this post was submitted on 20 Oct 2024
430 points (98.9% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54565 readers
456 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

The FBI sleeps when libraries burn

top 50 comments
sorted by: hot top controversial new old
[–] jwiggler@sh.itjust.works 233 points 3 weeks ago (7 children)

Hackers acting as if they're doing a public service by bringing down a free publicly accessible tool is a new level of assbackwardness.

If the goal really was to force IA to increase their security, they would've tried to consult with them. This is more about notoriety and chaos and the hackers have no moral ground to stand on.

[–] zante@lemmy.wtf 99 points 3 weeks ago

Yeah look at me flexing on and underfunded non profit.

Not at all hackers are criminals, but many are idiots.

[–] Varyk@sh.itjust.works 58 points 3 weeks ago (2 children)

was that their stated reason for attacking the internet archive?

to bring awareness to the security breaches?

little fucks.

"I stole your wallet because pockets are so vulnerable. I'm helping."

[–] far_university190@feddit.org 49 points 3 weeks ago (1 children)

nobody know true reason

one group claim responsibility on twitter for ddos, reason they are us company and us support genocide in gaza. but from all us company they chose ia? sound like bullshit.

You know what would be good place to archive and show the coming generations how corpos were deaf to the GAZA's plight? Internet Fucking Archive

I just get the feel that they either are lazy for mentioning gaza or malicious to muddy the reputation of the protesters.

[–] Aatube@kbin.melroy.org 17 points 3 weeks ago (1 children)

No, it was somehow because they hate NATO

[–] Varyk@sh.itjust.works 18 points 3 weeks ago (1 children)

oh good, that totally makes senseWHAT?!

[–] Comment105@lemm.ee 3 points 3 weeks ago* (last edited 3 weeks ago)

You see, some NATO members have been known to use the internet. Artifacts of that usage may have been archived, like their statements and voting choices. For example, if IA stored a page where Jens Stoltenberg called a polandball comic "funny and accurate" in 2019. That would be bad for Gaza.

[–] switchboard_pete@fedia.io 20 points 3 weeks ago (1 children)

Hackers acting as if they're doing a public service by bringing down a free publicly accessible tool is a new level of assbackwardness.

are the zendesk hackers the same as the ones who brought down the website initially?

[–] Ajen@sh.itjust.works 1 points 2 weeks ago

No. And it's hard to call the zendesk one a hack, even. They just used the same credentials that were leaked a couple weeks before.

[–] grrgyle@slrpnk.net 9 points 3 weeks ago

Black hat v grey hat innit

[–] openrain502r@sh.itjust.works 9 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

iirc some group on twitter claiming that they were the ones behind the attack mentioned it had to do with Palestine or something like that? bruh the internet archive is a non profit organisation.

then when people pointed it out, they mentioned that since they were incorporated in the USA they were still guilty or something like that? dude wtf

[–] griefstricken@lemmy.ml 2 points 2 weeks ago

That just smells like an actual false flag operation to me.

[–] 1984@lemmy.today 8 points 3 weeks ago* (last edited 3 weeks ago)

Their emotional maturity is close to zero.

They go after internet archive, such a lame move.

[–] umbrella@lemmy.ml 5 points 3 weeks ago (1 children)

those hackers are probably paid by the corporations wanting to bring it down

As much as I probably ideologically stand with you, let's not confirmation bias ourselves into a belief we have no evidence for.

[–] sharkfucker420@lemmy.ml 168 points 3 weeks ago (4 children)

This person could be damaging corporate infrastructure but he goes after internet archive

[–] apotheotic@beehaw.org 48 points 3 weeks ago

I mean this person seems to be not doing it maliciously. As they say, if it wasn't them, it would be someone else. Pushing archive to improve their security is great for everyone. As long as this person doesn't do anything actually malicious, they're in the clear as far as I'm concerned.

[–] huginn@feddit.it 44 points 3 weeks ago (4 children)

This guy is outing the archive for terrible security posture by bringing attention to it because they received disclosures and did not fix them.

Don't get shit twisted - he's the hero here. IA fucked up and has been vulnerable to manipulation by any number of corporate or national actors this entire time.

[–] sharkfucker420@lemmy.ml 64 points 3 weeks ago

If this was genuinely done out of love I could understand but due to the legal battles the internet archive is currently being dragged through, I harbor suspicion of their intent.

[–] Zagorath@aussie.zone 48 points 3 weeks ago (1 children)

If they were really "the hero", they'd follow the bare minimum of responsible disclosure best practices, and allow 90 days between privately alerting them of the issue and going public with it. Two weeks is absurd.

[–] Ashelyn@lemmy.blahaj.zone 4 points 3 weeks ago (1 children)

90 days to cycle private tokens/keys?

[–] Zagorath@aussie.zone 8 points 3 weeks ago (1 children)

90 days is just the standard timeframe for responsible disclosure. And normally that's just a baseline with additional time being given if there's genuine communication going on and signs they're addressing the problem.

[–] ITGuyLevi@programming.dev 5 points 3 weeks ago (1 children)

90 days is standard for "you're code is fucked when someone presses this..."; if the issue is Dave left the keys in the parking lot and someone copied them, two weeks is more than enough time for them to recieve the notice, create a ticket to rotate the keys and a ticket to trigger an investigation (gotta document anytime an org fucks up so it doesn't happen again, right?). Maybe I'm over simplifying it though, I don't know how their org operates.

[–] Zagorath@aussie.zone 1 points 3 weeks ago

I agree in general, but

Maybe I'm over simplifying it though, I don't know how their org operates.

This is exactly why just sticking to the 90 day standard is better. For the supposed security researcher it's a CYA move at worst.

[–] carpelbridgesyndrome@sh.itjust.works 35 points 3 weeks ago (1 children)

You don't leak a passwords database publicly on the Internet in good faith.

[–] huginn@feddit.it 18 points 3 weeks ago (1 children)

Not necessarily the same hacker.

[–] griefstricken@lemmy.ml 1 points 2 weeks ago (1 children)

It's not uncommon for hackers to sell cures for problems they cause. This includes law enforcement, which can have broader goals like promoting their own cybersecurity outfits, even just promoting deoendency on HIBP if it's a fed thing would be useful here, making the joke they left on the page telling people to check out the site itself suspect. The internet archive is a large and beloved outlet for piracy and depaywalling, maybe the security enhancements being billed to them could help the industry bring them to heel a bit. Just speculating.

[–] Ajen@sh.itjust.works 1 points 2 weeks ago (5 children)

Are you saying the person who sent the zendesk email is going to try to get IA to hire them for something? I'm not sure I follow...

load more comments (5 replies)
[–] UlyssesT@hexbear.net 14 points 3 weeks ago (1 children)

You sure about that, or are you hypothesizing?

[–] huginn@feddit.it 11 points 3 weeks ago

There's never certainty when talking about hackers...

That's verbatim the content of the email and the email hack does not appear to be malicious (unlike the ddos or the password breach)

It's more likely that this is 3 different groups than it is a single group.

[–] UlyssesT@hexbear.net 10 points 3 weeks ago

The hackers are mostly not okay. Fucking bootlickers.

[–] griefstricken@lemmy.ml 2 points 2 weeks ago

I have to say that the way they are advertising "HAVE I BEEN PWNED" makes this look like law enforcement selling cures to problems they create. The owner has that CIA front company type CV. It makes my head shudder uncontrollably. 🐙🌕🤕

[–] orca@orcas.enjoying.yachts 55 points 3 weeks ago (3 children)

This strikes me as state-funded or state adjacent hacking. Kind of like how the destruction of Twitter eliminated a source of on-the-ground, 24/7 information for the working class on all of the events our governments would prefer we not see so that their propaganda can be produced more lazily. Destroying the Internet Archive acts as another hindrance to the working class when it comes to staying informed and enriched.

[–] B0rax@feddit.org 29 points 3 weeks ago

This message here in particular is not looking state funded if you ask me. Gaining access to zendesk tickets is a vulnerability which was published a few weeks/months ago and is not difficult at all.

[–] winterayars@sh.itjust.works 18 points 3 weeks ago

I don't know about state funded, but corporations really, really hate IA for a lot of reasons.

[–] RedWizard@hexbear.net 11 points 3 weeks ago (1 children)

I'm sorry, there is a .yachts TLD?

[–] griefstricken@lemmy.ml 1 points 2 weeks ago

Did you find an answer to this?

[–] Nexy@lemmy.sdf.org 41 points 3 weeks ago (2 children)

Why they don't try to ddos and hack ChatGPT instead or something?

[–] UlyssesT@hexbear.net 19 points 3 weeks ago

Because they're corporate bootlickers, paid or otherwise.

Look at the people that participate in "Hacker News." corporate-art bootlicker

[–] zarkanian@sh.itjust.works 5 points 3 weeks ago (1 children)

Hey, instead of picking on that little kid, why don't you go harass that huge bodybuilder guy with all the knives attached to his belt?

[–] lseif@sopuli.xyz 2 points 3 weeks ago

well, yeah. its still better than picking on a kid.

[–] Arcturus@lemmy.dbzer0.com 28 points 3 weeks ago

The FBI sleeps when libraries burn

This dumbass is probably being paid by them in the first place lol

[–] halm@leminal.space 28 points 3 weeks ago

FFS, that whole hack has left the IA a shambles.

[–] Evil_Shrubbery@lemm.ee 19 points 3 weeks ago

Ok, but no need to be bitchy towards the good librarians.

[–] BonerMan@ani.social 2 points 3 weeks ago

Doesn't seem to be ill intended, not a good way to point out a problem, but the problem is there.

load more comments
view more: next ›