Alternative Servers Attacked: "Not a Private Question: A Question of Privacy"
imc uk | 27.06.2005 19:32 | Indymedia | Technology
Italy-based non-profit community webserver autistici have found out that the authorities have copied the keys necessary for the decryption of their webmail a year ago [statement 1 | 2]. Since then, the authorities potentially had access to all the data on the disks. Autistici's provider did not inform them about this. Apparently, this is connected to the same investigation as the one that caused an international law enforcement operation in London last October: A few days before the European Social Forum, Indymedia servers in London were seized, prompting a wave of solidarity statements [report].
Italy-based server autistici has informed its users that it has been compromised by the authorities for more than a year. During an investigation, the authorities shut down the server and copied the keys necessary for the decryption of the webmail. Since then, they potentially had access to all the data on the disks. This happened with the collaboration of Aruba, their provider. The autistici.org/inventati.org server hosts 4,700 mailboxes, 600 mailing lists (used by 30,000 people totally), and over 500 websites. A wide range of activists, associations, lawyers, legal services, self-organized workers and activist groups, student groups and collectives, as well as international networks are using it for their websites and emails.
Autistici are pointing out that their case is not a private matter, but a matter of privacy. They consider themselves to be treated as a "guinea-pig on whom to experiment new kinds of controls and eavesdropping", and see their situation connected to "all the people involved into file sharing enquiries". They state that the present case of eavesdropping is related to the same investigation as the one that caused an international law enforcement operation in London last October. A few days before the European Social Forum, Indymedia servers in London were seized - prompting a wave of protests and solidarity statements [report].
Austici are presently reviewing their technical set-up and consider taking political steps. They advise everyone "to use strong encryption instruments (i.e. pgp/gpg) for the protection of both mail and data on personal computers" to protect privacy and freedom of speech.
imc uk
Comments
Hide the following 8 comments
gristle
27.06.2005 21:40
I understand that it takes a lot of patience and technical competence to do this but as a backup to the websites and for those more paranoid about privacy it would be nice and would also contribute to the strength of the network (more people using it, better network).
anon
LEGAL FUND
28.06.2005 10:18
Other methods of donating may follow shortly. For the moment it's the old-fangled cheque / postal order way of doing things.
Cheques can be made out to:
Bristol Indymedia. Box 3. 82 Colston Street, Bristol BS1 5BB
Thanks.
Friends Of BIM
Tor
28.06.2005 13:18
anon
more mainstream coverage
28.06.2005 16:28
https://publish.indymedia.org.uk/en/2005/06/315097.html
munkeeunit
Alternarive Bristol Information Outlets
28.06.2005 16:41
So...
The Bristol Social Forum & Bristol Stop-The-War message boards have now been opened up so that anyone can currently post to them from any email account (although posts will continue to be moderated and there may be a delay of a few days on the Bristol Social Forum so that emails can be sent out in more user friendly batches direct to people's inboxes.)
As it has a subscription base of 350+, it is a valuable outlet.
Bristol Social Forum. (Bristol / South West focussed posts please)
Anyone can post to: bristolsocialforum@yahoogroups.com
Visit: http://groups.yahoo.com/group/bristolsocialforum/
You can also subscribe if you like, instructions at bottom of page, or PM me.
Bristol Stop The War. (National level posts are also welcome here)
Anyone can post to: bristol-stop-the-war-coalition@yahoogroups.com
http://groups.yahoo.com/group/brist...-war-coalition/
99% of subscribers only receive the monthly newsletter direct to their inbox, but it is widely publicised as a public message board too, so it has it's uses.
I hope this helps.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A number of other contacts were given, but they seem less necessary now, as our networks aren't completely destroyed, and the additional contacts were postal addresses and alternative emails.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
munkeeunit
Whoops!
28.06.2005 16:46
http://groups.yahoo.com/group/bristol-stop-the-war-coalition/
munkeeunit
EXTRA OUTLET NOTE
28.06.2005 17:21
munkeeunit
"copied the keys"
30.06.2005 09:47
I personally use NetBSD's cgd (cryptographic disk driver), and DON'T keep the configuration file's /etc/cgd/cgd.conf, etc on disk.
The configuration files's are keept on separate removable date, or other location in encrypted form.
This means that I have to manually configure ("mount") the disk's everytime i reboot.
BUT it would also mean, that if a server were sized, they would never be able to recover or find anything on the disk.
If the autistici server had been configured to store the keys for decryption of the webmail on an cgd configured disk, the authorities could never have copied the keys.
Cgd have been mentioned before in Indymedia.
http://docs.indymedia.org/view/Local/UkCrypto
Other links
http://netbsd.gw.com/cgi-bin/man-cgi?cgd++NetBSD-2.0.2
http://www.netbsd.org/guide/en/chap-cgd.html
Perhaps it's time to really implement a stronger policy and procedures to protect people.
kopime