Discussion: Prosecutors Detail Computer Hacking Conspiracy Case Against Assange

Obviously the indictment wasn’t written to be technical and/or by someone who understands technology.

For instance:

The portion of the password Manning gave to Assange to crack was stored as a ‘hash value’ in a computer file that was accessible only by users with administrative-level privileges

… Okay, a “hash value” is something that cannot be reversed (you can find a set of possible sources for the hash, “collisions”, but it is “one way” only). If the file storing these hashes was only available to administrative users, then how did Manning get it? If instead the indictment is saying that administrative users viewed the file as unencrypted somehow: that’s not how hashes work (these would instead be “encrypted” using ex AES).

From this, the best I can tell is that Manning pulled the /etc/passwd file, which contains hashed versions of users’ passwords, from which she (and Assange) hoped to glean an administrative password with which they could then get access to more files on the system. Note that at some point the /etc/passwd file (readable by anyone who can access the machine) moved to /etc/shadow (readable only by “root” superusers, who would of course already have access to the rest of the contents of the machine already), so I’m assuming this was running an older version of Linux with /etc/passwd. Also note that if Manning/Assange had any real hope of finding a hash collision there, they either thought the admin used a simple password, or they knew that the system was using an old and crackable hashing scheme (say, MD5 or DES rather than bcrypt or newer).

I’m also assuming that the “special software” Assange used was a script-kiddie level (or maybe more sophisticated; Assange isn’t exactly a dummy although he does do a good job of playing one on TV) brute force hash cracking tool running on Linux, rather than somehow Linux itself.

I did also laugh at the apparent assertion that Linux is that “special software”, then had the gut-wrenching realization that somewhere someone’s crazy uncle has already internalized the “fact” that “Linux” is one of them “hacker tools” that means its users must be up to no good.

Well it’s not very good security if all you need to do to access passwords is to install a Linux partition.

It doesn’t sound like Assange himself hacked the password file. Only that he provided advice on how to do it. But even if he got a file of encrypted passwords, then what? Decrypting the passwords is the hard part. (Well, it should be. Let’s also guess that lots of DoS users don’t follow good protocol in choosing passwords.)

They can only file the charges in the extradition request unless they get a waiver from the UK, though I suppose they could amend that. (not a lawyer)

The matter was discussed in Paliament today. May brought it up on the Commons floor. UK is ok with extradition so long As it complies with law. As the death penalty is not going to be sought here, UK will be ok to process (most likely). The other good news is that the DOJ is more likely to issue additional indictments sooner rather than later so that the UK authorities can be properly informed in order to make their decision and justify any waiver if required.

Indictment clearly states that Manning sent Assange the hash value password file and that Assange was personally trying to hack it for her. Also indicates she installed Linux to get access to the encrypted password file, not to get the password.

Edit, just to be clear SHE, Manning installed Linux, not Assange. But like a fossil, I used both pronouns when referring to Manning because I’m doing old person shit now.

Ellul is always a good read. Those who want to know how politics really works would do well to keep him close.

So…did he actually hack it? If not, who really cares? Well, I guess it gets him involved as a co-conspirator. And if so, he’s really, really stupid.

“Also indicates he installed Linux to get access to the encrypted password file, not to get the password.”

I don’t know quite what you’re saying here. The purpose of getting an encrypted password file is to allow the possibility of hacking it to guess passwords. There’s no point in getting an encrypted password file and doing nothing with it.

I did also laugh at the apparent assertion that Linux is that “special software”, then had the gut-wrenching realization that somewhere someone’s crazy uncle has already internalized the “fact” that “Linux” is one of them “hacker tools” that means its users must be up to no good.

Yeah, this is one of those developments that makes me both laugh and cry. Reminds me of the kids in Jurassic Park. “It’s a Unix system!”

(For the uninitiated Unix and Linux systems are very similar. Basically if you can use one, you can use the other, at least at the user level.)

See my edit. See also “because I’m doing old person shit now.”

The point of alleging she used Linux was to satisfy the “unauthorized access” element of a statute written in the 1980’s by people who didn’t really understand even 1980’s technology.

The larger point is that it is legally okay for a journalist to publish stolen information that’s just dropped on his or her lap. It is not okay for a journalist to actively participate and collaborate in the theft. It’s a bright line that every real journalist understands perfectly well. Assange was stupid and arrogant because that’s who he is.

I’ve never got this argument. Trump already has the precedent of pardoning Arpaio for contempt, what’s to keep him from doing the same for those refusing to testify?

Indeed. I’d go as far to say that Assange was taking advantage of Manning to actively push her into illegal acts. Manning didn’t steal all that info and then look for an outlet. Assange was the one who made it happen. He’s not a journalist. He’s an activist against America. That’s why he had a show on RT.

I fully support whistleblowers, but a whistleblower is someone who uncovers wrongdoing as part of their job. Manning and Snowden were both turned into unwitting spies to uncover American secrets by people working for the Russians. Just like what the Russians always do. They find easily manipulated dummies who won’t even know they’re breaking the law until it’s too late.

But if, as Powell intimated in his advice to Clinton, the goal was to avoid FOIA, then the above is no excuse.

Now you tell me!

And that’s a point conveniently ignored by his champions. If Manning was a victim, she was as much a victim of Assange as of the U.S.

Simpler lesson: Don’t be a thief.

Assange could recieve hacked material but had no right to aid that.hacking himself.

Timing on this might be interesting.

I hope the extradition process takes so long that Trump will be out of office. I think he has to serve a year in prison for arrest avoidance there.

I also saw a couple of references (okay, let’s call them rumours) that Sweden is contemplating reopening the sexual assault cases against him. The victims’ lawyer is pushing for it, interesting to see if they can make it happen as apparently British MPs are pushing for the Swedes to get first crack at him. This dude is in some deep doodoo…

Arpaio couldn’t give up the president.
Here’s how it works:
(1) You’re asked to testify in a criminal proceeding on obstruction relating to the campaign…
(2) you say no, because of concerns over self-incrimination.
(3) the government has several choices:

1. Give you immunity. If they give you immunity, you have to testify.
2. Go on without you–you stay silent.

Suppose you get pardoned with respect to that crime. Your remarks are no longer self-incriminating, and you have no more affirmative right to remain silent. Your testimony can be compelled.

How? By being held in contempt of court? Trump’s already gotten away with pardoning people for that.