pm

  3. The good news for Julian’s mummy is that while others are about to drop her boy in the manure from a very great height, she can be sure that he will not die of it.

    This is in acute contrast to Julian’s own activities, when he published material without the slightest regarded for whether he mortally endangered anyone else or not.

    If I had to be compromised to my enemies, I’d much rather be compromised to the FBI and wind up in prison than be a soldier in Afghanistan who is compromised to the Taliban and winds up in a coffin.

    Just saying like.

    Comment by Green as Grass — March 13, 2012 @ 6:30 am

  4. At least in prison Assange will not have the concerns about contraception that he has struggled with in the past (sorry Professor).

    Comment by pahoben — March 13, 2012 @ 7:17 am

  5. @pahoben-LOL. Too true. No apology necessary. (BTW, OT but I thought of you this AM when I read that Tillerson said that non-US shale plays were not promising b/c hydraulic fracking not effective, and the the head geologist of Poland said that country’s shale gas resources had been overstated.)

    @Green-Hear, hear!

    The ProfessorComment by The Professor — March 13, 2012 @ 8:28 am

  6. I could have saved him the time and trouble of trying to frac there if he would have asked. All of the people that sold these companies on the shale exploaration programs there are really too stupid for the jobs they have.

    As for me personally i have risen slightly above profane defiler of the Holy. 🙂

    Comment by pahoben — March 13, 2012 @ 1:24 pm

  7. Except that the prison will be for at least a dozen years and probably several, with a generous dose of hombre y hombre action as they’d say down south (with Assange unlikely to be THE hombre in that relationship).

    Comment by Sublime Oblivion — March 13, 2012 @ 3:50 pm

  8. He may not have a contraception problem when he is en-slammed , but let us not forget the STD s!

    Comment by sotos — March 13, 2012 @ 8:44 pm

  9. It’s not too late for Julian to start an intensive course of bodybuilding.

    It will give him a hobby he can continue with in prison, and it will also be quite handy on those warm spring evenings when the sap starts to rise and his cellmate Spike starts to feel a bit frisky.

    In those moments, what will matter most to Julian will not be the justice of his cause or the injustice of his incarceration. What will matter most in the world will be who’s stronger – Julian or Spike.

    I’d be getting those reps in starting right now, myself.

    Comment by Green as Grass — March 15, 2012 @ 5:10 am

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress