WingNews logo WingNews GitHub [2]
top | item 6822663

Dutch intelligence agency AIVD hacks internet forums

96 points| waps | 12 years ago |nrc.nl | reply

The Dutch intelligence service - AIVD - hacks internet web fora to collect the data of all users. The majority of these people are unknown to the intelligence services and are not specified as targets when the hacking and data-collection process starts.

Apparently what they do is get direct access to the mysql databases backing fora and then just download the entire thing.

38 comments

order
[+] brokenparser|12 years ago|reply
What upsets me most is that NRC is withholding information in name of "US national security". Having a crooked government is bad, but when journalists rather side with the man than stand up to him (as they're supposed to in a democratic society), all hope is lost. They don't admit doing this in the English version of this article, which reads:

  A spokesperson for the American government stated that
  the publication of classified information is a threat to
  US national security.
But the Dutch version does:

  De Amerikaanse overheid laat in een reactie weten dat
  publicatie van staatsgeheimen de nationale veiligheid
  schaadt. Om die reden publiceert deze krant belangrijke
  technische details niet.
Translation:

  A spokesperson for the American government stated that
  the publication of classified information is a threat to
  US national security. For this reason, the paper won't
  publish important technical details.
The Dutch government is conducting illegal activities and its citizens deserve to know exactly how their government is screwing them.
[+] buro9|12 years ago|reply
We can guess at the details.

A lot of forums like phpBB are installed via cPanel and may have default passwords and not be secured fully.

If you have a machine in the ISP, which just means renting 1 machine per ISP, then scan the local IP ranges for open MySQL ports... or more nefariously scan for Memcached as that is hardly ever secured.

Then use the default credentials or the credentials stolen from Memcached to access MySQL.

You're dealing with a known set of forum software, probably phpBB, Vanilla, vBulletin and Invision. So you only need to map out a few schema to be able to make sense of hundreds if not thousands of sites.

Forums are slow moving, even the big ones only have a few thousand to low tens of thousand of posts per day... and your rented machine could easily poll for differences and send it back to HQ.

This is all just speculation of course, but it wouldn't surprise me that this is how it was done.

[+] rgj|12 years ago|reply
National security /is/ about standing up for the people. And yes, that should be closely monitored by journalists, but that does not mean that everything should be public.
[+] Hellenion|12 years ago|reply
The NOS reported that at least four important political parties are outraged and want an investigation on the issue. In my opinion this is better than the american government's response.

I believe the Dutch are not being screwed by their government, but simply by inadequate control on its intelligence agencies. The government can fix this.

[+] lucb1e|12 years ago|reply
If you all remember the fuss about the "terughackwet", a law that would allow the police to hack people, this is what I meant when I said that the AIVD (general intelligence agency) and MIVD (military intelligence agency) have had this power since the beginning of time. This merely proves that they're actively using their capabilities and that the police doesn't really need it; they can just ask another agency.

I would assume the same for forcing passwords out of people, something which is still supposed to be illegal in the Netherlands but isn't. The AIVD and MIVD have the right to do this.

I've got one question though: does anyone know what they mean with "They acquire mySQL databases via CNE access." What is CNE?

[+] ordinary|12 years ago|reply
Computer network exploitation.
[+] spectrum|12 years ago|reply
This is the most important sentence I think:

According to the document the Dutch “are looking at marrying the forum data with other social network info, and trying to figure out good ways to mine the data that they have.”

The posts for one individual on one forum are maybe not that interesting. But by connecting this data to the data of his/her other internet activities, you get the total information awareness idea. E.g. Facebook, Gmail, other forums accounts, Whatsapp messages, websites visited etc.

[+] Cthulhu_|12 years ago|reply
It definitely is a dragnet kinda approach; let's just collect all the data, chuck it into a big database and see if we find any connections with insert random justification here.
[+] arsemouflon|12 years ago|reply
Sounds like something Fravia did between breakfast and brushing teeth. :-) Considering the age of the referenced documents this mechanism should be in place by now.
[+] atmosx|12 years ago|reply
Everyone likes to think that the forum targeted are by terrorists related to middle east, Syria, etc.

I think that gathering such large amounts of data, allows you to do very specific sentiment analysis on specific groups of the population, in addition to twitter and facebook having fora access is a big deal.

All these are speculations of course. Our agencies are guided by people and more often than not inadequate people. They might be collecting data just because the NSA does it, with no specific purpose. Data just waiting to be abused by someone in a position of power.

[+] mattgibson|12 years ago|reply
I just read that as 'regularly hacks Interflora' and was momentarily amazed at how seriously they take their tulips.
[+] oelmekki|12 years ago|reply
To make a comment not regarding moral and civilizational impact, I'm wondering what kind of value targeting forums can have.

