Hacker Archives Every Deleted Parler Post -“Very Incriminating” UPDATE

UPDATE: FAR WORSE THAN WE THOUGHT:

By Monday, rumors were circulating on Reddit and across social media that the mass disemboweling of Parler’s data had been carried out by exploiting a security vulnerability in the site’s two-factor authentication that allowed hackers to create “millions of accounts” with administrator privileges. The truth was far simpler: Parler lacked the most basic security measures that would have prevented the automated scraping of the site’s data. It even ordered its posts by number in the site’s URLs, so that anyone could have easily, programmatically downloaded the site’s millions of posts.

Parler’s cardinal security sin is known as an insecure direct object reference, says Kenneth White, codirector of the Open Crypto Audit Project, who looked at the code of the download tool @donk_enby posted online. An IDOR occurs when a hacker can simply guess the pattern an application uses to refer to its stored data. In this case, the posts on Parler were simply listed in chronological order: Increase a value in a Parler post url by one, and you’d get the next post that appeared on the site. Parler also doesn’t require authentication to view public posts and doesn’t use any sort of “rate limiting” that would cut off anyone accessing too many posts too quickly. Together with the IDOR issue, that meant that any hacker could write a simple script to reach out to Parler’s web server and enumerate and download every message, photo, and video in the order they were posted.

‘It’s just a straight sequence, which is mind-numbing to me,” says White. “This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you’re first learning how web servers work. I wouldn’t even call it a rookie mistake because, as a professional, you would never write something like this.”

https://www.wired.com/story/parler-hack-data-public-posts-images-video/

We thought that by wandering over to Parler we could breathe easy with our comments.  After all we thought we would not be censored for the most part and it appeared it was going to be live and let live. No data mining. (Chuckle time)

We are in for a nasty shock.

We could fire off a comment feeling free as a twitter bird.. well a bird then. Sort of like the early days of E-Mail.

Now we find that all of our comments and videos are identifiable to us, most including our location, have been harvested from Parler.

BACK TO THE STORY:

Want to know how it works?:

“I want this to be a big middle finger to those who say hacking shouldn’t be political,” said @donk_enby, whose efforts are documented at ArchiveTeam.org. She says that the data will eventually be hosted by the Internet Archive.

Our concern with Parler should have started in November

@donk_enby told Gizmodo that she began digging into Parler after the company issued denials about an email leak unearthed by the hacktivist Kirtner, who has been credited with founding the hacker group Anonymous. @donk_enby said she was able to independently locate the same material herself at the time.

Kirtner, creator of 420chan — a.k.a. Aubrey Cottle — reported obtaining 6.3 GB of Parler user data from an unsecured AWS server in November. The leak reportedly contained passwords, photos and email addresses from several other companies as well. Parler CEO John Matze later claimed to Business Insider that the data contained only “public information” about users, which had been improperly stored by an email vendor whose contract was subsequently terminated over the leak. (This leak is separate from the debunked claim that Parler was “hacked” in late November, proof of which was determined to be fake.) –Gizmodo

Following last week’s incursion into the US Capitol building by Trump supporters and the founder of a BLM group, a researcher who goes by the Twitter handle @donk_enby got to work archiving every post from that day made on Parler – a conservative alternative to Twitter where many claim the protesters coordinated leading up to the incident which left five people dead. Enby calls the evidence “very incriminating.”

Then, after Amazon announced that they were going kill conservative Twitter rival Parler, @donk_enby began archiving posts prior to the 6th, ultimately preserving approximately 99.9% of its content, according to Gizmodo.

Hoping to create a lasting public record for future researchers to sift through, @donk_enby began by archiving the posts from that day. The scope of the project quickly broadened, however, as it became increasingly clear that Parler was on borrowed time. Apple and Google announced that Parler would be removed from their app stores because it had failed to properly moderate posts that encouraged violence and crime. The final nail in the coffin came Saturday when Amazon announced it was pulling Parler’s plug. –Gizmodo

Included in the data harvest is “original, unprocessed, raw files uploaded to Parler with all associated metadata.

As Gizmodo notes, aside from obvious privacy implications, the archived data may serve as a “fertile hunting ground for law enforcement,” after dozens of suspects have been arrested in recent days following last week’s incident.

Of course, the data can also be used to help doxx conservatives by cancel-crusaders on the left, who go to great lengths to ruin the lives of their ideological opponents.

Before we go and sign up at the next social media upstart “Let the Buyer Beware!”

After all we would follow Trump into the fires of hell. Most of us were spared with the worse of this one.

