nuclear-news

The News That Matters about the Nuclear Industry Fukushima Chernobyl Mayak Three Mile Island Atomic Testing Radiation Isotope

Riseup.net encryption broken – Japanese Against Nuclear UK (JANUK) and UK activists targetted! – With corrections

Op Ed Posted by arclight2011

Nuclear-news.net

22 February 2014

Nuclear news had been promoting Riseup.net as an encrypted service suitable for activists. However, recent information given to this blogger has thrown doubt on the ability of riseup and other “encrypted” online services to be able to deliver a secure service.

I contacted them via email and have not received a reply after about 2 weeks. The delay in reporting this was because i had to interview my sources at Japanese Against Nuclear UK to confirm the situation and give riseup staff a chance to reply. It might be that riseup never received the email and so i am posting this article to catch their attention and give them a chance to respond.

The scenario

I have been working with many bloggers from Japan and Japanese in the UK to get, what is now, censored information direct from Japanese sources. To try to protect my sources i can not be more specific in some details of internet restrictions, hacking and general harassment but for those that remember tokyobrowntabby (who worked with EXSKF amongst others) had her original youtube channels deleted and videos constantly challenged for copyright even though she was using them for educational purposes only. She retired after such harassment unfortunately but understandably as did the UK based bloggers on YouTube with Japanese contacts.

Other bloggers in the early days of Fukushima were also working with Japanese contacts that were able to do the hard work in translating Japanese to English and vise-versa were also targeted and, stopped blogging because of the stresses involved.

3 years later and just after Japans new secrecy law was posited now the Japanese in the UK are being targeted by persons unknown.

I have been targeted myself on multiple occasions by “unknown” assailants but have carried on regardless  (I have been made jobless, homeless and have been attacked using financial strategies) [I have taken out some bits of this article as it doesnt reflect the content of the email correctly. I took the description of the content of the email seriously out of context. Sorry about the delay in correcting the article  -Arclight2011]

An email was sent to the subscription list recently.  JANUK use riseup.net emails and use the subscribers service offered by riseup.net as well. However, a member that uses riseup.net got the initial email but certain words had been deleted, making the email mostly unreadable.

A second attempt at contacting the members was blocked completely and the sender of the email was further harassed via the internet to make sure some unknown point was driven home.

It was very effective at frightening and discouraging all activists concerned (including me)

I will carry on blogging anyway and am adjusting my life style accordingly to cope with this ever changing situation. My autobiography will be interesting i suspect (not planned yet)!

The main points are that JANUK and other UK based activists are constantly being manipulated and divided (ref George Monbiot splitting the anti nuclear movement in the UK that STRATFOR was VERY concerned about,  and the results speak for themselves unfortunately! George helped destroy the movement that STRATFOR  and the UK nuclear lobby were previously so concerned about).

Anyone involved in translation and dissemination of Fukushima information is under severe restrictions or suffers punitive actions.

[Nuclear power in Britain is, in effect, finished: on Saturday, the EU revealed that it had prohibited the government’s latest desperate attempt to keep it afloat with massive subsidies. G Monbiot 2002]

…Despite the strong interparty consensus on the issue, therefore, the United Kingdom remains a country where public opinion – and anti-nuclear energy activists – will have to be “monitored” carefully to gauge which way the country will go following the Fukushima incident….. STRATFOR REPORT

I await a response from riseup.net on the hacking issue to support the above anecdotal evidence or to clarify that there was no hacking. I will update this article and post a new one to clarify the situation.

response email for riseup staff AND George Monbiot if he wants.

arclight2011@riseup.net (likely not secured :( )

March 1, 2014 - Posted by | Uncategorized

11 Comments »

  1. Glenn Greenwald “Criminalizing journalism”

    Comment by arclight2011part2 | March 1, 2014 | Reply

  2. Glenn Greenwald “Civil Liberties Under Obama” (Full Speech)

    Comment by arclight2011part2 | March 1, 2014 | Reply

  3. Alan Rusbridger (Guardian) appears before the home affairs select committee (FULL length)
    “…Depends if you believe in freedom of speech or not….”

