<nettime> Dailydot: Cryptome accidentally leaks its own visitor IP addresses

[nettime's_logroller <nettime@kein.org>]

< http://www.dailydot.com/politics/cryptome-ip-leak-john-young-michael-best/ >

Leak site Cryptome accidentally leaks its own visitor IP addresses

By Joseph Cox

Oct 9, 2015, 6:01pm CT | Last updated Oct 9, 2015, 8:21pm CT

 http://bit.ly/1Zmfo8z

Cryptome, the Internet's oldest document-exposure site,
inadvertently leaked months worth of its own IP logs and other
server information, potentially exposing details about its
privacy-conscious users.

The data, which specifically came from the Cartome sub-directory
on Cryptome.org, according to Cryptome co-creator John Young,
made their way into the wild when the site logs were included on
a pair of USB sticks sent out to a supporter.

Twitter user Michael Best reported the problem a few days ago on
his website. "Within those USBs were server logs that include
user IPs (spanning several months), .htaccess files, and a pwd
file," he wrote. He discovered the files when he uploaded the
contents of the sticks to the Internet Archive, Best told the
Daily Dot in a Twitter message.

"Probably best to not expose visitors' data further but then
nothing can be fully deleted or hidden." "Scrolling down through
the list, I found about a hundred awstats log files listed in a
row," he said, referring to Cryptome analytics data.

Launched in 1996 by Young and Deborah Natsios, Cryptome was born
out of the cypherpunks mailing list, a space where some of the
most influential players in cryptography emerged. It currently
hosts tens of thousands of documents, news articles, and images,
many of which pertain to cryptography, surveillance, and freedom
of information. Documents made available through the site include
lists of MI6 agents, details on nuclear technology, and much
more. It is often referred to as the forefather of WikiLeaks.

Last month, Cryptome announced that someone had compromised some
of its encryption keys.

Returning to the IP logs, Best contacted Young over email and
Twitter about the problem. Eventually Cryptome said that Best had
faked the data.

"When he accused me of faking the data is when I dumped it, since
he didn't acknowledge the problem and was making accusations
against me," Best said.

The data published by Best, which was reviewed by the Daily Dot,
includes IP logs of visitors to certain pages of Cryptome during
a few select months in 2009 and 2010. There are also files
indicating what search terms people have used to land on the
site.

When initially asked whether he had anything to add, Young told
the Daily Dot in an email, "No."

But shortly after, Young confirmed to Best in an email that the
data was accurate.

"You were right about AWStats data. Not the stats for Cryptome
itself but for the Cartome sub-directory, for four months,
November 2009-February 2010," Young wrote. "Included in a full
site restoration by ISP NetSol after a full shutdown in June
2013."

"The stats have been deleted from the Cryptome archive," Young
added. "Probably best to not expose visitors' data further but
then nothing can be fully deleted or hidden. Thanks for
discovering and reporting in this."

Best has also reportedly deleted the data from his site.

When asked whether that message was legitimate, Young told the
Daily Dot in an email, "Yes."

"Best is as dogged as Cryptome," Young added in a later email.
"We admire that and encourage him to get even more pugnacious, as
if he needed it. Should be many more to offset the rising excess
of suavely devious spying, advertising and oligarch ass-lickers
hoboing the runaway online money train."



#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org