Does this really worth the cost, compared to something like making friending bots on social networks and weight analyzing content for keywords ?

I suppose their definition of forum should be considered, here. Do we speak of the canonical form of a forum, like a punBB powered website, or is any website aiming to allow people to chat a forum ?

[+] The_Double|12 years ago|reply
There are multiple fora (like phpBB) discussing the Jihad, or joining the rebels in Syria. I suspect these fora would be of interest to the AIVD.
[+] DanBC|12 years ago|reply
Some extremist groups set up separate single issue groups to introduce people to extremist ideas.

An example would be the British National Front and BNP (both right wing extremist groups) setting up an animal rights group which mostly campaigns about slaughter methods, especially ritual slaughter.

Some animal rights groups are also extremist. (Digging up corpses; setting incendiary[1] devices which burnt down several large departments stores; setting fires to trucks and truck depots; etc.)

Monitoring these groups makes some kind of sense. So long as police keep that data secure, and it's only used for legitimate law enforcement and isn't used to tarnish reputations or stifle lawful campaigning.

[1] The intent was to cause water damage by triggering sprinkler systems. The fact the sprinkler systems didn't work, allowing the stores to burn down is worrying. This, and IRA bombing campaigns, is one reason that pockets come stitched shut now. The well dressed man / woman will have a stitch ripper to remove these closings, but it's surprising to see how many people have never heard of stitch rippers.

[+] joelhaasnoot|12 years ago|reply
Not surprised - part of a university project for a class I took a few years back built a scraper for forums/Facebook/Twitter. The assumption there was that agencies would get access tokens from Twitter - but this is much easier...
[+] CurtMonash|12 years ago|reply
Recall that de-anonymization analysis is pretty effective these days. Even if you post under a made-up user name, there's a pretty good chance they can figure out who you are.

That's one reason I post under my own name; anonymity wouldn't buy me much anyway. Even in forums where I'm technically anonymous, I don't try hard to preserve any secrecy about my identity. It's more a matter of "There's a culture here of intemperate posts protected by anonymity, so if you notice me posting there, please also understand that I might be responding in kind."

[+] wsxcde|12 years ago|reply
Deanonymization that works well relies on:

(i) correlating social graphs (ii) correlating likes/dislikes/reviews etc. across different networks. (iii) Lots of data to do (i) and (ii)

And it's still difficult to do for random people on the internet (as opposed to the NSA or serious attackers such as those willing to put in the effort to crawl and analyze the entire linkedin graph.) I believe deanonymization based on just textual analysis is still a little bit of an academic effort.

Anonymity does buy quite a bit - especially on a forum like HN - where there isn't a social graph and the like/dislike information is private.

[+] vfclists|12 years ago|reply
The main purpose of monitoring communicatins is to monitor public sentiment and guide it or sway it. It is not for security purposes, being able to manipulate the populace is the primary goal.

It is basically to subvert the effective functioning of the democratic system in a subtle but perfectly legal manner, by manipulating the information fed to the public and actively shaping the public mood in the desired manner

PS. A lot of it happens on HN and Reddit.

[+] snitko|12 years ago|reply
Keep paying them to do that. Taxes are a good thing, after all: governments also build roads and help the poor - which no one else can do.
[+] woutervdb|12 years ago|reply
...wow. That's pretty creepy.

I'm Dutch myself and I knew that the AIVD tapped a lot, but mining data from forums?!

[+] Svip|12 years ago|reply
And yet strangely, I'm not surprised. There seems to be a race by intelligence agencies to collect as much data as possible in recent years (well, the past decade). And while in the West, the Americans is leading the pack, the others aren't shining away without a fight.

I wouldn't be surprised to learn that it has become more a sport than a national security measure by these agencies. They have gone cocky, so to speak, thinking that because they are government agencies they are above the law that regular hackers supposedly are not.

[+] spectrum|12 years ago|reply
It's all about connecting the dots. They want to gather as much information as possible and try to get a better picture of what each individual thinks, does and his/her social ties. The forums are just a piece of the puzzle.
[+] coldcode|12 years ago|reply
[XXX] intelligence agency routinely hacks [YYY]; generally to make good with the NSA. From now on we can just report what XXX and YYY are and dispense with the details.
[+] dzhiurgis|12 years ago|reply
fora is a plural form of forum

aka forums

[+] Svip|12 years ago|reply
True, in English it would be 'forums'. In fact it would be 'internet forums' in two words, but this is clearly written as it is in Dutch, where it would be «internetfora».

Although, only the title of this thread is 'internetfora', while the article has separated it into two words.

[+] timbro|12 years ago|reply
Are we talking about "internet fora" like HN?