I for one do not want to hear anymore from Parler and their spokes people. What you allowed to happen is far worse than any data mining. What say you?

H/T: Zero Hedge

Gizmodo

Everything super fine in the swamp….. would someone ask Parler about this breech?

Will the government internet ‘kill switch’ going to be used?

 

 

At 3pm ET on June 2, 2019 it appears that Google Cloud (affecting Gmail, YouTube, SnapChat, Instagram, Twitter and Facebook among others) mysteriously (and almost unprecedently) went offline. Was this the trial run?

This brought to mind Obama’s Executive Order just in case you think this is a tin foil hat thing. Congress had big plans too.

Incident began at 2019-06-02 12:25 (all times are US/Pacific).

Jun 02, 20 12:25 We are investigating an issue with Google Compute Engine. We will provide more information by Sunday, 2019-06-02 12:45 US/Pacific.

One Google insider explains (via YCombinator):

I work on Google Cloud (but disclaimer, I’m on vacation and so not much use to you!).

We’re having what appears to be a serious networking outage. It’s disrupting everything, including unfortunately the tooling we usually use to communicate across the company about outages.

There are backup plans, of course, but I wanted to at least come here to say: you’re not crazy, nothing is lost (to those concerns downthread), but there is serious packet loss at the least. You’ll have to wait for someone actually involved in the incident to say more.

The internet is having a very bad day… Zero Hedge  and more of the details and a tip of the hat.

 

 

 

If you think this couldn’t happen, check back at what Obama and Congress had in mind a few years ago.

Presidential powers over the Internet and telecommunications were laid out in a U.S. Senate bill in 2009, which proposed handing the White House the power to disconnect private-sector computers from the Internet. But that legislation was not included in the Cybersecurity Act of 2012. I caught some discussion of this at the time, and the rationale was that  “misinformation” may need to be curtailed. Where did I hear that before? Anyone still wondering where we are headed with this? Think the Dems won’t try this again?

President Obama signed an executive order the week of July 12, 2012 that could give him control over the web in times of emergency.

According to The Verge, critics of the order are concerned with Section 5.2, which is a lengthy part outlining how telecommunications and the Internet are controlled. It states that the Secretary of Homeland Security will “oversee the development, testing, implementation, and sustainment” of national security and emergency preparedness measures on all systems, including private “non-military communications networks.” According to The Verge, critics say this gives Obama the on/off switch to the Web.

The order, known as the, “Assignment of National Security and Emergency Preparedness Communications Functions,” exists to hand over full control of communications and the internet to certain government authorities in times of natural disaster and security emergencies.

The wording for the executive order is of course lengthy and uses politician language, but the part worth pointing out is in section 5.2. It is in this section that the order states that Homeland Security will be able to monitor and control all non-military forms of communications in times of extreme measures, which is essentially giving the White House the on/off switch to the internet, according to some critics.

You can read more about the executive order, which still at the time still had 30 days before it became a law, over at CNET and The Verge. If you want to check out the order in its entirety, go to the White House press page.

Bonus:

Executive Order — National Defense Resources Preparedness

In a nutshell, it’s the blueprint for Peacetime Martial Law and it gives the president the power to take just about anything deemed necessary for “National Defense”, whatever they decide that is. It’s peacetime, because as the title of the order says, it’s for “Preparedness”.

Quote:

Sec. 201. Priorities and Allocations Authorities. (a) The authority of the President conferred by section 101 of the Act, 50 U.S.C. App. 2071, to require acceptance and priority performance of contracts or orders (other than contracts of employment) to promote the national defense over performance of any other contracts or orders, and to allocate materials, services, and facilities as deemed necessary or appropriate to promote the national defense, is delegated to the following agency heads:(1) the Secretary of Agriculture with respect to food resources, food resource facilities, livestock resources, veterinary resources, plant health resources, and the domestic distribution of farm equipment and commercial fertilizer;(2) the Secretary of Energy with respect to all forms of energy;(3) the Secretary of Health and Human Services with respect to health resources;(4) the Secretary of Transportation with respect to all forms of civil transportation;(5) the Secretary of Defense with respect to water resources; and(6) the Secretary of Commerce with respect to all other materials, services, and facilities, including construction materials

http://www.whitehouse.gov/the-press-office/2012/03/16/executive-order-national-defense-resources-preparedness

 

A very good day in the swamp.

Our Rights. Do most of us even understand them?

Our Rights

Do most of us even understand them?