    Comment by arclight2011part2 | March 1, 2014 | Reply

  4. New German TV Snowden Interview – Clapper Put in His Place –
    “….I sleep very well….”

    Comment by arclight2011part2 | March 1, 2014 | Reply

  5. Heartbleed seems to show that at least systems (read servers, clients, web appliances, phones, etc., etc.) encrypted with OpenSSL have potentially been vulnerable to wholesale pwnage, including certificates, login details, financials, etc, etc. etc. 😦

    Personally, i use barcodes to make extremely lengthy passwords, and use a barcode scanner to enter them. Site security is ensured as only i know the combination of barcodes. Sadly, even this approach may have been penetrated, despite my precautions.

    Some have commented that this particular hole may persist in vulnerable appliances for another decade !!!

    Quote: “Heartbleed is a catastrophic bug in OpenSSL:

    “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

    Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory — SSL private keys, user keys, anything — is vulnerable. And you have to assume that it is all compromised. All of it.

    “Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

    Half a million sites are vulnerable, including my own. Test your vulnerability here.

    The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.

    At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.”

    Quoted from: https://www.schneier.com/blog/archives/2014/04/heartbleed.html

    See https://github.com/musalbas/heartbleed-masstest for a list of the top 10000 sites affected.

    Comment by Dud | April 10, 2014 | Reply

    • Quote: “Heartbleed: don’t rush to update passwords, security experts warn

      The severity of the Heartbleed bug means that rushing to change passwords could backfire”

      “Internet security researchers say people should not rush to change their passwords after the discovery of a widespread “catastrophic” software flaw that could expose website user details to hackers.

      The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including usernames, passwords and cryptographic keys being used inside the site. Those at risk include Deutsche Bank, Yahoo and its subsidiary sites Flickr and Tumblr, photo-sharing site Imgur, and the FBI. ”

      “Doing so “could even increase the chance of somebody getting the new password through the vulnerability,” Schloesser said, because logging in to an insecure server to change a password could reveal both the old and new passwords to an attacker.”

      “While some servers have fixed the OpenSSL flaw, the cascading nature of the problem means that they may not be fully safe. The flaw lets a determined attacker steal the private key to a site’s SSL certificate, the code that enables all communications with the server to be held securely.

      Sites which have updated OpenSSL but are still using the same certificate as before – such as Deutsche Bank’s main consumer portal in Germany – may show up as secure on initial inspection, but remain easy for attackers to penetrate.

      “Risk to users exist until organisations have updated OpenSSL, acquired a new certificate, generated and deployed new SSL keys, and revoked old keys and certs,” says Trey Ford, global security strategist at Rapid7. “Until this is done, attacks may still be able to steal cookies, sessions, passwords, and the key material required to masquerade as the website.””

      quoted from: http://www.theguardian.com/technology/2014/apr/09/heartbleed-dont-rush-to-update-passwords-security-experts-warn

      Perhaps this is a good time to remember those wonderful words penned years ago by Douglas Adams: “DON’T PANIC”.

      Be proactive, not reactive. Head’s up!

      Find me @ Bobby’s.

      Comment by Dud | April 10, 2014 | Reply

  6. Quote from: http://www.imdb.com/title/tt0092007/quotes

    “Spock: Are you sure it isn’t time for a colorful metaphor? “

    Comment by Dud | April 10, 2014 | Reply

  7. Update:

    Quote: “Cloudflare is reporting that it’s very difficult, if not practically impossible, to steal SSL private keys with this attack.

    “Here’s the good news: after extensive testing on our software stack, we have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data. Note that is not the same as saying it is impossible to use Heartbleed to get private keys. We do not yet feel comfortable saying that. However, if it is possible, it is at a minimum very hard. And, we have reason to believe based on the data structures used by OpenSSL and the modified version of NGINX that we use, that it may in fact be impossible.””
    http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

    https://www.schneier.com/blog/archives/2014/04/more_on_heartbl.html

    Comment by Dud | April 11, 2014 | Reply

    • One person did pen the following in the comments from that article though.

      Quote of Ryan Ries: “I’ve already got about half of their private key, and I’ve only been at it for ~ 3 hours.”

      Comment by Dud | April 11, 2014 | Reply

  8. […] Some personal observations with Dr Busby I observed To expand on the evidence a bit that i have already outlined I will talk about the 200 Japanese anti nuclear activists living in the UK. I have documented one such attack on an encrypted email server here; https://nuclear-news.net/2014/03/01/riseup-net-encryption-broken-japanese-against-nuclear-uk-januk-a… […]

    Pingback by Fukushima shows the seedy side of the Secret Services. Dr C. Busby- A case history | Activist news source | December 3, 2016 | Reply


Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

« Previous | Next »