20 December 2010

wikileaks.info

http://cryptome.org/0003/wl-info-warning.htm


Wikileaks.info Warning

From: Joly MacFie <joly[at]punkcast.com>
Date: Sun, 19 Dec 2010 02:14:25 -0500
To: nettime-l[at]kein.org
Subject: Re: <nettime> Wikileaks and spam

And then a comeback from Spamhaus, itself now under ddos attack..

> As many of you know, both Trend Micro and Spamhaus have published
> warnings about a Wikileaks mirror site 'wikileaks.info' which is
> run by the person or persons behind 'AnonOps' from an IP address of
> a Russian dedicated cybercrime host (Heihachi) on which there is
> nothing but malware and other cybercrime. Innocent people seeking to
> read or download Wikileaks documents are being directed to the rogue
> wikileaks.info server and into the hands of the crime gangs located
> there.
>
> For trying to warn about the crime gangs located at the
> wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. The
> criminals there do not like our free speech at all.
>
> As our site can't be reached now, you can not read our article 
> on this, and we can not continue to warn Wikileaks users not to 
> load things from the Heihachi IP. If you know journalists who would 
> get this message out to Wikileaks users, please forward this 
> message (entire) to them.

The anonymous folks at AnonOps did not like our article update, here's
what we said and what brought the ddos on us:

----

In a statement released today on wikileaks.info entitled "Spamhaus'
False Allegations Against wikileaks.info", the person running the
wikileaks.info site (which is not connected with Julian Assange or
the real Wikileaks organization) called Spamhaus's information on his
infamous cybercrime host "false" and "none of our business" and called
on people to contact Spamhaus and "voice your opinion". Consequently
Spamhaus has now received a number of emails some asking if we "want
to be next", some telling us to stop blacklisting Wikileaks (obviously
they don't understand that we never did) and others claiming we are "a
pawn of US Government Agencies".

None of the people who contacted us realised that the "Wikileaks press
release" published on wikileaks.info was not written by Wikileaks and
not issued by Wikileaks - but by the person running the wikileaks.info
site only - the very site we are warning about. The site data,
disks, connections and visitor traffic, are all under the control of
the Heihachi cybercrime gang. There are more than 40 criminal-run
sites operating on the same IP address as wikileaks.info, including
carder-elite.biz,h4ck3rz.biz, elite-crew.net, and bank phishes
paypal-securitycenter.com and postbank-kontodirekt.com.

Because they are using a Wikileaks logo, many people thought
that the "press release" was issued "by Wikileaks". In fact
there has been no press release about this by Wikileaks and
none of the official Wikileaks mirrors sites even recognise
thewikileaks.info mirror. We wonder how long it will be before
Wikileaks supporters wake up and start to question whywikileaks.info
is not on the list of real Wikileaks mirrors at <a href="

http://wikileaks.ch/mirrors.html">wikileaks.ch</a>.

Currently wikileaks.info is serving highly sensitive leaked documents
to the world, from a server fully controlled by Russian malware
cybercriminals, to an audience that faithfully believes anything with
a 'Wikileaks' logo on it.

Spamhaus continues to warn Wikileaks readers to make sure they are
viewing and downloading documents only from an official Wikileaks
mirror site. We're not saying "don't go to Wikileaks" we're saying
"Use the wikileaks.ch server instead".

----

Steve Linford
The Spamhaus Project
http://www.spamhaus.org

Meanwhile http://wikileaks.org does indeed resolve to

http://mirror.wikileaks.info

<http://mirror.wikileaks.info>j

-- 
---------------------------------------------------------------
Joly MacFie  218 565 9365 Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com
http://pinstand.com - http://punkcast.com
  VP (Admin) - ISOC-NY - http://isoc-ny.org
---------------------------------------------------------------

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mail.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime[at]kein.org


Cryptome:
As others have noted, any of the Wikileaks mirrors can be used to siphon data of their IPs, operators and users, as can Wikileaks itself, as can maillists, IMs, chats, TOR .gov, .mil, .com, .edu, .org, and the rest of the insecure-by-design Internet. Beyond that, network equipment manufacturers, security producers, operators and admins can access anything under guise of security and administration -- the Internet's true authoritatives responsible only to themselves, and their profits, cloaked by high-minded claims of public service. This continues the long-running practice of analogue communications -- messengers, couriers, mail, publishers -- and electronic telecommunications providers. Man-in-the-middle, panopticon. Mea culpa. Cryptome mirrors, too.

No comments:

Post a Comment