By Mustang

A common complaint today is that one or another social media platform have banned someone because they, in some way, violated platform standards of conduct.  At least, that’s the allegation; but I have to ask: Um … so?

Perhaps it is true that social media standards are draconian, and they may even be politically biased.  We may not like these so-called standards, but there is another argument.  Given what we know about human behavior on social media, some of which is out-right cowardly and vulgar, most of which we would never tolerate from anyone in person, and some of which is clearly dangerous to public safety, what is wrong with an attempt by social media to enforce well-mannered and lawful dialogue?  

Hasn’t it been true in the past that terrorists have used social media to communicate their plans and aspirations? Aren’t there predators on these platforms, people who bully and harass others?  Aren’t there some people who are unable to construct simple sentences without using the “F-bomb”?  I’m trying to imagine how many of us would host an afternoon party at our homes and then put up with such nonsense from one of our guests.  Speaking for myself, I wouldn’t put up with it more than a nanosecond.

Beyond this, there is the inane argument that social platforms are denying its clients their first amendment right to self-expression (no matter how inappropriate those expressions may be).  Well, a short review of the First Amendment is in order. The Constitution and its amendments only apply to government’s behavior toward us … it does not protect behavior between private persons. 

In other words, there is no right to free speech when someone is standing in our living rooms making an ass of him or herself —and should I toss an offensive person out the door, they have no right to have me arrested, or drag me into a civil court, for doing so.  I’m thinking we ought to stop using the “first amendment” argument: it is silly.

I often wonder if social media platforms aren’t part of the reason our society has become so fractured—so, my final argument, allowing that Facebook or Twitter is not a government entity, is that if people are offended because social media restricts their speech or behavior, they can always cancel their accounts—which, as best as I can tell offers us access to their platforms free of charge.  We do have choices, right?  We could, for example, reduce our profanity, curtail the tendency to be rude or obnoxious to people we have never even met, and we could seek ways of expressing our political proclivities other than shouting at one another.

What say you?

Government mining social media on health behavior

There never was an Internet Site that the regime didn’t want to spy on. Do we really have that much money to throw around? But my hunch this is simply an effort to get their foot in the door in refining spying techniques. There is always a plan for what they do. They do nothing just for the heck of it. Yes, every totalitarian state requires information on it subjects and trumps freedoms. “Change agents” yes indeed. Infiltrate is the next step. Recall this previous post?

Cass Sunstein behind monitoring of websites

Just prior to his appointment as President Obama’s so-called regulatory czar, Cass Sunstein wrote a lengthy academic paper suggesting the government should “infiltrate” social network websites, chat rooms and message boards.

Such “cognitive infiltration,” Sunstein argued, should be used to enforce a U.S. government ban on “conspiracy theorizing.”

Among the beliefs Sunstein classified as a “conspiracy theory” is advocating that the theory of global warming is a deliberate fraud.

While the DHS may be monitoring websites for security reasons, Sunstein advocated such actions with another goal in mind.

Sunstein’s official title is administrator of the White House Office of Information and Regulatory Affairs.

Here we go with today’s news:

The National Library of Medicine (NLM) is “mining” Facebook and Twitter to improve its social media footprint and to assess how Tweets can be used as “change-agents” for health behaviors.

“The National Library of Medicine is the world’s largest biomedical library and makes its stored information available online at no charge to consumers, health professionals, and biomedical scientists through a diverse suite of resources,” the agency said in a contract posted on Oct. 23. “Evaluating how its databases and other resources are utilized is an important component of continuing quality improvement and has long been an on-going program of NLM management through a potpourri of monitoring tools.”

“The world-wide explosion in the use of social media provides a unique opportunity for sampling sentiment and use patterns of NLM’s ‘customers’ and for comparing NLM to other sources of health-related information,” the agency said.

“By examining relevant tweets and other comments,” the contract said, “NLM will gain insights to extent of use, context for which information was sought, and effects of various health-related announcements and events on usage patterns.”

Specifically, NLM will look at the “value of tweets and other messages as teaching tools and change-agents for health-relevant behavior.”

“The overarching objective of these studies is to obtain a richer understanding of how consumers, clinicians, researchers actually look for the health-related information they seek, and what they do with what they find,” NLM said in a response to frequently asked questions about the project.

“The OhMyGov Media Monitoring and Policy Analysis system is the first and only business intelligence software completely politically focused,” according to the company’s website. “It provides real-time data mining, analysis, and visual analytics to uncover patterns in message uptake and critical insights into how issues are being characterized by Congress as well as the media, public, and key stakeholders.”

More at Free Beacon

%d bloggers like this: